API tools faq
paste
Mauzzz0

mv unions

Mauzzz0
Mar 27th, 2022
5,255
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
SQL 5.90 KB | None | 0 0
raw download clone embed print report
  1. WITH table_protocoled AS (SELECT attack_id, TIMESTAMP, protocol, SUM(packetPayloadFullLength * 8 * sampleRatio) AS bps, SUM(sampleRatio) AS pps
  2.      FROM cloud_stat_dev.raw_traffic
  3.     WHERE attack_id = 'fab4ea04-e1d7-4628-9c9b-3f5ebcb2da67'
  4.      GROUP BY attack_id, TIMESTAMP, protocol
  5.      ORDER BY TIMESTAMP, protocol)
  6. SELECT attack_id, toStartOfInterval(TIMESTAMP, INTERVAL 10 SECOND) AS TIMESTAMP, 'ext-in/proto/peak' AS GROUP, protocol AS group_value,
  7.        MAX(bps) AS bits, MAX(pps) AS packets
  8.     FROM table_protocoled
  9. GROUP BY attack_id, TIMESTAMP, protocol
  10. ORDER BY TIMESTAMP, protocol
  11.  
  12. UNION ALL
  13.  
  14. SELECT attack_id, toStartOfInterval(TIMESTAMP, INTERVAL 10 SECOND) AS TIMESTAMP, 'ext-in/proto' AS GROUP, protocol AS group_value,
  15.        toUInt64(FLOOR(SUM(bps) / 10)) AS bits, toUInt64(FLOOR(SUM(pps) / 10)) AS packets
  16.     FROM table_protocoled
  17. GROUP BY attack_id, TIMESTAMP, protocol
  18. ORDER BY TIMESTAMP, protocol
  19.  
  20. UNION ALL
  21.  
  22. SELECT attack_id, toStartOfInterval(TIMESTAMP, INTERVAL 10 SECOND) AS TIMESTAMP, 'ext-in/src-asn' AS GROUP, srcAsn AS group_value,
  23.        toUInt64(FLOOR(SUM(bps) / 10)) AS bits, toUInt64(FLOOR(SUM(pps) / 10)) AS packets
  24.     FROM (
  25.      SELECT attack_id, TIMESTAMP, srcAsn, SUM(packetPayloadFullLength * 8 * sampleRatio) AS bps, SUM(sampleRatio) AS pps
  26.      FROM cloud_stat_dev.raw_traffic
  27.      WHERE attack_id = 'fab4ea04-e1d7-4628-9c9b-3f5ebcb2da67'
  28.      GROUP BY attack_id, TIMESTAMP, srcAsn
  29.      ORDER BY TIMESTAMP, srcAsn)
  30. GROUP BY attack_id, TIMESTAMP, srcAsn
  31. ORDER BY TIMESTAMP, srcAsn
  32.  
  33. UNION ALL
  34.  
  35. SELECT attack_id, toStartOfInterval(TIMESTAMP, INTERVAL 10 SECOND) AS TIMESTAMP, 'ext-in/src-ip' AS GROUP, srcIp AS group_value,
  36.        toUInt64(FLOOR(SUM(bps) / 10)) AS bits, toUInt64(FLOOR(SUM(pps) / 10)) AS packets
  37.     FROM (
  38.      SELECT attack_id, TIMESTAMP, srcIp, SUM(packetPayloadFullLength * 8 * sampleRatio) AS bps, SUM(sampleRatio) AS pps
  39.      FROM cloud_stat_dev.raw_traffic
  40.      WHERE attack_id = 'fab4ea04-e1d7-4628-9c9b-3f5ebcb2da67'
  41.      GROUP BY attack_id, TIMESTAMP, srcIp
  42.      ORDER BY TIMESTAMP, srcIp)
  43. GROUP BY attack_id, TIMESTAMP, srcIp
  44. ORDER BY TIMESTAMP, srcIp
  45.  
  46. UNION ALL
  47.  
  48. SELECT attack_id, toStartOfInterval(TIMESTAMP, INTERVAL 10 SECOND) AS TIMESTAMP, 'ext-in/src-ip/peak' AS GROUP, srcIp AS group_value,
  49.        MAX(bps) AS bits, MAX(pps) AS packets
  50.     FROM (
  51.      SELECT attack_id, TIMESTAMP, srcIp, SUM(packetPayloadFullLength * 8 * sampleRatio) AS bps, SUM(sampleRatio) AS pps
  52.      FROM cloud_stat_dev.raw_traffic
  53.      WHERE attack_id = 'fab4ea04-e1d7-4628-9c9b-3f5ebcb2da67'
  54.      GROUP BY attack_id, TIMESTAMP, srcIp
  55.      ORDER BY TIMESTAMP, srcIp)
  56. GROUP BY attack_id, TIMESTAMP, srcIp
  57. ORDER BY TIMESTAMP, srcIp
  58.  
  59. UNION ALL
  60.  
  61. SELECT attack_id, toStartOfInterval(TIMESTAMP, INTERVAL 10 SECOND) AS TIMESTAMP, 'ext-in/tcp/src-port' AS GROUP, sourcePort AS group_value,
  62.        toUInt64(FLOOR(SUM(bps) / 10)) AS bits, toUInt64(FLOOR(SUM(pps) / 10)) AS packets
  63.     FROM (
  64.      SELECT attack_id, TIMESTAMP, sourcePort, SUM(packetPayloadFullLength * 8 * sampleRatio) AS bps, SUM(sampleRatio) AS pps
  65.      FROM cloud_stat_dev.raw_traffic
  66.      WHERE attack_id = 'fab4ea04-e1d7-4628-9c9b-3f5ebcb2da67' AND protocol = 6
  67.      GROUP BY attack_id, TIMESTAMP, sourcePort
  68.      ORDER BY TIMESTAMP, sourcePort)
  69. GROUP BY attack_id, TIMESTAMP, sourcePort
  70. ORDER BY TIMESTAMP, sourcePort
  71.  
  72. UNION ALL
  73.  
  74. SELECT attack_id, toStartOfInterval(TIMESTAMP, INTERVAL 10 SECOND) AS TIMESTAMP, 'ext-in/udp/src-port' AS GROUP, sourcePort AS group_value,
  75.        toUInt64(FLOOR(SUM(bps) / 10)) AS bits, toUInt64(FLOOR(SUM(pps) / 10)) AS packets
  76.     FROM (
  77.      SELECT attack_id, TIMESTAMP, sourcePort, SUM(packetPayloadFullLength * 8 * sampleRatio) AS bps, SUM(sampleRatio) AS pps
  78.      FROM cloud_stat_dev.raw_traffic
  79.      WHERE attack_id = 'fab4ea04-e1d7-4628-9c9b-3f5ebcb2da67' AND protocol = 17
  80.      GROUP BY attack_id, TIMESTAMP, sourcePort
  81.      ORDER BY TIMESTAMP, sourcePort)
  82. GROUP BY attack_id, TIMESTAMP, sourcePort
  83. ORDER BY TIMESTAMP, sourcePort
  84.  
  85. UNION ALL
  86.  
  87. SELECT attack_id, toStartOfInterval(TIMESTAMP, INTERVAL 10 SECOND) AS TIMESTAMP, 'ext-in/udp/dst-port' AS GROUP, destinationPort AS group_value,
  88.        toUInt64(FLOOR(SUM(bps) / 10)) AS bits, toUInt64(FLOOR(SUM(pps) / 10)) AS packets
  89.     FROM (
  90.      SELECT attack_id, TIMESTAMP, destinationPort, SUM(packetPayloadFullLength * 8 * sampleRatio) AS bps, SUM(sampleRatio) AS pps
  91.      FROM cloud_stat_dev.raw_traffic
  92.      WHERE attack_id = 'fab4ea04-e1d7-4628-9c9b-3f5ebcb2da67' AND protocol = 17
  93.      GROUP BY attack_id, TIMESTAMP, destinationPort
  94.      ORDER BY TIMESTAMP, destinationPort)
  95. GROUP BY attack_id, TIMESTAMP, destinationPort
  96. ORDER BY TIMESTAMP, destinationPort
  97.  
  98. UNION ALL
  99.  
  100. SELECT attack_id, toStartOfInterval(TIMESTAMP, INTERVAL 10 SECOND) AS TIMESTAMP, 'ext-in/tcp/dst-port' AS GROUP, destinationPort AS group_value,
  101.        toUInt64(FLOOR(SUM(bps) / 10)) AS bits, toUInt64(FLOOR(SUM(pps) / 10)) AS packets
  102.     FROM (
  103.      SELECT attack_id, TIMESTAMP, destinationPort, SUM(packetPayloadFullLength * 8 * sampleRatio) AS bps, SUM(sampleRatio) AS pps
  104.      FROM cloud_stat_dev.raw_traffic
  105.      WHERE attack_id = 'fab4ea04-e1d7-4628-9c9b-3f5ebcb2da67' AND protocol = 6
  106.      GROUP BY attack_id, TIMESTAMP, destinationPort
  107.      ORDER BY TIMESTAMP, destinationPort)
  108. GROUP BY attack_id, TIMESTAMP, destinationPort
  109. ORDER BY TIMESTAMP, destinationPort
  110.  
  111. UNION ALL
  112.  
  113. SELECT attack_id, toStartOfInterval(TIMESTAMP, INTERVAL 10 SECOND) AS TIMESTAMP, 'ext-int/total' AS GROUP, 0 AS group_value,
  114.        toUInt64(FLOOR(SUM(bps) / 10)) AS bits, toUInt64(FLOOR(SUM(pps) / 10)) AS packets
  115.     FROM (
  116.      SELECT attack_id, TIMESTAMP, SUM(packetPayloadFullLength * 8 * sampleRatio) AS bps, SUM(sampleRatio) AS pps
  117.      FROM cloud_stat_dev.raw_traffic
  118.      WHERE attack_id = 'fab4ea04-e1d7-4628-9c9b-3f5ebcb2da67' AND protocol = 6
  119.      GROUP BY attack_id, TIMESTAMP
  120.      ORDER BY TIMESTAMP)
  121. GROUP BY attack_id, TIMESTAMP
  122. ORDER BY TIMESTAMP
Advertisement
Add Comment
Please, Sign In to add comment
Public Pastes
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!