Domain query frequency histogram for a given timeframe. Generated by Edge DNSTAP Manager (EDM) and sent to TAPIR Core. The same structure is likely to be used as an output from Edge local analysis to TAPIR Core.
| # | Name | Spark type | Golang type | Comment |
|---|---|---|---|---|
| 1 | StartTime | TimestampType() | int64 | Start time for the histogram |
| 2 | Label0 | StringType() | string | Top level label of domain name |
| 3 | Label1 | StringType() | string | Second label of domain name |
| 4 | Label2 | StringType() | string | Third label of domain name |
| 5 | Label3 | StringType() | string | Fourth label of domain name |
| 6 | Label4 | StringType() | string | Fifth label of domain name |
| 7 | Label5 | StringType() | string | Sixth label of domain name |
| 8 | Label6 | StringType() | string | Seventh label of domain name |
| 9 | Label7 | StringType() | string | Eighth label of domain name |
| 10 | Label8 | StringType() | string | Ninth label of domain name |
| 11 | Label9 | StringType() | string | Remainder of labels in domain name |
| 12 | ACount | DecimalType(20,0) | int64 | Count of A queries |
| 13 | AAAACount | DecimalType(20,0) | int64 | Count of AAAA queries |
| 14 | MXCount | DecimalType(20,0) | int64 | Count of MX queries |
| 15 | NSCount | DecimalType(20,0) | int64 | Count of NS queries |
| 16 | OtherTypeCount | DecimalType(20,0) | int64 | Count of other query types |
| 17 | NonINCount | DecimalType(20,0) | int64 | Count of non-IN query class |
| 18 | OKCount | DecimalType(20,0) | int64 | Count of successful queries |
| 19 | NXCount | DecimalType(20,0) | int64 | Count of NXDOMAIN queries |
| 20 | FailCount | DecimalType(20,0) | int64 | Count of failed queries |
| 21 | OtherRcodeCount | DecimalType(20,0) | int64 | Count of other return codes |
| 22 | DTMStatusBits | DecimalType(20,0) | int64 | Status flag for the entry |
| 23 | v4ClientCountHLL | BinaryType() | string | HLL sketch of IPv4 clients |
| 24 | v6ClientCountHLL | BinaryType() | string | HLL sketch of IPv6 clients |