vrr/ntopng
2
0
Fork 0
mirror of https://github.com/ntop/ntopng.git synced 2026-05-04 09:50:09 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 3
ntopng/scripts/historical/tables
History
Alfredo Cardigliano a5e8323cf6 Fix sort on bytes column
2023-03-21 16:44:33 +01:00
..
latency_by_asn.json Organize historical queries by type 2021-12-09 11:49:17 +01:00
number_of_hosts.json Add number_of_hosts template 2022-08-17 18:10:13 +02:00
README Organize historical queries by type 2021-12-09 11:49:17 +01:00
top_alerted_domains.json Add custom query: Top Alerted Domains 2022-05-25 17:21:58 +02:00
top_clients.json Fix sort on bytes column 2023-03-21 16:44:33 +01:00
top_conversations.json Fix sort on bytes column 2023-03-21 16:44:33 +01:00
top_l7_contacts.json Change top_l7_contacts total bytes column name to avoid applying a TOTAL_BYTES filter, rather use the aggregated column name (total_bytes) (#7335) 2023-03-21 15:07:01 +01:00
top_server_ports.json Add ability to filter on Exporter and in/out interface in Top Client/Server/Port queries (#6299) 2022-03-11 17:02:48 +01:00
top_servers.json Fix sort on bytes column 2023-03-21 16:44:33 +01:00
top_sites.json Fic top_sites.json 2022-05-04 21:38:10 +02:00

README 

Query Definitions
-----------------

Place in this directory query definitions in JSON format
used by the Historical Flow Explorer.

Built-in examples are provided and can be used as starting
point for building new queries. Please note that:

- The 'select' object can contain a list of items in the 'items'
  array. A raw SQL select can be defined in the 'sql' string. A
  list of items is still required to define the columns and value 
  type (if not a plain column).

- It is possible to use SQL functions as 'select' item as shown
  in the examples by specifying the 'func' (e.g. SUM) and the
  parameter (e.g. TOTAL_BYTES)

- The 'filters' object contains a list of items to filter in the
  'items' array. Defining the 'name' is enough, however additional
  settings can be configured to overwrite the default (e.g. the
  operators to be used, the input type, optional field, etc.).

- The interface index, and first/last seen are automatically included
  by the engine: no need to define them as filters in the query definition.

Examples
--------

Select example - list of fields:

	"select" : {
		"items" : [
			{
				"name": "IPV4_SRC_ADDR",
			},
			{
				"name": "IPV4_DST_ADDR", 
			},
			{
				"name": "VLAN_ID",
			},
			{
				"name": "L7_PROTO",
			},
			{
				"name": "bytes",
				"func": "SUM",
				"param": "TOTAL_BYTES",
				"value_type": "bytes",
			}
		]
	}

Select example - SQL:

	"select" : {
		"sql": "IPv4NumToString(IPV4_SRC_ADDR) IPV4_SRC_ADDR, IPv4NumToString(IPV4_DST_ADDR) IPV4_DST_ADDR, L7_PROTO, SUM(TOTAL_BYTES) bytes"
	}

Filters examples:

	"filters" : {
		"items" : [
			{
				"name": "IPV4_SRC_ADDR"
			},
			{
				"name": "TOTAL_BYTES",
				"op": "gte",
				"value_type": "number",
				"input": "user",
				"optional": true
			},
			{
				"name": "L7_PROTO",
				"op": "eq",
				"value_type": "l7_proto",
				"input": "fixed",
				"value": "TLS"
			}
		]
	}