Cisco Cisco Firepower Management Center 2000 開発者ガイド
5-3
FireSIGHT System Database Access Guide
Chapter 5 Schema: Statistics Tracking Tables
Understanding Statistics Tracking Tables
For example, if your SQL statement specifies
time_start_sec
=
6:00:00
, the interval varies for each
table type:
•
for
current_day
tables: either
6:00:00
to
6:00:14
(for 15 second tables) or
6:00:00
to
6:04:59
(for
5 minute tables).
•
for
current_month
tables:
6:00:00
to
6:59:59
.
•
for
current_year
tables:
0:00:00
to
23:59:59
on the following day.
The simplest way to retrieve data is to state the interval start time. For example, to retrieve from the
app_ids_stats_current_day
table, specify one of the following:
00:00:00
00:00:15
00:00:30
23:59:45
If your query contains a timestamp that is other than an interval start time, the system modifies the
request as follows:
request as follows:
•
rounds up the start time to the nearest interval time
•
rounds down the end time to the nearest interval time
For example, the following query rounds up the start time:
SELECT application_id
FROM app_ids_stats_current_month
WHERE start_time_sec = UNIX_TIMESTAMP("2011-12-01 12:30:00");
and is the same as:
SELECT application_id
FROM app_ids_stats_current_month
WHERE start_time_sec = UNIX_TIMESTAMP("2011-12-01 01:00:00");
When querying a range of intervals, the starting time interval is rounded up, and the ending time interval
is rounded down. For example:
is rounded down. For example:
SELECT application_id
FROM app_ids_stats_current_month
WHERE start_time_sec BETWEEN UNIX_TIMESTAMP("2011-12-10 12:59:00") and
UNIX_TIMESTAMP("2011-12-10 16:28:00");
is changed to:
SELECT application_id
FROM app_ids_stats_current_month
WHERE start_time_sec BETWEEN UNIX_TIMESTAMP("2011-12-10 13:00:00") and
UNIX_TIMESTAMP("2011-12-12 16:00:00");
If your query interval extends beyond a table's time frame, you can usually obtain the additional data
from another table, although the data in the other table will have a coarser resolution. For example, to
retrieve bandwidth usage for the past two days, you can get results for yesterday from the
from another table, although the data in the other table will have a coarser resolution. For example, to
retrieve bandwidth usage for the past two days, you can get results for yesterday from the
current_day
table (at 5 minute resolution), but you can get statistics for the previous day only from
current_month
(in hour chunks) or
current_year
(in day chunks).