常用查询分析语句与告警设置
更新时间 2026-05-29 16:55:32
最近更新时间: 2026-05-29 16:55:32
查询所有CODE比例
图表预览:
语句示例:
* |
SELECT
remote_host AS "域名",
Rate_200 AS "200比例",
Rate_302 AS "302比例",
Rate_404 AS "404比例",
Rate_499 AS "499比例",
Rate_500 AS "500比例",
Rate_502 AS "502比例",
Rate_503 AS "503比例",
Rate_504 AS "504比例",
countall AS "总请求数",
code_200,
code_302,
code_404,
code_499,
code_500,
code_502,
code_503,
code_504
FROM(
SELECT
remote_host,
round(
round(code_200 * 1.0000 / countall, 4) * 100,
2
) AS Rate_200,
round(
round(code_302 * 1.0000 / countall, 4) * 100,
2
) AS Rate_302,
round(
round(code_404 * 1.0000 / countall, 4) * 100,
2
) AS Rate_404,
round(
round(code_499 * 1.0000 / countall, 4) * 100,
2
) AS Rate_499,
round(
round(code_500 * 1.0000 / countall, 4) * 100,
2
) AS Rate_500,
round(
round(code_502 * 1.0000 / countall, 4) * 100,
2
) AS Rate_502,
round(
round(code_503 * 1.0000 / countall, 4) * 100,
2
) AS Rate_503,
round(
round(code_504 * 1.0000 / countall, 4) * 100,
2
) AS Rate_504,
countall,
code_200,
code_302,
code_404,
code_499,
code_500,
code_502,
code_503,
code_504
FROM (
SELECT
remote_host,
count_if(
resp_code='200'
) AS code_200,
count_if(
resp_code='302'
) AS code_302,
count_if(
resp_code='404'
) AS code_404,
count_if(
resp_code='499'
) AS code_499,
count_if(
resp_code='500'
) AS code_500,
count_if(
resp_code='502'
) AS code_502,
count_if(
resp_code='503'
) AS code_503,
count_if(
resp_code='504'
) AS code_504,
COUNT(*) AS countall
FROM log
WHERE is_attack = 'false'
GROUP BY remote_host
)
)
WHERE countall > 10
ORDER BY Rate_200 DESC
LIMIT 5说明
is_attack = 'false'表示仅统计访问日志;
remote_host表示按照实际域名进行聚合;
countall统计该时间段窗口内所有请求数;
resp_code='200'表示响应码为200的请求。
该查询执行语句执行以后,生成的图表包含以下字段:总请求数、2XX比例、3XX比例、4XX比例、5XX比例,分别表示域名选择时间范围内的总请求量和各类型响应状态码的占比。如果想要查询更多过滤字段,请参考WAF日志字段说明。
配置告警200比例低于80%告警
配置告警步骤请参考:配置WAF日志告警。
填写参考:
触发条件:当有数据匹配,“200比例”< 80时,告警等级重要。
告警内容:
告警域名:{{lts_log_fields::域名}}
最近5分钟总请求数:{{lts_log_fields::总请求数}}
最近5分钟各类响应码比例分布:
{{lts_log_fields::200比例}}%
{{lts_log_fields::302比例}}%
{{lts_log_fields::404比例}}%
{{lts_log_fields::499比例}}%
{{lts_log_fields::503比例}}%
{{lts_log_fields::504比例}}%
