checktable
Checks the data integrity of a table for a specified date range. Integrity checks are only performed on tables that use an encryption profile with a digest algorithm configured. Tables without HMAC signatures are automatically excluded from the check.
Command properties
| Item | Description |
|---|---|
| Command type | Driver query |
| Required permission | Administrator |
| License usage | N/A |
| Parallel execution | Not supported |
| Distributed execution | Runs on Data Node (mapper) |
Syntax
Options
from=STR- Start date for the integrity check in
yyyyMMddformat. to=STR- End date for the integrity check in
yyyyMMddformat. trace=BOOL- When set to
t, includes blocks that pass integrity verification in the output. When omitted, only blocks that fail integrity verification or are corrupted are output. TABLE, ...- Names of tables to check, separated by commas. Supports wildcards (
*). When omitted, all local tables are checked.
Output fields
| Field | Type | Description |
|---|---|---|
| table | string | Table name |
| day | timestamp | Data partition date |
| sk | string | Partition sub-key (hexadecimal) |
| era | string | Partition era |
| block_id | integer | Block identifier. Assigned when the block is read successfully. |
| last_block_id | integer | Last block identifier that was read successfully. Assigned when a file read error occurs. |
| signature | binary | HMAC signature stored in the block |
| hash | binary | HMAC hash computed from the block data |
| msg | string | Integrity check result: valid (normal), modified (tampered), or corrupted (damaged) |
Error codes
Parse errors
| Error code | Message | Description |
|---|---|---|
| 11100 | Permission denied. | Administrator privilege is required. |
| 11101 | Start date format ([from]) does not match the format (yyyyMMdd). | The from option value is not in yyyyMMdd format. |
| 11102 | End date format ([to]) does not match the format (yyyyMMdd). | The to option value is not in yyyyMMdd format. |
Runtime errors
N/A
Description
The checktable command reads each table's data files block by block and verifies their HMAC signatures. Only partitions where the encryption profile has a digest algorithm configured and a .key file exists are subject to verification.
For each block, the command computes an HMAC hash using the digest key, compares it against the stored signature, and assigns one of valid, modified, or corrupted to the msg field. Without the trace option, only blocks with modified or corrupted status are output.
If an I/O error or encryption error occurs while reading a file, corrupted is assigned to the msg field for that partition, and the last successfully processed block number is assigned to the last_block_id field.
Examples
-
Checking integrity of all tables
checktable from=20260101 to=20260317Performs an integrity check on all local table data from January 1, 2026 to March 17, 2026. Only tampered or corrupted blocks are output.
-
Checking integrity of a specific table in detail mode
checktable from=20260301 to=20260317 trace=t firewall_logsPerforms an integrity check on the
firewall_logstable for March 2026 data. Thetrace=toption includes all check results, including blocks that pass verification. -
Specifying tables with a wildcard
checktable from=20260101 to=20260131 web_*,app_*Checks the data integrity of tables starting with
web_orapp_for January 2026 data.