使用另一个表中的数据过滤MySQL表

时间:2012-03-19 15:31:59

标签: mysql sql join left-join

我有一个包含“用户会话”的表,另一个表示系统中存在违规。一个可能的违规行为是让用户连续登录超过12小时。

表格如下:

notification:
+--------------+-------------+------+-----+---------+----------------+
| Field        | Type        | Null | Key | Default | Extra          |
+--------------+-------------+------+-----+---------+----------------+
| id           | int(11)     | NO   | PRI | NULL    | auto_increment |
| host_id      | int(11)     | NO   | MUL | NULL    |                |
| alert_id     | int(11)     | NO   | MUL | NULL    |                |
| event_start  | datetime    | NO   |     | NULL    |                |
| time_noticed | datetime    | NO   |     | NULL    |                |
| info         | varchar(45) | YES  |     | NULL    |                |
| seen         | int(11)     | NO   |     | NULL    |                |
+--------------+-------------+------+-----+---------+----------------+

login:
+----------+-------------+------+-----+---------+-------+
| Field    | Type        | Null | Key | Default | Extra |
+----------+-------------+------+-----+---------+-------+
| username | varchar(45) | NO   |     | NULL    |       |
| host_id  | int(11)     | NO   | MUL | NULL    |       |
| start    | datetime    | NO   |     | NULL    |       |
| end      | datetime    | NO   |     | NULL    |       |
| last     | int(11)     | NO   |     | NULL    |       |
+----------+-------------+------+-----+---------+-------+

我想要的结果表条件是:
login.last = 1,login.host_id = X,end> start + 12hours
并确保我之前没有报告此实例:
login.host_id!= notification.host_id,notification.alert_id!= Y,login.start!= notification.event_start,login.username!= notification.info
(换句话说,我不希望在同一主机上获得同一用户的另一个报告,同时发生相同的违规行为)

1 个答案:

答案 0 :(得分:2)

SELECT DISTINCT username, start 
FROM login 
LEFT OUTER JOIN notification ON 
    (login.host_id = notification.host_id 
    AND login.start = notification.event_start
    AND login.username = notification.info) 
WHERE 
    end>DATE_ADD(start,INTERVAL 12 HOUR) 
    AND login.host_id=$host_id 
    AND last=1 
    AND login.id IS NULL

此查询应使用“不存在”类型的搜索(尝试EXPLAIN),这对查询性能有利。 也许值得将UNIQUE KEY放在通知'host_id,event_started,info'上并使用INSERT IGNORE