fix(sql+api): fix view column mismatches and ClickHouse 24.8 JOIN issue

- view_form_bruteforce_detected: add post_count, distinct_paths, first_seen, last_seen - view_host_ip_ja4_rotation: add host, distinct_ja4, ja4_list, window_start - Replace uniqExact/groupUniqArray with count()/groupArray (no nested-agg error) - api.py campaigns/graph: move a.src_ip < b.src_ip from JOIN ON to WHERE (ClickHouse 24.8 forbids cross-table inequality in JOIN ON condition) Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
2026-04-10 01:05:04 +02:00
parent 040437921c
commit 7a04e47041
2 changed files with 16 additions and 17 deletions
--- a/shared/clickhouse/11_views.sql
+++ b/shared/clickhouse/11_views.sql
@ -28,14 +28,13 @@ CREATE OR REPLACE VIEW ja4_processing.view_form_bruteforce_detected AS
 SELECT
    src_ip,
    host,
-    argMax(ja4, ja4_hits)                    AS ja4,
-    sum(ja4_hits)                            AS hits,
-    sum(ja4_posts)                           AS post_count,
-    -- Alias de compatibilité pour les anciens appels
-    sum(ja4_posts)                           AS query_params_count,
-    uniqExact(ja4)                           AS distinct_paths,
-    min(w_min)                               AS first_seen,
-    max(w_max)                               AS last_seen
+    argMax(ja4, ja4_hits)  AS ja4,
+    sum(ja4_hits)          AS hits,
+    sum(ja4_posts)         AS post_count,
+    sum(ja4_posts)         AS query_params_count,
+    count()                AS distinct_paths,
+    min(w_min)             AS first_seen,
+    max(w_max)             AS last_seen
 FROM (
    SELECT
        src_ip, host, ja4,
@ -64,14 +63,14 @@ HAVING post_count >= 10;
 CREATE OR REPLACE VIEW ja4_processing.view_host_ip_ja4_rotation AS
 SELECT
    src_ip,
-    argMax(host, ja4_hits)                    AS host,
-    uniqExact(ja4)                            AS distinct_ja4,
-    uniqExact(ja4)                            AS distinct_ja4_count,
-    groupUniqArray(ja4)                       AS ja4_list,
-    sum(ja4_hits)                             AS total_hits,
-    max(w_max)                                AS window_start,
-    min(w_min)                                AS first_seen,
-    max(w_max)                                AS last_seen
+    argMax(host, ja4_hits)   AS host,
+    count()                  AS distinct_ja4,
+    count()                  AS distinct_ja4_count,
+    groupArray(ja4)          AS ja4_list,
+    sum(ja4_hits)            AS total_hits,
+    max(w_max)               AS window_start,
+    min(w_min)               AS first_seen,
+    max(w_max)               AS last_seen
 FROM (
    SELECT
        src_ip, host, ja4,