forked from netsampler/goflow2
-
Notifications
You must be signed in to change notification settings - Fork 0
/
create.sh
executable file
·125 lines (98 loc) · 2.79 KB
/
create.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
#!/bin/bash
set -e
clickhouse client -n <<-EOSQL
CREATE DATABASE IF NOT EXISTS dictionaries;
CREATE DICTIONARY IF NOT EXISTS dictionaries.protocols (
proto UInt8,
name String,
description String
)
PRIMARY KEY proto
LAYOUT(FLAT())
SOURCE (FILE(path '/var/lib/clickhouse/user_files/protocols.csv' format 'CSVWithNames'))
LIFETIME(3600);
CREATE TABLE IF NOT EXISTS flows
(
TimeReceived UInt64,
TimeFlowStart UInt64,
SequenceNum UInt32,
SamplingRate UInt64,
SamplerAddress FixedString(16),
SrcAddr FixedString(16),
DstAddr FixedString(16),
SrcAS UInt32,
DstAS UInt32,
EType UInt32,
Proto UInt32,
SrcPort UInt32,
DstPort UInt32,
Bytes UInt64,
Packets UInt64
) ENGINE = Kafka()
SETTINGS
kafka_broker_list = 'kafka:9092',
kafka_topic_list = 'flows',
kafka_group_name = 'clickhouse',
kafka_format = 'Protobuf',
kafka_schema = './flow.proto:FlowMessage';
CREATE TABLE IF NOT EXISTS flows_raw
(
Date Date,
TimeReceived DateTime,
TimeFlowStart DateTime,
SequenceNum UInt32,
SamplingRate UInt64,
SamplerAddress FixedString(16),
SrcAddr FixedString(16),
DstAddr FixedString(16),
SrcAS UInt32,
DstAS UInt32,
EType UInt32,
Proto UInt32,
SrcPort UInt32,
DstPort UInt32,
Bytes UInt64,
Packets UInt64
) ENGINE = MergeTree()
PARTITION BY Date
ORDER BY TimeReceived;
CREATE MATERIALIZED VIEW IF NOT EXISTS flows_raw_view TO flows_raw
AS SELECT
toDate(TimeReceived) AS Date,
*
FROM flows;
CREATE TABLE IF NOT EXISTS flows_5m
(
Date Date,
Timeslot DateTime,
SrcAS UInt32,
DstAS UInt32,
ETypeMap Nested (
EType UInt32,
Bytes UInt64,
Packets UInt64,
Count UInt64
),
Bytes UInt64,
Packets UInt64,
Count UInt64
) ENGINE = SummingMergeTree()
PARTITION BY Date
ORDER BY (Date, Timeslot, SrcAS, DstAS, \`ETypeMap.EType\`);
CREATE MATERIALIZED VIEW IF NOT EXISTS flows_5m_view TO flows_5m
AS
SELECT
Date,
toStartOfFiveMinute(TimeReceived) AS Timeslot,
SrcAS,
DstAS,
[EType] AS \`ETypeMap.EType\`,
[Bytes] AS \`ETypeMap.Bytes\`,
[Packets] AS \`ETypeMap.Packets\`,
[Count] AS \`ETypeMap.Count\`,
sum(Bytes) AS Bytes,
sum(Packets) AS Packets,
count() AS Count
FROM flows_raw
GROUP BY Date, Timeslot, SrcAS, DstAS, \`ETypeMap.EType\`;
EOSQL