AlexAkulov · December 4, 2018 07:29
diff --git a/Sysmon Clickhouse Table b/Sysmon Clickhouse Table
 CREATE TABLE wssg.sysmon_logs_local ( Date Date, TimeStamp DateTime, ComputerName String, EventId UInt8, Task String, DstHost String, DstIp String, DstPort UInt16, DstPortName String, Image String, ProcessGuid String, ProcessId UInt32, Proto String, SrcHost String, SrcIp String, SrcPort UInt16, User String, CommandLine String, Company String, CurrentDirectory String, Description String, FileVersion String, Hashes String, IntegrityLevel String, LogonGuid String, LogonId String, ParentCommandLine String, ParentImage String, ParentProcessGuid String, ParentProcessId UInt32, Product String, TerminalSessionId UInt32, EventType String, TargetObject String, Details String, SourceImage String, SourceProcessGuid String, SourceProcessId String, StartAddress String, StartModule String, TargetImage String, TargetProcessGuid String, TargetProcessId UInt32, ImageLoaded String, Signature String, SignatureStatus String, Signed String, ConfigurationFileHash String, Configuration String, FileCreate String, TargetFilename String) ENGINE = ReplicatedMergeTree('/clickhouse/tables/{logsshard}/sysmon_logs', '{replica}', Date, TimeStamp, 8192)

 CREATE TABLE wssg.sysmon_logs ( Date Date, TimeStamp DateTime, ComputerName String, EventId UInt8, Task String, DstHost String, DstIp String, DstPort UInt16, DstPortName String, Image String, ProcessGuid String, ProcessId UInt32, Proto String, SrcHost String, SrcIp String, SrcPort UInt16, User String, CommandLine String, Company String, CurrentDirectory String, Description String, FileVersion String, Hashes String, IntegrityLevel String, LogonGuid String, LogonId String, ParentCommandLine String, ParentImage String, ParentProcessGuid String, ParentProcessId UInt32, Product String, TerminalSessionId UInt32, EventType String, TargetObject String, Details String, SourceImage String, SourceProcessGuid String, SourceProcessId String, StartAddress String, StartModule String, TargetImage String, TargetProcessGuid String, TargetProcessId UInt32, ImageLoaded String, Signature String, SignatureStatus String, Signed String, ConfigurationFileHash String, Configuration String, FileCreate String, TargetFilename String) ENGINE = Distributed(logs, wssg, sysmon_logs_local, rand())
	CREATE TABLE wssg.sysmon_logs_local ( Date Date, TimeStamp DateTime, ComputerName String, EventId UInt8, Task String, DstHost String, DstIp String, DstPort UInt16, DstPortName String, Image String, ProcessGuid String, ProcessId UInt32, Proto String, SrcHost String, SrcIp String, SrcPort UInt16, User String, CommandLine String, Company String, CurrentDirectory String, Description String, FileVersion String, Hashes String, IntegrityLevel String, LogonGuid String, LogonId String, ParentCommandLine String, ParentImage String, ParentProcessGuid String, ParentProcessId UInt32, Product String, TerminalSessionId UInt32, EventType String, TargetObject String, Details String, SourceImage String, SourceProcessGuid String, SourceProcessId String, StartAddress String, StartModule String, TargetImage String, TargetProcessGuid String, TargetProcessId UInt32, ImageLoaded String, Signature String, SignatureStatus String, Signed String, ConfigurationFileHash String, Configuration String, FileCreate String, TargetFilename String) ENGINE = ReplicatedMergeTree('/clickhouse/tables/{logsshard}/sysmon_logs', '{replica}', Date, TimeStamp, 8192)

	CREATE TABLE wssg.sysmon_logs ( Date Date, TimeStamp DateTime, ComputerName String, EventId UInt8, Task String, DstHost String, DstIp String, DstPort UInt16, DstPortName String, Image String, ProcessGuid String, ProcessId UInt32, Proto String, SrcHost String, SrcIp String, SrcPort UInt16, User String, CommandLine String, Company String, CurrentDirectory String, Description String, FileVersion String, Hashes String, IntegrityLevel String, LogonGuid String, LogonId String, ParentCommandLine String, ParentImage String, ParentProcessGuid String, ParentProcessId UInt32, Product String, TerminalSessionId UInt32, EventType String, TargetObject String, Details String, SourceImage String, SourceProcessGuid String, SourceProcessId String, StartAddress String, StartModule String, TargetImage String, TargetProcessGuid String, TargetProcessId UInt32, ImageLoaded String, Signature String, SignatureStatus String, Signed String, ConfigurationFileHash String, Configuration String, FileCreate String, TargetFilename String) ENGINE = Distributed(logs, wssg, sysmon_logs_local, rand())