From f37b38f766bb672e02a69dff530a7ade6c468205 Mon Sep 17 00:00:00 2001
From: Haoxi Tan <haoxi.tan@gmail.com>
Date: Thu, 5 Nov 2020 19:48:35 +1000
Subject: [PATCH] nice clickhouse sql queries

---
 nice_queries.sql | 8 ++++++++
 1 file changed, 8 insertions(+)
 create mode 100644 nice_queries.sql

diff --git a/nice_queries.sql b/nice_queries.sql
new file mode 100644
index 0000000..9903362
--- /dev/null
+++ b/nice_queries.sql
@@ -0,0 +1,8 @@
+-- top 15 popular src IPs
+select IPv4NumToString(SrcAddr), count(*) as c from nflow group by IPv4NumToString(SrcAddr) order by c desc limit 15
+
+-- top 15 popular dst IPs
+select IPv4NumToString(DstAddr), count(*) as c from nflow group by IPv4NumToString(DstAddr) order by c desc limit 15
+
+-- top 15 popular dst ports
+select DstPort, count(*) as c from nflow group by DstPort order by c desc limit 15
\ No newline at end of file