Skip to content

Latest commit

 

History

History
290 lines (205 loc) · 10.3 KB

python_API_Historical.md

File metadata and controls

290 lines (205 loc) · 10.3 KB

Historical Class

The Historical class provides access to historical information including flows and alerts.

Constructor

__init__(self, ntopng_obj, ifid=None)

Constructs a new Historical object.

  • ntopng_obj: The ntopng handle

Methods

get_alert_type_counters(self, epoch_begin, epoch_end)

Returns statistics about the number of alerts per alert type.

  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • Returns: Statistics (object)

get_alert_severity_counters(self, epoch_begin, epoch_end)

Returns statistics about the number of alerts per alert severity.

  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • Returns: Statistics (object)

get_alerts(self, alert_family, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)

Runs queries on the alert database.

  • alert_family: The alert family (flow, host, interface, etc)
  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • select_clause: Select clause (SQL syntax)
  • where_clause: Where clause (SQL syntax)
  • maxhits: Max number of results (limit)
  • group_by: Group by condition (SQL syntax)
  • order_by: Order by condition (SQL syntax)
  • Returns: Query result (object)

get_alerts_stats(self, epoch_begin, epoch_end, host=None)

Returns flow alerts stats.

  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • host (optional): Host IP address
  • Returns: Flow alert stats (object)

get_flow_alerts_stats(self, epoch_begin, epoch_end)

Returns flow alerts statistics.

  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • Returns: Flow alert statistics (object)

get_flow_alerts(self, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)

Returns flow alerts matching the specified criteria.

  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • select_clause: Select clause (SQL syntax)
  • where_clause: Where clause (SQL syntax)
  • maxhits: Max number of results (limit)
  • group_by: Group by condition (SQL syntax)
  • order_by: Order by condition (SQL syntax)
  • Returns: Query result (object)

get_active_monitoring_alerts(self, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)

Returns alerts matching the specified criteria for active monitoring.

  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • select_clause: Select clause (SQL syntax)
  • where_clause: Where clause (SQL syntax)
  • maxhits: Max number of results (limit)
  • group_by: Group by condition (SQL syntax)
  • order_by: Order by condition (SQL syntax)
  • Returns: Query result (object)

get_host_alerts(self, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)

Returns host alerts matching the specified criteria.

  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • select_clause: Select clause (SQL syntax)
  • where_clause: Where clause (SQL syntax)
  • maxhits: Max number of results (limit)
  • group_by: Group by condition (SQL syntax)
  • order_by: Order by condition (SQL syntax)
  • Returns: Query result (object)

get_interface_alerts(self, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)

Returns interface alerts matching the specified criteria.

  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • select_clause: Select clause (SQL syntax)
  • where_clause: Where clause (SQL syntax)
  • maxhits: Max number of results (limit)
  • group_by: Group by condition (SQL syntax)
  • order_by: Order by condition (SQL syntax)
  • Returns: Query result (object)

get_mac_alerts(self, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)

Returns MAC alerts matching the specified criteria.

  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • select_clause: Select clause (SQL syntax)
  • where_clause: Where clause (SQL syntax)
  • maxhits: Max number of results (limit)
  • group_by: Group by condition (SQL syntax)
  • order_by: Order by condition (SQL syntax)
  • Returns: Query result (object)

get_network_alerts(self, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)

Returns network alerts matching the specified criteria.

  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • select_clause: Select clause (SQL syntax)
  • where_clause: Where clause (SQL syntax)
  • maxhits: Max number of results (limit)
  • group_by: Group by condition (SQL syntax)
  • order_by: Order by condition (SQL syntax)
  • Returns: Query result (object)

get_snmp_alerts(self, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)

Returns SNMP alerts matching the specified criteria.

  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • select_clause: Select clause (SQL syntax)
  • where_clause: Where clause (SQL syntax)
  • maxhits: Max number of results (limit)
  • group_by: Group by condition (SQL syntax)
  • order_by: Order by condition (SQL syntax)
  • Returns: Query result (object)

get_system_alerts(self, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)

Returns system alerts matching the specified criteria.

  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • select_clause: Select clause (SQL syntax)
  • where_clause: Where clause (SQL syntax)
  • maxhits: Max number of results (limit)
  • group_by: Group by condition (SQL syntax)
  • order_by: Order by condition (SQL syntax)
  • Returns: Query result (object)

get_user_alerts(self, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)

Returns user alerts matching the specified criteria.

  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • select_clause: Select clause (SQL syntax)
  • where_clause: Where clause (SQL syntax)
  • maxhits: Max number of results (limit)
  • group_by: Group by condition (SQL syntax)
  • order_by: Order by condition (SQL syntax)
  • Returns: Query result (object)

timeseries_to_pandas(self, rsp)

Converts timeseries response to a pandas DataFrame.

  • rsp: Timeseries response data
  • Returns: Pandas DataFrame (object)

get_timeseries(self, ts_schema, ts_query, epoch_begin, epoch_end)

Returns timeseries data in a pandas DataFrame for a specified schema and query.

  • ts_schema: The timeseries schema (e.g., 'host:traffic')
  • ts_query: The timeseries query (e.g., 'ifid:0,host:10.0.0.1')
  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • Returns: Timeseries data (object, pandas DataFrame)

get_timeseries_stats(self, ts_schema, ts_query, epoch_begin, epoch_end)

Returns statistics from timeseries.

  • ts_schema: The timeseries schema (e.g., 'host:traffic')
  • ts_query: The timeseries query (e.g., 'ifid:0,host:10.0.0.1')
  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • Returns: Timeseries statistics (object)

get_timeseries_metadata(self)

Returns timeseries metadata (lists all available timeseries).

  • Returns: Timeseries metadata (object)

get_host_timeseries(self, host_ip, ts_schema, epoch_begin, epoch_end)

Returns timeseries data in a pandas DataFrame for a specified interface and host.

  • host_ip: The host IP
  • ts_schema: The timeseries schema
  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • Returns: Timeseries data (object, pandas DataFrame)

get_host_timeseries_stats(self, host_ip, ts_schema, epoch_begin, epoch_end)

Returns timeseries statistics for a specified interface and host.

  • host_ip: The host IP
  • ts_schema: The timeseries schema
  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • Returns: Timeseries statistics (object)

get_interface_timeseries(self, ts_schema, epoch_begin, epoch_end)

Returns timeseries data in a pandas DataFrame for a specified interface.

  • ts_schema: The timeseries schema
  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • Returns: Timeseries data (object, pandas DataFrame)

get_interface_timeseries_stats(self, ts_schema, epoch_begin, epoch_end)

Returns timeseries statistics for a specified interface.

  • ts_schema: The timeseries schema
  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • Returns: Timeseries statistics (object)

get_flows(self, epoch_begin, epoch_end, select_clause, where_clause, maxhits, group_by, order_by)

Runs queries on the historical flows database (ClickHouse).

  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • select_clause: Select clause (SQL syntax)
  • where_clause: Where clause (SQL syntax)
  • maxhits: Max number of results (limit)
  • group_by: Group by condition (SQL syntax)
  • order_by: Order by condition (SQL syntax)
  • Returns: Query result (object)

get_topk_flows(self, epoch_begin, epoch_end, max_hits, where_clause)

Retrieves Top-K results from the historical flows database.

  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • max_hits: Max number of results (limit)
  • where_clause: Where clause (SQL syntax)
  • Returns: Query result (object)

get_top_conversations(self, epoch_begin, epoch_end, host=None)

Returns Top Conversations.

  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • host (optional): Host IP address
  • Returns: Top conversations (object)

get_host_top_protocols(self, host, epoch_begin, epoch_end)

Returns Top protocols for a specified host.

  • host: Host IP address
  • epoch_begin: Start of the time interval (epoch)
  • epoch_end: End of the time interval (epoch)
  • Returns: Top protocols (object)