From 0a0aad5c20c4265fca0888ed687661de9edeab20 Mon Sep 17 00:00:00 2001
From: zhanghongqing <zhanghongqing@zdjizhi.com>
Date: Mon, 9 May 2022 14:03:25 +0800
Subject: [PATCH] 22.05

---
 .../TSG-22.05/Galaxy_22.05更新文档.docx       |  Bin 0 -> 13157 bytes
 .../TSG-22.05/qgw/config/active_defence_event.json |  313 +++
 .../TSG-22.05/qgw/config/assessment_event.json |   87 +
 .../TSG-22.05/qgw/config/dos_event.json       |  344 +++
 .../TSG-22.05/qgw/config/es-filter.json       |   15 +
 .../TSG-22.05/qgw/config/es-queries-template.sql |    1 +
 .../TSG-22.05/qgw/config/gtpc_record.json     | 1193 ++++++++
 .../TSG-22.05/qgw/config/interim_session_record.json | 2382 ++++++++++++++++
 .../TSG-22.05/qgw/config/proxy_event.json     | 1665 +++++++++++
 .../TSG-22.05/qgw/config/public_schema_info.json | 2230 +++++++++++++++
 .../TSG-22.05/qgw/config/radius_onff_log.json |   37 +
 .../TSG-22.05/qgw/config/radius_record.json   | 1289 +++++++++
 .../TSG-22.05/qgw/config/security_event.json  | 2458 +++++++++++++++++
 .../TSG-22.05/qgw/config/session_record.json  | 2396 ++++++++++++++++
 .../qgw/config/session_record_common_client_ip.json |   71 +
 .../qgw/config/session_record_common_server_ip.json |   71 +
 .../qgw/config/session_record_http_domain.json |   71 +
 .../qgw/config/sys_packet_capture_event.json  |  819 ++++++
 .../TSG-22.05/qgw/config/transaction_record.json | 1519 ++++++++++
 .../TSG-22.05/qgw/config/voip_record.json     | 1396 ++++++++++
 20 files changed, 18357 insertions(+)
 create mode 100644 TSG发布版本更新记录/TSG-22.05/Galaxy_22.05更新文档.docx
 create mode 100644 TSG发布版本更新记录/TSG-22.05/qgw/config/active_defence_event.json
 create mode 100644 TSG发布版本更新记录/TSG-22.05/qgw/config/assessment_event.json
 create mode 100644 TSG发布版本更新记录/TSG-22.05/qgw/config/dos_event.json
 create mode 100644 TSG发布版本更新记录/TSG-22.05/qgw/config/es-filter.json
 create mode 100644 TSG发布版本更新记录/TSG-22.05/qgw/config/es-queries-template.sql
 create mode 100644 TSG发布版本更新记录/TSG-22.05/qgw/config/gtpc_record.json
 create mode 100644 TSG发布版本更新记录/TSG-22.05/qgw/config/interim_session_record.json
 create mode 100644 TSG发布版本更新记录/TSG-22.05/qgw/config/proxy_event.json
 create mode 100644 TSG发布版本更新记录/TSG-22.05/qgw/config/public_schema_info.json
 create mode 100644 TSG发布版本更新记录/TSG-22.05/qgw/config/radius_onff_log.json
 create mode 100644 TSG发布版本更新记录/TSG-22.05/qgw/config/radius_record.json
 create mode 100644 TSG发布版本更新记录/TSG-22.05/qgw/config/security_event.json
 create mode 100644 TSG发布版本更新记录/TSG-22.05/qgw/config/session_record.json
 create mode 100644 TSG发布版本更新记录/TSG-22.05/qgw/config/session_record_common_client_ip.json
 create mode 100644 TSG发布版本更新记录/TSG-22.05/qgw/config/session_record_common_server_ip.json
 create mode 100644 TSG发布版本更新记录/TSG-22.05/qgw/config/session_record_http_domain.json
 create mode 100644 TSG发布版本更新记录/TSG-22.05/qgw/config/sys_packet_capture_event.json
 create mode 100644 TSG发布版本更新记录/TSG-22.05/qgw/config/transaction_record.json
 create mode 100644 TSG发布版本更新记录/TSG-22.05/qgw/config/voip_record.json

diff --git a/TSG发布版本更新记录/TSG-22.05/Galaxy_22.05更新文档.docx b/TSG发布版本更新记录/TSG-22.05/Galaxy_22.05更新文档.docx
new file mode 100644
index 0000000000000000000000000000000000000000..377565eb7bcf982304341b772cd0b53cbcc3670a
GIT binary patch
literal 13157
zcmb7r1yo(hwk__?!QCB#ySqd1;BatvcXto&K?1>@;O;KL2@b&tZl84Dd%HXD{x|-w
zG2kF;?o~C{uC=RH&8;L04gm-9tA#0S3H|!~cY}TV0cdBe<Y;H_#H93Q26+1e%pYbh
zuDXP#pdcU~U?3nUe>XF<w`X*>vCe)ktkC-orH$+&jQY0EVJ0}Ru~Nn#Jx~Vmr>53K
zV~v#cC`b4UVORlL<*KXc&V~D6^%MTX0eD5y2L_`IQ-@%g1NE|AQeO+gL=SxKNwrb0
z3VT$d>3&&P4^XRe#1Bl<;@u)G;;SBZwlEF_y#Zg@hG?n1Y@koU>!Ay7y=cxAqHaM`
zs60NZK?w4fVXpLLA#NvakB7ZhS(NvuO}2ALqJy!T+rQ(#9m*Nt@>#YN1mUi$-h+0g
zhjzp@D7X2cnV>>kf_fCI&FK9NP^iWY%|f!NTxQP)?uZ+hy$d}me=Dzm!nS<XkpNyx
zyXps3joLQI12pwo=Y_bGjXt$I?Pq(i_3n;)NzLk8k=d|8z#>6ur!}3;Lx)u#`1#(R
z$kS})n$q*-)Kt;}S3p?CLQVB6w5R@#Mw3gT#-a-g-3W))G>c+wEu+~I-{_?$B=86#
ze-$y(jqcfDbr2A`n?q-+|Ie5h+|<M?|0^b_e~*c=oukRGpoApKEB3xa2tAW}3ZuQ{
zkiI3sY{-U~MGBXe0tC25q1nOLTS)h`K6}kn(uoo~)IUF5{NNgXQo`&ej8;ogK#hTc
z6N-|dZI_>R>OinlG9Xw?#7YST5Of!Kxca1oXGDy26@IpSrx1Y1C#_9+1UShm#~DyR
z&fDR*ggc4K97$fipR#rs@8{hBi-k?!Lc>p8byx-K^&~DJr0MtnA}Bu%`l(Av2zFUZ
zjx4gX0ZGo{)%t)IYvg^4@rm2fiC%3H7Y6iocbV`vHu<?|9=vtI{;Kk@65DyD!<!0-
zJo<zJyuo15Qz0nAE`{xhl+@`pQvCvYN(cNz2Pq2$)98Wdc$dJ*vW`y39L<zrf#jVd
zdEs*0#1nBi+qDrQyF#IL!n*6N^(5bYXeX1Z=fyR0^17_(rJc}(!;r76#8xGE-^y=@
zOzQD?f^~mh)d7FwA1R?Rh~kZZq_;VN{ty0LoSf}!enp@tVf5Fu5Wkgr3fgVomdtFd
zOjPxd35S$QJ|!EpAfs>v@`k`&oHf%z));_~P7`Evv!dJRg%RQx)nuzPe*z5<qRr1#
zI5EC!tC)fV`(Zgh*RIYIN@ek#vZXzOFov+mA-ledEIH<TcZ)+z4F)v#9LIUhrF8kY
z60d#+|ANg5td==5;(P8f7%c;4trBQ9-|w3tO#-c*q<9PyuC7h|F?yU40^g~okSeW=
z?$m=ll!M8|zU*)p1e=CW-k~L6kkA`@^v_-r1YWF;5i4D9YIOQ}o_{k%W6W&rSd!kJ
zmTWp5#QGuEBQ=Cl6wqlXbZFEVe(r|-y}Vb@##AHotM{!jpT4P<_^fr#?k?Xh4Hd=r
zPsH_KN|AjVy7yId3Ddnne%;moJt0B9vFc{$2>dM>@#AFU;vj&4&^myCAphIM$=So&
z#OW95<GO2(E3K#<XL1_>h2=LrH73KClVaRSLk>yYu|EiT`4>?jwfIP2Qv}tsG!9HQ
z3hkzvEH(<GD5R7HgF`5qW>>jB4V`HlxC#0bgLFI}dI3BqS){=+;=G<YsrVHKIx-+H
zW}9!XFZK=!_KVWP%}7;i@Ne~i%a4a^XMVS?E-9u=`EvXq;j`sKM7Nk)jcq&v3eO?Y
zVh<7wCJ2HPYG@G%NJ%BzQsf(#y9reVMMHrWC{RnI7l*^crDg_m&8buuDFIxOV1mk@
zGt3@7(y`}4cd+@5@Ft47NAXsr<Vvzk#9weFkbKMAaz>?}MPn!^5JttK7^<s4nN-%)
zYvKvEE=pWtQSOjaIhO`t4oH%Q)1|%GLzk8{b1FFuieJRB16J1syI<#z4|2cJbIezs
zG1AQ1hdIPG!85Hx&5DtSWRiebx-!j5=a|yAVy2g#tC!Db&a?Pz4-On>EItGo-&y#m
zOh!GGPb${P^sxnR>RgAlyP>4B?&^=W4E55_hYkA}A&sNHv?x1#^em@Kco2Sf$`6GK
zah0v((OD`bv|Cw;dA9BR%Jlxz(jyy4`RmnW=j)^X>y*ahA>+`+*QUWC{g;ZRnlE2y
zE0<Yt1JOmU^M{y)G(56myh_NVl&JHvUU#9cELZ6iy<@Pt<z8CjFBVlNh*QTykXhga
zAnVfS?rkP~p1pG+XakP%ZW)=zhqZV8lIp?`!r99zKfTNLc{&{}nn2Hc)*g=Fy2m8J
zO@y`r@+B-BT!_(=c6H7!gz;1JP>qVfRRHx~Q3}8rn3xrD-a!M#3Pfb<LQhC0mPMnN
zMYEd1n$3|NTCfV#4xlgOeC=R{k^FB5O`y9TgX+LHpGj6g&tHU2LEQb^-9Xv|4|qY=
zbKwX;SjnY|y<>k)RU-`N8{)hd?PVbk4K<O1M;wg@;C>{bV51imG1m-rrf!v4H#6th
z`trDEUa5*%F6Wv4Gy%e71TqNCKnb>XkpQdMZoi2+-g#Jg!tPa`*}lfa@Zi<arFXCA
zuU?yTXhx$r-tKXpOm*JeSrxY)DLgRA61*?2IA$u;H5@;LFo535B$C1wku?e-AqTw0
zZx}NK!Uk!2IuOcp8~M=W+;y4oiLM!a$w~~A#4VRY_h_6_+y<3w6bBoaYK@zagPo)_
zssL<pNa19V#vJ(!^(r|AY%uSlewdhY6W0lypxZ+Fip<kza?n9)i;9CE2jk*ixy-TP
zq}Cd+U-n4q@a<^5%W1y-?H4cb&d$>&o+z6EAW;xK@L*6*q)1=axe5xoTZKN)Z*gF+
zfYl~+x7{ltyhMy1E6102s=c3R?zrCz=rK{2w?qg~?x$2@63%M+d>P6KhIei)qqIE9
z46M@vV`MLtsn$pSaQ(HTYc}n)*3Z(n_*BV`@X}&{j2oGBEJ`@+)CqfCoki@G$Hy)Z
zqV=;*A^)QX*UX7R9L=GS(e#T8H+E~km3=5-FK*j8v*g;Dy?ruS@NK_b%u-2ek(>c=
zOZ)cFtFT9@VrNWYx@g2C!t&tRdFYb)1EU!3r!|dl4e9LLKB%Lo(`TY-s67C2qBw(A
z=>wN(dFz9^wETO)C)yIf;|^N^e&3es_1**dCp3qAr<ksSlO+Gb&-8io(fJq>=I+=q
zM%d9R2-^cv=XKucw4imLd5E+m@4T>4`dft4cM9B5rW3c7QBV9JF7&(2sR#Yp(4N%D
z1AK?43toOCrL_%yG(g;XkN2v0b!azZ=1wd=D@@YB%e~%Wx5@hR?ZJV=!wvaD4tV#N
zX!5>?5>y*8g~FhUG_*udMVwZ3m=F2B!1+DPxko;5(<un<idsR74i=W{2Mp}D@^IGo
zH4q5ftm3p!G_a=Lgc8mix1>CocBt9oHQ^IK)Izyc8`2EZWYk2>(v;QmwwsS$XjUsE
zc&!esFJc?(`gsff=hx%ra?%y|&s&_83tVXJ<3+A-EJB@#3DaomAQVgtIs3ST-Ebjy
z*dtWk7d+Meor-fhRj2PAdIQst#1uL$4Sjm(&X+`Bp}yUD^5JI9JBA*-5*uLSVVYdD
z$uWYd+`2V89-%ITqd^-)QrIKnc;WFeu$&oAZ#B%qXf$bEG`!4OnmU(htY~!~&I{mb
zc6APE#Y>vZE7e)B@nr?3sT9^N(o};|y246UFE>v^7Jo#^wS2w*ad$^8+(7gZ*l8-b
zrE)R|nU6?fc?5kCQR`}}jpd0**T?VanZ4rJgu7`$fxO>{P)Yp((EYIw!xuiGTJ1H|
zyXPwv(Z{U#qMp5|K$zJt6j9>@knm7evY44FjVTQ_?JZK)+Lb{KjSSP>1uGv946bct
zovRU=D0npEw9yDC$84mn%an#Ql@A(qIBZIrc~J75GWk@+bPwX|+*No%IXF)uIaB)g
z@^mkXYrnP4lCP^WM!KuCWc6pt?9i{PlA2u<qj5)ZrVMGdMTpsM$y3yP7AbPl-jd&~
zwGi!B!?L4IkSC-qXmv-AKq6|UUg6(DUkD(>w$ZXiTE?)m)UsZ;K(nL85^wvgGx3IY
z#C!w1d5-v(12Iz0i{eD3zRVGm*-#mkA8#hL!=mD<SazfdU)|9+MtS}}yO$r%nKD|8
zm{Pp(HUeN$SY#>Vx)`b31*L+Q1Hg_pYFzm1mb^)gM~U=Xj{q0Nj{h3mXR*I^4?SYF
zFH=SY)s8k*9*<VO;@9{okuj8Y-#9qklFw2*pk7zS%nWkv&m1wjQb>9ujQWj{-v{@L
zJxa8e2+ovX(l=f+IaD(~{6!cUs<o;9Myj6OdaQnc|GgB>mu39hkGoJjo{?zB@2hS%
zIaemOLvkIAJ$-WZgkcx?;O~-!d|2J<C<#*sDmjyws`zM3*Sgp5ag8y?=42*86jYmC
z`t5u@jLJ4g5kR0DGgmgfKpswk+wdS<Bo3=lftnP#KL=i0A?_gk+dGr>K}uimroAzQ
zHV#YDbH1B{2tw55RX=6Q{Zx3+w7$Y6c~;JT$J#SPg#K(2xK(hOAlW5wvzHYe*CAm3
zaVFB?Y;eomu|!cmz;YFRc)Hh1#gd*enULT-a+H=Td+X)Zg(`jgWn@W61ympB&Pff^
z*aN`}FGW2=g%RnQa`zI6c<S+C6VtUs?t)quPTy`9nPP4<Gv5?i)Eh?+e=B6q7^Xk{
z)}we#ey=U9H^Zpe&j0qi@-qitjTe@+C@9cu{~O^!kiO${1?;!F>Ep7}OS#+*pY`bO
zZ1>EJ_Z8p<=H6dp{kITSWgM6DrY$JvkX)DdlAYLA`{TY&l(kqEMk?#X7%$i^wL;u4
z;t-5@m`)yu=LvpPHVspNze<U_-sc$`<X@l~DR1gLG^`ZDgTqpw5|>(VT7sEfP696+
zyVhZx42f-7rA&xoDmaz}vZB0nM#7e?a%^xrOxQT(YTF_|e#0gFxRNG~*rI#o>#;=V
zam<w0{qtHK8l@2NWcOY{eWkHndvc{e+{RoaGcyQ*lhwS@wB9&o2?BBv;XtZlQoeBs
z#3$53ldb<eHv*xTiFCTj%o6tL+=UzvTwu)n$Ovbh{nTIejD9?2`;0Ws@BO~?{sjUH
zhWJSUq%^ISxj&zywq=0hflm$Gvr$D6G1KXIvJ<LP%?H~a-FF4%MMSHn#J?5>S{72D
zwDlP8*`hVikNI7U$Sg+5zGz)v#bIPO%t!FNsLV?299?V^>((u6_xs4ALc>=K*-7Y<
zs<)NFhsFkZSD}!0Ba7D^2p-Udts6x~CjFX*jn3fahQh4CmMR?<uCVnu0uwGCQ70FK
zO!Ip`bJ2<lQ>|0aa;=<g3wBOG^T>Ks_OVZ?&2~ddt!et9Fai11F*D?1fWFR$u#v`5
zf|bS_mK8g_!UF6h?{;qS&lFVWXM4pk)opyA-5eNP$MZARnFQ$6&tmdu70TAK%p2_l
zMq<3sQ>X&ue(tY2_gX%9Ue~4Z{J41lBv~|R+C%-|_qqLT`!;s74+ebOVXz~Dfc)A%
z|FO|<GI4gcur>Q*A5o;S;<&|y;<Hiq3_WrNvC%U3PQ~9LaVZ`+2z;N;X$Y?rPmxMK
zNTT1#pzlwgb3At}O6!>0QTjFR!`5u-VzR4Vb$oDLjiGLu1aw^*Rj|##KrhQNQgp0p
zI7PT)=->dM?Dpus;Om`gG`Tw591vRP9k<MOO^q5Y-nA#o`W9dqKF1JhGb0K>a|g)O
zi|k{ZY-Ltt{WKJ*RB*$;!sb)x+B+!0_^s4+T3(vIdB>_qUc$SblDYDg9dk=#OZ_8g
z+!cUTP2w0<&Ja0km|+;W&G4*i7r)i$aCxbW#zbTD6K?cLs!pM4layQYY2>C}n9@DE
zC>W}!UWQXVm|#`&G`&#tGgIDNJFTnYS1_khdX2$sSx?iAnUk_8P9Q~m=`sQY*OEA;
zS&J$kV!Q~npSZFPAiXVIt34vAQcD3juP|ZyZI5^z>JXp~IMC9pyufL`AMjYFk-))Z
zuEz`Ke;1Pjh2}e|CIpn2ej&6uPu}mc5w3=~#)8n&N+DIy;EK3;|DA0|Zg|EMa^AlV
z&74Y^F_@#H2L>49LQpKvyrYv%L&;8d2I*g8O6J~!5GxnWt}-Z5=g=m>ttML^37E{V
zuUzW_!<hOZE1Y<yNsUH^YeEgBTxjXxs~brBNXIyY2Mjg0ug~tK{zgQ<e#mM2Dw=um
znAK0qq`083Sv||3inPsuMjiTLjyJ2D5u!w1lOGR4>9$YNMgs|PO&s>~_xPx=%rb^>
zQp{}_5oNwLI{b6|gFKBma^)4{eY<y_-70`Ha&brAY1Rq|r&d6CGDSHAh2mZnj$DVi
z?7|VA`n!)Zy2*Ut7IrYb8fn&zM;XE@2N6q!LQ80!Ws(JrCTN3q$Y_%Zs_4=vnQ+mr
z8;+55w!3IyS9taNEuJNQ<7k`RV(WWdQlK;o0P2)7Zd|n_Y`7sMxRSiYg;|$wbZd}g
zct<XyasQXYghi-%3wuSY*E1pf1F+~`6HwBIk|{tj>18Mt{XLu->ANaf%BMI2?|RTN
z=fktj9IaDUd?N_mK)j>d*=K6a;fVM|YvIj<s50hPPR%N8wUe@9l_vsN51pJww%vE1
z0X+3kXPuWssm^ZCW5aR#_b-E&!|h%O!&{dR*9#pKZr!~rvnvJep0Oui2SeQ4xSMi5
z;?=%*@hw=00Mi8I`P@OtO$^%apbE<jg*I@JvOCn`#A7(Z51Wfwk=x5m&rtk$SWog0
zac)GdSkiJ=H228Q_pdy2vOVkQo%U9GGa}C7KkqMftZa=Frh!1rUU9{;H+WNFH<EnM
z6a0CC3B;bTp*qMVt7Iq0FrBL9TtqA>wrbqjMmqV-ojd-aO&)xZ`Pow`*Yrrs*Wht|
zb9JCjcZI{J1o8sPXN9nSXB*LaB|Vsd|N1%qtl4%H>8WGIZS#yTR?yjI5)Wd3XtHJY
z_L0Q7p@`?X#f-;L4Lq-u5$v3W;P7_7-CW&s!g<D0VqB>e4Z;QU0TQZDL6WW}6K!FW
z4q=f-K)k?v-ha&&atNS|+tWS=vb!*&4Ax}gzgVQ*DrDsJQ`;(B-6C*NAGzZv8AOz<
zI}=c?9;`Cl(wFT!{bI#4DpacM@{mbKBrY9PRVg|QA(0!C2=6h$s7f?|uVa+kJ1DkE
z&~z<KDh^3UU(k5lW+i*g(ke|zRqSCr7K?hc4Bo4uW&mpbHnV6P;N8t@q2c?5!!>4!
z0!km3PEhGf66A?zK1LaZ`FvF2m<4b`8H#CEW|DuTO=6G0#Fs2+1F7E}{z_k|$JKtA
zU6w)LNyZ}}sa%4KV?s;~b>zZ#+$e(z8wRXSS+7p2n+Z$z`}SG(<m>-Z`+@&=N_I9k
zu`&6r0yJHD)_3=oyUB4tKrsGk_=h?3uR73)mb@JvCrUfkfuH7adkydh84D?NqrldJ
zE1H;0Bt8v8!)W+do%m#ewa6XKJfZ3Op?uItJx}UoC@FtT^9QS}Vks43zkJbCOK}<1
z6Knx&@#CmIA6D-yoDLEVjmq`7&u-x@#Pk*qyRsA;y~FX4<gl49C%(6Zqa9S_GGJm_
zftfD=_}8O_Fd`k{OqL$zn=S#=%+f>2_r;l3Rz@(rQaVO73Y$ye7ueEwBfSm&g=FV=
zvklkpKR05MCEn=;8rgdpvyqA(w?CcSE^Y|kG?}jR0*a+RDS?ZQc#Uv2%CT`^r(%f6
ziAOn}p-dMeqeC8-#+}J-6iP|CPyLjAnABfstqtXHBBRy#hU=>PoVv0L)$Oi3IovDE
zY*F;SVy+SX6<27NrBdZ=j;Em~7b@>Nih70vvyZwPF7JtDEW6N>WZ0Q&d%JSudFX2l
z#l(u*wcU4i>MMP%9=ERy;RPX!c?kNtJsPyv*XsQ}R!X5&4Bvkgowyd+zF8HJ<1ppR
z&M!+?H7<j(7&$M(+Nsj5J$Rma#|Bzbm&wXA8%5}-SuwW`x?_RBNhOd+P?gXS=945l
zz$>$C_N`DElFzf5qmylWaIgVnMJ**15xAvIW?#w0tC{!oHahMOPom7$FM{?5k$w4n
z@6PYKnbOHdEwL!_Ew1;%m|i_D({FF<&er)JmSeCeUnX+}{q6@fY>BN4xU)4j_?~~<
z&uYYVx<7A|L3?Kw2Ed*rVZ)#C2wd9MU}F{+8nF(7zu00v!=TO@@xnsN#Aoz>?<6CG
z_wk9OcHDHWCg|qH7wdy;<7hEMJr(yRjp*Ih188@F4;&zEPf#C!Zi#+(OC^1flcgxP
z$`FjC>(r!VwA;igEzBP=YC_k8Ii3liKnvmOo>7_nhHX4}bc$xwf9;RJjc!fe{<UvK
zxDO{$07rA4jdPiTdB^046z0Cs$jN?i#c;0Sh(n-0p_&fGCH~CVGUNg`LkjR!=SEp>
z-2aRWr$y?f*xP)IM?|DpR4#oHwi<;o6AypEirfboqA&XfoF~SHJQa9+*%F7%nqb3W
zD^9JT`;AbV6#cOVTQq|7j53Mw4z$iK`~k^BXn4eVgXEjc?XaaiUj6JRHYSv7U=Kk{
zTWGpkXFCl6$(JIiPiyaw)5xht+&FsgVL7FC%k6Tx-1Sw5*Z2Bb%v`a8Juz&RbF`zO
zcecu%@Z=LSu{ru2qdb`=&ia>LH=?e}p1ofZ`7{hs%w4d@Vpkr{399(K;$VvSxr^NO
z54M~9*U_B~m6i^ps2ER;EFg&H6+&U@b%qieFSwF&(QvLwlY6GykLjrLhjhbwWYhiW
z3JF~w)ZKX^kTv6VxkpW0+Q<4tiMffG)S?`k8HW&b%O|UpL%ha0<`&m*KusPQ$)ks@
z(eRMau9x!Q5<7H6r|`*tj!cAz_jYg9Itt3pqrvB?10j(l3GqK?_%?u18bG*FiaF$6
zCKq{r)Xg5d8v9vh@Bu?95DU)(a*TCNNk@ZGv4WAVK?S%>YM7iUFCr;%`wlf9WPkp%
zgrexSuG3mt$y`B+NWx%Go^t1tKK(?7RkijUR7RSNF#1{P;UY(w5{qau$1|$V+IQnD
zkrNn~QgOCmECbQuIz&HA6X}+C8}b7B%@58j?BNl8tA*sY50>}hxaI}yVor2bLBu+m
zj)?IoQ4&arwp2KA67JOF^>}2oGfNsucXD)DiVgQm-6M(e#B1%;T$fPJJ$5A2HJ0sP
zz_3w3&)i0|*ucT6$l*yc7dJ$VM@$yIsY<P=@g&(|l-8Bym?t+sjKK3eXrqE}Yj>E!
zl%giKp(2UQ8;s|DSgSw4#R*H%y#<nCaEr3-^UuD=m}g(3H64Fv1rA@sr=7&9IWB^5
zGIM;M?#v`(Yh3ICzaLy6E7TQr$K85LgBvJpBakjG&#d>+uxRPNbdA>(o-bh8A|p8e
zp&@-Gq#1+1hnoN)=krz2n$djEl(}o=T*88&UYa0NbvHjs97o$wwh|3Xz*Js^ALu_%
z$t<s)T6^A(7kteAw#<J!<#e$zv336AF`=uivZ7Atw~_vgge%ClHX&8(O)|jXT&t8e
z0d!+2@>xlbjSs01{|F$!nNJsp=dkb>N?cnFct2#4v}P;Evj#6cWNO+elTe*|iSZ!V
zs?}i-923FJ!m25dII-*Ya(g8>BT3|!f)#<ICmu+TD2`2wOX41p#2T1P5b1q!kDVTg
zB4u2JKsSOW2%x#7zPvcM^SesOnHbU`nUuu^Rg<Ewpj%ZUFR_rxC`L`)zM?O<1S=Vl
z%9){7n3%nsOYXX;XDr9z!89pYNGKS=k3*^F?2%!mkK~%)#j{Gn&<kuV2C`3Dh9}O`
zXPeC*28xKBz?H)$1yY-fm-6y#s*@p$!<8kw@`!m7^fY}sLE_dwC9v$J&ZxKA;65TY
zXpkyzgYk){NJdXSdbeDG7@Fqvm2K7%h1FxaT|pyFOw?;VK4`4FbmZtA#ylKenH8AC
zKnD%eGS}vP#e}6#j4<t&itY-|Nw~ztnj5I2pvZ_uu=#w1)db6=;n0qzJ`U6ArYdPj
z%`$W-9F5(;Ef+~tp7IkFi{)~7ryEdDOagOkTplGz#5TbMV~q75v4IkBQb|{ZUj{s{
zk6IND;R?8hQON~Pjknmc%GLoSmpTu#U&zakKfxH!rbFbjN`tXV0kMILpR#DS?D`+v
z6dF1x>kEd^Jv~D)!bodiY;>uC5KYvUSkLKB@Lch}ZI-EJt`tXU^cFCTL$HY)fbUwL
zvW3B{^vP=9FSMto4lz-Zo{zQzsU1lqW1mp<rGHqI^W3RtSvu&qP6y{Kgbr#YJeNuJ
z8L6@f$1k|e=-j7z?6-LAN48v`+)CDYnLIZMUy&@v#I_g@Zm6qB&JlL4%73xZi8*7$
zE5fpCN{xf9$MKD12>+m{Qgh$CeYqF3w&=&q_?qQg((IZVT<w!A0XG_;qoPW9afCpG
zL%G?jwD+_TlWVJ}xv;o$BEH?7QB(c0bii$V=-HyWth)qeJ@z#&hSM#^%x!$8bK}+9
zC<|C1M|<-XJwkI#c&yE*rMB(Ey3V^ZKGrIJj!Hp@pVseL>})ckumn+s<Kb5!Cd+gt
zbT&$#j4z%qSk0vOoPPpIu}WOmlcObNB`j?AujQ|nXD??Eky|d4WOw`Ro=a$N_oA0<
z!dACFqr-g&tmU3*dtTL{RjbrtUVPO~&#tm=D;@JyX=&R@7Hn4aW!X1KG1z)UPa`(z
zicdpR{gjPS&5#<--6+G!?&Q|LYLBLp=J6whp^7hE-NU6y#}l~zxN%yT`b_}8#=2VH
zlqvR-byN2PNA1OI2KOTbd{_VIKn&63h!%vPgjRB9vKG7XlgkCGUV_@VcdMbd-=Z)N
zrs7Z9nQogr<NQ*FBhI}J&Kw<f%(LUF^2fwB97{1k^I?{b&{K!!!^urn$>$B*$yb)g
z@s6WbCgCV$2@8+?>%@!8;+}G&`<dF72SsgBytt2URW`WD9cv!Xrnd{TYrC?I5#Uox
zkq^#7o5{GG?`&7vl45K(nK3KWMpjazGvY3}!f`^Emp*)3(raqhp1HKGc$Ln$;)-LW
z#!=rMHc#9srg7F|+sk1MVvfX-QjUP=7aO0aFgEOMeg)97?&l_RVy*;_xm<ZIhn0be
z_K?J$BytBvWEU5l52BDqG*B{Q$MiVl5W@$H!rUQ5p&+HA5^W*_cDfA#6IkvIQf*Y0
zL}=GiO%dDq@p|?lp7h1zZC`B}`6^di?R50*!4QhXolYfC_@~98&RCPXwdw<nBrIx1
zs8Z&aE;ks}E9r4KIqDpdz`PxWt&-~bKY$zOh-ZO->J>U;tkU6Aj%6n($p?5fypkgI
zR8KId|3uUE=RL7E?ZM<b=z)n<SV+D$*PKavoJf0gxP779zCOVfyS3+wMPebg4zsB@
z>}-UY8EtL0k5gnvdZO%dgJY>hdHvAHgP`7fM<x1{tp-qR23^FDDeb*Ob_U+I+`u`v
z2peg$w0@nr#U8>MB1_v-0~1-og<mkSXIM@z*;5!pl@rmHH<)qqPQB8~?sM=Bx0{FA
z+Jstgz&_47{jl&Mm)wVXDvMqoR_g)0U|k=)Gk0RxBPRz?ySY?T@58EBmD7kRpA|^i
za8jAvHS=w$)v~gUIh7E5(YLER<X+3kg>XUGP4Bs6J!@ce=#ouAIK7%$LlHhb9|kye
zU=cAcihVQcaDPkBc@m70WhGb>*l?2~gx$SAg+auBB1{NG!`n}Zrb+@BcyP@g$(v`&
zIR%2oHT6rjgSy+t@&G=&_l=)?f0}E-u(85lS-a$ApZ47&T&cGbMBP@RE*(`FF$oVU
z@8h6qe{^@A18e+D{edQLHMJ2^m?YdzeY+jJWW|4^M*IPbc~A(;gu^(@F_Zc<W7;h}
zuUiUcU1$F%*o~CDQ#<)NFCoDeD+CQni4yu(E&@T2iEJF%G-h;m>ZVWmv0-c0_1&3g
z-d`kTdz^0ohO9LyG)!bUw0r#-7dIHni?JA?m9kW()sP{?tY?n(?PAi|td@oR_;%>4
z6AyvP{DG?HQ-q;y%akJlwoWs=?^Of#+6pnNmk}$zzGSaVwK{F@HE4x0#Eecru$z9K
zYPG5f+lz<zXf+(VpgZ-fOaOXzRA9QGd%}~IWIm&hlT^J?*yh1pT~I1bVzR39#NP;|
zo@y>>a8-@KEAM?T@ItEbZk{Q~Yf)2q<KZMyg#G*AA<Q7H9#XtEc~mVNLCs}g!NTA$
zR$z=oHOV*LT~pK+Nag{C&m7w+yXTD%<uVGv*{trGDuFPWbc0{we5kAi7AL|*)E%p`
zfv8M998ixxNf_e7SOeYI3*4B=G|328t6*3RE5*P^91`RB)cr}Rj3@L}cZvOI6euoy
zZ;6lth8k<<bx`%pp6a1^`dk#3cD5o9GwDi6clgTNiZO=~_+Sd8`qnn?U{Dus9&jNY
z^E|2-Z$$!$;Pcp?&_x$LPi+iNM-aZWBaI-=|6CJDW%hi?^Tc(MA0N>k!gGD^>V`-w
zX!l7)j#j}80+TQ~077ivBc`8QrNXpeA@s!11JEQ8>#%G>wt#%}x~Sc~_+cqjM4;Jh
zbMWa$2b7O>v@`<GBZ>puHm~#GQ=XZco`v{P{wI*2{PneK@NbJ^crgRp;NX&Ez9a)v
zw4raPx!iSL{rCoCl6f6E;(bY6LToo$a+9Yiy2U#f6sq&y<^505+lKs-Bl$Dn_nvc<
zPNhGOn2{;O6`>}cXVR^UR$^NuX9@={<miS(NAJkB2l!=b@=f8{GwYtLGFx@x7-1jT
zwavjh!SOWrMRqYCM%)YQ8q|I9cOY=Q>qJq!nv*DmnWjOwICTIBH(giu3Rwp#AZA{<
z2IgMy4ZEC8(J2jU8l2+|Y6F@N9%es^?vL|p8q{8;Ae1J&1S<H4=x@#gjr4*24H>z6
zwiepF!w#(OO_3}3TioO8?FB%pbJk&J_eBKOaQ#^@j}P{I@sTCgxEi&7{`-PLuKr(y
zJV*`s6+|&=x!p6tk^;Htvoe#}-Fd~X>xUHYC-&SqdV95X-b+L2^HGeRCx+$^Z5klF
zj$yL>FjMpTt|PVYaTKA6rcZ`pzw7E};MLbmyD277QQF1IZ*N+Vk{5wI0gDU07RRbS
zuM?|Abqrmn-Ozim7SNmjJOaz*k6UrOhwuvb&joM#@`0*4I0(q$n?eTd-?b4_J6mT}
zLnG@ybYbo4Yqrbpu-kL%-Go}~jKhRLQq<!)W^7$+T$USPp}zDx0K-@a4K%)HxVE?*
z5E>lin5HZ=eKX5ES3#5b)F`3$z3&B>o8=^stLwcdy&WpkFShJ<PUDEn7So?rG~03Y
zormX;3o#|hSq?2>rlaoDNDG(W^O5y*W;mM$qGoOxVcg>c{bXIvk1}@&ZsiivLK?m-
zm|<xo!QHuCG2aX`s+vul;iYg2di_>H5gRi#2|^WdIZFECRMH%$j6KtKItwri@iJ3-
z74e3C=6Ot!SXLUNGC)>3RU;u4y>4pviyp~@5lwR1PKiDC;_1+QkpZ{F9-d+rRGgPx
z@#lD8GKd@eG4DRz7H*WD44406w934@ELMzLVA7o2kQ6PT|J{Blxev6*xkVwRB?-|B
z-`yT>WhG!TT$N2<Q4BK&Wg^ieKt^S8Y*LeO67DHfs+iMsk(wg}+KFAn2U-sn4l28=
z2IiEPK<K9?38D1}Qhb=!ybhVEg7r}v4Oiq(e4)Gv%ao-OD~kHTq34rDLAMRM@Gc<;
zFfjWI8j6BhMzX*$C&LQ@!U1QIJ?Rd`Udy_1L`1z3bPMM=D5Y~@TyM?bAJgZkJEb<I
zGU?_O98K3%$*?>8B<TGuP5PhsZzWLrv)&6^j~=)SBM6m9)4&tr1`>K3qu8KTjbJxN
zLpB)5EI|*#Zoz%Ksr-`DO(P@<BQ<4#cndMjPYzQ7Rlgkt6AE>0TjqUn{$s^Z-#H*E
z^*qEQYJKY4^32q6uri87&>-8U*||9NUZV16vN{oT&>hjmQsJ;7eOYv!=+APwA^_h6
zJUlzTAnJ9dd#U8iLdbS7a8PVWVgzJg$QzxwuM!qwsxC3FMJC^0u_nUf$*sw?LP$wx
zIphWWIcQZ1>U|azVXJR_W!!z0SSg&b*5zRl4;-i|M4BNYf|K14GgBAvd~GO?ZWIYp
zOWO%jal?DqYaK!lW8x`_bVc2~gTHDohL0YwOl^{op89RPv_IaTZ^Q4HhR}x+!!tk=
zpv{kOTQH(?ur-~jt`kRR7?!^q%ZN4>LAOiDkC@s<!C3@CHFe40IwLnM%F2snkDA!X
zZ?ZVmPy51OBNbDmfqz)LnMc#h`|chVs>Y<Y|G$+oq26YpzN3lt@1j~zQc|MlxBq>A
z6A=C?cm8R^_{*{)aZLuC871Tla)V^dhjWFNbjI3F>>yjp$Dbs94RP%$UarB%E6A_8
zy0ZP;k;QDn+iA$t$vMb9KiTFS?xPxFU>nlFgF^S!si6ZrDXV9Y==rBjF&vKZ-TsFN
zs2!GMFT6TxMgh8m^zH0qt=pY<8YGEK*&O6yIwNz#;hu2>!)m%4LqBK1GZIR^;X+zi
zRSF*~)L6f)@YYw%I}`ovPS}sYaQs3&k;Y>LSw(_lApl(-h~SuE>LM_HmMS9|4TV#L
z6oJW{l7+UCc+9C}=s`buugeTw&qrkL{iMq047>~-<3k(Zl61b#6?=&1ZuZDQ9>+?=
z_Zizm{J#qV|5FtHZ*&d;pp^FCXe@oB6aVe=j|06w4gbF1{};cLmT%J7fwQ3YplKh6
znHXk?Y`uZJ#RPu;eQLinV?0^B(G^9A<p!lzS;kPso{d}48P{7@kL#H90c-?Saag#Z
zs1s~Y@U!tBYv|NQcprWk3xTtu9UrY^p5S?oUPgp6C!nPYK|$^P{KDP>N+l~Uhy7``
zpHB-j-7EXcV?F<oyq3U`_YvrIddYGV)MbYc$o!ae;_Gd!E+>z7#Hm$J7Z#~A7C7fk
zZ(-W<Dj6QvM>rBlADk^;d6<vivq0$IGugSs7}imOlhl1ld)c!u)e$XK7vEeOWhTH9
zjuPnmQTJH(dnv?wSlZX<O|S}htDOH5tZIwCJr&-nAo{8v_9jlczltFZ$)mPCzXYo(
z56B5kYDNbIWwc;X0v{RRA3!TvLCbxIS(WY{6~GKZ0W!**31};~_#2vp(H|#F;ib$2
znZ!E}A`se;QZ8oSw<+pfdL@w1=+ofwB^yCfOZ5II?*?Lkvg)1G09Xs|h$)V6xI)Ck
zH$6Tf4byBbvZW{=DzZa*to&G$Cg2Mw$;v=r#^)2R*!x(!PvNJRNnTA|J9ym}ss@Kq
z$o>H}b0nn7mHIwZ>3qZ$X+o|KZvo|!I3MR8r&{ZFV4hq>m_t26FU1&93zA=fqyU(|
z<vs#BuCyotZZ<}sp(Iqd3s=VHNKVdD?IJL;K+=7GURh{*z0}A3-hQ9ejpNHonto5G
zNLfb5qOR_;OVR+lmC(-iiFJ*<>&V?{DSlb|b?N;(g}Jb2(KB9x;|S|QMHyn08a}-z
zq8t3yomsg0+H)c>n^S4N3j*+3pBpCI{FuY|+V<Jd4JBDnFaXG3%KG1f@)j2mP!Qs`
z@5c=PHAH`2;J*uIe`T6K+b@y6Cf&bt%I{8p&pf{{e>(O459W_~^1nIz^}4{H?U%D(
z?Qbs+{Bw}MzdrEG_)mXSe~10+WrE*(`@7KnFZ9>9yZJv(|1Ep}9savc`!6`}+cN1d
z_<vN}|J$J7rp~|GuR$k3{70btYry|KD8G`{pY0c<fc_tu>G#h5p2U6u|72?PpTPf-
z(tf|v?}g95uJrvaJN}Uz|9*|%;lD2<|ANoF#q1CGKNgk0<A0Y|{Dpsbqu~$y-^CWc
z!++O!{{^rAH|KvTzW)UOzpx*J`7hu9K2`kZefs;k;$L1H{|Wr-lu=0*@{d`E^7dZL
N)Z6{!$Mg&Ie*j^FiKGAk

literal 0
HcmV?d00001

diff --git a/TSG发布版本更新记录/TSG-22.05/qgw/config/active_defence_event.json b/TSG发布版本更新记录/TSG-22.05/qgw/config/active_defence_event.json
new file mode 100644
index 0000000..ccbd05b
--- /dev/null
+++ b/TSG发布版本更新记录/TSG-22.05/qgw/config/active_defence_event.json
@@ -0,0 +1,313 @@
+{
+  "type": "record",
+  "name": "active_defence_event",
+  "namespace": "tsg_galaxy_v3",
+  "doc": {
+    "primary_key": "common_log_id",
+    "partition_key": "common_recv_time",
+    "schema_query": {
+      "dimensions": [
+        "common_policy_id",
+        "ad_target_ip",
+        "ad_cc_target_url"
+      ],
+      "metrics": [
+        "ad_target_ip",
+        "ad_sent_byte_num",
+        "ad_sent_pkt_num",
+        "ad_cc_initiate_connection_num",
+        "ad_cc_established_connection_num",
+        "ad_cc_rejected_connection_num"
+      ],
+      "filters": [
+        "common_policy_id",
+        "ad_target_ip",
+        "ad_target_port",
+        "ad_protocol",
+        "common_address_type",
+        "ad_sent_byte_num",
+        "ad_sent_pkt_num",
+        "ad_cc_initiate_connection_num",
+        "ad_cc_established_connection_num",
+        "ad_cc_rejected_connection_num"
+      ]
+    },
+    "schema_type": {
+      "REFLECTION": {
+        "columns": [
+          "common_recv_time",
+          "common_log_id",
+          "common_policy_id",
+          "common_address_type",
+          "common_device_id",
+          "common_egress_link_id",
+          "common_ingress_link_id",
+          "common_entrance_id",
+          "common_user_region",
+          "ad_method",
+          "ad_protocol",
+          "ad_target_ip",
+          "ad_target_port",
+          "ad_target_ip_location",
+          "ad_target_ip_asn",
+          "ad_reflector_profile_id",
+          "ad_sent_pkt_num",
+          "ad_sent_byte_num",
+          "ad_generate_time"
+        ],
+        "default_columns": [
+          "common_recv_time",
+          "common_log_id",
+          "common_policy_id",
+          "ad_target_ip",
+          "ad_target_port",
+          "ad_reflector_profile_id",
+          "ad_sent_pkt_num",
+          "ad_sent_byte_num"
+        ]
+      },
+      "FLOOD": {
+        "columns": [
+          "common_recv_time",
+          "common_log_id",
+          "common_policy_id",
+          "common_address_type",
+          "common_device_id",
+          "common_egress_link_id",
+          "common_ingress_link_id",
+          "common_entrance_id",
+          "common_user_region",
+          "ad_method",
+          "ad_protocol",
+          "ad_target_ip",
+          "ad_target_port",
+          "ad_target_ip_location",
+          "ad_target_ip_asn",
+          "ad_claimed_src_ip_profile_id",
+          "ad_sent_pkt_num",
+          "ad_sent_byte_num",
+          "ad_generate_time"
+        ],
+        "default_columns": [
+          "common_recv_time",
+          "common_log_id",
+          "common_policy_id",
+          "ad_target_ip",
+          "ad_target_port",
+          "ad_claimed_src_ip_profile_id",
+          "ad_protocol"
+        ]
+      },
+      "CC": {
+        "columns": [
+          "common_recv_time",
+          "common_log_id",
+          "common_policy_id",
+          "common_address_type",
+          "common_device_id",
+          "common_egress_link_id",
+          "common_ingress_link_id",
+          "common_entrance_id",
+          "common_user_region",
+          "ad_method",
+          "ad_protocol",
+          "ad_cc_target_url",
+          "ad_claimed_src_ip_profile_id",
+          "ad_cc_initiate_connection_num",
+          "ad_cc_established_connection_num",
+          "ad_cc_rejected_connection_num",
+          "ad_generate_time"
+        ],
+        "default_columns": [
+          "common_recv_time",
+          "common_log_id",
+          "common_policy_id",
+          "ad_cc_target_url",
+          "ad_claimed_src_ip_profile_id",
+          "ad_protocol"
+        ]
+      }
+    },
+    "default_columns": [
+      "common_recv_time",
+      "common_log_id",
+      "common_policy_id",
+      "ad_target_ip",
+      "ad_target_port",
+      "ad_cc_target_url"
+    ]
+  },
+  "fields": [
+    {
+      "name": "common_recv_time",
+      "label": "Receive Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "current_timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_log_id",
+      "label": "Log ID",
+      "doc": {
+        "format": {
+          "functions": "snowflake_id"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_policy_id",
+      "label": "Policy ID",
+      "type": "long"
+    },
+    {
+      "name": "common_address_type",
+      "label": "Address Type",
+      "doc": {
+        "data": [
+          {
+            "code": "4",
+            "value": "ipv4"
+          },
+          {
+            "code": "6",
+            "value": "ipv6"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_entrance_id",
+      "label": "Entrance ID",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_device_id",
+      "label": "Device ID",
+      "type": "string"
+    },
+    {
+      "name": "common_egress_link_id",
+      "label": "Egress Link ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_ingress_link_id",
+      "label": "Ingress Link ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_user_region",
+      "label": "User Region",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "ad_target_ip",
+      "label": "Target IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "geo_ip_country,geo_asn",
+          "appendTo": "ad_target_ip_location,ad_target_ip_asn"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "ad_target_port",
+      "label": "Target Port",
+      "type": "int"
+    },
+    {
+      "name": "ad_cc_target_url",
+      "label": "Target URL",
+      "type": "string"
+    },
+    {
+      "name": "ad_target_ip_location",
+      "label": "Target Location",
+      "type": "string"
+    },
+    {
+      "name": "ad_target_ip_asn",
+      "label": "Target ASN",
+      "type": "string"
+    },
+    {
+      "name": "ad_protocol",
+      "label": "Protocol",
+      "type": "string"
+    },
+    {
+      "name": "ad_method",
+      "label": "Method",
+      "type": "string"
+    },
+    {
+      "name": "ad_claimed_src_ip_profile_id",
+      "label": "Claimed Profile ID",
+      "type": "int"
+    },
+    {
+      "name": "ad_reflector_profile_id",
+      "label": "Reflector Profile ID",
+      "type": "int"
+    },
+    {
+      "name": "ad_sent_pkt_num",
+      "label": "Packets Sent",
+      "type": "int"
+    },
+    {
+      "name": "ad_sent_byte_num",
+      "label": "Bytes Sent",
+      "type": "int"
+    },
+    {
+      "name": "ad_cc_initiate_connection_num",
+      "label": "Initiate Numbers",
+      "type": "int"
+    },
+    {
+      "name": "ad_cc_established_connection_num",
+      "label": "Established Numbers",
+      "type": "int"
+    },
+    {
+      "name": "ad_cc_rejected_connection_num",
+      "label": "Rejected Numbers",
+      "type": "int"
+    },
+    {
+      "name": "ad_generate_time",
+      "label": "Generate Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        }
+      },
+      "type": "int"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/TSG发布版本更新记录/TSG-22.05/qgw/config/assessment_event.json b/TSG发布版本更新记录/TSG-22.05/qgw/config/assessment_event.json
new file mode 100644
index 0000000..4d6cca5
--- /dev/null
+++ b/TSG发布版本更新记录/TSG-22.05/qgw/config/assessment_event.json
@@ -0,0 +1,87 @@
+{
+  "type": "record",
+  "name": "assessment_event",
+  "namespace": "tsg_galaxy_v3",
+  "doc": {
+    "primary_key": "common_log_id",
+    "partition_key": "common_recv_time",
+    "functions": {
+      "$ref": "public_schema_info.json#/functions"
+    }
+  },
+  "fields": [
+    {
+      "name": "common_recv_time",
+      "label": "Receive Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_log_id",
+      "label": "Log ID",
+      "doc": {
+        "format": {
+          "functions": "snowflake_id"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "lot_number",
+      "label": "Lot Number",
+      "type": "string"
+    },
+    {
+      "name": "file_name",
+      "label": "File Name",
+      "type": "string"
+    },
+    {
+      "name": "features",
+      "label": "Features",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "assessment_type",
+      "label": "Assessment Type",
+      "type": "string"
+    },
+    {
+      "name": "size",
+      "label": "Size",
+      "type": "long"
+    },
+    {
+      "name": "file_checksum_sha",
+      "label": "SHA256",
+      "type": "string"
+    },
+    {
+      "name": "assessment_date",
+      "label": "Assessment Date",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "assessment_file",
+      "label": "Assessment File",
+      "doc": {
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/TSG发布版本更新记录/TSG-22.05/qgw/config/dos_event.json b/TSG发布版本更新记录/TSG-22.05/qgw/config/dos_event.json
new file mode 100644
index 0000000..2a50997
--- /dev/null
+++ b/TSG发布版本更新记录/TSG-22.05/qgw/config/dos_event.json
@@ -0,0 +1,344 @@
+{
+  "type": "record",
+  "name": "dos_event",
+  "namespace": "tsg_galaxy_v3",
+  "doc": {
+    "primary_key": "log_id",
+    "partition_key": "start_time",
+    "functions": {
+      "aggregation": [
+        {
+          "name": "COUNT",
+          "label": "COUNT",
+          "function": "count(expr)"
+        },
+        {
+          "name": "COUNT_DISTINCT",
+          "label": "COUNT_DISTINCT",
+          "function": "count(distinct expr)"
+        },
+        {
+          "name": "AVG",
+          "label": "AVG",
+          "function": "avg(expr)"
+        },
+        {
+          "name": "SUM",
+          "label": "SUM",
+          "function": "sum(expr)"
+        },
+        {
+          "name": "MAX",
+          "label": "MAX",
+          "function": "max(expr)"
+        },
+        {
+          "name": "MIN",
+          "label": "MIN",
+          "function": "min(expr)"
+        }
+      ],
+      "operator": [
+        {
+          "name": "=",
+          "label": "=",
+          "function": "expr = value"
+        },
+        {
+          "name": "!=",
+          "label": "!=",
+          "function": "expr != value"
+        },
+        {
+          "name": ">",
+          "label": ">",
+          "function": "expr > value"
+        },
+        {
+          "name": "<",
+          "label": "<",
+          "function": "expr < value"
+        },
+        {
+          "name": ">=",
+          "label": ">=",
+          "function": "expr >= value"
+        },
+        {
+          "name": "<=",
+          "label": "<=",
+          "function": "expr <= value"
+        },
+        {
+          "name": "has",
+          "label": "HAS",
+          "function": "has(expr, value)"
+        },
+        {
+          "name": "in",
+          "label": "IN",
+          "function": "expr in (values)"
+        },
+        {
+          "name": "not in",
+          "label": "NOT IN",
+          "function": "expr not in (values)"
+        },
+        {
+          "name": "like",
+          "label": "LIKE",
+          "function": "expr like value"
+        },
+        {
+          "name": "not like",
+          "label": "NOT LIKE",
+          "function": "expr not like value"
+        },
+        {
+          "name": "notEmpty",
+          "label": "NOT EMPTY",
+          "function": "notEmpty(expr)"
+        },
+        {
+          "name": "empty",
+          "label": "EMPTY",
+          "function": "empty(expr)"
+        }
+      ]
+    },
+    "schema_query": {
+      "references": {
+        "aggregation": [
+          {
+            "type": "int",
+            "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN"
+          },
+          {
+            "type": "long",
+            "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN"
+          },
+          {
+            "type": "float",
+            "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN"
+          },
+          {
+            "type": "double",
+            "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN"
+          },
+          {
+            "type": "string",
+            "functions": "COUNT,COUNT_DISTINCT"
+          },
+          {
+            "type": "date",
+            "functions": "COUNT,COUNT_DISTINCT,MAX,MIN"
+          },
+          {
+            "type": "timestamp",
+            "functions": "COUNT,COUNT_DISTINCT,MAX,MIN"
+          }
+        ],
+        "operator": [
+          {
+            "type": "int",
+            "functions": "=,!=,>,<,>=,<=,in,not in"
+          },
+          {
+            "type": "long",
+            "functions": "=,!=,>,<,>=,<=,in,not in"
+          },
+          {
+            "type": "float",
+            "functions": "=,!=,>,<,>=,<="
+          },
+          {
+            "type": "double",
+            "functions": "=,!=,>,<,>=,<="
+          },
+          {
+            "type": "string",
+            "functions": "=,!=,in,not in,like,not like,notEmpty,empty"
+          },
+          {
+            "type": "date",
+            "functions": "=,!=,>,<,>=,<="
+          },
+          {
+            "type": "timestamp",
+            "functions": "=,!=,>,<,>=,<="
+          },
+          {
+            "type": "array",
+            "functions": "has"
+          }
+        ]
+      }
+    },
+    "default_columns": [
+      "log_id",
+      "attack_type",
+      "source_ip_list",
+      "destination_ip",
+      "severity",
+      "start_time",
+      "end_time",
+      "packet_rate",
+      "bit_rate",
+      "session_rate"
+    ],
+    "internal_columns": [
+      "start_time",
+      "log_id",
+      "end_time"
+    ]
+  },
+  "fields": [
+    {
+      "name": "start_time",
+      "label": "Start Time",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "end_time",
+      "label": "End Time",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "log_id",
+      "label": "Log ID",
+      "doc": {
+        "format": {
+          "functions": "snowflake_id"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "attack_type",
+      "label": "Attack Type",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "TCP SYN Flood",
+            "value": "TCP SYN Flood"
+          },
+          {
+            "code": "UDP Flood",
+            "value": "UDP Flood"
+          },
+          {
+            "code": "ICMP Flood",
+            "value": "ICMP Flood"
+          },
+          {
+            "code": "DNS Flood",
+            "value": "DNS Flood"
+          }
+        ]
+      },
+      "type": "string"
+    },
+    {
+      "name": "severity",
+      "label": "Severity",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "Critical",
+            "value": "Critical"
+          },
+          {
+            "code": "Severe",
+            "value": "Severe"
+          },
+          {
+            "code": "Major",
+            "value": "Major"
+          },
+          {
+            "code": "Warning",
+            "value": "Warning"
+          },
+          {
+            "code": "Minor",
+            "value": "Minor"
+          }
+        ]
+      },
+      "type": "string"
+    },
+    {
+      "name": "conditions",
+      "label": "Conditions",
+      "type": "string"
+    },
+    {
+      "name": "destination_ip",
+      "label": "Destination IP",
+      "type": "string"
+    },
+    {
+      "name": "destination_country",
+      "label": "Destination Country",
+      "type": "string"
+    },
+    {
+      "name": "source_ip_list",
+      "label": "Source IPs",
+      "type": "string"
+    },
+    {
+      "name": "source_country_list",
+      "label": "Source Countries",
+      "type": "string"
+    },
+    {
+      "name": "session_rate",
+      "label": "Sessions/s",
+      "doc": {
+        "constraints": {
+          "type": "sessions/sec"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "packet_rate",
+      "label": "Packets/s",
+      "doc": {
+        "constraints": {
+          "type": "packets/sec"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "bit_rate",
+      "label": "Bits/s",
+      "doc": {
+        "constraints": {
+          "type": "bits/sec"
+        }
+      },
+      "type": "long"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/TSG发布版本更新记录/TSG-22.05/qgw/config/es-filter.json b/TSG发布版本更新记录/TSG-22.05/qgw/config/es-filter.json
new file mode 100644
index 0000000..25eafef
--- /dev/null
+++ b/TSG发布版本更新记录/TSG-22.05/qgw/config/es-filter.json
@@ -0,0 +1,15 @@
+{
+  "version": "1.0",
+  "name": "es-Raw",
+  "namespace": "tsg",
+  "filters": [
+    {
+      "name":"@start",
+      "value": "cast(now() as long)/1000 -3600"
+    },
+    {
+      "name":"@end",
+      "value": "cast(now() as long)/1000"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/TSG发布版本更新记录/TSG-22.05/qgw/config/es-queries-template.sql b/TSG发布版本更新记录/TSG-22.05/qgw/config/es-queries-template.sql
new file mode 100644
index 0000000..a407518
--- /dev/null
+++ b/TSG发布版本更新记录/TSG-22.05/qgw/config/es-queries-template.sql
@@ -0,0 +1 @@
+--Q01.empty
\ No newline at end of file
diff --git a/TSG发布版本更新记录/TSG-22.05/qgw/config/gtpc_record.json b/TSG发布版本更新记录/TSG-22.05/qgw/config/gtpc_record.json
new file mode 100644
index 0000000..099d14d
--- /dev/null
+++ b/TSG发布版本更新记录/TSG-22.05/qgw/config/gtpc_record.json
@@ -0,0 +1,1193 @@
+{
+  "type": "record",
+  "name": "gtpc_record",
+  "namespace": "tsg_galaxy_v3",
+  "doc": {
+    "primary_key": "common_log_id",
+    "partition_key": "common_recv_time",
+    "functions": {
+      "$ref": "public_schema_info.json#/functions"
+    },
+    "schema_query": {
+      "dimensions": [
+        "common_server_ip",
+        "common_client_ip",
+        "common_internal_ip",
+        "common_external_ip",
+        "common_sled_ip",
+        "common_device_id",
+        "common_client_location",
+        "common_server_location",
+        "common_client_port",
+        "common_server_port",
+        "common_schema_type",
+        "common_l4_protocol",
+        "common_l7_protocol",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_client_asn",
+        "common_server_asn",
+        "common_start_time",
+        "common_end_time",
+        "gtp_version",
+        "gtp_apn",
+        "gtp_imei",
+        "gtp_imsi",
+        "gtp_phone_number",
+        "gtp_msg_type"
+      ],
+      "metrics": [
+        "common_server_ip",
+        "common_client_ip",
+        "common_internal_ip",
+        "common_external_ip",
+        "common_sled_ip",
+        "common_device_id",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_sessions",
+        "common_con_duration_ms",
+        "common_establish_latency_ms",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "gtp_version",
+        "gtp_apn",
+        "gtp_imei",
+        "gtp_imsi",
+        "gtp_phone_number"
+      ],
+      "filters": [
+        "common_address_type",
+        "common_server_ip",
+        "common_client_ip",
+        "common_internal_ip",
+        "common_external_ip",
+        "common_client_port",
+        "common_server_port",
+        "common_client_location",
+        "common_server_location",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_l4_protocol",
+        "common_l7_protocol",
+        "common_stream_dir",
+        "common_direction",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_sled_ip",
+        "common_device_id",
+        "common_schema_type",
+        "common_client_asn",
+        "common_server_asn",
+        "common_start_time",
+        "common_end_time",
+        "common_con_duration_ms",
+        "common_establish_latency_ms",
+        "gtp_version",
+        "gtp_apn",
+        "gtp_imei",
+        "gtp_imsi",
+        "gtp_phone_number",
+        "gtp_end_user_ipv4",
+        "gtp_end_user_ipv6",
+        "gtp_uplink_teid",
+        "gtp_downlink_teid",
+        "gtp_msg_type"
+      ],
+      "references": {
+        "$ref": "public_schema_info.json#/schema_query/references"
+      },
+      "details": {
+        "general": [
+          "common_recv_time",
+          "common_log_id",
+          "common_stream_trace_id",
+          "common_direction",
+          "common_stream_dir",
+          "common_start_time",
+          "common_end_time",
+          "common_con_duration_ms",
+          "common_establish_latency_ms",
+          "common_processing_time",
+          "common_ingestion_time",
+          "common_entrance_id",
+          "common_device_id",
+          "common_egress_link_id",
+          "common_ingress_link_id",
+          "common_isp",
+          "common_data_center",
+          "common_device_group",
+          "common_sled_ip"
+        ],
+        "source": [
+          "common_client_ip",
+          "common_internal_ip",
+          "common_client_port",
+          "common_client_location",
+          "common_client_asn",
+          "common_subscriber_id",
+          "common_imei",
+          "common_imsi",
+          "common_phone_number"
+        ],
+        "destination": [
+          "common_server_ip",
+          "common_external_ip",
+          "common_server_port",
+          "common_server_location",
+          "common_server_asn"
+        ],
+        "application": [
+          "common_app_id",
+          "common_userdefine_app_name",
+          "common_app_label",
+          "common_app_surrogate_id",
+          "common_l7_protocol",
+          "common_protocol_label",
+          "common_service_category",
+          "common_service",
+          "common_l4_protocol",
+          "common_app_behavior"
+        ],
+        "transmission": [
+          "common_sessions",
+          "common_c2s_pkt_num",
+          "common_s2c_pkt_num",
+          "common_c2s_byte_num",
+          "common_s2c_byte_num",
+          "common_c2s_pkt_diff",
+          "common_s2c_pkt_diff",
+          "common_c2s_byte_diff",
+          "common_s2c_byte_diff",
+          "common_c2s_ipfrag_num",
+          "common_s2c_ipfrag_num",
+          "common_c2s_tcp_lostlen",
+          "common_s2c_tcp_lostlen",
+          "common_c2s_tcp_unorder_num",
+          "common_s2c_tcp_unorder_num",
+          "common_c2s_pkt_retrans",
+          "common_s2c_pkt_retrans",
+          "common_c2s_byte_retrans",
+          "common_s2c_byte_retrans",
+          "common_first_ttl",
+          "common_tcp_client_isn",
+          "common_tcp_server_isn",
+          "common_mirrored_pkts",
+          "common_mirrored_bytes"
+        ],
+        "other": [
+          "common_address_type",
+          "common_schema_type",
+          "common_device_tag",
+          "common_encapsulation",
+          "common_tunnels",
+          "common_address_list",
+          "common_has_dup_traffic",
+          "common_stream_error",
+          "common_link_info_c2s",
+          "common_link_info_s2c",
+          "common_packet_capture_file",
+          "common_action",
+          "common_sub_action",
+          "common_policy_id",
+          "common_user_tags",
+          "common_user_region"
+        ]
+      }
+    },
+    "schema_type": {
+      "GTP-C": {
+        "columns": [
+          "common_recv_time",
+          "common_log_id",
+          "common_policy_id",
+          "common_subscriber_id",
+          "common_imei",
+          "common_imsi",
+          "common_phone_number",
+          "common_client_ip",
+          "common_client_port",
+          "common_internal_ip",
+          "common_l4_protocol",
+          "common_address_type",
+          "common_server_ip",
+          "common_server_port",
+          "common_external_ip",
+          "common_action",
+          "common_direction",
+          "common_entrance_id",
+          "common_sled_ip",
+          "common_client_location",
+          "common_client_asn",
+          "common_server_location",
+          "common_server_asn",
+          "common_sessions",
+          "common_c2s_pkt_num",
+          "common_s2c_pkt_num",
+          "common_c2s_byte_num",
+          "common_s2c_byte_num",
+          "common_c2s_pkt_diff",
+          "common_s2c_pkt_diff",
+          "common_c2s_byte_diff",
+          "common_s2c_byte_diff",
+          "common_service",
+          "common_schema_type",
+          "common_user_tags",
+          "common_sub_action",
+          "common_user_region",
+          "common_device_id",
+          "common_egress_link_id",
+          "common_ingress_link_id",
+          "common_isp",
+          "common_device_tag",
+          "common_data_center",
+          "common_device_group",
+          "common_encapsulation",
+          "common_app_label",
+          "common_tunnels",
+          "common_protocol_label",
+          "common_app_id",
+          "common_app_surrogate_id",
+          "common_app_surrogate_id",
+          "common_service_category",
+          "common_l7_protocol",
+          "common_start_time",
+          "common_end_time",
+          "common_establish_latency_ms",
+          "common_con_duration_ms",
+          "common_stream_dir",
+          "common_address_list",
+          "common_has_dup_traffic",
+          "common_stream_error",
+          "common_stream_trace_id",
+          "common_link_info_c2s",
+          "common_link_info_s2c",
+          "common_c2s_ipfrag_num",
+          "common_s2c_ipfrag_num",
+          "common_c2s_tcp_lostlen",
+          "common_s2c_tcp_lostlen",
+          "common_c2s_tcp_unorder_num",
+          "common_s2c_tcp_unorder_num",
+          "common_c2s_pkt_retrans",
+          "common_s2c_pkt_retrans",
+          "common_c2s_byte_retrans",
+          "common_s2c_byte_retrans",
+          "common_tcp_client_isn",
+          "common_tcp_server_isn",
+          "common_first_ttl",
+          "common_processing_time",
+          "common_ingestion_time",
+          "common_mirrored_pkts",
+          "common_mirrored_bytes",
+          "gtp_version",
+          "gtp_apn",
+          "gtp_imei",
+          "gtp_imsi",
+          "gtp_phone_number",
+          "gtp_end_user_ipv4",
+          "gtp_end_user_ipv6",
+          "gtp_uplink_teid",
+          "gtp_downlink_teid",
+          "gtp_msg_type"
+        ],
+        "default_columns": [
+          "common_recv_time",
+          "common_log_id",
+          "gtp_version",
+          "gtp_msg_type",
+          "gtp_imsi",
+          "gtp_imei",
+          "gtp_phone_number",
+          "common_client_ip",
+          "common_server_ip"
+        ]
+      }
+    },
+    "default_columns": [
+      "common_recv_time",
+      "common_log_id",
+      "gtp_version",
+      "gtp_msg_type",
+      "gtp_imsi",
+      "gtp_imei",
+      "gtp_phone_number",
+      "common_client_ip",
+      "common_server_ip"
+    ],
+    "internal_columns": [
+      "common_recv_time",
+      "common_log_id",
+      "common_processing_time",
+      "common_ingestion_time",
+      "common_packet_capture_file"
+    ],
+    "tunnel_type": {
+      "$ref": "public_schema_info.json#/tunnel_type"
+    }
+  },
+  "fields": [
+    {
+      "name": "common_recv_time",
+      "label": "Receive Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_log_id",
+      "label": "Log ID",
+      "doc": {
+        "format": {
+          "functions": "snowflake_id"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_policy_id",
+      "label": "Policy ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_subscriber_id",
+      "label": "Subscriber ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_imei",
+      "label": "IMEI",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_imsi",
+      "label": "IMSI",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_phone_number",
+      "label": "Phone Number",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_client_ip",
+      "label": "Client IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "geo_asn",
+          "appendTo": "common_client_asn"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_internal_ip",
+      "label": "Internal IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "if",
+          "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_client_port",
+      "label": "Client Port",
+      "type": "int"
+    },
+    {
+      "name": "common_l4_protocol",
+      "label": "L4 Protocol",
+      "type": "string"
+    },
+    {
+      "name": "common_address_type",
+      "label": "Address Type",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "4",
+            "value": "ipv4"
+          },
+          {
+            "code": "6",
+            "value": "ipv6"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_server_ip",
+      "label": "Server IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "geo_asn",
+          "appendTo": "common_server_asn"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_server_port",
+      "label": "Server Port",
+      "type": "int"
+    },
+    {
+      "name": "common_external_ip",
+      "label": "External IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "if",
+          "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_action",
+      "label": "Action",
+      "doc": {
+        "visibility": "hidden",
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "None"
+          },
+          {
+            "code": "1",
+            "value": "Monitor"
+          },
+          {
+            "code": "2",
+            "value": "Intercept"
+          },
+          {
+            "code": "16",
+            "value": "Deny"
+          },
+          {
+            "code": "128",
+            "value": "Allow"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_direction",
+      "label": "Direction",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "69",
+            "value": "outbound"
+          },
+          {
+            "code": "73",
+            "value": "inbound"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_entrance_id",
+      "label": "Entrance ID",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_sled_ip",
+      "label": "Sled IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_client_location",
+      "label": "Client Location",
+      "type": "string"
+    },
+    {
+      "name": "common_client_asn",
+      "label": "Client ASN",
+      "type": "string"
+    },
+    {
+      "name": "common_server_location",
+      "label": "Server Location",
+      "type": "string"
+    },
+    {
+      "name": "common_server_asn",
+      "label": "Server ASN",
+      "type": "string"
+    },
+    {
+      "name": "common_sessions",
+      "label": "Sessions",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_pkt_num",
+      "label": "Packets Sent",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_num",
+      "label": "Packets Received",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_num",
+      "label": "Bytes Sent",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_num",
+      "label": "Bytes Received",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_pkt_diff",
+      "label": "Packets Sent(Diff)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_diff",
+      "label": "Packets Received(Diff)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_diff",
+      "label": "Bytes Sent(Diff)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_diff",
+      "label": "Bytes Received(Diff)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_service",
+      "label": "Service",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_schema_type",
+      "label": "Schema Type",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "GTP-C",
+            "value": "GTP-C"
+          }
+        ]
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_user_tags",
+      "label": "User Tags",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_sub_action",
+      "label": "Sub Action",
+      "doc": {
+        "data": [
+          {
+            "code": "allow",
+            "value": "Allow"
+          },
+          {
+            "code": "deny",
+            "value": "Deny"
+          },
+          {
+            "code": "monitor",
+            "value": "Monitor"
+          },
+          {
+            "code": "replace",
+            "value": "Replace"
+          },
+          {
+            "code": "redirect",
+            "value": "Redirect"
+          },
+          {
+            "code": "insert",
+            "value": "Insert"
+          },
+          {
+            "code": "hijack",
+            "value": "Hijack"
+          }
+        ],
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_user_region",
+      "label": "User Region",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_id",
+      "label": "Device ID",
+      "type": "string"
+    },
+    {
+      "name": "common_egress_link_id",
+      "label": "Egress Link ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_ingress_link_id",
+      "label": "Ingress Link ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_isp",
+      "label": "ISP",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_tag",
+      "label": "Device Tag",
+      "doc": {
+        "visibility": "hidden",
+        "format": {
+          "functions": "flattenSpec,flattenSpec",
+          "appendTo": "common_data_center,common_device_group",
+          "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_data_center",
+      "label": "Data Center",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "device_tag.json#",
+          "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']",
+          "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_group",
+      "label": "Device Group",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "device_tag.json#",
+          "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']",
+          "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_app_behavior",
+      "label": "Application Behavior",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_encapsulation",
+      "label": "Encapsulation",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "public_schema_info.json#/fields/common_encapsulation/data"
+        },
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_app_label",
+      "label": "Application Label",
+      "type": "string"
+    },
+    {
+      "name": "common_tunnels",
+      "label": "Tunnels",
+      "type": "string"
+    },
+    {
+      "name": "common_protocol_label",
+      "label": "Protocol Label",
+      "type": "string"
+    },
+    {
+      "name": "common_app_id",
+      "label": "Application ID",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_userdefine_app_name",
+      "label": "User Define APP Name",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_app_surrogate_id",
+      "label": "Surrogate ID",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_l7_protocol",
+      "label": "L7 Protocol",
+      "type": "string"
+    },
+    {
+      "name": "common_service_category",
+      "label": "FQDN Category",
+      "doc": {
+        "constraints": {
+          "operator_functions": "has"
+        },
+        "visibility": "disabled",
+        "dict_location": {
+          "path": "/v1/category/dict",
+          "key": "categoryId",
+          "value": "categoryName"
+        }
+      },
+      "type": {
+        "type": "array",
+        "items": "int"
+      }
+    },
+    {
+      "name": "common_start_time",
+      "label": "Start Time",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_end_time",
+      "label": "End Time",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "get_value",
+          "appendTo": "common_recv_time"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_establish_latency_ms",
+      "label": "Establish Latency(ms)",
+      "type": "long"
+    },
+    {
+      "name": "common_con_duration_ms",
+      "label": "Duration(ms)",
+      "type": "long"
+    },
+    {
+      "name": "common_stream_dir",
+      "label": "Stream Direction",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "c2s"
+          },
+          {
+            "code": "2",
+            "value": "s2c"
+          },
+          {
+            "code": "3",
+            "value": "double"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_address_list",
+      "label": "Address List",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_has_dup_traffic",
+      "label": "Duplication Traffic",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data"
+        },
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_stream_error",
+      "label": "Stream Error",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_stream_trace_id",
+      "label": "Session ID",
+      "type": "long"
+    },
+    {
+      "name": "common_link_info_c2s",
+      "label": "Link Info(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_link_info_s2c",
+      "label": "Link Info(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_packet_capture_file",
+      "label": "Packet Capture File",
+      "doc": {
+        "visibility": "hidden",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_c2s_ipfrag_num",
+      "label": "Fragmentation Packets(c2s)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_ipfrag_num",
+      "label": "Fragmentation Packets(s2c)",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_tcp_lostlen",
+      "label": "Sequence Gap Loss(c2s)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_tcp_lostlen",
+      "label": "Sequence Gap Loss(s2c)",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_tcp_unorder_num",
+      "label": "Unorder Packets(c2s)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_tcp_unorder_num",
+      "label": "Unorder Packets(s2c)",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_pkt_retrans",
+      "label": "Packet Retransmission(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_retrans",
+      "label": "Packet Retransmission(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_retrans",
+      "label": "Byte Retransmission(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_retrans",
+      "label": "Byte Retransmission(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_tcp_client_isn",
+      "label": "TCP Client ISN",
+      "type": "long"
+    },
+    {
+      "name": "common_tcp_server_isn",
+      "label": "TCP Server ISN",
+      "type": "long"
+    },
+    {
+      "name": "common_first_ttl",
+      "label": "First TTL",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_processing_time",
+      "label": "Processing Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "current_timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_ingestion_time",
+      "label": "Ingestion Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "ingestion_time"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_mirrored_pkts",
+      "label": "Mirrored Packets",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_mirrored_bytes",
+      "label": "Mirrored Bytes",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "gtp_version",
+      "label": "Version",
+      "type": "string"
+    },
+    {
+      "name": "gtp_apn",
+      "label": "APN",
+      "type": "string"
+    },
+    {
+      "name": "gtp_imei",
+      "label": "IMEI",
+      "type": "string"
+    },
+    {
+      "name": "gtp_imsi",
+      "label": "IMSI",
+      "type": "string"
+    },
+    {
+      "name": "gtp_phone_number",
+      "label": "Phone Number",
+      "type": "string"
+    },
+    {
+      "name": "gtp_uplink_teid",
+      "label": "Uplink TEID",
+      "type": "long"
+    },
+    {
+      "name": "gtp_downlink_teid",
+      "label": "Downlink TEID",
+      "type": "long"
+    },
+    {
+      "name": "gtp_msg_type",
+      "label": "Message Type",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "create",
+            "value": "create"
+          },
+          {
+            "code": "modify",
+            "value": "modify"
+          },
+          {
+            "code": "delete",
+            "value": "delete"
+          }
+        ]
+      },
+      "type": "string"
+    },
+    {
+      "name": "gtp_end_user_ipv4",
+      "label": "End User Address V4",
+      "type": "string"
+    },
+    {
+      "name": "gtp_end_user_ipv6",
+      "label": "End User Address V6",
+      "type": "string"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/TSG发布版本更新记录/TSG-22.05/qgw/config/interim_session_record.json b/TSG发布版本更新记录/TSG-22.05/qgw/config/interim_session_record.json
new file mode 100644
index 0000000..657c920
--- /dev/null
+++ b/TSG发布版本更新记录/TSG-22.05/qgw/config/interim_session_record.json
@@ -0,0 +1,2382 @@
+{
+  "type": "record",
+  "name": "interim_session_record",
+  "namespace": "tsg_galaxy_v3",
+  "doc": {
+    "primary_key": "common_log_id",
+    "partition_key": "common_recv_time",
+    "functions": {
+      "$ref": "public_schema_info.json#/functions"
+    },
+    "schema_query": {
+      "dimensions": [
+        "common_server_ip",
+        "common_client_ip",
+        "common_internal_ip",
+        "common_external_ip",
+        "common_sled_ip",
+        "common_device_id",
+        "common_client_location",
+        "common_server_location",
+        "common_subscriber_id",
+        "common_client_port",
+        "common_server_port",
+        "common_schema_type",
+        "common_l4_protocol",
+        "common_l7_protocol",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_client_asn",
+        "common_server_asn",
+        "common_start_time",
+        "common_end_time",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "http_host",
+        "http_domain",
+        "http_url",
+        "ssl_sni",
+        "ssl_ja3_hash",
+        "quic_sni",
+        "quic_version"
+      ],
+      "metrics": [
+        "common_server_ip",
+        "common_client_ip",
+        "common_internal_ip",
+        "common_external_ip",
+        "common_subscriber_id",
+        "common_sled_ip",
+        "common_device_id",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_sessions",
+        "common_con_duration_ms",
+        "common_establish_latency_ms",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "http_host",
+        "http_domain",
+        "http_url",
+        "ssl_sni",
+        "ssl_ja3_hash",
+        "quic_sni"
+      ],
+      "filters": [
+        "common_address_type",
+        "common_server_ip",
+        "common_client_ip",
+        "common_internal_ip",
+        "common_external_ip",
+        "common_client_port",
+        "common_server_port",
+        "common_client_location",
+        "common_server_location",
+        "common_subscriber_id",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_l4_protocol",
+        "common_l7_protocol",
+        "common_stream_dir",
+        "common_direction",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_sled_ip",
+        "common_device_id",
+        "common_schema_type",
+        "common_client_asn",
+        "common_server_asn",
+        "common_start_time",
+        "common_end_time",
+        "common_con_duration_ms",
+        "common_establish_latency_ms",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "http_host",
+        "http_domain",
+        "http_url",
+        "ssl_sni",
+        "ssl_ja3_hash",
+        "quic_sni",
+        "quic_vesion"
+      ],
+      "references": {
+        "$ref": "public_schema_info.json#/schema_query/references"
+      },
+      "details": {
+        "general": [
+          "common_recv_time",
+          "common_log_id",
+          "common_stream_trace_id",
+          "common_direction",
+          "common_stream_dir",
+          "common_start_time",
+          "common_end_time",
+          "common_con_duration_ms",
+          "common_establish_latency_ms",
+          "common_processing_time",
+          "common_ingestion_time",
+          "common_entrance_id",
+          "common_device_id",
+          "common_egress_link_id",
+          "common_ingress_link_id",
+          "common_isp",
+          "common_data_center",
+          "common_device_group",
+          "common_sled_ip"
+        ],
+        "source": [
+          "common_client_ip",
+          "common_internal_ip",
+          "common_client_port",
+          "common_client_location",
+          "common_client_asn",
+          "common_subscriber_id",
+          "common_imei",
+          "common_imsi",
+          "common_phone_number"
+        ],
+        "destination": [
+          "common_server_ip",
+          "common_external_ip",
+          "common_server_port",
+          "common_server_location",
+          "common_server_asn"
+        ],
+        "application": [
+          "common_app_id",
+          "common_userdefine_app_name",
+          "common_app_label",
+          "common_app_surrogate_id",
+          "common_l7_protocol",
+          "common_protocol_label",
+          "common_service_category",
+          "common_service",
+          "common_l4_protocol",
+          "common_app_behavior"
+        ],
+        "transmission": [
+          "common_sessions",
+          "common_c2s_pkt_num",
+          "common_s2c_pkt_num",
+          "common_c2s_byte_num",
+          "common_s2c_byte_num",
+          "common_c2s_pkt_diff",
+          "common_s2c_pkt_diff",
+          "common_c2s_byte_diff",
+          "common_s2c_byte_diff",
+          "common_c2s_ipfrag_num",
+          "common_s2c_ipfrag_num",
+          "common_c2s_tcp_lostlen",
+          "common_s2c_tcp_lostlen",
+          "common_c2s_tcp_unorder_num",
+          "common_s2c_tcp_unorder_num",
+          "common_c2s_pkt_retrans",
+          "common_s2c_pkt_retrans",
+          "common_c2s_byte_retrans",
+          "common_s2c_byte_retrans",
+          "common_first_ttl",
+          "common_tcp_client_isn",
+          "common_tcp_server_isn",
+          "common_mirrored_pkts",
+          "common_mirrored_bytes"
+        ],
+        "other": [
+          "common_address_type",
+          "common_schema_type",
+          "common_device_tag",
+          "common_encapsulation",
+          "common_tunnels",
+          "common_address_list",
+          "common_has_dup_traffic",
+          "common_stream_error",
+          "common_link_info_c2s",
+          "common_link_info_s2c",
+          "common_packet_capture_file",
+          "common_action",
+          "common_sub_action",
+          "common_policy_id",
+          "common_user_tags",
+          "common_user_region"
+        ]
+      }
+    },
+    "schema_type": {
+      "BASE": {
+        "$ref": "public_schema_info.json#/schema_type/BASE"
+      },
+      "HTTP": {
+        "$ref": "public_schema_info.json#/schema_type/HTTP"
+      },
+      "MAIL": {
+        "$ref": "public_schema_info.json#/schema_type/MAIL"
+      },
+      "DNS": {
+        "$ref": "public_schema_info.json#/schema_type/DNS"
+      },
+      "SSL": {
+        "$ref": "public_schema_info.json#/schema_type/SSL"
+      },
+      "QUIC": {
+        "$ref": "public_schema_info.json#/schema_type/QUIC"
+      },
+      "FTP": {
+        "$ref": "public_schema_info.json#/schema_type/FTP"
+      },
+      "BGP": {
+        "$ref": "public_schema_info.json#/schema_type/BGP"
+      },
+      "APP": {
+        "$ref": "public_schema_info.json#/schema_type/APP"
+      },
+      "SSH": {
+        "$ref": "public_schema_info.json#/schema_type/SSH"
+      },
+      "Stratum": {
+        "$ref": "public_schema_info.json#/schema_type/Stratum"
+      },
+      "RDP": {
+        "$ref": "public_schema_info.json#/schema_type/RDP"
+      }
+    },
+    "default_columns": [
+      "common_recv_time",
+      "common_log_id",
+      "common_subscriber_id",
+      "common_client_ip",
+      "common_server_ip",
+      "common_server_port",
+      "common_schema_type"
+    ],
+    "internal_columns": [
+      "common_recv_time",
+      "common_log_id",
+      "common_processing_time",
+      "common_ingestion_time",
+      "common_userdefine_app_name",
+      "common_tunnels",
+      "common_packet_capture_file",
+      "rtp_pcap_path",
+      "http_request_body",
+      "http_response_body",
+      "mail_eml_file"
+    ],
+    "tunnel_type": {
+      "$ref": "public_schema_info.json#/tunnel_type"
+    }
+  },
+  "fields": [
+    {
+      "name": "common_recv_time",
+      "label": "Receive Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_log_id",
+      "label": "Log ID",
+      "doc": {
+        "format": {
+          "functions": "snowflake_id"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_policy_id",
+      "label": "Policy ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_subscriber_id",
+      "label": "Subscriber ID",
+      "type": "string"
+    },
+    {
+      "name": "common_imei",
+      "label": "IMEI",
+      "type": "string"
+    },
+    {
+      "name": "common_imsi",
+      "label": "IMSI",
+      "type": "string"
+    },
+    {
+      "name": "common_phone_number",
+      "label": "Phone Number",
+      "type": "string"
+    },
+    {
+      "name": "common_client_ip",
+      "label": "Client IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "geo_asn,radius_match",
+          "appendTo": "common_client_asn,common_subscriber_id"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_internal_ip",
+      "label": "Internal IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "if",
+          "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_client_port",
+      "label": "Client Port",
+      "type": "int"
+    },
+    {
+      "name": "common_l4_protocol",
+      "label": "L4 Protocol",
+      "type": "string"
+    },
+    {
+      "name": "common_address_type",
+      "label": "Address Type",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "4",
+            "value": "ipv4"
+          },
+          {
+            "code": "6",
+            "value": "ipv6"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_server_ip",
+      "label": "Server IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "geo_asn",
+          "appendTo": "common_server_asn"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_server_port",
+      "label": "Server Port",
+      "type": "int"
+    },
+    {
+      "name": "common_external_ip",
+      "label": "External IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "if",
+          "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_action",
+      "label": "Action",
+      "doc": {
+        "visibility": "hidden",
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "None"
+          },
+          {
+            "code": "1",
+            "value": "Monitor"
+          },
+          {
+            "code": "2",
+            "value": "Intercept"
+          },
+          {
+            "code": "16",
+            "value": "Deny"
+          },
+          {
+            "code": "128",
+            "value": "Allow"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_direction",
+      "label": "Direction",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "69",
+            "value": "outbound"
+          },
+          {
+            "code": "73",
+            "value": "inbound"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_entrance_id",
+      "label": "Entrance ID",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_sled_ip",
+      "label": "Sled IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_client_location",
+      "label": "Client Location",
+      "type": "string"
+    },
+    {
+      "name": "common_client_asn",
+      "label": "Client ASN",
+      "type": "string"
+    },
+    {
+      "name": "common_server_location",
+      "label": "Server Location",
+      "type": "string"
+    },
+    {
+      "name": "common_server_asn",
+      "label": "Server ASN",
+      "type": "string"
+    },
+    {
+      "name": "common_sessions",
+      "label": "Sessions",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_pkt_num",
+      "label": "Packets Sent",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_num",
+      "label": "Packets Received",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_num",
+      "label": "Bytes Sent",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_num",
+      "label": "Bytes Received",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_pkt_diff",
+      "label": "Packets Sent(Diff)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_diff",
+      "label": "Packets Received(Diff)",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_diff",
+      "label": "Bytes Sent(Diff)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_diff",
+      "label": "Bytes Received(Diff)",
+      "type": "long"
+    },
+    {
+      "name": "common_service",
+      "label": "Service",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_schema_type",
+      "label": "Schema Type",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "BASE",
+            "value": "BASE"
+          },
+          {
+            "code": "MAIL",
+            "value": "MAIL"
+          },
+          {
+            "code": "DNS",
+            "value": "DNS"
+          },
+          {
+            "code": "HTTP",
+            "value": "HTTP"
+          },
+          {
+            "code": "SSL",
+            "value": "SSL"
+          },
+          {
+            "code": "QUIC",
+            "value": "QUIC"
+          },
+          {
+            "code": "FTP",
+            "value": "FTP"
+          },
+          {
+            "code": "SSH",
+            "value": "SSH"
+          },
+          {
+            "code": "Stratum",
+            "value": "Stratum"
+          },
+          {
+            "code": "RDP",
+            "value": "RDP"
+          }
+        ]
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_user_tags",
+      "label": "User Tags",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_sub_action",
+      "label": "Sub Action",
+      "doc": {
+        "data": [
+          {
+            "code": "allow",
+            "value": "Allow"
+          },
+          {
+            "code": "deny",
+            "value": "Deny"
+          },
+          {
+            "code": "monitor",
+            "value": "Monitor"
+          },
+          {
+            "code": "replace",
+            "value": "Replace"
+          },
+          {
+            "code": "redirect",
+            "value": "Redirect"
+          },
+          {
+            "code": "insert",
+            "value": "Insert"
+          },
+          {
+            "code": "hijack",
+            "value": "Hijack"
+          }
+        ],
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_user_region",
+      "label": "User Region",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_id",
+      "label": "Device ID",
+      "type": "string"
+    },
+    {
+      "name": "common_egress_link_id",
+      "label": "Egress Link ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_ingress_link_id",
+      "label": "Ingress Link ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_isp",
+      "label": "ISP",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_tag",
+      "label": "Device Tag",
+      "doc": {
+        "visibility": "hidden",
+        "format": {
+          "functions": "flattenSpec,flattenSpec",
+          "appendTo": "common_data_center,common_device_group",
+          "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_data_center",
+      "label": "Data Center",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "device_tag.json#",
+          "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']",
+          "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_group",
+      "label": "Device Group",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "device_tag.json#",
+          "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']",
+          "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_app_behavior",
+      "label": "Application Behavior",
+      "type": "string"
+    },
+    {
+      "name": "common_encapsulation",
+      "label": "Encapsulation",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "public_schema_info.json#/fields/common_encapsulation/data"
+        },
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_app_label",
+      "label": "Application Label",
+      "type": "string"
+    },
+    {
+      "name": "common_tunnels",
+      "label": "Tunnels",
+      "type": "string"
+    },
+    {
+      "name": "common_protocol_label",
+      "label": "Protocol Label",
+      "type": "string"
+    },
+    {
+      "name": "common_app_id",
+      "label": "Application ID",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_userdefine_app_name",
+      "label": "User Define APP Name",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_app_surrogate_id",
+      "label": "Surrogate ID",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_l7_protocol",
+      "label": "L7 Protocol",
+      "type": "string"
+    },
+    {
+      "name": "common_service_category",
+      "label": "FQDN Category",
+      "doc": {
+        "constraints": {
+          "operator_functions": "has"
+        },
+        "dict_location": {
+          "path": "/v1/category/dict",
+          "key": "categoryId",
+          "value": "categoryName"
+        }
+      },
+      "type": {
+        "type": "array",
+        "items": "int"
+      }
+    },
+    {
+      "name": "common_start_time",
+      "label": "Start Time",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_end_time",
+      "label": "End Time",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "get_value",
+          "appendTo": "common_recv_time"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_establish_latency_ms",
+      "label": "Establish Latency(ms)",
+      "type": "long"
+    },
+    {
+      "name": "common_con_duration_ms",
+      "label": "Duration(ms)",
+      "type": "long"
+    },
+    {
+      "name": "common_stream_dir",
+      "label": "Stream Direction",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "c2s"
+          },
+          {
+            "code": "2",
+            "value": "s2c"
+          },
+          {
+            "code": "3",
+            "value": "double"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_address_list",
+      "label": "Address List",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_has_dup_traffic",
+      "label": "Duplication Traffic",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data"
+        },
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_stream_error",
+      "label": "Stream Error",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_stream_trace_id",
+      "label": "Session ID",
+      "type": "long"
+    },
+    {
+      "name": "common_link_info_c2s",
+      "label": "Link Info(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_link_info_s2c",
+      "label": "Link Info(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_packet_capture_file",
+      "label": "Packet Capture File",
+      "doc": {
+        "visibility": "hidden",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_c2s_ipfrag_num",
+      "label": "Fragmentation Packets(c2s)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_ipfrag_num",
+      "label": "Fragmentation Packets(s2c)",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_tcp_lostlen",
+      "label": "Sequence Gap Loss(c2s)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_tcp_lostlen",
+      "label": "Sequence Gap Loss(s2c)",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_tcp_unorder_num",
+      "label": "Unorder Packets(c2s)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_tcp_unorder_num",
+      "label": "Unorder Packets(s2c)",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_pkt_retrans",
+      "label": "Packet Retransmission(c2s)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_retrans",
+      "label": "Packet Retransmission(s2c)",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_retrans",
+      "label": "Byte Retransmission(c2s)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_retrans",
+      "label": "Byte Retransmission(s2c)",
+      "type": "long"
+    },
+    {
+      "name": "common_tcp_client_isn",
+      "label": "TCP Client ISN",
+      "type": "long"
+    },
+    {
+      "name": "common_tcp_server_isn",
+      "label": "TCP Server ISN",
+      "type": "long"
+    },
+    {
+      "name": "common_first_ttl",
+      "label": "First TTL",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_processing_time",
+      "label": "Processing Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "current_timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_ingestion_time",
+      "label": "Ingestion Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "ingestion_time"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_mirrored_pkts",
+      "label": "Mirrored Packets",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_mirrored_bytes",
+      "label": "Mirrored Bytes",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "http_url",
+      "label": "HTTP.URL",
+      "type": "string"
+    },
+    {
+      "name": "http_host",
+      "label": "HTTP.Host",
+      "doc": {
+        "format": {
+          "functions": "sub_domain",
+          "appendTo": "http_domain"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_domain",
+      "label": "HTTP.Domain",
+      "type": "string"
+    },
+    {
+      "name": "http_request_line",
+      "label": "HTTP.Request Line",
+      "type": "string"
+    },
+    {
+      "name": "http_response_line",
+      "label": "HTTP.Response Line",
+      "type": "string"
+    },
+    {
+      "name": "http_request_header",
+      "label": "HTTP.Request Headers",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_response_header",
+      "label": "HTTP.Response Headers",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_request_content",
+      "label": "HTTP.Request Content",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_request_content_length",
+      "label": "HTTP.Request Content Length",
+      "type": "string"
+    },
+    {
+      "name": "http_request_content_type",
+      "label": "HTTP.Request Content Type",
+      "type": "string"
+    },
+    {
+      "name": "http_response_content",
+      "label": "HTTP.Response Content",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_response_content_length",
+      "label": "HTTP.Response Content Length",
+      "type": "string"
+    },
+    {
+      "name": "http_response_content_type",
+      "label": "HTTP.Response Content Type",
+      "type": "string"
+    },
+    {
+      "name": "http_request_body",
+      "label": "HTTP.Request Body",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_response_body",
+      "label": "HTTP.Response Body",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_request_body_key",
+      "label": "HTTP.Request Body Key",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_response_body_key",
+      "label": "HTTP.Response Body Key",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_proxy_flag",
+      "label": "HTTP.Proxy Flag",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "http_sequence",
+      "label": "HTTP.Sequence",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "http_snapshot",
+      "label": "HTTP.Snapshot",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_cookie",
+      "label": "HTTP.Cookie",
+      "type": "string"
+    },
+    {
+      "name": "http_referer",
+      "label": "HTTP.Referer",
+      "type": "string"
+    },
+    {
+      "name": "http_user_agent",
+      "label": "HTTP.User Agent",
+      "type": "string"
+    },
+    {
+      "name": "http_content_length",
+      "label": "HTTP.Content Length",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_content_type",
+      "label": "HTTP.Content Type",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_set_cookie",
+      "label": "HTTP.Set Cookie",
+      "type": "string"
+    },
+    {
+      "name": "http_version",
+      "label": "HTTP.Version",
+      "type": "string"
+    },
+    {
+      "name": "http_response_latency_ms",
+      "label": "HTTP.Response Latency(ms)",
+      "type": "long"
+    },
+    {
+      "name": "http_session_duration_ms",
+      "label": "HTTP.Session Duration(ms)",
+      "type": "long"
+    },
+    {
+      "name": "http_action_file_size",
+      "label": "HTTP.Action File Size",
+      "type": "int"
+    },
+    {
+      "name": "mail_protocol_type",
+      "label": "Mail.Protocol Type",
+      "type": "string"
+    },
+    {
+      "name": "mail_account",
+      "label": "Mail.Account",
+      "type": "string"
+    },
+    {
+      "name": "mail_from_cmd",
+      "label": "Mail.From CMD",
+      "type": "string"
+    },
+    {
+      "name": "mail_to_cmd",
+      "label": "Mail.To CMD",
+      "type": "string"
+    },
+    {
+      "name": "mail_from",
+      "label": "Mail.From",
+      "doc": {
+        "constraints": {
+          "type": "email"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_to",
+      "label": "Mail.To",
+      "doc": {
+        "constraints": {
+          "type": "email"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_cc",
+      "label": "Mail.CC",
+      "type": "string"
+    },
+    {
+      "name": "mail_bcc",
+      "label": "Mail.BCC",
+      "type": "string"
+    },
+    {
+      "name": "mail_subject",
+      "label": "Mail.Subject",
+      "doc": {
+        "format": {
+          "functions": "decode_of_base64",
+          "param": "$.mail_subject_charset"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_subject_charset",
+      "label": "Mail.Subject Charset",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_content",
+      "label": "Mail.Content",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_content_charset",
+      "label": "Mail.Content Charset",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_attachment_name",
+      "label": "Mail.Attachment",
+      "doc": {
+        "format": {
+          "functions": "decode_of_base64",
+          "param": "$.mail_attachment_name_charset"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_attachment_name_charset",
+      "label": "Mail.Attachment Charset",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_attachment_content",
+      "label": "Mail.Attachment Content",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_eml_file",
+      "label": "Mail.EML File",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_snapshot",
+      "label": "Mail.Snapshot",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "dns_message_id",
+      "label": "DNS.Message ID",
+      "type": "int"
+    },
+    {
+      "name": "dns_qr",
+      "label": "DNS.QR",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "QUERY"
+          },
+          {
+            "code": "1",
+            "value": "RESPONSE"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "dns_opcode",
+      "label": "DNS.OPCODE",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "QUERY"
+          },
+          {
+            "code": "1",
+            "value": "IQUERY"
+          },
+          {
+            "code": "2",
+            "value": "STATUS"
+          },
+          {
+            "code": "5",
+            "value": "UPDATE"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "dns_aa",
+      "label": "DNS.AA",
+      "type": "int"
+    },
+    {
+      "name": "dns_tc",
+      "label": "DNS.TC",
+      "type": "int"
+    },
+    {
+      "name": "dns_rd",
+      "label": "DNS.RD",
+      "type": "int"
+    },
+    {
+      "name": "dns_ra",
+      "label": "DNS.RA",
+      "type": "int"
+    },
+    {
+      "name": "dns_rcode",
+      "label": "DNS.RCODE",
+      "type": "int"
+    },
+    {
+      "name": "dns_qdcount",
+      "label": "DNS.QDCOUNT",
+      "type": "int"
+    },
+    {
+      "name": "dns_ancount",
+      "label": "DNS.ANCOUNT",
+      "type": "int"
+    },
+    {
+      "name": "dns_nscount",
+      "label": "DNS.NSCOUNT",
+      "type": "int"
+    },
+    {
+      "name": "dns_arcount",
+      "label": "DNS.ARCOUNT",
+      "type": "int"
+    },
+    {
+      "name": "dns_qname",
+      "label": "DNS.QNAME",
+      "type": "string"
+    },
+    {
+      "name": "dns_qtype",
+      "label": "DNS.QTYPE",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "A"
+          },
+          {
+            "code": "2",
+            "value": "NS"
+          },
+          {
+            "code": "5",
+            "value": "CNAME"
+          },
+          {
+            "code": "6",
+            "value": "SOA"
+          },
+          {
+            "code": "11",
+            "value": "WKS"
+          },
+          {
+            "code": "12",
+            "value": "PTR"
+          },
+          {
+            "code": "13",
+            "value": "HINFO"
+          },
+          {
+            "code": "11",
+            "value": "WKS"
+          },
+          {
+            "code": "15",
+            "value": "MX"
+          },
+          {
+            "code": "28",
+            "value": "AAAA"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "dns_qclass",
+      "label": "DNS.QCLASS",
+      "type": "int"
+    },
+    {
+      "name": "dns_cname",
+      "label": "DNS.CNAME",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "dns_sub",
+      "label": "DNS.SUB",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "DNS"
+          },
+          {
+            "code": "2",
+            "value": "DNSSEC"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "dns_rr",
+      "label": "DNS.RR",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "dns_response_latency_ms",
+      "label": "DNS.Response Latency(ms)",
+      "type": "int"
+    },
+    {
+      "name": "ssl_version",
+      "label": "SSL.Version",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "ssl_sni",
+      "label": "SSL.SNI",
+      "doc": {
+        "format": {
+          "functions": "sub_domain",
+          "appendTo": "http_domain"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "ssl_san",
+      "label": "SSL.SAN",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "ssl_cn",
+      "label": "SSL.CN",
+      "type": "string"
+    },
+    {
+      "name": "ssl_pinningst",
+      "label": "SSL.Pinning",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "Not Pinning"
+          },
+          {
+            "code": "1",
+            "value": "Pinning"
+          },
+          {
+            "code": "2",
+            "value": "Maybe Pinning"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "ssl_intercept_state",
+      "label": "SSL.Intercept State",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "Passthrough"
+          },
+          {
+            "code": "1",
+            "value": "Intercept"
+          },
+          {
+            "code": "2",
+            "value": "Shutdown"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "ssl_passthrough_reason",
+      "label": "SSL.Passthrough Reason",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "ssl_server_side_latency",
+      "label": "SSL.Server Side Latency(ms)",
+      "type": "int"
+    },
+    {
+      "name": "ssl_client_side_latency",
+      "label": "SSL.Client Side Latency(ms)",
+      "type": "int"
+    },
+    {
+      "name": "ssl_server_side_version",
+      "label": "SSL.Server Side Version",
+      "type": "string"
+    },
+    {
+      "name": "ssl_client_side_version",
+      "label": "SSL.Client Side Version",
+      "type": "string"
+    },
+    {
+      "name": "ssl_cert_verify",
+      "label": "SSL.Certificate Verify",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "No"
+          },
+          {
+            "code": "1",
+            "value": "Yes"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "ssl_error",
+      "label": "SSL.Error",
+      "type": "string"
+    },
+    {
+      "name": "ssl_con_latency_ms",
+      "label": "SSL.Connection Latency(ms)",
+      "type": "int"
+    },
+    {
+      "name": "ssl_ja3_fingerprint",
+      "label": "SSL.JA3",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "ssl_ja3_hash",
+      "label": "SSL.JA3 hash",
+      "type": "string"
+    },
+    {
+      "name": "ssl_cert_issuer",
+      "label": "SSL.Issuer",
+      "doc": {
+        "constraints": {
+          "type": "items"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "ssl_cert_subject",
+      "label": "SSL.Subject",
+      "doc": {
+        "constraints": {
+          "type": "items"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "quic_version",
+      "label": "QUIC.Version",
+      "type": "string"
+    },
+    {
+      "name": "quic_sni",
+      "label": "QUIC.SNI",
+      "doc": {
+        "format": {
+          "functions": "sub_domain",
+          "appendTo": "http_domain"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "quic_user_agent",
+      "label": "QUIC.User Agent",
+      "type": "string"
+    },
+    {
+      "name": "ftp_account",
+      "label": "FTP.Account",
+      "type": "string"
+    },
+    {
+      "name": "ftp_url",
+      "label": "FTP.URL",
+      "type": "string"
+    },
+    {
+      "name": "ftp_content",
+      "label": "FTP.Content",
+      "type": "string"
+    },
+    {
+      "name": "ftp_link_type",
+      "label": "FTP.Link Type",
+      "type": "string"
+    },
+    {
+      "name": "bgp_type",
+      "label": "BGP.Type",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "int"
+    },
+    {
+      "name": "bgp_as_num",
+      "label": "BGP.AS Number",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "bgp_route",
+      "label": "BGP.Route",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "voip_calling_account",
+      "label": "VoIP.Calling Account",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "voip_called_account",
+      "label": "VoIP.Called Account",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "voip_calling_number",
+      "label": "VoIP.Calling Number",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "voip_called_number",
+      "label": "VoIP.Called Number",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "streaming_media_url",
+      "label": "Streaming.Media URL",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "streaming_media_protocol",
+      "label": "Streaming.Media Protocol",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "app_extra_info",
+      "label": "APP.Extra Info",
+      "type": "string"
+    },
+    {
+      "name": "sip_call_id",
+      "label": "SIP.Call-ID",
+      "type": "string"
+    },
+    {
+      "name": "sip_originator_description",
+      "label": "SIP.Originator",
+      "type": "string"
+    },
+    {
+      "name": "sip_responder_description",
+      "label": "SIP.Responder",
+      "type": "string"
+    },
+    {
+      "name": "sip_user_agent",
+      "label": "SIP.User-Agent",
+      "type": "string"
+    },
+    {
+      "name": "sip_server",
+      "label": "SIP.Server",
+      "type": "string"
+    },
+    {
+      "name": "sip_originator_sdp_connect_ip",
+      "label": "SIP.Originator IP",
+      "type": "string"
+    },
+    {
+      "name": "sip_originator_sdp_media_port",
+      "label": "SIP.Originator Port",
+      "type": "int"
+    },
+    {
+      "name": "sip_originator_sdp_media_type",
+      "label": "SIP.Originator Media Type",
+      "type": "string"
+    },
+    {
+      "name": "sip_originator_sdp_content",
+      "label": "SIP.Originator Content",
+      "type": "string"
+    },
+    {
+      "name": "sip_responder_sdp_connect_ip",
+      "label": "SIP.Responder IP",
+      "type": "string"
+    },
+    {
+      "name": "sip_responder_sdp_media_port",
+      "label": "SIP.Responder Port",
+      "type": "int"
+    },
+    {
+      "name": "sip_responder_sdp_media_type",
+      "label": "SIP.Responder Media Type",
+      "type": "string"
+    },
+    {
+      "name": "sip_responder_sdp_content",
+      "label": "SIP.Responder Content",
+      "type": "string"
+    },
+    {
+      "name": "sip_duration_s",
+      "label": "SIP.Duration(s)",
+      "type": "int"
+    },
+    {
+      "name": "sip_bye",
+      "label": "SIP.Bye",
+      "type": "string"
+    },
+    {
+      "name": "rtp_payload_type_c2s",
+      "label": "RTP.Payload Type(c2s)",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "PCMU"
+          },
+          {
+            "code": "1",
+            "value": "1016"
+          },
+          {
+            "code": "2",
+            "value": "G721"
+          },
+          {
+            "code": "3",
+            "value": "GSM"
+          },
+          {
+            "code": "4",
+            "value": "G723"
+          },
+          {
+            "code": "5",
+            "value": "DVI4_8000"
+          },
+          {
+            "code": "6",
+            "value": "DVI4_16000"
+          },
+          {
+            "code": "7",
+            "value": "LPC"
+          },
+          {
+            "code": "8",
+            "value": "PCMA"
+          },
+          {
+            "code": "9",
+            "value": "G722"
+          },
+          {
+            "code": "10",
+            "value": "L16_STEREO"
+          },
+          {
+            "code": "11",
+            "value": "L16_MONO"
+          },
+          {
+            "code": "12",
+            "value": "QCELP"
+          },
+          {
+            "code": "13",
+            "value": "CN"
+          },
+          {
+            "code": "14",
+            "value": "MPA"
+          },
+          {
+            "code": "15",
+            "value": "G728"
+          },
+          {
+            "code": "16",
+            "value": "DVI4_11025"
+          },
+          {
+            "code": "17",
+            "value": "DVI4_22050"
+          },
+          {
+            "code": "18",
+            "value": "G729"
+          },
+          {
+            "code": "19",
+            "value": "CN_OLD"
+          },
+          {
+            "code": "25",
+            "value": "CELB"
+          },
+          {
+            "code": "26",
+            "value": "JPEG"
+          },
+          {
+            "code": "28",
+            "value": "NV"
+          },
+          {
+            "code": "31",
+            "value": "H261"
+          },
+          {
+            "code": "32",
+            "value": "MPV"
+          },
+          {
+            "code": "33",
+            "value": "MP2T"
+          },
+          {
+            "code": "34",
+            "value": "H263"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "rtp_payload_type_s2c",
+      "label": "RTP.Payload Type(s2c)",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "PCMU"
+          },
+          {
+            "code": "1",
+            "value": "1016"
+          },
+          {
+            "code": "2",
+            "value": "G721"
+          },
+          {
+            "code": "3",
+            "value": "GSM"
+          },
+          {
+            "code": "4",
+            "value": "G723"
+          },
+          {
+            "code": "5",
+            "value": "DVI4_8000"
+          },
+          {
+            "code": "6",
+            "value": "DVI4_16000"
+          },
+          {
+            "code": "7",
+            "value": "LPC"
+          },
+          {
+            "code": "8",
+            "value": "PCMA"
+          },
+          {
+            "code": "9",
+            "value": "G722"
+          },
+          {
+            "code": "10",
+            "value": "L16_STEREO"
+          },
+          {
+            "code": "11",
+            "value": "L16_MONO"
+          },
+          {
+            "code": "12",
+            "value": "QCELP"
+          },
+          {
+            "code": "13",
+            "value": "CN"
+          },
+          {
+            "code": "14",
+            "value": "MPA"
+          },
+          {
+            "code": "15",
+            "value": "G728"
+          },
+          {
+            "code": "16",
+            "value": "DVI4_11025"
+          },
+          {
+            "code": "17",
+            "value": "DVI4_22050"
+          },
+          {
+            "code": "18",
+            "value": "G729"
+          },
+          {
+            "code": "19",
+            "value": "CN_OLD"
+          },
+          {
+            "code": "25",
+            "value": "CELB"
+          },
+          {
+            "code": "26",
+            "value": "JPEG"
+          },
+          {
+            "code": "28",
+            "value": "NV"
+          },
+          {
+            "code": "31",
+            "value": "H261"
+          },
+          {
+            "code": "32",
+            "value": "MPV"
+          },
+          {
+            "code": "33",
+            "value": "MP2T"
+          },
+          {
+            "code": "34",
+            "value": "H263"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "rtp_pcap_path",
+      "label": "RTP.PCAP",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "files"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "rtp_originator_dir",
+      "label": "RTP.Direction",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "unknown"
+          },
+          {
+            "code": "1",
+            "value": "c2s"
+          },
+          {
+            "code": "2",
+            "value": "s2c"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "ssh_version",
+      "label": "SSH.Version",
+      "type": "string"
+    },
+    {
+      "name": "ssh_auth_success",
+      "label": "SSH.Authentication Result",
+      "type": "string"
+    },
+    {
+      "name": "ssh_client_version",
+      "label": "SSH.Client Version",
+      "type": "string"
+    },
+    {
+      "name": "ssh_server_version",
+      "label": "SSH.Server Version",
+      "type": "string"
+    },
+    {
+      "name": "ssh_cipher_alg",
+      "label": "SSH.Encryption Algorithm",
+      "type": "string"
+    },
+    {
+      "name": "ssh_mac_alg",
+      "label": "SSH.Signing Algorithm",
+      "type": "string"
+    },
+    {
+      "name": "ssh_compression_alg",
+      "label": "SSH.Compression Algorithm",
+      "type": "string"
+    },
+    {
+      "name": "ssh_kex_alg",
+      "label": "SSH. Key Exchange Algorithm",
+      "type": "string"
+    },
+    {
+      "name": "ssh_host_key_alg",
+      "label": "SSH.Server Host Key Algorithm",
+      "type": "string"
+    },
+    {
+      "name": "ssh_host_key",
+      "label": "SSH.Server Key Fingerprint",
+      "type": "string"
+    },
+    {
+      "name": "ssh_hassh",
+      "label": "SSH.HASSH",
+      "type": "string"
+    },
+    {
+      "name": "stratum_cryptocurrency",
+      "label": "Stratum.Cryptocurrency",
+      "type": "string"
+    },
+    {
+      "name": "stratum_mining_pools",
+      "label": "Stratum.Mining Pools",
+      "type": "string"
+    },
+    {
+      "name": "stratum_mining_program",
+      "label": "Stratum.Mining Program",
+      "type": "string"
+    },
+    {
+      "name": "rdp_cookie",
+      "label": "RDP.Cookie",
+      "type": "string"
+    },
+    {
+      "name": "rdp_security_protocol",
+      "label": "RDP.Security Protocol",
+      "type": "string"
+    },
+    {
+      "name": "rdp_client_channels",
+      "label": "RDP.Client Channels",
+      "type": "string"
+    },
+    {
+      "name": "rdp_keyboard_layout",
+      "label": "RDP.Keyboard Layout",
+      "type": "string"
+    },
+    {
+      "name": "rdp_client_version",
+      "label": "RDP.Client Version",
+      "type": "string"
+    },
+    {
+      "name": "rdp_client_name",
+      "label": "RDP.Client Name",
+      "type": "string"
+    },
+    {
+      "name": "rdp_client_product_id",
+      "label": "RDP.Client Product ID",
+      "type": "string"
+    },
+    {
+      "name": "rdp_desktop_width",
+      "label": "RDP. Desktop Width",
+      "type": "string"
+    },
+    {
+      "name": "rdp_desktop_height",
+      "label": "RDP.Desktop Height",
+      "type": "string"
+    },
+    {
+      "name": "rdp_requested_color_depth",
+      "label": "RDP.Requested Color Depth",
+      "type": "string"
+    },
+    {
+      "name": "rdp_certificate_type",
+      "label": "RDP.Certificate Type",
+      "type": "string"
+    },
+    {
+      "name": "rdp_certificate_count",
+      "label": "RDP.Certificate Count",
+      "type": "int"
+    },
+    {
+      "name": "rdp_certificate_permanent",
+      "label": "RDP.Certificate Permanent",
+      "type": "int"
+    },
+    {
+      "name": "rdp_encryption_level",
+      "label": "RDP.Encryption Level",
+      "type": "string"
+    },
+    {
+      "name": "rdp_encryption_method",
+      "label": "RDP.Encryption Method",
+      "type": "string"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/TSG发布版本更新记录/TSG-22.05/qgw/config/proxy_event.json b/TSG发布版本更新记录/TSG-22.05/qgw/config/proxy_event.json
new file mode 100644
index 0000000..099c216
--- /dev/null
+++ b/TSG发布版本更新记录/TSG-22.05/qgw/config/proxy_event.json
@@ -0,0 +1,1665 @@
+{
+  "type": "record",
+  "name": "proxy_event",
+  "namespace": "tsg_galaxy_v3",
+  "doc": {
+    "primary_key": "common_log_id",
+    "partition_key": "common_recv_time",
+    "functions": {
+      "$ref": "public_schema_info.json#/functions"
+    },
+    "schema_query": {
+      "dimensions": [
+        "common_server_ip",
+        "common_client_ip",
+        "common_internal_ip",
+        "common_external_ip",
+        "common_policy_id",
+        "common_sub_action",
+        "common_sled_ip",
+        "common_device_id",
+        "common_client_location",
+        "common_server_location",
+        "common_subscriber_id",
+        "common_client_port",
+        "common_server_port",
+        "common_schema_type",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_client_asn",
+        "common_server_asn",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "http_host",
+        "http_domain",
+        "http_url",
+        "http_cookie",
+        "http_referer",
+        "http_user_agent",
+        "doh_host",
+        "doh_qname"
+      ],
+      "metrics": [
+        "common_server_ip",
+        "common_client_ip",
+        "common_internal_ip",
+        "common_external_ip",
+        "common_subscriber_id",
+        "common_sled_ip",
+        "common_device_id",
+        "common_sessions",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "http_host",
+        "http_domain",
+        "http_url",
+        "http_cookie",
+        "http_referer",
+        "http_user_agent",
+        "doh_host",
+        "doh_qname"
+      ],
+      "filters": [
+        "common_policy_id",
+        "common_sub_action",
+        "common_address_type",
+        "common_server_ip",
+        "common_client_ip",
+        "common_internal_ip",
+        "common_external_ip",
+        "common_client_port",
+        "common_server_port",
+        "common_client_location",
+        "common_server_location",
+        "common_subscriber_id",
+        "common_l4_protocol",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_sled_ip",
+        "common_device_id",
+        "common_client_asn",
+        "common_server_asn",
+        "common_direction",
+        "common_schema_type",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "http_host",
+        "http_domain",
+        "http_url",
+        "http_cookie",
+        "http_referer",
+        "http_user_agent",
+        "http_request_content_type",
+        "http_response_content_type",
+        "doh_host",
+        "doh_qname"
+      ],
+      "references": {
+        "$ref": "public_schema_info.json#/schema_query/references"
+      },
+      "details": {
+        "general": [
+          "common_recv_time",
+          "common_log_id",
+          "common_stream_trace_id",
+          "common_direction",
+          "common_stream_dir",
+          "common_start_time",
+          "common_end_time",
+          "common_con_duration_ms",
+          "common_establish_latency_ms",
+          "common_processing_time",
+          "common_ingestion_time",
+          "common_entrance_id",
+          "common_device_id",
+          "common_egress_link_id",
+          "common_ingress_link_id",
+          "common_isp",
+          "common_data_center",
+          "common_device_group",
+          "common_sled_ip"
+        ],
+        "action": [
+          "common_action",
+          "common_sub_action",
+          "common_policy_id",
+          "common_user_tags",
+          "common_user_region"
+        ],
+        "source": [
+          "common_client_ip",
+          "common_internal_ip",
+          "common_client_port",
+          "common_client_location",
+          "common_client_asn",
+          "common_subscriber_id",
+          "common_imei",
+          "common_imsi",
+          "common_phone_number"
+        ],
+        "destination": [
+          "common_server_ip",
+          "common_external_ip",
+          "common_server_port",
+          "common_server_location",
+          "common_server_asn"
+        ],
+        "application": [
+          "common_app_id",
+          "common_userdefine_app_name",
+          "common_app_label",
+          "common_app_surrogate_id",
+          "common_l7_protocol",
+          "common_protocol_label",
+          "common_service_category",
+          "common_service",
+          "common_l4_protocol",
+          "common_app_behavior"
+        ],
+        "transmission": [
+          "common_sessions",
+          "common_c2s_pkt_num",
+          "common_s2c_pkt_num",
+          "common_c2s_byte_num",
+          "common_s2c_byte_num",
+          "common_c2s_pkt_diff",
+          "common_s2c_pkt_diff",
+          "common_c2s_byte_diff",
+          "common_s2c_byte_diff",
+          "common_c2s_ipfrag_num",
+          "common_s2c_ipfrag_num",
+          "common_c2s_tcp_lostlen",
+          "common_s2c_tcp_lostlen",
+          "common_c2s_tcp_unorder_num",
+          "common_s2c_tcp_unorder_num",
+          "common_c2s_pkt_retrans",
+          "common_s2c_pkt_retrans",
+          "common_c2s_byte_retrans",
+          "common_s2c_byte_retrans",
+          "common_first_ttl",
+          "common_tcp_client_isn",
+          "common_tcp_server_isn",
+          "common_mirrored_pkts",
+          "common_mirrored_bytes"
+        ],
+        "other": [
+          "common_address_type",
+          "common_schema_type",
+          "common_device_tag",
+          "common_encapsulation",
+          "common_tunnels",
+          "common_address_list",
+          "common_has_dup_traffic",
+          "common_stream_error",
+          "common_link_info_c2s",
+          "common_link_info_s2c",
+          "common_packet_capture_file"
+        ]
+      }
+    },
+    "schema_type": {
+      "HTTP": {
+        "$ref": "public_schema_info.json#/schema_type/HTTP"
+      },
+      "DoH": {
+        "$ref": "public_schema_info.json#/schema_type/DoH"
+      },
+      "RDP": {
+        "$ref": "public_schema_info.json#/schema_type/RDP"
+      }
+    },
+    "default_columns": [
+      "common_recv_time",
+      "common_log_id",
+      "common_policy_id",
+      "common_client_ip",
+      "common_server_ip",
+      "common_server_port",
+      "common_sub_action",
+      "common_schema_type"
+    ],
+    "internal_columns": [
+      "common_recv_time",
+      "common_log_id",
+      "common_processing_time",
+      "common_ingestion_time",
+      "common_packet_capture_file",
+      "http_request_body",
+      "http_response_body"
+    ],
+    "tunnel_type": {
+      "$ref": "public_schema_info.json#/tunnel_type"
+    }
+  },
+  "fields": [
+    {
+      "name": "common_recv_time",
+      "label": "Receive Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_log_id",
+      "label": "Log ID",
+      "doc": {
+        "format": {
+          "functions": "snowflake_id"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_policy_id",
+      "label": "Policy ID",
+      "type": "long"
+    },
+    {
+      "name": "common_subscriber_id",
+      "label": "Subscriber ID",
+      "type": "string"
+    },
+    {
+      "name": "common_imei",
+      "label": "IMEI",
+      "type": "string"
+    },
+    {
+      "name": "common_imsi",
+      "label": "IMSI",
+      "type": "string"
+    },
+    {
+      "name": "common_phone_number",
+      "label": "Phone Number",
+      "type": "string"
+    },
+    {
+      "name": "common_client_ip",
+      "label": "Client IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "geo_asn,radius_match",
+          "appendTo": "common_client_asn,common_subscriber_id"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_internal_ip",
+      "label": "Internal IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "if",
+          "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_client_port",
+      "label": "Client Port",
+      "type": "int"
+    },
+    {
+      "name": "common_l4_protocol",
+      "label": "L4 Protocol",
+      "type": "string"
+    },
+    {
+      "name": "common_address_type",
+      "label": "Address Type",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "4",
+            "value": "ipv4"
+          },
+          {
+            "code": "6",
+            "value": "ipv6"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_server_ip",
+      "label": "Server IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "geo_asn",
+          "appendTo": "common_server_asn"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_server_port",
+      "label": "Server Port",
+      "type": "int"
+    },
+    {
+      "name": "common_external_ip",
+      "label": "External IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "if",
+          "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_action",
+      "label": "Action",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "None"
+          },
+          {
+            "code": "1",
+            "value": "Monitor"
+          },
+          {
+            "code": "2",
+            "value": "Intercept"
+          },
+          {
+            "code": "16",
+            "value": "Deny"
+          },
+          {
+            "code": "48",
+            "value": "Manipulation"
+          },
+          {
+            "code": "128",
+            "value": "Allow"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_direction",
+      "label": "Direction",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "69",
+            "value": "outbound"
+          },
+          {
+            "code": "73",
+            "value": "inbound"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_entrance_id",
+      "label": "Entrance ID",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_sled_ip",
+      "label": "Sled IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_client_location",
+      "label": "Client Location",
+      "type": "string"
+    },
+    {
+      "name": "common_client_asn",
+      "label": "Client ASN",
+      "type": "string"
+    },
+    {
+      "name": "common_server_location",
+      "label": "Server Location",
+      "type": "string"
+    },
+    {
+      "name": "common_server_asn",
+      "label": "Server ASN",
+      "type": "string"
+    },
+    {
+      "name": "common_sessions",
+      "label": "Sessions",
+      "doc": {
+        "format": {
+          "functions": "set_value",
+          "param": "1"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_pkt_num",
+      "label": "Packets Sent",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_num",
+      "label": "Packets Received",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_num",
+      "label": "Bytes Sent",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_num",
+      "label": "Bytes Received",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_pkt_diff",
+      "label": "Packets Sent(Diff)",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_diff",
+      "label": "Packets Received(Diff)",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_diff",
+      "label": "Bytes Sent(Diff)",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_diff",
+      "label": "Bytes Received(Diff)",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_service",
+      "label": "Service",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_schema_type",
+      "label": "Schema Type",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "HTTP",
+            "value": "HTTP"
+          },
+          {
+            "code": "DoH",
+            "value": "DoH"
+          }
+        ]
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_user_tags",
+      "label": "User Tags",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_sub_action",
+      "label": "Sub Action",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "allow",
+            "value": "Allow"
+          },
+          {
+            "code": "deny",
+            "value": "Deny"
+          },
+          {
+            "code": "monitor",
+            "value": "Monitor"
+          },
+          {
+            "code": "replace",
+            "value": "Replace"
+          },
+          {
+            "code": "redirect",
+            "value": "Redirect"
+          },
+          {
+            "code": "insert",
+            "value": "Insert"
+          },
+          {
+            "code": "hijack",
+            "value": "Hijack"
+          },
+          {
+            "code": "edit_element",
+            "value": "Edit Element"
+          }
+        ]
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_user_region",
+      "label": "User Region",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_id",
+      "label": "Device ID",
+      "type": "string"
+    },
+    {
+      "name": "common_egress_link_id",
+      "label": "Egress Link ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_ingress_link_id",
+      "label": "Ingress Link ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_isp",
+      "label": "ISP",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_tag",
+      "label": "Device Tag",
+      "doc": {
+        "visibility": "hidden",
+        "format": {
+          "functions": "flattenSpec,flattenSpec",
+          "appendTo": "common_data_center,common_device_group",
+          "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_data_center",
+      "label": "Data Center",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "device_tag.json#",
+          "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']",
+          "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_group",
+      "label": "Device Group",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "device_tag.json#",
+          "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']",
+          "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_app_behavior",
+      "label": "Application Behavior",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_encapsulation",
+      "label": "Encapsulation",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "public_schema_info.json#/fields/common_encapsulation/data"
+        },
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_app_label",
+      "label": "Application Label",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_tunnels",
+      "label": "Tunnels",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_protocol_label",
+      "label": "Protocol Label",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_app_id",
+      "label": "Application ID",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_userdefine_app_name",
+      "label": "User Define APP Name",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_app_surrogate_id",
+      "label": "Surrogate ID",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_l7_protocol",
+      "label": "L7 Protocol",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_service_category",
+      "label": "FQDN Category",
+      "doc": {
+        "constraints": {
+          "operator_functions": "has"
+        },
+        "dict_location": {
+          "path": "/v1/category/dict",
+          "key": "categoryId",
+          "value": "categoryName"
+        }
+      },
+      "type": {
+        "type": "array",
+        "items": "int"
+      }
+    },
+    {
+      "name": "common_start_time",
+      "label": "Start Time",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_end_time",
+      "label": "End Time",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "get_value",
+          "appendTo": "common_recv_time"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_establish_latency_ms",
+      "label": "Establish Latency(ms)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_con_duration_ms",
+      "label": "Duration(ms)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_stream_dir",
+      "label": "Stream Direction",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "c2s"
+          },
+          {
+            "code": "2",
+            "value": "s2c"
+          },
+          {
+            "code": "3",
+            "value": "double"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_address_list",
+      "label": "Address List",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_has_dup_traffic",
+      "label": "Duplication Traffic",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data"
+        },
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_stream_error",
+      "label": "Stream Error",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_stream_trace_id",
+      "label": "Session ID",
+      "type": "long"
+    },
+    {
+      "name": "common_link_info_c2s",
+      "label": "Link Info(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_link_info_s2c",
+      "label": "Link Info(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_packet_capture_file",
+      "label": "Packet Capture File",
+      "doc": {
+        "visibility": "hidden",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_c2s_ipfrag_num",
+      "label": "Fragmentation Packets(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_ipfrag_num",
+      "label": "Fragmentation Packets(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_tcp_lostlen",
+      "label": "Sequence Gap Loss(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_tcp_lostlen",
+      "label": "Sequence Gap Loss(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_tcp_unorder_num",
+      "label": "Unorder Packets(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_tcp_unorder_num",
+      "label": "Unorder Packets(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_pkt_retrans",
+      "label": "Packet Retransmission(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_retrans",
+      "label": "Packet Retransmission(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_retrans",
+      "label": "Byte Retransmission(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_retrans",
+      "label": "Byte Retransmission(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_tcp_client_isn",
+      "label": "TCP Client ISN",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_tcp_server_isn",
+      "label": "TCP Server ISN",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_first_ttl",
+      "label": "First TTL",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_processing_time",
+      "label": "Processing Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "current_timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_ingestion_time",
+      "label": "Ingestion Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "ingestion_time"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_mirrored_pkts",
+      "label": "Mirrored Packets",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_mirrored_bytes",
+      "label": "Mirrored Bytes",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "http_url",
+      "label": "HTTP.URL",
+      "type": "string"
+    },
+    {
+      "name": "http_host",
+      "label": "HTTP.Host",
+      "doc": {
+        "format": {
+          "functions": "sub_domain",
+          "appendTo": "http_domain"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_domain",
+      "label": "HTTP.Domain",
+      "type": "string"
+    },
+    {
+      "name": "http_request_line",
+      "label": "HTTP.Request Line",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_response_line",
+      "label": "HTTP.Response Line",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_request_header",
+      "label": "HTTP.Request Header",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_response_header",
+      "label": "HTTP.Response Header",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_request_content",
+      "label": "HTTP.Request Content",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_request_content_length",
+      "label": "HTTP.Request Content Length",
+      "type": "string"
+    },
+    {
+      "name": "http_request_content_type",
+      "label": "HTTP.Request Content Type",
+      "type": "string"
+    },
+    {
+      "name": "http_response_content",
+      "label": "HTTP.Response Content",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_response_content_length",
+      "label": "HTTP.Response Content Length",
+      "type": "string"
+    },
+    {
+      "name": "http_response_content_type",
+      "label": "HTTP.Response Content Type",
+      "type": "string"
+    },
+    {
+      "name": "http_request_body",
+      "label": "HTTP.Request Body",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_response_body",
+      "label": "HTTP.Response Body",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_request_body_key",
+      "label": "HTTP.Request Body Key",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_response_body_key",
+      "label": "HTTP.Response Body Key",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_proxy_flag",
+      "label": "HTTP.Proxy Flag",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "http_sequence",
+      "label": "HTTP.Sequence",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "http_snapshot",
+      "label": "HTTP.Snapshot",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_cookie",
+      "label": "HTTP.Cookie",
+      "type": "string"
+    },
+    {
+      "name": "http_referer",
+      "label": "HTTP.Referer",
+      "type": "string"
+    },
+    {
+      "name": "http_user_agent",
+      "label": "HTTP.User Agent",
+      "type": "string"
+    },
+    {
+      "name": "http_content_length",
+      "label": "HTTP.Content Length",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_content_type",
+      "label": "HTTP.Content Type",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_set_cookie",
+      "label": "HTTP.Set Cookie",
+      "type": "string"
+    },
+    {
+      "name": "http_version",
+      "label": "HTTP.Version",
+      "type": "string"
+    },
+    {
+      "name": "http_response_latency_ms",
+      "label": "HTTP.Response Latency(ms)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "http_session_duration_ms",
+      "label": "HTTP.Session Duration(ms)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "http_action_file_size",
+      "label": "HTTP.Action File Size",
+      "type": "int"
+    },
+    {
+      "name": "doh_url",
+      "label": "DoH.URL",
+      "type": "string"
+    },
+    {
+      "name": "doh_host",
+      "label": "DoH.Host",
+      "type": "string"
+    },
+    {
+      "name": "doh_request_line",
+      "label": "DoH.Request Line",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "doh_response_line",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "DoH.Response Line",
+      "type": "string"
+    },
+    {
+      "name": "doh_cookie",
+      "label": "DoH.Cookie",
+      "type": "string"
+    },
+    {
+      "name": "doh_referer",
+      "label": "DoH.Referer",
+      "type": "string"
+    },
+    {
+      "name": "doh_user_agent",
+      "label": "DoH.User Agent",
+      "type": "string"
+    },
+    {
+      "name": "doh_content_length",
+      "label": "DoH.Content Length",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "doh_content_type",
+      "label": "DoH.Content Type",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "doh_set_cookie",
+      "label": "DoH.Set Cookie",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "doh_version",
+      "label": "DoH.Version",
+      "type": "string"
+    },
+    {
+      "name": "doh_message_id",
+      "label": "DoH.Message ID",
+      "type": "int"
+    },
+    {
+      "name": "doh_qr",
+      "label": "DoH.QR",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "QUERY"
+          },
+          {
+            "code": "1",
+            "value": "REESPONSE"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "doh_opcode",
+      "label": "DoH.OPCODE",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "QUERY"
+          },
+          {
+            "code": "1",
+            "value": "IQUERY"
+          },
+          {
+            "code": "2",
+            "value": "STATUS"
+          },
+          {
+            "code": "5",
+            "value": "UPDATE"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "doh_aa",
+      "label": "DoH.AA",
+      "type": "int"
+    },
+    {
+      "name": "doh_tc",
+      "label": "DoH.TC",
+      "type": "int"
+    },
+    {
+      "name": "doh_rd",
+      "label": "DoH.RD",
+      "type": "int"
+    },
+    {
+      "name": "doh_ra",
+      "label": "DoH.RA",
+      "type": "int"
+    },
+    {
+      "name": "doh_rcode",
+      "label": "DoH.RCODE",
+      "type": "int"
+    },
+    {
+      "name": "doh_qdcount",
+      "label": "DoH.QDCOUNT",
+      "type": "int"
+    },
+    {
+      "name": "doh_ancount",
+      "label": "DoH.ANCOUNT",
+      "type": "int"
+    },
+    {
+      "name": "doh_nscount",
+      "label": "DoH.NSCOUNT",
+      "type": "int"
+    },
+    {
+      "name": "doh_arcount",
+      "label": "DoH.ARCOUNT",
+      "type": "int"
+    },
+    {
+      "name": "doh_qname",
+      "label": "DoH.QNAME",
+      "type": "string"
+    },
+    {
+      "name": "doh_qtype",
+      "label": "DoH.QTYPE",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "A"
+          },
+          {
+            "code": "2",
+            "value": "NS"
+          },
+          {
+            "code": "5",
+            "value": "CNAME"
+          },
+          {
+            "code": "6",
+            "value": "SOA"
+          },
+          {
+            "code": "11",
+            "value": "WKS"
+          },
+          {
+            "code": "12",
+            "value": "PTR"
+          },
+          {
+            "code": "13",
+            "value": "HINFO"
+          },
+          {
+            "code": "11",
+            "value": "WKS"
+          },
+          {
+            "code": "15",
+            "value": "MX"
+          },
+          {
+            "code": "28",
+            "value": "AAAA"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "doh_qclass",
+      "label": "DoH.QCLASS",
+      "type": "int"
+    },
+    {
+      "name": "doh_cname",
+      "label": "DoH.CNAME",
+      "type": "string"
+    },
+    {
+      "name": "doh_sub",
+      "label": "DoH.SUB",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "DNS"
+          },
+          {
+            "code": "2",
+            "value": "DNSSEC"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "doh_rr",
+      "label": "DoH.RR",
+      "type": "string"
+    },
+    {
+      "name": "rdp_cookie",
+      "label": "RDP.Cookie",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "rdp_security_protocol",
+      "label": "RDP.Security Protocol",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "rdp_client_channels",
+      "label": "RDP.Client Channels",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "rdp_keyboard_layout",
+      "label": "RDP.Keyboard Layout",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "rdp_client_version",
+      "label": "RDP.Client Version",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "rdp_client_name",
+      "label": "RDP.Client Name",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "rdp_client_product_id",
+      "label": "RDP.Client Product ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "rdp_desktop_width",
+      "label": "RDP. Desktop Width",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "rdp_desktop_height",
+      "label": "RDP.Desktop Height",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "rdp_requested_color_depth",
+      "label": "RDP.Requested Color Depth",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "rdp_certificate_type",
+      "label": "RDP.Certificate Type",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "rdp_certificate_count",
+      "label": "RDP.Certificate Count",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "rdp_certificate_permanent",
+      "label": "RDP.Certificate Permanent",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "rdp_encryption_level",
+      "label": "RDP.Encryption Level",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "rdp_encryption_method",
+      "label": "RDP.Encryption Method",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/TSG发布版本更新记录/TSG-22.05/qgw/config/public_schema_info.json b/TSG发布版本更新记录/TSG-22.05/qgw/config/public_schema_info.json
new file mode 100644
index 0000000..32493ff
--- /dev/null
+++ b/TSG发布版本更新记录/TSG-22.05/qgw/config/public_schema_info.json
@@ -0,0 +1,2230 @@
+{
+  "functions": {
+    "aggregation": [
+      {
+        "name": "COUNT",
+        "label": "COUNT",
+        "function": "count(expr)"
+      },
+      {
+        "name": "COUNT_DISTINCT",
+        "label": "COUNT_DISTINCT",
+        "function": "count(distinct expr)"
+      },
+      {
+        "name": "AVG",
+        "label": "AVG",
+        "function": "avg(expr)"
+      },
+      {
+        "name": "SUM",
+        "label": "SUM",
+        "function": "sum(expr)"
+      },
+      {
+        "name": "MAX",
+        "label": "MAX",
+        "function": "max(expr)"
+      },
+      {
+        "name": "MIN",
+        "label": "MIN",
+        "function": "min(expr)"
+      }
+    ],
+    "operator": [
+      {
+        "name": "=",
+        "label": "=",
+        "function": "expr = value"
+      },
+      {
+        "name": "!=",
+        "label": "!=",
+        "function": "expr != value"
+      },
+      {
+        "name": ">",
+        "label": ">",
+        "function": "expr > value"
+      },
+      {
+        "name": "<",
+        "label": "<",
+        "function": "expr < value"
+      },
+      {
+        "name": ">=",
+        "label": ">=",
+        "function": "expr >= value"
+      },
+      {
+        "name": "<=",
+        "label": "<=",
+        "function": "expr <= value"
+      },
+      {
+        "name": "has",
+        "label": "HAS",
+        "function": "has(expr, value)"
+      },
+      {
+        "name": "in",
+        "label": "IN",
+        "function": "expr in (values)"
+      },
+      {
+        "name": "not in",
+        "label": "NOT IN",
+        "function": "expr not in (values)"
+      },
+      {
+        "name": "like",
+        "label": "LIKE",
+        "function": "expr like value"
+      },
+      {
+        "name": "not like",
+        "label": "NOT LIKE",
+        "function": "expr not like value"
+      },
+      {
+        "name": "notEmpty",
+        "label": "NOT EMPTY",
+        "function": "notEmpty(expr)"
+      },
+      {
+        "name": "empty",
+        "label": "EMPTY",
+        "function": "empty(expr)"
+      }
+    ]
+  },
+  "schema_query": {
+    "references": {
+      "aggregation": [
+        {
+          "type": "int",
+          "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN"
+        },
+        {
+          "type": "long",
+          "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN"
+        },
+        {
+          "type": "float",
+          "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN"
+        },
+        {
+          "type": "double",
+          "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN"
+        },
+        {
+          "type": "string",
+          "functions": "COUNT,COUNT_DISTINCT"
+        },
+        {
+          "type": "date",
+          "functions": "COUNT,COUNT_DISTINCT,MAX,MIN"
+        },
+        {
+          "type": "timestamp",
+          "functions": "COUNT,COUNT_DISTINCT,MAX,MIN"
+        }
+      ],
+      "operator": [
+        {
+          "type": "int",
+          "functions": "=,!=,>,<,>=,<=,in,not in"
+        },
+        {
+          "type": "long",
+          "functions": "=,!=,>,<,>=,<=,in,not in"
+        },
+        {
+          "type": "float",
+          "functions": "=,!=,>,<,>=,<="
+        },
+        {
+          "type": "double",
+          "functions": "=,!=,>,<,>=,<="
+        },
+        {
+          "type": "string",
+          "functions": "=,!=,in,not in,like,not like,notEmpty,empty"
+        },
+        {
+          "type": "date",
+          "functions": "=,!=,>,<,>=,<="
+        },
+        {
+          "type": "timestamp",
+          "functions": "=,!=,>,<,>=,<="
+        },
+        {
+          "type": "array",
+          "functions": "has"
+        }
+      ]
+    }
+  },
+  "schema_type": {
+    "BASE": {
+      "columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_client_ip",
+        "common_client_port",
+        "common_internal_ip",
+        "common_l4_protocol",
+        "common_address_type",
+        "common_server_ip",
+        "common_server_port",
+        "common_external_ip",
+        "common_action",
+        "common_direction",
+        "common_entrance_id",
+        "common_sled_ip",
+        "common_client_location",
+        "common_client_asn",
+        "common_server_location",
+        "common_server_asn",
+        "common_sessions",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_pkt_diff",
+        "common_s2c_pkt_diff",
+        "common_c2s_byte_diff",
+        "common_s2c_byte_diff",
+        "common_service",
+        "common_schema_type",
+        "common_user_tags",
+        "common_sub_action",
+        "common_user_region",
+        "common_device_id",
+        "common_egress_link_id",
+        "common_ingress_link_id",
+        "common_isp",
+        "common_device_tag",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_encapsulation",
+        "common_app_label",
+        "common_tunnels",
+        "common_protocol_label",
+        "common_app_id",
+        "common_userdefine_app_name",
+        "common_app_surrogate_id",
+        "common_service_category",
+        "common_l7_protocol",
+        "common_start_time",
+        "common_end_time",
+        "common_establish_latency_ms",
+        "common_con_duration_ms",
+        "common_stream_dir",
+        "common_address_list",
+        "common_has_dup_traffic",
+        "common_stream_error",
+        "common_stream_trace_id",
+        "common_link_info_c2s",
+        "common_link_info_s2c",
+        "common_packet_capture_file",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_c2s_pkt_retrans",
+        "common_s2c_pkt_retrans",
+        "common_c2s_byte_retrans",
+        "common_s2c_byte_retrans",
+        "common_tcp_client_isn",
+        "common_tcp_server_isn",
+        "common_first_ttl",
+        "common_processing_time",
+        "common_ingestion_time",
+        "common_mirrored_pkts",
+        "common_mirrored_bytes"
+      ],
+      "default_columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_client_ip",
+        "common_server_ip",
+        "common_server_port"
+      ]
+    },
+    "HTTP": {
+      "columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_client_ip",
+        "common_client_port",
+        "common_internal_ip",
+        "common_l4_protocol",
+        "common_address_type",
+        "common_server_ip",
+        "common_server_port",
+        "common_external_ip",
+        "common_action",
+        "common_direction",
+        "common_entrance_id",
+        "common_sled_ip",
+        "common_client_location",
+        "common_client_asn",
+        "common_server_location",
+        "common_server_asn",
+        "common_sessions",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_pkt_diff",
+        "common_s2c_pkt_diff",
+        "common_c2s_byte_diff",
+        "common_s2c_byte_diff",
+        "common_service",
+        "common_schema_type",
+        "common_user_tags",
+        "common_sub_action",
+        "common_user_region",
+        "common_device_id",
+        "common_egress_link_id",
+        "common_ingress_link_id",
+        "common_isp",
+        "common_device_tag",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_encapsulation",
+        "common_app_label",
+        "common_tunnels",
+        "common_protocol_label",
+        "common_app_id",
+        "common_userdefine_app_name",
+        "common_app_surrogate_id",
+        "common_service_category",
+        "common_l7_protocol",
+        "common_start_time",
+        "common_end_time",
+        "common_establish_latency_ms",
+        "common_con_duration_ms",
+        "common_stream_dir",
+        "common_address_list",
+        "common_has_dup_traffic",
+        "common_stream_error",
+        "common_stream_trace_id",
+        "common_link_info_c2s",
+        "common_link_info_s2c",
+        "common_packet_capture_file",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_c2s_pkt_retrans",
+        "common_s2c_pkt_retrans",
+        "common_c2s_byte_retrans",
+        "common_s2c_byte_retrans",
+        "common_tcp_client_isn",
+        "common_tcp_server_isn",
+        "common_first_ttl",
+        "common_processing_time",
+        "common_ingestion_time",
+        "common_mirrored_pkts",
+        "common_mirrored_bytes",
+        "http_url",
+        "http_host",
+        "http_domain",
+        "http_request_line",
+        "http_response_line",
+        "http_request_header",
+        "http_response_header",
+        "http_request_content",
+        "http_request_content_length",
+        "http_request_content_type",
+        "http_response_content",
+        "http_response_content_length",
+        "http_response_content_type",
+        "http_request_body",
+        "http_response_body",
+        "http_request_body_key",
+        "http_response_body_key",
+        "http_proxy_flag",
+        "http_sequence",
+        "http_snapshot",
+        "http_cookie",
+        "http_referer",
+        "http_user_agent",
+        "http_content_length",
+        "http_content_type",
+        "http_set_cookie",
+        "http_version",
+        "http_response_latency_ms",
+        "http_session_duration_ms",
+        "http_action_file_size"
+      ],
+      "default_columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_client_ip",
+        "http_url",
+        "common_server_port",
+        "common_sub_action"
+      ]
+    },
+    "MAIL": {
+      "columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_client_ip",
+        "common_client_port",
+        "common_internal_ip",
+        "common_l4_protocol",
+        "common_address_type",
+        "common_server_ip",
+        "common_server_port",
+        "common_external_ip",
+        "common_action",
+        "common_direction",
+        "common_entrance_id",
+        "common_sled_ip",
+        "common_client_location",
+        "common_client_asn",
+        "common_server_location",
+        "common_server_asn",
+        "common_sessions",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_pkt_diff",
+        "common_s2c_pkt_diff",
+        "common_c2s_byte_diff",
+        "common_s2c_byte_diff",
+        "common_service",
+        "common_schema_type",
+        "common_user_tags",
+        "common_sub_action",
+        "common_user_region",
+        "common_device_id",
+        "common_egress_link_id",
+        "common_ingress_link_id",
+        "common_isp",
+        "common_device_tag",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_encapsulation",
+        "common_app_label",
+        "common_tunnels",
+        "common_protocol_label",
+        "common_app_id",
+        "common_userdefine_app_name",
+        "common_app_surrogate_id",
+        "common_l7_protocol",
+        "common_service_category",
+        "common_start_time",
+        "common_end_time",
+        "common_establish_latency_ms",
+        "common_con_duration_ms",
+        "common_stream_dir",
+        "common_address_list",
+        "common_has_dup_traffic",
+        "common_stream_error",
+        "common_stream_trace_id",
+        "common_link_info_c2s",
+        "common_link_info_s2c",
+        "common_packet_capture_file",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_c2s_pkt_retrans",
+        "common_s2c_pkt_retrans",
+        "common_c2s_byte_retrans",
+        "common_s2c_byte_retrans",
+        "common_tcp_client_isn",
+        "common_tcp_server_isn",
+        "common_first_ttl",
+        "common_processing_time",
+        "common_ingestion_time",
+        "common_mirrored_pkts",
+        "common_mirrored_bytes",
+        "mail_protocol_type",
+        "mail_account",
+        "mail_from_cmd",
+        "mail_to_cmd",
+        "mail_from",
+        "mail_to",
+        "mail_cc",
+        "mail_bcc",
+        "mail_subject",
+        "mail_subject_charset",
+        "mail_content",
+        "mail_content_charset",
+        "mail_attachment_name",
+        "mail_attachment_name_charset",
+        "mail_attachment_content",
+        "mail_eml_file",
+        "mail_snapshot"
+      ],
+      "default_columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_client_ip",
+        "mail_from",
+        "mail_to",
+        "mail_subject"
+      ]
+    },
+    "DNS": {
+      "columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_client_ip",
+        "common_client_port",
+        "common_internal_ip",
+        "common_l4_protocol",
+        "common_address_type",
+        "common_server_ip",
+        "common_server_port",
+        "common_external_ip",
+        "common_action",
+        "common_direction",
+        "common_entrance_id",
+        "common_sled_ip",
+        "common_client_location",
+        "common_client_asn",
+        "common_server_location",
+        "common_server_asn",
+        "common_sessions",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_pkt_diff",
+        "common_s2c_pkt_diff",
+        "common_c2s_byte_diff",
+        "common_s2c_byte_diff",
+        "common_service",
+        "common_schema_type",
+        "common_user_tags",
+        "common_sub_action",
+        "common_user_region",
+        "common_device_id",
+        "common_egress_link_id",
+        "common_ingress_link_id",
+        "common_isp",
+        "common_device_tag",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_encapsulation",
+        "common_app_label",
+        "common_tunnels",
+        "common_protocol_label",
+        "common_app_id",
+        "common_userdefine_app_name",
+        "common_app_surrogate_id",
+        "common_l7_protocol",
+        "common_service_category",
+        "common_start_time",
+        "common_end_time",
+        "common_establish_latency_ms",
+        "common_con_duration_ms",
+        "common_stream_dir",
+        "common_address_list",
+        "common_has_dup_traffic",
+        "common_stream_error",
+        "common_stream_trace_id",
+        "common_link_info_c2s",
+        "common_link_info_s2c",
+        "common_packet_capture_file",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_c2s_pkt_retrans",
+        "common_s2c_pkt_retrans",
+        "common_c2s_byte_retrans",
+        "common_s2c_byte_retrans",
+        "common_tcp_client_isn",
+        "common_tcp_server_isn",
+        "common_first_ttl",
+        "common_processing_time",
+        "common_ingestion_time",
+        "common_mirrored_pkts",
+        "common_mirrored_bytes",
+        "dns_message_id",
+        "dns_qr",
+        "dns_opcode",
+        "dns_aa",
+        "dns_tc",
+        "dns_rd",
+        "dns_ra",
+        "dns_rcode",
+        "dns_qdcount",
+        "dns_ancount",
+        "dns_nscount",
+        "dns_arcount",
+        "dns_qname",
+        "dns_qtype",
+        "dns_qclass",
+        "dns_cname",
+        "dns_sub",
+        "dns_rr",
+        "dns_response_latency_ms"
+      ],
+      "default_columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_client_ip",
+        "dns_qr",
+        "dns_qname",
+        "dns_qtype"
+      ]
+    },
+    "SSL": {
+      "columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_client_ip",
+        "common_client_port",
+        "common_internal_ip",
+        "common_l4_protocol",
+        "common_address_type",
+        "common_server_ip",
+        "common_server_port",
+        "common_external_ip",
+        "common_action",
+        "common_direction",
+        "common_entrance_id",
+        "common_sled_ip",
+        "common_client_location",
+        "common_client_asn",
+        "common_server_location",
+        "common_server_asn",
+        "common_sessions",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_pkt_diff",
+        "common_s2c_pkt_diff",
+        "common_c2s_byte_diff",
+        "common_s2c_byte_diff",
+        "common_service",
+        "common_schema_type",
+        "common_user_tags",
+        "common_sub_action",
+        "common_user_region",
+        "common_device_id",
+        "common_egress_link_id",
+        "common_ingress_link_id",
+        "common_isp",
+        "common_device_tag",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_encapsulation",
+        "common_app_label",
+        "common_tunnels",
+        "common_protocol_label",
+        "common_app_id",
+        "common_userdefine_app_name",
+        "common_app_surrogate_id",
+        "common_l7_protocol",
+        "common_service_category",
+        "common_start_time",
+        "common_end_time",
+        "common_establish_latency_ms",
+        "common_con_duration_ms",
+        "common_stream_dir",
+        "common_address_list",
+        "common_has_dup_traffic",
+        "common_stream_error",
+        "common_stream_trace_id",
+        "common_link_info_c2s",
+        "common_link_info_s2c",
+        "common_packet_capture_file",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_c2s_pkt_retrans",
+        "common_s2c_pkt_retrans",
+        "common_c2s_byte_retrans",
+        "common_s2c_byte_retrans",
+        "common_tcp_client_isn",
+        "common_tcp_server_isn",
+        "common_first_ttl",
+        "common_processing_time",
+        "common_ingestion_time",
+        "common_mirrored_pkts",
+        "common_mirrored_bytes",
+        "ssl_sni",
+        "ssl_san",
+        "ssl_cn",
+        "ssl_pinningst",
+        "ssl_intercept_state",
+        "ssl_passthrough_reason",
+        "ssl_server_side_latency",
+        "ssl_client_side_latency",
+        "ssl_server_side_version",
+        "ssl_client_side_version",
+        "ssl_cert_verify",
+        "ssl_error",
+        "ssl_con_latency_ms",
+        "ssl_ja3_fingerprint",
+        "ssl_ja3_hash",
+        "ssl_cert_issuer",
+        "ssl_cert_subject"
+      ],
+      "default_columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_client_ip",
+        "ssl_sni",
+        "common_server_ip",
+        "common_server_port"
+      ]
+    },
+    "QUIC": {
+      "columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_client_ip",
+        "common_client_port",
+        "common_internal_ip",
+        "common_l4_protocol",
+        "common_address_type",
+        "common_server_ip",
+        "common_server_port",
+        "common_external_ip",
+        "common_action",
+        "common_direction",
+        "common_entrance_id",
+        "common_sled_ip",
+        "common_client_location",
+        "common_client_asn",
+        "common_server_location",
+        "common_server_asn",
+        "common_sessions",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_pkt_diff",
+        "common_s2c_pkt_diff",
+        "common_c2s_byte_diff",
+        "common_s2c_byte_diff",
+        "common_service",
+        "common_schema_type",
+        "common_user_tags",
+        "common_sub_action",
+        "common_user_region",
+        "common_device_id",
+        "common_egress_link_id",
+        "common_ingress_link_id",
+        "common_isp",
+        "common_device_tag",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_encapsulation",
+        "common_app_label",
+        "common_tunnels",
+        "common_protocol_label",
+        "common_app_id",
+        "common_userdefine_app_name",
+        "common_app_surrogate_id",
+        "common_l7_protocol",
+        "common_service_category",
+        "common_start_time",
+        "common_end_time",
+        "common_establish_latency_ms",
+        "common_con_duration_ms",
+        "common_stream_dir",
+        "common_address_list",
+        "common_has_dup_traffic",
+        "common_stream_error",
+        "common_stream_trace_id",
+        "common_link_info_c2s",
+        "common_link_info_s2c",
+        "common_packet_capture_file",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_c2s_pkt_retrans",
+        "common_s2c_pkt_retrans",
+        "common_c2s_byte_retrans",
+        "common_s2c_byte_retrans",
+        "common_tcp_client_isn",
+        "common_tcp_server_isn",
+        "common_first_ttl",
+        "common_processing_time",
+        "common_ingestion_time",
+        "common_mirrored_pkts",
+        "common_mirrored_bytes",
+        "quic_version",
+        "quic_sni",
+        "quic_user_agent"
+      ],
+      "default_columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_client_ip",
+        "quic_sni",
+        "common_server_ip",
+        "common_server_port"
+      ]
+    },
+    "FTP": {
+      "columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_client_ip",
+        "common_client_port",
+        "common_internal_ip",
+        "common_l4_protocol",
+        "common_address_type",
+        "common_server_ip",
+        "common_server_port",
+        "common_external_ip",
+        "common_action",
+        "common_direction",
+        "common_entrance_id",
+        "common_sled_ip",
+        "common_client_location",
+        "common_client_asn",
+        "common_server_location",
+        "common_server_asn",
+        "common_sessions",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_pkt_diff",
+        "common_s2c_pkt_diff",
+        "common_c2s_byte_diff",
+        "common_s2c_byte_diff",
+        "common_service",
+        "common_schema_type",
+        "common_user_tags",
+        "common_sub_action",
+        "common_user_region",
+        "common_device_id",
+        "common_egress_link_id",
+        "common_ingress_link_id",
+        "common_isp",
+        "common_device_tag",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_encapsulation",
+        "common_app_label",
+        "common_tunnels",
+        "common_protocol_label",
+        "common_app_id",
+        "common_userdefine_app_name",
+        "common_app_surrogate_id",
+        "common_l7_protocol",
+        "common_service_category",
+        "common_start_time",
+        "common_end_time",
+        "common_establish_latency_ms",
+        "common_con_duration_ms",
+        "common_stream_dir",
+        "common_address_list",
+        "common_has_dup_traffic",
+        "common_stream_error",
+        "common_stream_trace_id",
+        "common_link_info_c2s",
+        "common_link_info_s2c",
+        "common_packet_capture_file",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_c2s_pkt_retrans",
+        "common_s2c_pkt_retrans",
+        "common_c2s_byte_retrans",
+        "common_s2c_byte_retrans",
+        "common_tcp_client_isn",
+        "common_tcp_server_isn",
+        "common_first_ttl",
+        "common_processing_time",
+        "common_ingestion_time",
+        "common_mirrored_pkts",
+        "common_mirrored_bytes",
+        "ftp_account",
+        "ftp_url",
+        "ftp_content",
+        "ftp_link_type"
+      ],
+      "default_columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_client_ip",
+        "ftp_url",
+        "common_server_ip",
+        "common_server_port"
+      ]
+    },
+    "BGP": {
+      "columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_client_ip",
+        "common_client_port",
+        "common_internal_ip",
+        "common_l4_protocol",
+        "common_address_type",
+        "common_server_ip",
+        "common_server_port",
+        "common_external_ip",
+        "common_action",
+        "common_direction",
+        "common_entrance_id",
+        "common_sled_ip",
+        "common_client_location",
+        "common_client_asn",
+        "common_server_location",
+        "common_server_asn",
+        "common_sessions",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_pkt_diff",
+        "common_s2c_pkt_diff",
+        "common_c2s_byte_diff",
+        "common_s2c_byte_diff",
+        "common_service",
+        "common_schema_type",
+        "common_user_tags",
+        "common_sub_action",
+        "common_user_region",
+        "common_device_id",
+        "common_egress_link_id",
+        "common_ingress_link_id",
+        "common_isp",
+        "common_device_tag",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_encapsulation",
+        "common_app_label",
+        "common_tunnels",
+        "common_protocol_label",
+        "common_app_id",
+        "common_userdefine_app_name",
+        "common_app_surrogate_id",
+        "common_l7_protocol",
+        "common_service_category",
+        "common_start_time",
+        "common_end_time",
+        "common_establish_latency_ms",
+        "common_con_duration_ms",
+        "common_stream_dir",
+        "common_address_list",
+        "common_has_dup_traffic",
+        "common_stream_error",
+        "common_stream_trace_id",
+        "common_link_info_c2s",
+        "common_link_info_s2c",
+        "common_packet_capture_file",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_c2s_pkt_retrans",
+        "common_s2c_pkt_retrans",
+        "common_c2s_byte_retrans",
+        "common_s2c_byte_retrans",
+        "common_tcp_client_isn",
+        "common_tcp_server_isn",
+        "common_first_ttl",
+        "common_processing_time",
+        "common_ingestion_time",
+        "common_mirrored_pkts",
+        "common_mirrored_bytes",
+        "bgp_type",
+        "bgp_as_num",
+        "bgp_route"
+      ],
+      "default_columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_client_ip",
+        "bgp_type",
+        "bgp_as_num",
+        "common_server_ip",
+        "common_server_port"
+      ]
+    },
+    "SIP": {
+      "columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_client_ip",
+        "common_client_port",
+        "common_internal_ip",
+        "common_l4_protocol",
+        "common_address_type",
+        "common_server_ip",
+        "common_server_port",
+        "common_external_ip",
+        "common_action",
+        "common_direction",
+        "common_entrance_id",
+        "common_sled_ip",
+        "common_client_location",
+        "common_client_asn",
+        "common_server_location",
+        "common_server_asn",
+        "common_sessions",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_pkt_diff",
+        "common_s2c_pkt_diff",
+        "common_c2s_byte_diff",
+        "common_s2c_byte_diff",
+        "common_service",
+        "common_schema_type",
+        "common_user_tags",
+        "common_sub_action",
+        "common_user_region",
+        "common_device_id",
+        "common_egress_link_id",
+        "common_ingress_link_id",
+        "common_isp",
+        "common_device_tag",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_encapsulation",
+        "common_app_label",
+        "common_tunnels",
+        "common_protocol_label",
+        "common_app_id",
+        "common_userdefine_app_name",
+        "common_app_surrogate_id",
+        "common_l7_protocol",
+        "common_service_category",
+        "common_start_time",
+        "common_end_time",
+        "common_establish_latency_ms",
+        "common_con_duration_ms",
+        "common_stream_dir",
+        "common_address_list",
+        "common_has_dup_traffic",
+        "common_stream_error",
+        "common_stream_trace_id",
+        "common_link_info_c2s",
+        "common_link_info_s2c",
+        "common_packet_capture_file",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_c2s_pkt_retrans",
+        "common_s2c_pkt_retrans",
+        "common_c2s_byte_retrans",
+        "common_s2c_byte_retrans",
+        "common_tcp_client_isn",
+        "common_tcp_server_isn",
+        "common_first_ttl",
+        "common_processing_time",
+        "common_ingestion_time",
+        "common_mirrored_pkts",
+        "common_mirrored_bytes",
+        "sip_call_id",
+        "sip_originator_description",
+        "sip_responder_description",
+        "sip_user_agent",
+        "sip_server",
+        "sip_originator_sdp_connect_ip",
+        "sip_originator_sdp_media_port",
+        "sip_originator_sdp_media_type",
+        "sip_originator_sdp_content",
+        "sip_responder_sdp_connect_ip",
+        "sip_responder_sdp_media_port",
+        "sip_responder_sdp_media_type",
+        "sip_responder_sdp_content",
+        "sip_duration_s",
+        "sip_bye"
+      ],
+      "default_columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_subscriber_id",
+        "common_client_ip",
+        "sip_originator_description",
+        "sip_responder_description",
+        "sip_call_id",
+        "common_server_ip",
+        "common_server_port"
+      ]
+    },
+    "RTP": {
+      "columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_client_ip",
+        "common_client_port",
+        "common_internal_ip",
+        "common_l4_protocol",
+        "common_address_type",
+        "common_server_ip",
+        "common_server_port",
+        "common_external_ip",
+        "common_action",
+        "common_direction",
+        "common_entrance_id",
+        "common_sled_ip",
+        "common_client_location",
+        "common_client_asn",
+        "common_server_location",
+        "common_server_asn",
+        "common_sessions",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_pkt_diff",
+        "common_s2c_pkt_diff",
+        "common_c2s_byte_diff",
+        "common_s2c_byte_diff",
+        "common_service",
+        "common_schema_type",
+        "common_user_tags",
+        "common_sub_action",
+        "common_user_region",
+        "common_device_id",
+        "common_egress_link_id",
+        "common_ingress_link_id",
+        "common_isp",
+        "common_device_tag",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_encapsulation",
+        "common_app_label",
+        "common_tunnels",
+        "common_protocol_label",
+        "common_app_id",
+        "common_userdefine_app_name",
+        "common_app_surrogate_id",
+        "common_l7_protocol",
+        "common_service_category",
+        "common_start_time",
+        "common_end_time",
+        "common_establish_latency_ms",
+        "common_con_duration_ms",
+        "common_stream_dir",
+        "common_address_list",
+        "common_has_dup_traffic",
+        "common_stream_error",
+        "common_stream_trace_id",
+        "common_link_info_c2s",
+        "common_link_info_s2c",
+        "common_packet_capture_file",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_c2s_pkt_retrans",
+        "common_s2c_pkt_retrans",
+        "common_c2s_byte_retrans",
+        "common_s2c_byte_retrans",
+        "common_tcp_client_isn",
+        "common_tcp_server_isn",
+        "common_first_ttl",
+        "common_processing_time",
+        "common_ingestion_time",
+        "common_mirrored_pkts",
+        "common_mirrored_bytes",
+        "rtp_payload_type_c2s",
+        "rtp_payload_type_s2c",
+        "rtp_pcap_path",
+        "rtp_originator_dir"
+      ],
+      "default_columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_subscriber_id",
+        "common_client_ip",
+        "common_server_ip",
+        "common_server_port",
+        "rtp_pcap_path",
+        "rtp_originator_dir"
+      ]
+    },
+    "APP": {
+      "columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_client_ip",
+        "common_client_port",
+        "common_internal_ip",
+        "common_l4_protocol",
+        "common_address_type",
+        "common_server_ip",
+        "common_server_port",
+        "common_external_ip",
+        "common_action",
+        "common_direction",
+        "common_entrance_id",
+        "common_sled_ip",
+        "common_client_location",
+        "common_client_asn",
+        "common_server_location",
+        "common_server_asn",
+        "common_sessions",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_pkt_diff",
+        "common_s2c_pkt_diff",
+        "common_c2s_byte_diff",
+        "common_s2c_byte_diff",
+        "common_service",
+        "common_schema_type",
+        "common_user_tags",
+        "common_sub_action",
+        "common_user_region",
+        "common_device_id",
+        "common_egress_link_id",
+        "common_ingress_link_id",
+        "common_isp",
+        "common_device_tag",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_encapsulation",
+        "common_app_label",
+        "common_tunnels",
+        "common_protocol_label",
+        "common_app_id",
+        "common_userdefine_app_name",
+        "common_app_surrogate_id",
+        "common_l7_protocol",
+        "common_service_category",
+        "common_start_time",
+        "common_end_time",
+        "common_establish_latency_ms",
+        "common_con_duration_ms",
+        "common_stream_dir",
+        "common_address_list",
+        "common_has_dup_traffic",
+        "common_stream_error",
+        "common_stream_trace_id",
+        "common_link_info_c2s",
+        "common_link_info_s2c",
+        "common_packet_capture_file",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_c2s_pkt_retrans",
+        "common_s2c_pkt_retrans",
+        "common_c2s_byte_retrans",
+        "common_s2c_byte_retrans",
+        "common_tcp_client_isn",
+        "common_tcp_server_isn",
+        "common_first_ttl",
+        "common_processing_time",
+        "common_ingestion_time",
+        "common_mirrored_pkts",
+        "common_mirrored_bytes",
+        "app_extra_info"
+      ],
+      "default_columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_client_ip",
+        "common_app_id",
+        "common_app_label",
+        "app_extra_info",
+        "common_server_ip",
+        "common_server_port"
+      ]
+    },
+    "DoH": {
+      "columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_client_ip",
+        "common_client_port",
+        "common_internal_ip",
+        "common_l4_protocol",
+        "common_address_type",
+        "common_server_ip",
+        "common_server_port",
+        "common_external_ip",
+        "common_action",
+        "common_direction",
+        "common_entrance_id",
+        "common_sled_ip",
+        "common_client_location",
+        "common_client_asn",
+        "common_server_location",
+        "common_server_asn",
+        "common_sessions",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_pkt_diff",
+        "common_s2c_pkt_diff",
+        "common_c2s_byte_diff",
+        "common_s2c_byte_diff",
+        "common_service",
+        "common_schema_type",
+        "common_user_tags",
+        "common_sub_action",
+        "common_user_region",
+        "common_device_id",
+        "common_egress_link_id",
+        "common_ingress_link_id",
+        "common_isp",
+        "common_device_tag",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_encapsulation",
+        "common_app_label",
+        "common_tunnels",
+        "common_protocol_label",
+        "common_app_id",
+        "common_userdefine_app_name",
+        "common_app_surrogate_id",
+        "common_l7_protocol",
+        "common_service_category",
+        "common_start_time",
+        "common_end_time",
+        "common_establish_latency_ms",
+        "common_con_duration_ms",
+        "common_stream_dir",
+        "common_address_list",
+        "common_has_dup_traffic",
+        "common_stream_error",
+        "common_stream_trace_id",
+        "common_link_info_c2s",
+        "common_link_info_s2c",
+        "common_packet_capture_file",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_c2s_pkt_retrans",
+        "common_s2c_pkt_retrans",
+        "common_c2s_byte_retrans",
+        "common_s2c_byte_retrans",
+        "common_tcp_client_isn",
+        "common_tcp_server_isn",
+        "common_first_ttl",
+        "common_processing_time",
+        "common_ingestion_time",
+        "common_mirrored_pkts",
+        "common_mirrored_bytes",
+        "doh_url",
+        "doh_host",
+        "doh_request_line",
+        "doh_response_line",
+        "doh_cookie",
+        "doh_referer",
+        "doh_user_agent",
+        "doh_content_length",
+        "doh_content_type",
+        "doh_set_cookie",
+        "doh_version",
+        "doh_message_id",
+        "doh_qr",
+        "doh_opcode",
+        "doh_aa",
+        "doh_tc",
+        "doh_rd",
+        "doh_ra",
+        "doh_rcode",
+        "doh_qdcount",
+        "doh_ancount",
+        "doh_nscount",
+        "doh_arcount",
+        "doh_qname",
+        "doh_qtype",
+        "doh_qclass",
+        "doh_cname",
+        "doh_sub",
+        "doh_rr"
+      ],
+      "default_columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_client_ip",
+        "doh_url",
+        "doh_qname",
+        "common_server_port"
+      ]
+    },
+    "VoIP": {
+      "columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_client_ip",
+        "common_client_port",
+        "common_internal_ip",
+        "common_l4_protocol",
+        "common_address_type",
+        "common_server_ip",
+        "common_server_port",
+        "common_external_ip",
+        "common_action",
+        "common_direction",
+        "common_entrance_id",
+        "common_sled_ip",
+        "common_client_location",
+        "common_client_asn",
+        "common_server_location",
+        "common_server_asn",
+        "common_sessions",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_pkt_diff",
+        "common_s2c_pkt_diff",
+        "common_c2s_byte_diff",
+        "common_s2c_byte_diff",
+        "common_service",
+        "common_schema_type",
+        "common_user_tags",
+        "common_sub_action",
+        "common_user_region",
+        "common_device_id",
+        "common_egress_link_id",
+        "common_ingress_link_id",
+        "common_isp",
+        "common_device_tag",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_encapsulation",
+        "common_app_label",
+        "common_tunnels",
+        "common_protocol_label",
+        "common_app_id",
+        "common_userdefine_app_name",
+        "common_app_surrogate_id",
+        "common_l7_protocol",
+        "common_service_category",
+        "common_start_time",
+        "common_end_time",
+        "common_establish_latency_ms",
+        "common_con_duration_ms",
+        "common_stream_dir",
+        "common_address_list",
+        "common_has_dup_traffic",
+        "common_stream_error",
+        "common_stream_trace_id",
+        "common_link_info_c2s",
+        "common_link_info_s2c",
+        "common_packet_capture_file",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_c2s_pkt_retrans",
+        "common_s2c_pkt_retrans",
+        "common_c2s_byte_retrans",
+        "common_s2c_byte_retrans",
+        "common_tcp_client_isn",
+        "common_tcp_server_isn",
+        "common_first_ttl",
+        "common_processing_time",
+        "common_ingestion_time",
+        "common_mirrored_pkts",
+        "common_mirrored_bytes",
+        "sip_call_id",
+        "sip_originator_description",
+        "sip_responder_description",
+        "sip_user_agent",
+        "sip_server",
+        "sip_originator_sdp_connect_ip",
+        "sip_originator_sdp_media_port",
+        "sip_originator_sdp_media_type",
+        "sip_originator_sdp_content",
+        "sip_responder_sdp_connect_ip",
+        "sip_responder_sdp_media_port",
+        "sip_responder_sdp_media_type",
+        "sip_responder_sdp_content",
+        "sip_duration_s",
+        "sip_bye",
+        "rtp_payload_type_c2s",
+        "rtp_payload_type_s2c",
+        "rtp_pcap_path",
+        "rtp_originator_dir"
+      ],
+      "default_columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_subscriber_id",
+        "common_client_ip",
+        "sip_originator_description",
+        "sip_responder_description",
+        "sip_call_id",
+        "common_server_ip",
+        "common_server_port",
+        "rtp_pcap_path",
+        "rtp_originator_dir"
+      ]
+    },
+    "SSH": {
+      "columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_client_ip",
+        "common_client_port",
+        "common_internal_ip",
+        "common_l4_protocol",
+        "common_address_type",
+        "common_server_ip",
+        "common_server_port",
+        "common_external_ip",
+        "common_action",
+        "common_direction",
+        "common_entrance_id",
+        "common_sled_ip",
+        "common_client_location",
+        "common_client_asn",
+        "common_server_location",
+        "common_server_asn",
+        "common_sessions",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_pkt_diff",
+        "common_s2c_pkt_diff",
+        "common_c2s_byte_diff",
+        "common_s2c_byte_diff",
+        "common_service",
+        "common_schema_type",
+        "common_user_tags",
+        "common_sub_action",
+        "common_user_region",
+        "common_device_id",
+        "common_egress_link_id",
+        "common_ingress_link_id",
+        "common_isp",
+        "common_device_tag",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_encapsulation",
+        "common_app_label",
+        "common_tunnels",
+        "common_protocol_label",
+        "common_app_id",
+        "common_userdefine_app_name",
+        "common_app_surrogate_id",
+        "common_l7_protocol",
+        "common_service_category",
+        "common_start_time",
+        "common_end_time",
+        "common_establish_latency_ms",
+        "common_con_duration_ms",
+        "common_stream_dir",
+        "common_address_list",
+        "common_has_dup_traffic",
+        "common_stream_error",
+        "common_stream_trace_id",
+        "common_link_info_c2s",
+        "common_link_info_s2c",
+        "common_packet_capture_file",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_c2s_pkt_retrans",
+        "common_s2c_pkt_retrans",
+        "common_c2s_byte_retrans",
+        "common_s2c_byte_retrans",
+        "common_tcp_client_isn",
+        "common_tcp_server_isn",
+        "common_first_ttl",
+        "common_processing_time",
+        "common_ingestion_time",
+        "common_mirrored_pkts",
+        "common_mirrored_bytes",
+        "ssh_version",
+        "ssh_auth_success",
+        "ssh_client_version",
+        "ssh_server_version",
+        "ssh_cipher_alg",
+        "ssh_mac_alg",
+        "ssh_compression_alg",
+        "ssh_kex_alg",
+        "ssh_host_key_alg",
+        "ssh_host_key",
+        "ssh_hassh"
+      ],
+      "default_columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_client_ip",
+        "common_server_ip",
+        "common_server_port",
+        "ssh_auth_success"
+      ]
+    },
+    "RADIUS": {
+      "columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_client_ip",
+        "common_client_port",
+        "common_internal_ip",
+        "common_l4_protocol",
+        "common_address_type",
+        "common_server_ip",
+        "common_server_port",
+        "common_external_ip",
+        "common_action",
+        "common_direction",
+        "common_entrance_id",
+        "common_sled_ip",
+        "common_client_location",
+        "common_client_asn",
+        "common_server_location",
+        "common_server_asn",
+        "common_sessions",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_pkt_diff",
+        "common_s2c_pkt_diff",
+        "common_c2s_byte_diff",
+        "common_s2c_byte_diff",
+        "common_service",
+        "common_schema_type",
+        "common_user_tags",
+        "common_sub_action",
+        "common_user_region",
+        "common_device_id",
+        "common_egress_link_id",
+        "common_ingress_link_id",
+        "common_isp",
+        "common_device_tag",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_encapsulation",
+        "common_app_label",
+        "common_tunnels",
+        "common_protocol_label",
+        "common_app_id",
+        "common_userdefine_app_name",
+        "common_app_surrogate_id",
+        "common_l7_protocol",
+        "common_service_category",
+        "common_start_time",
+        "common_end_time",
+        "common_establish_latency_ms",
+        "common_con_duration_ms",
+        "common_stream_dir",
+        "common_address_list",
+        "common_has_dup_traffic",
+        "common_stream_error",
+        "common_stream_trace_id",
+        "common_link_info_c2s",
+        "common_link_info_s2c",
+        "common_packet_capture_file",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_c2s_pkt_retrans",
+        "common_s2c_pkt_retrans",
+        "common_c2s_byte_retrans",
+        "common_s2c_byte_retrans",
+        "common_tcp_client_isn",
+        "common_tcp_server_isn",
+        "common_first_ttl",
+        "common_processing_time",
+        "common_ingestion_time",
+        "common_mirrored_pkts",
+        "common_mirrored_bytes",
+        "radius_packet_type",
+        "radius_nas_ip",
+        "radius_framed_ip",
+        "radius_account",
+        "radius_session_timeout",
+        "radius_idle_timeout",
+        "radius_acct_status_type",
+        "radius_acct_terminate_cause",
+        "radius_event_timestamp",
+        "radius_nas_port",
+        "radius_service_type",
+        "radius_framed_protocol",
+        "radius_callback_number",
+        "radius_callback_id",
+        "radius_termination_action",
+        "radius_called_station_id",
+        "radius_calling_station_id",
+        "radius_acct_delay_time",
+        "radius_acct_session_id",
+        "radius_acct_multi_session_id",
+        "radius_acct_input_octets",
+        "radius_acct_output_octets",
+        "radius_acct_input_packets",
+        "radius_acct_output_packets",
+        "radius_acct_session_time",
+        "radius_acct_link_count",
+        "radius_acct_interim_interval",
+        "radius_acct_authentic"
+      ],
+      "default_columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_subscriber_id",
+        "radius_nas_ip",
+        "radius_framed_ip",
+        "radius_acct_status_type"
+      ]
+    },
+    "Stratum": {
+      "columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_client_ip",
+        "common_client_port",
+        "common_internal_ip",
+        "common_l4_protocol",
+        "common_address_type",
+        "common_server_ip",
+        "common_server_port",
+        "common_external_ip",
+        "common_action",
+        "common_direction",
+        "common_entrance_id",
+        "common_sled_ip",
+        "common_client_location",
+        "common_client_asn",
+        "common_server_location",
+        "common_server_asn",
+        "common_sessions",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_pkt_diff",
+        "common_s2c_pkt_diff",
+        "common_c2s_byte_diff",
+        "common_s2c_byte_diff",
+        "common_service",
+        "common_schema_type",
+        "common_user_tags",
+        "common_sub_action",
+        "common_user_region",
+        "common_device_id",
+        "common_egress_link_id",
+        "common_ingress_link_id",
+        "common_isp",
+        "common_device_tag",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_encapsulation",
+        "common_app_label",
+        "common_tunnels",
+        "common_protocol_label",
+        "common_app_id",
+        "common_userdefine_app_name",
+        "common_app_surrogate_id",
+        "common_l7_protocol",
+        "common_service_category",
+        "common_start_time",
+        "common_end_time",
+        "common_establish_latency_ms",
+        "common_con_duration_ms",
+        "common_stream_dir",
+        "common_address_list",
+        "common_has_dup_traffic",
+        "common_stream_error",
+        "common_stream_trace_id",
+        "common_link_info_c2s",
+        "common_link_info_s2c",
+        "common_packet_capture_file",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_c2s_pkt_retrans",
+        "common_s2c_pkt_retrans",
+        "common_c2s_byte_retrans",
+        "common_s2c_byte_retrans",
+        "common_tcp_client_isn",
+        "common_tcp_server_isn",
+        "common_first_ttl",
+        "common_processing_time",
+        "common_ingestion_time",
+        "common_mirrored_pkts",
+        "common_mirrored_bytes",
+        "stratum_cryptocurrency",
+        "stratum_mining_pools",
+        "stratum_mining_program"
+      ],
+      "default_columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_subscriber_id",
+        "stratum_cryptocurrency",
+        "stratum_mining_pools",
+        "stratum_mining_program"
+      ]
+    },
+    "RDP": {
+      "columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_policy_id",
+        "common_subscriber_id",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_client_ip",
+        "common_client_port",
+        "common_internal_ip",
+        "common_l4_protocol",
+        "common_address_type",
+        "common_server_ip",
+        "common_server_port",
+        "common_external_ip",
+        "common_action",
+        "common_direction",
+        "common_entrance_id",
+        "common_sled_ip",
+        "common_client_location",
+        "common_client_asn",
+        "common_server_location",
+        "common_server_asn",
+        "common_sessions",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_pkt_diff",
+        "common_s2c_pkt_diff",
+        "common_c2s_byte_diff",
+        "common_s2c_byte_diff",
+        "common_service",
+        "common_schema_type",
+        "common_user_tags",
+        "common_sub_action",
+        "common_user_region",
+        "common_device_id",
+        "common_egress_link_id",
+        "common_ingress_link_id",
+        "common_isp",
+        "common_device_tag",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_encapsulation",
+        "common_app_label",
+        "common_tunnels",
+        "common_protocol_label",
+        "common_app_id",
+        "common_userdefine_app_name",
+        "common_app_surrogate_id",
+        "common_l7_protocol",
+        "common_service_category",
+        "common_start_time",
+        "common_end_time",
+        "common_establish_latency_ms",
+        "common_con_duration_ms",
+        "common_stream_dir",
+        "common_address_list",
+        "common_has_dup_traffic",
+        "common_stream_error",
+        "common_stream_trace_id",
+        "common_link_info_c2s",
+        "common_link_info_s2c",
+        "common_packet_capture_file",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_c2s_pkt_retrans",
+        "common_s2c_pkt_retrans",
+        "common_c2s_byte_retrans",
+        "common_s2c_byte_retrans",
+        "common_tcp_client_isn",
+        "common_tcp_server_isn",
+        "common_first_ttl",
+        "common_processing_time",
+        "common_ingestion_time",
+        "common_mirrored_pkts",
+        "common_mirrored_bytes",
+        "rdp_cookie",
+        "rdp_security_protocol",
+        "rdp_client_channels",
+        "rdp_keyboard_layout",
+        "rdp_client_version",
+        "rdp_client_name",
+        "rdp_client_product_id",
+        "rdp_desktop_width",
+        "rdp_desktop_height",
+        "rdp_requested_color_depth",
+        "rdp_certificate_type",
+        "rdp_certificate_count",
+        "rdp_certificate_permanent",
+        "rdp_encryption_level",
+        "rdp_encryption_method"
+      ],
+      "default_columns": [
+        "common_recv_time",
+        "common_log_id",
+        "common_subscriber_id",
+        "rdp_client_version",
+        "rdp_client_name"
+      ]
+    }
+  },
+  "tunnel_type": {
+    "GTP": [
+      {
+        "name": "gtp_sgw_ip",
+        "label": "S-GW IP",
+        "type": "string"
+      },
+      {
+        "name": "gtp_pgw_ip",
+        "label": "P-GW IP",
+        "type": "string"
+      },
+      {
+        "name": "gtp_sgw_port",
+        "label": "S-GW Port",
+        "type": "int"
+      },
+      {
+        "name": "gtp_pgw_port",
+        "label": "P-GW Port",
+        "type": "int"
+      },
+      {
+        "name": "gtp_uplink_teid",
+        "label": "Uplink TEID",
+        "type": "long"
+      },
+      {
+        "name": "gtp_downlink_teid",
+        "label": "Downlink TEID",
+        "type": "long"
+      }
+    ],
+    "MPLS": [
+      {
+        "name": "mpls_c2s_direction_label",
+        "label": "Multiprotocol Label(c2s)",
+        "type": {
+          "type": "array",
+          "items": "int"
+        }
+      },
+      {
+        "name": "mpls_s2c_direction_label",
+        "label": "Multiprotocol Label(s2c)",
+        "type": {
+          "type": "array",
+          "items": "int"
+        }
+      }
+    ],
+    "VLAN": [
+      {
+        "name": "vlan_c2s_direction_id",
+        "label": "VLAN Direction(c2s)",
+        "type": {
+          "type": "array",
+          "items": "int"
+        }
+      },
+      {
+        "name": "vlan_s2c_direction_id",
+        "label": "VLAN Direction(s2c)",
+        "type": {
+          "type": "array",
+          "items": "int"
+        }
+      }
+    ],
+    "ETHERNET": [
+      {
+        "name": "source_mac",
+        "label": "Source MAC",
+        "type": "string"
+      },
+      {
+        "name": "destination_mac",
+        "label": "Destination MAC",
+        "type": "string"
+      }
+    ],
+    "MULTIPATH_ETHERNET": [
+      {
+        "name": "c2s_source_mac",
+        "label": "Source MAC(c2s)",
+        "type": "string"
+      },
+      {
+        "name": "c2s_destination_mac",
+        "label": "Destination MAC(c2s)",
+        "type": "string"
+      },
+      {
+        "name": "s2c_source_mac",
+        "label": "Source MAC(s2c)",
+        "type": "string"
+      },
+      {
+        "name": "s2c_destination_mac",
+        "label": "Destination MAC(s2c)",
+        "type": "string"
+      }
+    ],
+    "L2TP": [
+      {
+        "name": "l2tp_version",
+        "label": "Version",
+        "type": "string"
+      },
+      {
+        "name": "l2tp_lac2lns_tunnel_id",
+        "label": "LAC2LNS Tunnel ID",
+        "type": "int"
+      },
+      {
+        "name": "l2tp_lns2lac_tunnel_id",
+        "label": "LNS2LAC Tunnel ID",
+        "type": "int"
+      },
+      {
+        "name": "l2tp_lac2lns_session_id",
+        "label": "LAC2LNS Session ID",
+        "type": "int"
+      },
+      {
+        "name": "l2tp_lns2lac_session_id",
+        "label": "LNS2LAC Session ID",
+        "type": "int"
+      },
+      {
+        "name": "l2tp_access_concentrator_ip",
+        "label": "Access Concentrator IP",
+        "type": "string"
+      },
+      {
+        "name": "l2tp_access_concentrator_port",
+        "label": "Access Concentrator Port",
+        "type": "int"
+      },
+      {
+        "name": "l2tp_network_server_ip",
+        "label": "Network Server IP",
+        "type": "string"
+      },
+      {
+        "name": "l2tp_network_server_port",
+        "label": "Network Server Port",
+        "type": "int"
+      }
+    ],
+    "PPTP": [
+      {
+        "name": "pptp_uplink_tunnel_id",
+        "label": "UpLink Tunnel ID",
+        "type": "int"
+      },
+      {
+        "name": "pptp_downlink_tunnel_id",
+        "label": "Down Tunnel ID",
+        "type": "int"
+      }
+    ]
+  },
+  "fields": {
+    "common_encapsulation": {
+      "data": [
+        {
+          "code": "0",
+          "value": "Ethernet"
+        },
+        {
+          "code": "8",
+          "value": "PPP"
+        },
+        {
+          "code": "12",
+          "value": "CiscoHDLC"
+        }
+      ]
+    },
+    "common_has_dup_traffic": {
+      "data": [
+        {
+          "code": "0",
+          "value": "No"
+        },
+        {
+          "code": "1",
+          "value": "Yes"
+        }
+      ]
+    }
+  }
+}
diff --git a/TSG发布版本更新记录/TSG-22.05/qgw/config/radius_onff_log.json b/TSG发布版本更新记录/TSG-22.05/qgw/config/radius_onff_log.json
new file mode 100644
index 0000000..9201ebb
--- /dev/null
+++ b/TSG发布版本更新记录/TSG-22.05/qgw/config/radius_onff_log.json
@@ -0,0 +1,37 @@
+{
+  "type": "record",
+  "name": "radius_onff_log",
+  "namespace": "tsg_galaxy_v3",
+  "fields": [
+    {
+      "name": "event_timestamp",
+      "label": "Event Time",
+      "type": "long"
+    },
+    {
+      "name": "account",
+      "label": "Account",
+      "type": "string"
+    },
+    {
+      "name": "framed_ip",
+      "label": "Framed IP",
+      "type": "string"
+    },
+    {
+      "name": "acct_session_id",
+      "label": "Acct Session ID",
+      "type": "string"
+    },
+    {
+      "name": "acct_status_type",
+      "label": "Acct Status Type",
+      "type": "int"
+    },
+    {
+      "name": "acct_session_time",
+      "label": "Acct Session Time",
+      "type": "int"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/TSG发布版本更新记录/TSG-22.05/qgw/config/radius_record.json b/TSG发布版本更新记录/TSG-22.05/qgw/config/radius_record.json
new file mode 100644
index 0000000..c3b532c
--- /dev/null
+++ b/TSG发布版本更新记录/TSG-22.05/qgw/config/radius_record.json
@@ -0,0 +1,1289 @@
+{
+  "type": "record",
+  "name": "radius_record",
+  "namespace": "tsg_galaxy_v3",
+  "doc": {
+    "primary_key": "common_log_id",
+    "partition_key": "common_recv_time",
+    "functions": {
+      "$ref": "public_schema_info.json#/functions"
+    },
+    "schema_query": {
+      "dimensions": [
+        "radius_nas_ip",
+        "radius_framed_ip",
+        "common_subscriber_id"
+      ],
+      "metrics": [
+        "radius_framed_ip",
+        "radius_event_timestamp",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num"
+      ],
+      "filters": [
+        "radius_framed_ip",
+        "common_subscriber_id",
+        "radius_packet_type",
+        "radius_acct_session_id",
+        "radius_acct_multi_session_id",
+        "radius_acct_status_type"
+      ],
+      "references": {
+        "$ref": "public_schema_info.json#/schema_query/references"
+      },
+      "details": {
+        "general": [
+          "common_recv_time",
+          "common_log_id",
+          "common_stream_trace_id",
+          "common_direction",
+          "common_stream_dir",
+          "common_start_time",
+          "common_end_time",
+          "common_con_duration_ms",
+          "common_establish_latency_ms",
+          "common_processing_time",
+          "common_ingestion_time",
+          "common_entrance_id",
+          "common_device_id",
+          "common_egress_link_id",
+          "common_ingress_link_id",
+          "common_isp",
+          "common_data_center",
+          "common_device_group",
+          "common_sled_ip"
+        ],
+        "source": [
+          "common_client_ip",
+          "common_internal_ip",
+          "common_client_port",
+          "common_client_location",
+          "common_client_asn",
+          "common_subscriber_id",
+          "common_imei",
+          "common_imsi",
+          "common_phone_number"
+        ],
+        "destination": [
+          "common_server_ip",
+          "common_external_ip",
+          "common_server_port",
+          "common_server_location",
+          "common_server_asn"
+        ],
+        "application": [
+          "common_app_id",
+          "common_userdefine_app_name",
+          "common_app_label",
+          "common_app_surrogate_id",
+          "common_l7_protocol",
+          "common_protocol_label",
+          "common_service_category",
+          "common_service",
+          "common_l4_protocol",
+          "common_app_behavior"
+        ],
+        "transmission": [
+          "common_sessions",
+          "common_c2s_pkt_num",
+          "common_s2c_pkt_num",
+          "common_c2s_byte_num",
+          "common_s2c_byte_num",
+          "common_c2s_ipfrag_num",
+          "common_s2c_ipfrag_num",
+          "common_c2s_tcp_lostlen",
+          "common_s2c_tcp_lostlen",
+          "common_c2s_tcp_unorder_num",
+          "common_s2c_tcp_unorder_num",
+          "common_c2s_pkt_retrans",
+          "common_s2c_pkt_retrans",
+          "common_c2s_byte_retrans",
+          "common_s2c_byte_retrans",
+          "common_first_ttl",
+          "common_tcp_client_isn",
+          "common_tcp_server_isn",
+          "common_mirrored_pkts",
+          "common_mirrored_bytes"
+        ],
+        "other": [
+          "common_address_type",
+          "common_schema_type",
+          "common_device_tag",
+          "common_encapsulation",
+          "common_tunnels",
+          "common_address_list",
+          "common_has_dup_traffic",
+          "common_stream_error",
+          "common_link_info_c2s",
+          "common_link_info_s2c",
+          "common_packet_capture_file",
+          "common_action",
+          "common_sub_action",
+          "common_policy_id",
+          "common_user_tags",
+          "common_user_region"
+        ]
+      }
+    },
+    "schema_type": {
+      "RADIUS": {
+        "$ref": "public_schema_info.json#/schema_type/RADIUS"
+      }
+    },
+    "default_columns": [
+      "common_recv_time",
+      "common_log_id",
+      "common_subscriber_id",
+      "radius_nas_ip",
+      "radius_framed_ip",
+      "radius_acct_status_type"
+    ],
+    "internal_columns": [
+      "common_recv_time",
+      "common_log_id",
+      "common_processing_time",
+      "common_ingestion_time",
+      "common_packet_capture_file"
+    ],
+    "tunnel_type": {
+      "$ref": "public_schema_info.json#/tunnel_type"
+    }
+  },
+  "fields": [
+    {
+      "name": "common_recv_time",
+      "label": "Receive Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_log_id",
+      "label": "Log ID",
+      "doc": {
+        "format": {
+          "functions": "snowflake_id"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_policy_id",
+      "label": "Policy ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_subscriber_id",
+      "label": "Subscriber ID",
+      "type": "string"
+    },
+    {
+      "name": "common_imei",
+      "label": "IMEI",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_imsi",
+      "label": "IMSI",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_phone_number",
+      "label": "Phone Number",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_client_ip",
+      "label": "Client IP",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_client_port",
+      "label": "Client Port",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_internal_ip",
+      "label": "Internal IP",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_l4_protocol",
+      "label": "L4 Protocol",
+      "type": "string"
+    },
+    {
+      "name": "common_address_type",
+      "label": "Address Type",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "4",
+            "value": "ipv4"
+          },
+          {
+            "code": "6",
+            "value": "ipv6"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_server_ip",
+      "label": "Server IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "geo_asn",
+          "appendTo": "common_server_asn"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_server_port",
+      "label": "Server Port",
+      "type": "int"
+    },
+    {
+      "name": "common_external_ip",
+      "label": "External IP",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_action",
+      "label": "Action",
+      "doc": {
+        "visibility": "hidden",
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "None"
+          },
+          {
+            "code": "1",
+            "value": "Monitor"
+          },
+          {
+            "code": "2",
+            "value": "Intercept"
+          },
+          {
+            "code": "16",
+            "value": "Deny"
+          },
+          {
+            "code": "48",
+            "value": "Manipulation"
+          },
+          {
+            "code": "128",
+            "value": "Allow"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_direction",
+      "label": "Direction",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "69",
+            "value": "outbound"
+          },
+          {
+            "code": "73",
+            "value": "inbound"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_entrance_id",
+      "label": "Entrance ID",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_sled_ip",
+      "label": "Sled IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_client_location",
+      "label": "Client Location",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_client_asn",
+      "label": "Client ASN",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_server_location",
+      "label": "Server Location",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_server_asn",
+      "label": "Server ASN",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_sessions",
+      "label": "Sessions",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_pkt_num",
+      "label": "Packets Sent",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_num",
+      "label": "Packets Received",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_num",
+      "label": "Bytes Sent",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_num",
+      "label": "Bytes Received",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_pkt_diff",
+      "label": "Packets Sent(Diff)",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_diff",
+      "label": "Packets Received(Diff)",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_diff",
+      "label": "Bytes Sent(Diff)",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_diff",
+      "label": "Bytes Received(Diff)",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_service",
+      "label": "Service",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_schema_type",
+      "label": "Schema Type",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "BASE",
+            "value": "BASE"
+          },
+          {
+            "code": "HTTP",
+            "value": "HTTP"
+          },
+          {
+            "code": "MAIL",
+            "value": "MAIL"
+          },
+          {
+            "code": "DNS",
+            "value": "DNS"
+          },
+          {
+            "code": "SSL",
+            "value": "SSL"
+          },
+          {
+            "code": "FTP",
+            "value": "FTP"
+          }
+        ],
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_user_tags",
+      "label": "User Tags",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_sub_action",
+      "label": "Sub Action",
+      "doc": {
+        "data": [
+          {
+            "code": "allow",
+            "value": "Allow"
+          },
+          {
+            "code": "deny",
+            "value": "Deny"
+          },
+          {
+            "code": "monitor",
+            "value": "Monitor"
+          },
+          {
+            "code": "replace",
+            "value": "Replace"
+          },
+          {
+            "code": "redirect",
+            "value": "Redirect"
+          },
+          {
+            "code": "insert",
+            "value": "Insert"
+          },
+          {
+            "code": "hijack",
+            "value": "Hijack"
+          }
+        ],
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_user_region",
+      "label": "User Region",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_id",
+      "label": "Device ID",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_egress_link_id",
+      "label": "Egress Link ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_ingress_link_id",
+      "label": "Ingress Link ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_isp",
+      "label": "ISP",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_tag",
+      "label": "Device Tag",
+      "doc": {
+        "visibility": "hidden",
+        "format": {
+          "functions": "flattenSpec,flattenSpec",
+          "appendTo": "common_data_center,common_device_group",
+          "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_data_center",
+      "label": "Data Center",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "device_tag.json#",
+          "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']",
+          "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_group",
+      "label": "Device Group",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "device_tag.json#",
+          "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']",
+          "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_app_behavior",
+      "label": "Application Behavior",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_encapsulation",
+      "label": "Encapsulation",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "public_schema_info.json#/fields/common_encapsulation/data"
+        },
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_app_label",
+      "label": "Application Label",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_tunnels",
+      "label": "Tunnels",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_protocol_label",
+      "label": "Protocol Label",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_app_id",
+      "label": "Application ID",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_userdefine_app_name",
+      "label": "User Define APP Name",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_app_surrogate_id",
+      "label": "Surrogate ID",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_l7_protocol",
+      "label": "L7 Protocol",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_service_category",
+      "label": "FQDN Category",
+      "doc": {
+        "constraints": {
+          "operator_functions": "has"
+        },
+        "visibility": "disabled",
+        "dict_location": {
+          "path": "/v1/category/dict",
+          "key": "categoryId",
+          "value": "categoryName"
+        }
+      },
+      "type": {
+        "type": "array",
+        "items": "int"
+      }
+    },
+    {
+      "name": "common_start_time",
+      "label": "Start Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_end_time",
+      "label": "End Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "get_value",
+          "appendTo": "common_recv_time"
+        },
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_establish_latency_ms",
+      "label": "Establish Latency(ms)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_con_duration_ms",
+      "label": "Duration(ms)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_stream_dir",
+      "label": "Stream Direction",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "c2s"
+          },
+          {
+            "code": "2",
+            "value": "s2c"
+          },
+          {
+            "code": "3",
+            "value": "double"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_address_list",
+      "label": "Address List",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_has_dup_traffic",
+      "label": "Duplication Traffic",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data"
+        },
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_stream_error",
+      "label": "Stream Error",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_stream_trace_id",
+      "label": "Session ID",
+      "type": "long"
+    },
+    {
+      "name": "common_link_info_c2s",
+      "label": "Link Info(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_link_info_s2c",
+      "label": "Link Info(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_packet_capture_file",
+      "label": "Packet Capture File",
+      "doc": {
+        "visibility": "hidden",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_c2s_ipfrag_num",
+      "label": "Fragmentation Packets(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_ipfrag_num",
+      "label": "Fragmentation Packets(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_tcp_lostlen",
+      "label": "Sequence Gap Loss(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_tcp_lostlen",
+      "label": "Sequence Gap Loss(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_tcp_unorder_num",
+      "label": "Unorder Packets(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_tcp_unorder_num",
+      "label": "Unorder Packets(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_pkt_retrans",
+      "label": "Packet Retransmission(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_retrans",
+      "label": "Packet Retransmission(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_retrans",
+      "label": "Byte Retransmission(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_retrans",
+      "label": "Byte Retransmission(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_tcp_client_isn",
+      "label": "TCP Client ISN",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_tcp_server_isn",
+      "label": "TCP Server ISN",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_first_ttl",
+      "label": "First TTL",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_processing_time",
+      "label": "Processing Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "current_timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_ingestion_time",
+      "label": "Ingestion Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "ingestion_time"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_mirrored_pkts",
+      "label": "Mirrored Packets",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_mirrored_bytes",
+      "label": "Mirrored Bytes",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "radius_packet_type",
+      "label": "Packet Type",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "Access-Request"
+          },
+          {
+            "code": "2",
+            "value": "Access-Accept"
+          },
+          {
+            "code": "3",
+            "value": "Access-Reject"
+          },
+          {
+            "code": "4",
+            "value": "Accounting-Request"
+          },
+          {
+            "code": "5",
+            "value": "Accounting-Response"
+          },
+          {
+            "code": "11",
+            "value": "Access-Challenge"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "radius_account",
+      "label": "Account",
+      "doc": {
+        "format": {
+          "functions": "get_value",
+          "appendTo": "common_subscriber_id"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "radius_nas_ip",
+      "label": "Nas IP",
+      "type": "string"
+    },
+    {
+      "name": "radius_framed_ip",
+      "label": "Framed IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "radius_session_timeout",
+      "label": "Session Timeout",
+      "type": "int"
+    },
+    {
+      "name": "radius_idle_timeout",
+      "label": "Idle Timeout",
+      "type": "int"
+    },
+    {
+      "name": "radius_acct_status_type",
+      "label": "ACC Status Type",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "Start"
+          },
+          {
+            "code": "2",
+            "value": "Stop"
+          },
+          {
+            "code": "3",
+            "value": "Interim-Update"
+          },
+          {
+            "code": "7",
+            "value": "Accounting-On"
+          },
+          {
+            "code": "8",
+            "value": "Accounting-Off"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "radius_acct_terminate_cause",
+      "label": "Acct Terminate Cause",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "User Request"
+          },
+          {
+            "code": "2",
+            "value": "Lost Carrier"
+          },
+          {
+            "code": "3",
+            "value": "Lost Service"
+          },
+          {
+            "code": "4",
+            "value": "Idle Timeout"
+          },
+          {
+            "code": "5",
+            "value": "Session Timeout"
+          },
+          {
+            "code": "6",
+            "value": "Admin Reset"
+          },
+          {
+            "code": "7",
+            "value": "Admin Reboot"
+          },
+          {
+            "code": "8",
+            "value": "Port Error"
+          },
+          {
+            "code": "9",
+            "value": "NAS Error"
+          },
+          {
+            "code": "10",
+            "value": "NAS Request"
+          },
+          {
+            "code": "11",
+            "value": "NAS Reboot"
+          },
+          {
+            "code": "12",
+            "value": "Port Unneeded"
+          },
+          {
+            "code": "13",
+            "value": "Port Preempted"
+          },
+          {
+            "code": "14",
+            "value": "Port Suspended"
+          },
+          {
+            "code": "15",
+            "value": "Service Unavailable"
+          },
+          {
+            "code": "16",
+            "value": "Callback"
+          },
+          {
+            "code": "17",
+            "value": "User Error"
+          },
+          {
+            "code": "18",
+            "value": "Host Request"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "radius_event_timestamp",
+      "label": "Event Timestamp",
+      "type": "int"
+    },
+    {
+      "name": "radius_service_type",
+      "label": "Service Type",
+      "type": "int"
+    },
+    {
+      "name": "radius_nas_port",
+      "label": "Nas Port",
+      "type": "int"
+    },
+    {
+      "name": "radius_framed_protocol",
+      "label": "Framed Protocol",
+      "type": "int"
+    },
+    {
+      "name": "radius_callback_number",
+      "label": "Callback Number",
+      "type": "string"
+    },
+    {
+      "name": "radius_callback_id",
+      "label": "Callback ID",
+      "type": "string"
+    },
+    {
+      "name": "radius_termination_action",
+      "label": "Termination Action",
+      "type": "int"
+    },
+    {
+      "name": "radius_called_station_id",
+      "label": "Called Station ID",
+      "type": "string"
+    },
+    {
+      "name": "radius_calling_station_id",
+      "label": "Calling Station ID",
+      "type": "string"
+    },
+    {
+      "name": "radius_acct_delay_time",
+      "label": "Acct Delay Time",
+      "type": "int"
+    },
+    {
+      "name": "radius_acct_session_id",
+      "label": "Acct Session ID",
+      "type": "string"
+    },
+    {
+      "name": "radius_acct_multi_session_id",
+      "label": "Acct Multi Session ID",
+      "type": "string"
+    },
+    {
+      "name": "radius_acct_input_octets",
+      "label": "Acct Input Octets",
+      "type": "long"
+    },
+    {
+      "name": "radius_acct_output_octets",
+      "label": "Acct Output Octets",
+      "type": "long"
+    },
+    {
+      "name": "radius_acct_input_packets",
+      "label": "Acct Input Packets",
+      "type": "long"
+    },
+    {
+      "name": "radius_acct_output_packets",
+      "label": "Acct Output Packets",
+      "type": "long"
+    },
+    {
+      "name": "radius_acct_session_time",
+      "label": "Acct Session Time",
+      "type": "int"
+    },
+    {
+      "name": "radius_acct_link_count",
+      "label": "Acct Link Count",
+      "type": "int"
+    },
+    {
+      "name": "radius_acct_interim_interval",
+      "label": "Acct Interim Interval",
+      "type": "int"
+    },
+    {
+      "name": "radius_acct_authentic",
+      "label": "Acct Authentic",
+      "type": "int"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/TSG发布版本更新记录/TSG-22.05/qgw/config/security_event.json b/TSG发布版本更新记录/TSG-22.05/qgw/config/security_event.json
new file mode 100644
index 0000000..445caff
--- /dev/null
+++ b/TSG发布版本更新记录/TSG-22.05/qgw/config/security_event.json
@@ -0,0 +1,2458 @@
+{
+  "type": "record",
+  "name": "security_event",
+  "namespace": "tsg_galaxy_v3",
+  "doc": {
+    "primary_key": "common_log_id",
+    "partition_key": "common_recv_time",
+    "functions": {
+      "$ref": "public_schema_info.json#/functions"
+    },
+    "schema_query": {
+      "dimensions": [
+        "common_server_ip",
+        "common_client_ip",
+        "common_internal_ip",
+        "common_external_ip",
+        "common_policy_id",
+        "common_action",
+        "common_sled_ip",
+        "common_device_id",
+        "common_client_location",
+        "common_server_location",
+        "common_subscriber_id",
+        "common_client_port",
+        "common_server_port",
+        "common_schema_type",
+        "common_l4_protocol",
+        "common_l7_protocol",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_client_asn",
+        "common_server_asn",
+        "common_start_time",
+        "common_end_time",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_app_label",
+        "http_host",
+        "http_domain",
+        "http_url",
+        "http_cookie",
+        "http_referer",
+        "http_user_agent",
+        "ssl_sni",
+        "ssl_ja3_hash",
+        "ssl_passthrough_reason",
+        "ssl_client_side_version",
+        "ssl_server_side_version",
+        "ssl_cert_issuer",
+        "ssl_cert_subject",
+        "mail_account",
+        "mail_from",
+        "mail_to",
+        "quic_sni",
+        "quic_version"
+      ],
+      "metrics": [
+        "common_server_ip",
+        "common_client_ip",
+        "common_internal_ip",
+        "common_external_ip",
+        "common_subscriber_id",
+        "common_sled_ip",
+        "common_device_id",
+        "common_sessions",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_mirrored_pkts",
+        "common_mirrored_bytes",
+        "common_con_duration_ms",
+        "common_establish_latency_ms",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_app_label",
+        "http_host",
+        "http_domain",
+        "http_url",
+        "http_cookie",
+        "http_referer",
+        "http_user_agent",
+        "ssl_sni",
+        "ssl_ja3_hash",
+        "ssl_passthrough_reason",
+        "ssl_client_side_latency",
+        "ssl_server_side_latency",
+        "ssl_cert_issuer",
+        "ssl_cert_subject",
+        "mail_account",
+        "mail_from",
+        "mail_to",
+        "quic_sni"
+      ],
+      "filters": [
+        "common_policy_id",
+        "common_action",
+        "common_address_type",
+        "common_server_ip",
+        "common_client_ip",
+        "common_internal_ip",
+        "common_external_ip",
+        "common_client_port",
+        "common_server_port",
+        "common_client_location",
+        "common_server_location",
+        "common_subscriber_id",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_mirrored_pkts",
+        "common_mirrored_bytes",
+        "common_l4_protocol",
+        "common_l7_protocol",
+        "common_stream_dir",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_sled_ip",
+        "common_device_id",
+        "common_direction",
+        "common_schema_type",
+        "common_client_asn",
+        "common_server_asn",
+        "common_start_time",
+        "common_end_time",
+        "common_con_duration_ms",
+        "common_establish_latency_ms",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_app_label",
+        "http_host",
+        "http_domain",
+        "http_url",
+        "http_cookie",
+        "http_referer",
+        "http_user_agent",
+        "http_request_content_type",
+        "http_response_content_type",
+        "ssl_sni",
+        "ssl_ja3_hash",
+        "ssl_pinningst",
+        "ssl_intercept_state",
+        "ssl_passthrough_reason",
+        "ssl_client_side_version",
+        "ssl_server_side_version",
+        "ssl_cert_verify",
+        "ssl_client_side_latency",
+        "ssl_server_side_latency",
+        "ssl_cert_issuer",
+        "ssl_cert_subject",
+        "mail_account",
+        "mail_from",
+        "mail_to",
+        "mail_subject",
+        "quic_sni",
+        "quic_version"
+      ],
+      "references": {
+        "$ref": "public_schema_info.json#/schema_query/references"
+      },
+      "details": {
+        "general": [
+          "common_recv_time",
+          "common_log_id",
+          "common_stream_trace_id",
+          "common_direction",
+          "common_stream_dir",
+          "common_start_time",
+          "common_end_time",
+          "common_con_duration_ms",
+          "common_establish_latency_ms",
+          "common_processing_time",
+          "common_ingestion_time",
+          "common_entrance_id",
+          "common_device_id",
+          "common_egress_link_id",
+          "common_ingress_link_id",
+          "common_isp",
+          "common_data_center",
+          "common_device_group",
+          "common_sled_ip"
+        ],
+        "action": [
+          "common_action",
+          "common_sub_action",
+          "common_policy_id",
+          "common_user_tags",
+          "common_user_region"
+        ],
+        "source": [
+          "common_client_ip",
+          "common_internal_ip",
+          "common_client_port",
+          "common_client_location",
+          "common_client_asn",
+          "common_subscriber_id",
+          "common_imei",
+          "common_imsi",
+          "common_phone_number"
+        ],
+        "destination": [
+          "common_server_ip",
+          "common_external_ip",
+          "common_server_port",
+          "common_server_location",
+          "common_server_asn"
+        ],
+        "application": [
+          "common_app_id",
+          "common_userdefine_app_name",
+          "common_app_label",
+          "common_app_surrogate_id",
+          "common_l7_protocol",
+          "common_protocol_label",
+          "common_service_category",
+          "common_service",
+          "common_l4_protocol",
+          "common_app_behavior"
+        ],
+        "transmission": [
+          "common_sessions",
+          "common_c2s_pkt_num",
+          "common_s2c_pkt_num",
+          "common_c2s_byte_num",
+          "common_s2c_byte_num",
+          "common_c2s_pkt_diff",
+          "common_s2c_pkt_diff",
+          "common_c2s_byte_diff",
+          "common_s2c_byte_diff",
+          "common_c2s_ipfrag_num",
+          "common_s2c_ipfrag_num",
+          "common_c2s_tcp_lostlen",
+          "common_s2c_tcp_lostlen",
+          "common_c2s_tcp_unorder_num",
+          "common_s2c_tcp_unorder_num",
+          "common_c2s_pkt_retrans",
+          "common_s2c_pkt_retrans",
+          "common_c2s_byte_retrans",
+          "common_s2c_byte_retrans",
+          "common_first_ttl",
+          "common_tcp_client_isn",
+          "common_tcp_server_isn",
+          "common_mirrored_pkts",
+          "common_mirrored_bytes"
+        ],
+        "other": [
+          "common_address_type",
+          "common_schema_type",
+          "common_device_tag",
+          "common_encapsulation",
+          "common_tunnels",
+          "common_address_list",
+          "common_has_dup_traffic",
+          "common_stream_error",
+          "common_link_info_c2s",
+          "common_link_info_s2c",
+          "common_packet_capture_file"
+        ]
+      }
+    },
+    "schema_type": {
+      "BASE": {
+        "$ref": "public_schema_info.json#/schema_type/BASE"
+      },
+      "HTTP": {
+        "$ref": "public_schema_info.json#/schema_type/HTTP"
+      },
+      "MAIL": {
+        "$ref": "public_schema_info.json#/schema_type/MAIL"
+      },
+      "DNS": {
+        "$ref": "public_schema_info.json#/schema_type/DNS"
+      },
+      "SSL": {
+        "$ref": "public_schema_info.json#/schema_type/SSL"
+      },
+      "QUIC": {
+        "$ref": "public_schema_info.json#/schema_type/QUIC"
+      },
+      "FTP": {
+        "$ref": "public_schema_info.json#/schema_type/FTP"
+      },
+      "BGP": {
+        "$ref": "public_schema_info.json#/schema_type/BGP"
+      },
+      "SIP": {
+        "$ref": "public_schema_info.json#/schema_type/SIP"
+      },
+      "RTP": {
+        "$ref": "public_schema_info.json#/schema_type/RTP"
+      },
+      "APP": {
+        "$ref": "public_schema_info.json#/schema_type/APP"
+      },
+      "SSH": {
+        "$ref": "public_schema_info.json#/schema_type/SSH"
+      },
+      "Stratum": {
+        "$ref": "public_schema_info.json#/schema_type/Stratum"
+      },
+      "RDP": {
+        "$ref": "public_schema_info.json#/schema_type/RDP"
+      }
+    },
+    "default_columns": [
+      "common_recv_time",
+      "common_log_id",
+      "common_policy_id",
+      "common_subscriber_id",
+      "common_client_ip",
+      "common_server_ip",
+      "common_server_port",
+      "common_schema_type"
+    ],
+    "internal_columns": [
+      "common_recv_time",
+      "common_log_id",
+      "common_processing_time",
+      "common_ingestion_time",
+      "common_userdefine_app_name",
+      "common_tunnels",
+      "common_packet_capture_file",
+      "http_request_body",
+      "http_response_body",
+      "mail_eml_file",
+      "rtp_pcap_path"
+    ],
+    "tunnel_type": {
+      "$ref": "public_schema_info.json#/tunnel_type"
+    }
+  },
+  "fields": [
+    {
+      "name": "common_recv_time",
+      "label": "Receive Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_log_id",
+      "label": "Log ID",
+      "doc": {
+        "format": {
+          "functions": "snowflake_id"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_policy_id",
+      "label": "Policy ID",
+      "type": "long"
+    },
+    {
+      "name": "common_subscriber_id",
+      "label": "Subscriber ID",
+      "type": "string"
+    },
+    {
+      "name": "common_imei",
+      "label": "IMEI",
+      "type": "string"
+    },
+    {
+      "name": "common_imsi",
+      "label": "IMSI",
+      "type": "string"
+    },
+    {
+      "name": "common_phone_number",
+      "label": "Phone Number",
+      "type": "string"
+    },
+    {
+      "name": "common_client_ip",
+      "label": "Client IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "geo_asn,radius_match",
+          "appendTo": "common_client_asn,common_subscriber_id"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_internal_ip",
+      "label": "Internal IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "if",
+          "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_client_port",
+      "label": "Client Port",
+      "type": "int"
+    },
+    {
+      "name": "common_l4_protocol",
+      "label": "L4 Protocol",
+      "type": "string"
+    },
+    {
+      "name": "common_address_type",
+      "label": "Address Type",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "4",
+            "value": "ipv4"
+          },
+          {
+            "code": "6",
+            "value": "ipv6"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_server_ip",
+      "label": "Server IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "geo_asn",
+          "appendTo": "common_server_asn"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_server_port",
+      "label": "Server Port",
+      "type": "int"
+    },
+    {
+      "name": "common_external_ip",
+      "label": "External IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "if",
+          "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_action",
+      "label": "Action",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "Monitor"
+          },
+          {
+            "code": "2",
+            "value": "Intercept"
+          },
+          {
+            "code": "16",
+            "value": "Deny"
+          },
+          {
+            "code": "128",
+            "value": "Allow"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_direction",
+      "label": "Direction",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "69",
+            "value": "outbound"
+          },
+          {
+            "code": "73",
+            "value": "inbound"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_entrance_id",
+      "label": "Entrance ID",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_sled_ip",
+      "label": "Sled IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_client_location",
+      "label": "Client Location",
+      "type": "string"
+    },
+    {
+      "name": "common_client_asn",
+      "label": "Client ASN",
+      "type": "string"
+    },
+    {
+      "name": "common_server_location",
+      "label": "Server Location",
+      "type": "string"
+    },
+    {
+      "name": "common_server_asn",
+      "label": "Server ASN",
+      "type": "string"
+    },
+    {
+      "name": "common_sessions",
+      "label": "Sessions",
+      "doc": {
+        "format": {
+          "functions": "set_value",
+          "param": "1"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_pkt_num",
+      "label": "Packets Sent",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_num",
+      "label": "Packets Received",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_num",
+      "label": "Bytes Sent",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_num",
+      "label": "Bytes Received",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_pkt_diff",
+      "label": "Packets Sent(Diff)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_diff",
+      "label": "Packets Received(Diff)",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_diff",
+      "label": "Bytes Sent(Diff)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_diff",
+      "label": "Bytes Received(Diff)",
+      "type": "long"
+    },
+    {
+      "name": "common_service",
+      "label": "Service",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_schema_type",
+      "label": "Schema Type",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "BASE",
+            "value": "BASE"
+          },
+          {
+            "code": "HTTP",
+            "value": "HTTP"
+          },
+          {
+            "code": "MAIL",
+            "value": "MAIL"
+          },
+          {
+            "code": "DNS",
+            "value": "DNS"
+          },
+          {
+            "code": "SSL",
+            "value": "SSL"
+          },
+          {
+            "code": "QUIC",
+            "value": "QUIC"
+          },
+          {
+            "code": "FTP",
+            "value": "FTP"
+          },
+          {
+            "code": "SIP",
+            "value": "SIP"
+          },
+          {
+            "code": "RTP",
+            "value": "RTP"
+          },
+          {
+            "code": "SSH",
+            "value": "SSH"
+          },
+          {
+            "code": "Stratum",
+            "value": "Stratum"
+          },
+          {
+            "code": "RDP",
+            "value": "RDP"
+          }
+        ]
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_user_tags",
+      "label": "User Tags",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_sub_action",
+      "label": "Sub Action",
+      "doc": {
+        "data": [
+          {
+            "code": "allow",
+            "value": "Allow"
+          },
+          {
+            "code": "deny",
+            "value": "Deny"
+          },
+          {
+            "code": "monitor",
+            "value": "Monitor"
+          },
+          {
+            "code": "replace",
+            "value": "Replace"
+          },
+          {
+            "code": "redirect",
+            "value": "Redirect"
+          },
+          {
+            "code": "insert",
+            "value": "Insert"
+          },
+          {
+            "code": "hijack",
+            "value": "Hijack"
+          }
+        ],
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_user_region",
+      "label": "User Region",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_id",
+      "label": "Device ID",
+      "type": "string"
+    },
+    {
+      "name": "common_egress_link_id",
+      "label": "Egress Link ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_ingress_link_id",
+      "label": "Ingress Link ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_isp",
+      "label": "ISP",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_tag",
+      "label": "Device Tag",
+      "doc": {
+        "visibility": "hidden",
+        "format": {
+          "functions": "flattenSpec,flattenSpec",
+          "appendTo": "common_data_center,common_device_group",
+          "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_data_center",
+      "label": "Data Center",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "device_tag.json#",
+          "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']",
+          "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_group",
+      "label": "Device Group",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "device_tag.json#",
+          "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']",
+          "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_app_behavior",
+      "label": "Application Behavior",
+      "type": "string"
+    },
+    {
+      "name": "common_encapsulation",
+      "label": "Encapsulation",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "public_schema_info.json#/fields/common_encapsulation/data"
+        },
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_app_label",
+      "label": "Application Label",
+      "type": "string"
+    },
+    {
+      "name": "common_tunnels",
+      "label": "Tunnels",
+      "type": "string"
+    },
+    {
+      "name": "common_protocol_label",
+      "label": "Protocol Label",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_app_id",
+      "label": "Application ID",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_userdefine_app_name",
+      "label": "User Define APP Name",
+      "type": "string"
+    },
+    {
+      "name": "common_app_surrogate_id",
+      "label": "Surrogate ID",
+      "type": "string"
+    },
+    {
+      "name": "common_l7_protocol",
+      "label": "L7 Protocol",
+      "type": "string"
+    },
+    {
+      "name": "common_service_category",
+      "label": "FQDN Category",
+      "doc": {
+        "constraints": {
+          "operator_functions": "has"
+        },
+        "dict_location": {
+          "path": "/v1/category/dict",
+          "key": "categoryId",
+          "value": "categoryName"
+        }
+      },
+      "type": {
+        "type": "array",
+        "items": "int"
+      }
+    },
+    {
+      "name": "common_start_time",
+      "label": "Start Time",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_end_time",
+      "label": "End Time",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "get_value",
+          "appendTo": "common_recv_time"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_establish_latency_ms",
+      "label": "Establish Latency(ms)",
+      "type": "long"
+    },
+    {
+      "name": "common_con_duration_ms",
+      "label": "Duration(ms)",
+      "type": "long"
+    },
+    {
+      "name": "common_stream_dir",
+      "label": "Stream Direction",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "c2s"
+          },
+          {
+            "code": "2",
+            "value": "s2c"
+          },
+          {
+            "code": "3",
+            "value": "double"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_address_list",
+      "label": "Address List",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_has_dup_traffic",
+      "label": "Duplication Traffic",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data"
+        },
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_stream_error",
+      "label": "Stream Error",
+      "type": "string"
+    },
+    {
+      "name": "common_stream_trace_id",
+      "label": "Session ID",
+      "type": "long"
+    },
+    {
+      "name": "common_link_info_c2s",
+      "label": "Link Info(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_link_info_s2c",
+      "label": "Link Info(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_packet_capture_file",
+      "label": "Packet Capture File",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_c2s_ipfrag_num",
+      "label": "Fragmentation Packets(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_ipfrag_num",
+      "label": "Fragmentation Packets(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_tcp_lostlen",
+      "label": "Sequence Gap Loss(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_tcp_lostlen",
+      "label": "Sequence Gap Loss(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_tcp_unorder_num",
+      "label": "Unorder Packets(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_tcp_unorder_num",
+      "label": "Unorder Packets(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_pkt_retrans",
+      "label": "Packet Retransmission(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_retrans",
+      "label": "Packet Retransmission(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_retrans",
+      "label": "Byte Retransmission(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_retrans",
+      "label": "Byte Retransmission(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_tcp_client_isn",
+      "label": "TCP Client ISN",
+      "type": "long"
+    },
+    {
+      "name": "common_tcp_server_isn",
+      "label": "TCP Server ISN",
+      "type": "long"
+    },
+    {
+      "name": "common_first_ttl",
+      "label": "First TTL",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_processing_time",
+      "label": "Processing Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "current_timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_ingestion_time",
+      "label": "Ingestion Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "ingestion_time"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_mirrored_pkts",
+      "label": "Mirrored Packets",
+      "type": "long"
+    },
+    {
+      "name": "common_mirrored_bytes",
+      "label": "Mirrored Bytes",
+      "type": "long"
+    },
+    {
+      "name": "http_url",
+      "label": "HTTP.URL",
+      "type": "string"
+    },
+    {
+      "name": "http_host",
+      "label": "HTTP.Host",
+      "doc": {
+        "format": {
+          "functions": "sub_domain",
+          "appendTo": "http_domain"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_domain",
+      "label": "HTTP.Domain",
+      "type": "string"
+    },
+    {
+      "name": "http_request_line",
+      "label": "HTTP.Request Line",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_response_line",
+      "label": "HTTP.Response Line",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_request_header",
+      "label": "HTTP.Request Header",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_response_header",
+      "label": "HTTP.Response Header",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_request_content",
+      "label": "HTTP.Request Content",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_request_content_length",
+      "label": "HTTP.Request Content Length",
+      "type": "string"
+    },
+    {
+      "name": "http_request_content_type",
+      "label": "HTTP.Request Content Type",
+      "type": "string"
+    },
+    {
+      "name": "http_response_content",
+      "label": "HTTP.Response Content",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_response_content_length",
+      "label": "HTTP.Response Content Length",
+      "type": "string"
+    },
+    {
+      "name": "http_response_content_type",
+      "label": "HTTP.Response Content Type",
+      "type": "string"
+    },
+    {
+      "name": "http_request_body",
+      "label": "HTTP.Request Body",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_response_body",
+      "label": "HTTP.Response Body",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_request_body_key",
+      "label": "HTTP.Request Body Key",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_response_body_key",
+      "label": "HTTP.Response Body Key",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_proxy_flag",
+      "label": "HTTP.Proxy Flag",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "http_sequence",
+      "label": "HTTP.Sequence",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "http_snapshot",
+      "label": "HTTP.Snapshot",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_cookie",
+      "label": "HTTP.Cookie",
+      "type": "string"
+    },
+    {
+      "name": "http_referer",
+      "label": "HTTP.Referer",
+      "type": "string"
+    },
+    {
+      "name": "http_user_agent",
+      "label": "HTTP.User Agent",
+      "type": "string"
+    },
+    {
+      "name": "http_content_length",
+      "label": "HTTP.Content Length",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_content_type",
+      "label": "HTTP.Content Type",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_set_cookie",
+      "label": "HTTP.Set Cookie",
+      "type": "string"
+    },
+    {
+      "name": "http_version",
+      "label": "HTTP.Version",
+      "type": "string"
+    },
+    {
+      "name": "http_response_latency_ms",
+      "label": "HTTP.Response Latency(ms)",
+      "type": "long"
+    },
+    {
+      "name": "http_action_file_size",
+      "label": "HTTP.Action File Size",
+      "type": "int"
+    },
+    {
+      "name": "http_session_duration_ms",
+      "label": "HTTP.Session Duration(ms)",
+      "type": "long"
+    },
+    {
+      "name": "mail_protocol_type",
+      "label": "Mail.Protocol Type",
+      "type": "string"
+    },
+    {
+      "name": "mail_account",
+      "label": "Mail.Account",
+      "type": "string"
+    },
+    {
+      "name": "mail_from_cmd",
+      "label": "Mail.From CMD",
+      "type": "string"
+    },
+    {
+      "name": "mail_to_cmd",
+      "label": "Mail.To CMD",
+      "type": "string"
+    },
+    {
+      "name": "mail_from",
+      "label": "Mail.From",
+      "doc": {
+        "constraints": {
+          "type": "email"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_to",
+      "label": "Mail.To",
+      "doc": {
+        "constraints": {
+          "type": "email"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_cc",
+      "label": "Mail.CC",
+      "type": "string"
+    },
+    {
+      "name": "mail_bcc",
+      "label": "Mail.BCC",
+      "type": "string"
+    },
+    {
+      "name": "mail_subject",
+      "label": "Mail.Subject",
+      "doc": {
+        "format": {
+          "functions": "decode_of_base64",
+          "param": "$.mail_subject_charset"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_subject_charset",
+      "label": "Mail.Subject Charset",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_content",
+      "label": "Mail.Content",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_content_charset",
+      "label": "Mail.Content Charset",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_attachment_name",
+      "label": "Mail.Attachment",
+      "doc": {
+        "format": {
+          "functions": "decode_of_base64",
+          "param": "$.mail_attachment_name_charset"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_attachment_name_charset",
+      "label": "Mail.Attachment Charset",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_attachment_content",
+      "label": "Mail.Attachment Content",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_eml_file",
+      "label": "Mail.EML File",
+      "doc": {
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_snapshot",
+      "label": "Mail.Snapshot",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "dns_message_id",
+      "label": "DNS.Message ID",
+      "type": "int"
+    },
+    {
+      "name": "dns_qr",
+      "label": "DNS.QR",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "QUERY"
+          },
+          {
+            "code": "1",
+            "value": "RESPONSE"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "dns_opcode",
+      "label": "DNS.OPCODE",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "QUERY"
+          },
+          {
+            "code": "1",
+            "value": "IQUERY"
+          },
+          {
+            "code": "2",
+            "value": "STATUS"
+          },
+          {
+            "code": "5",
+            "value": "UPDATE"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "dns_aa",
+      "label": "DNS.AA",
+      "type": "int"
+    },
+    {
+      "name": "dns_tc",
+      "label": "DNS.TC",
+      "type": "int"
+    },
+    {
+      "name": "dns_rd",
+      "label": "DNS.RD",
+      "type": "int"
+    },
+    {
+      "name": "dns_ra",
+      "label": "DNS.RA",
+      "type": "int"
+    },
+    {
+      "name": "dns_rcode",
+      "label": "DNS.RCODE",
+      "type": "int"
+    },
+    {
+      "name": "dns_qdcount",
+      "label": "DNS.QDCOUNT",
+      "type": "int"
+    },
+    {
+      "name": "dns_ancount",
+      "label": "DNS.ANCOUNT",
+      "type": "int"
+    },
+    {
+      "name": "dns_nscount",
+      "label": "DNS.NSCOUNT",
+      "type": "int"
+    },
+    {
+      "name": "dns_arcount",
+      "label": "DNS.ARCOUNT",
+      "type": "int"
+    },
+    {
+      "name": "dns_qname",
+      "label": "DNS.QNAME",
+      "type": "string"
+    },
+    {
+      "name": "dns_qtype",
+      "label": "DNS.QTYPE",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "A"
+          },
+          {
+            "code": "2",
+            "value": "NS"
+          },
+          {
+            "code": "5",
+            "value": "CNAME"
+          },
+          {
+            "code": "6",
+            "value": "SOA"
+          },
+          {
+            "code": "11",
+            "value": "WKS"
+          },
+          {
+            "code": "12",
+            "value": "PTR"
+          },
+          {
+            "code": "13",
+            "value": "HINFO"
+          },
+          {
+            "code": "11",
+            "value": "WKS"
+          },
+          {
+            "code": "15",
+            "value": "MX"
+          },
+          {
+            "code": "28",
+            "value": "AAAA"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "dns_qclass",
+      "label": "DNS.QCLASS",
+      "type": "int"
+    },
+    {
+      "name": "dns_cname",
+      "label": "DNS.CNAME",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "dns_sub",
+      "label": "DNS.SUB",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "DNS"
+          },
+          {
+            "code": "2",
+            "value": "DNSSEC"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "dns_rr",
+      "label": "DNS.RR",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "dns_response_latency_ms",
+      "label": "DNS.Response Latency(ms)",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "int"
+    },
+    {
+      "name": "ssl_version",
+      "label": "SSL.Version",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "ssl_sni",
+      "label": "SSL.SNI",
+      "doc": {
+        "format": {
+          "functions": "sub_domain",
+          "appendTo": "http_domain"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "ssl_san",
+      "label": "SSL.SAN",
+      "type": "string"
+    },
+    {
+      "name": "ssl_cn",
+      "label": "SSL.CN",
+      "type": "string"
+    },
+    {
+      "name": "ssl_pinningst",
+      "label": "SSL.Pinning",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "Not Pinning"
+          },
+          {
+            "code": "1",
+            "value": "Pinning"
+          },
+          {
+            "code": "2",
+            "value": "Maybe Pinning"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "ssl_intercept_state",
+      "label": "SSL.Intercept State",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "Passthrough"
+          },
+          {
+            "code": "1",
+            "value": "Intercept"
+          },
+          {
+            "code": "2",
+            "value": "Shutdown"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "ssl_passthrough_reason",
+      "label": "SSL.Passthrough Reason",
+      "type": "string"
+    },
+    {
+      "name": "ssl_server_side_latency",
+      "label": "SSL.Server Side Latency(ms)",
+      "type": "int"
+    },
+    {
+      "name": "ssl_client_side_latency",
+      "label": "SSL.Client Side Latency(ms)",
+      "type": "int"
+    },
+    {
+      "name": "ssl_server_side_version",
+      "label": "SSL.Server Side Version",
+      "type": "string"
+    },
+    {
+      "name": "ssl_client_side_version",
+      "label": "SSL.Client Side Version",
+      "type": "string"
+    },
+    {
+      "name": "ssl_cert_verify",
+      "label": "SSL.Certificate Verify",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "No"
+          },
+          {
+            "code": "1",
+            "value": "Yes"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "ssl_error",
+      "label": "SSL.Error",
+      "type": "string"
+    },
+    {
+      "name": "ssl_con_latency_ms",
+      "label": "SSL.Connection Latency(ms)",
+      "type": "int"
+    },
+    {
+      "name": "ssl_ja3_fingerprint",
+      "label": "SSL.JA3",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "ssl_ja3_hash",
+      "label": "SSL.JA3 hash",
+      "type": "string"
+    },
+    {
+      "name": "ssl_cert_issuer",
+      "label": "SSL.Issuer",
+      "doc": {
+        "constraints": {
+          "type": "items"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "ssl_cert_subject",
+      "label": "SSL.Subject",
+      "doc": {
+        "constraints": {
+          "type": "items"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "quic_version",
+      "label": "Quic.Version",
+      "type": "string"
+    },
+    {
+      "name": "quic_sni",
+      "label": "Quic.SNI",
+      "doc": {
+        "format": {
+          "functions": "sub_domain",
+          "appendTo": "http_domain"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "quic_user_agent",
+      "label": "Quic.User Agent",
+      "type": "string"
+    },
+    {
+      "name": "ftp_account",
+      "label": "FTP.Account",
+      "type": "string"
+    },
+    {
+      "name": "ftp_url",
+      "label": "FTP.URL",
+      "type": "string"
+    },
+    {
+      "name": "ftp_content",
+      "label": "FTP.Content",
+      "type": "string"
+    },
+    {
+      "name": "ftp_link_type",
+      "label": "FTP.Link Type",
+      "type": "string"
+    },
+    {
+      "name": "bgp_type",
+      "label": "BGP.Type",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "int"
+    },
+    {
+      "name": "bgp_as_num",
+      "label": "BGP.AS Number",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "bgp_route",
+      "label": "BGP.Route",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "voip_calling_account",
+      "label": "VoIP.Calling Account",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "voip_called_account",
+      "label": "VoIP.Called Account",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "voip_calling_number",
+      "label": "VoIP.Calling Number",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "voip_called_number",
+      "label": "VoIP.Called Number",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "streaming_media_url",
+      "label": "Streaming.Media URL",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "streaming_media_protocol",
+      "label": "Streaming.Media Protocol",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "app_extra_info",
+      "label": "APP.Extra Info",
+      "type": "string"
+    },
+    {
+      "name": "sip_call_id",
+      "label": "SIP.Call-ID",
+      "type": "string"
+    },
+    {
+      "name": "sip_originator_description",
+      "label": "SIP.Originator",
+      "type": "string"
+    },
+    {
+      "name": "sip_responder_description",
+      "label": "SIP.Responder",
+      "type": "string"
+    },
+    {
+      "name": "sip_user_agent",
+      "label": "SIP.User-Agent",
+      "type": "string"
+    },
+    {
+      "name": "sip_server",
+      "label": "SIP.Server",
+      "type": "string"
+    },
+    {
+      "name": "sip_originator_sdp_connect_ip",
+      "label": "SIP.Originator IP",
+      "type": "string"
+    },
+    {
+      "name": "sip_originator_sdp_media_port",
+      "label": "SIP.Originator Port",
+      "type": "int"
+    },
+    {
+      "name": "sip_originator_sdp_media_type",
+      "label": "SIP.Originator Media Type",
+      "type": "string"
+    },
+    {
+      "name": "sip_originator_sdp_content",
+      "label": "SIP.Originator Content",
+      "type": "string"
+    },
+    {
+      "name": "sip_responder_sdp_connect_ip",
+      "label": "SIP.Responder IP",
+      "type": "string"
+    },
+    {
+      "name": "sip_responder_sdp_media_port",
+      "label": "SIP.Responder Port",
+      "type": "int"
+    },
+    {
+      "name": "sip_responder_sdp_media_type",
+      "label": "SIP.Responder Media Type",
+      "type": "string"
+    },
+    {
+      "name": "sip_responder_sdp_content",
+      "label": "SIP.Responder Content",
+      "type": "string"
+    },
+    {
+      "name": "sip_duration_s",
+      "label": "SIP.Duration(s)",
+      "type": "int"
+    },
+    {
+      "name": "sip_bye",
+      "label": "SIP.Bye",
+      "type": "string"
+    },
+    {
+      "name": "rtp_payload_type_c2s",
+      "label": "RTP.Payload Type(c2s)",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "PCMU"
+          },
+          {
+            "code": "1",
+            "value": "1016"
+          },
+          {
+            "code": "2",
+            "value": "G721"
+          },
+          {
+            "code": "3",
+            "value": "GSM"
+          },
+          {
+            "code": "4",
+            "value": "G723"
+          },
+          {
+            "code": "5",
+            "value": "DVI4_8000"
+          },
+          {
+            "code": "6",
+            "value": "DVI4_16000"
+          },
+          {
+            "code": "7",
+            "value": "LPC"
+          },
+          {
+            "code": "8",
+            "value": "PCMA"
+          },
+          {
+            "code": "9",
+            "value": "G722"
+          },
+          {
+            "code": "10",
+            "value": "L16_STEREO"
+          },
+          {
+            "code": "11",
+            "value": "L16_MONO"
+          },
+          {
+            "code": "12",
+            "value": "QCELP"
+          },
+          {
+            "code": "13",
+            "value": "CN"
+          },
+          {
+            "code": "14",
+            "value": "MPA"
+          },
+          {
+            "code": "15",
+            "value": "G728"
+          },
+          {
+            "code": "16",
+            "value": "DVI4_11025"
+          },
+          {
+            "code": "17",
+            "value": "DVI4_22050"
+          },
+          {
+            "code": "18",
+            "value": "G729"
+          },
+          {
+            "code": "19",
+            "value": "CN_OLD"
+          },
+          {
+            "code": "25",
+            "value": "CELB"
+          },
+          {
+            "code": "26",
+            "value": "JPEG"
+          },
+          {
+            "code": "28",
+            "value": "NV"
+          },
+          {
+            "code": "31",
+            "value": "H261"
+          },
+          {
+            "code": "32",
+            "value": "MPV"
+          },
+          {
+            "code": "33",
+            "value": "MP2T"
+          },
+          {
+            "code": "34",
+            "value": "H263"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "rtp_payload_type_s2c",
+      "label": "RTP.Payload Type(s2c)",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "PCMU"
+          },
+          {
+            "code": "1",
+            "value": "1016"
+          },
+          {
+            "code": "2",
+            "value": "G721"
+          },
+          {
+            "code": "3",
+            "value": "GSM"
+          },
+          {
+            "code": "4",
+            "value": "G723"
+          },
+          {
+            "code": "5",
+            "value": "DVI4_8000"
+          },
+          {
+            "code": "6",
+            "value": "DVI4_16000"
+          },
+          {
+            "code": "7",
+            "value": "LPC"
+          },
+          {
+            "code": "8",
+            "value": "PCMA"
+          },
+          {
+            "code": "9",
+            "value": "G722"
+          },
+          {
+            "code": "10",
+            "value": "L16_STEREO"
+          },
+          {
+            "code": "11",
+            "value": "L16_MONO"
+          },
+          {
+            "code": "12",
+            "value": "QCELP"
+          },
+          {
+            "code": "13",
+            "value": "CN"
+          },
+          {
+            "code": "14",
+            "value": "MPA"
+          },
+          {
+            "code": "15",
+            "value": "G728"
+          },
+          {
+            "code": "16",
+            "value": "DVI4_11025"
+          },
+          {
+            "code": "17",
+            "value": "DVI4_22050"
+          },
+          {
+            "code": "18",
+            "value": "G729"
+          },
+          {
+            "code": "19",
+            "value": "CN_OLD"
+          },
+          {
+            "code": "25",
+            "value": "CELB"
+          },
+          {
+            "code": "26",
+            "value": "JPEG"
+          },
+          {
+            "code": "28",
+            "value": "NV"
+          },
+          {
+            "code": "31",
+            "value": "H261"
+          },
+          {
+            "code": "32",
+            "value": "MPV"
+          },
+          {
+            "code": "33",
+            "value": "MP2T"
+          },
+          {
+            "code": "34",
+            "value": "H263"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "rtp_pcap_path",
+      "label": "RTP.PCAP",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "rtp_originator_dir",
+      "label": "RTP.Direction",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "unknown"
+          },
+          {
+            "code": "1",
+            "value": "c2s"
+          },
+          {
+            "code": "2",
+            "value": "s2c"
+          }
+        ],
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "ssh_version",
+      "label": "SSH.Version",
+      "type": "string"
+    },
+    {
+      "name": "ssh_auth_success",
+      "label": "SSH.Authentication Result",
+      "type": "string"
+    },
+    {
+      "name": "ssh_client_version",
+      "label": "SSH.Client Version",
+      "type": "string"
+    },
+    {
+      "name": "ssh_server_version",
+      "label": "SSH.Server Version",
+      "type": "string"
+    },
+    {
+      "name": "ssh_cipher_alg",
+      "label": "SSH.Encryption Algorithm",
+      "type": "string"
+    },
+    {
+      "name": "ssh_mac_alg",
+      "label": "SSH.Signing Algorithm",
+      "type": "string"
+    },
+    {
+      "name": "ssh_compression_alg",
+      "label": "SSH.Compression Algorithm",
+      "type": "string"
+    },
+    {
+      "name": "ssh_kex_alg",
+      "label": "SSH. Key Exchange Algorithm",
+      "type": "string"
+    },
+    {
+      "name": "ssh_host_key_alg",
+      "label": "SSH.Server Host Key Algorithm",
+      "type": "string"
+    },
+    {
+      "name": "ssh_host_key",
+      "label": "SSH.Server Key Fingerprint",
+      "type": "string"
+    },
+    {
+      "name": "ssh_hassh",
+      "label": "SSH.HASSH",
+      "type": "string"
+    },
+    {
+      "name": "stratum_cryptocurrency",
+      "label": "Stratum.Cryptocurrency",
+      "type": "string"
+    },
+    {
+      "name": "stratum_mining_pools",
+      "label": "Stratum.Mining Pools",
+      "type": "string"
+    },
+    {
+      "name": "stratum_mining_program",
+      "label": "Stratum.Mining Program",
+      "type": "string"
+    },
+    {
+      "name": "rdp_cookie",
+      "label": "RDP.Cookie",
+      "type": "string"
+    },
+    {
+      "name": "rdp_security_protocol",
+      "label": "RDP.Security Protocol",
+      "type": "string"
+    },
+    {
+      "name": "rdp_client_channels",
+      "label": "RDP.Client Channels",
+      "type": "string"
+    },
+    {
+      "name": "rdp_keyboard_layout",
+      "label": "RDP.Keyboard Layout",
+      "type": "string"
+    },
+    {
+      "name": "rdp_client_version",
+      "label": "RDP.Client Version",
+      "type": "string"
+    },
+    {
+      "name": "rdp_client_name",
+      "label": "RDP.Client Name",
+      "type": "string"
+    },
+    {
+      "name": "rdp_client_product_id",
+      "label": "RDP.Client Product ID",
+      "type": "string"
+    },
+    {
+      "name": "rdp_desktop_width",
+      "label": "RDP. Desktop Width",
+      "type": "string"
+    },
+    {
+      "name": "rdp_desktop_height",
+      "label": "RDP.Desktop Height",
+      "type": "string"
+    },
+    {
+      "name": "rdp_requested_color_depth",
+      "label": "RDP.Requested Color Depth",
+      "type": "string"
+    },
+    {
+      "name": "rdp_certificate_type",
+      "label": "RDP.Certificate Type",
+      "type": "string"
+    },
+    {
+      "name": "rdp_certificate_count",
+      "label": "RDP.Certificate Count",
+      "type": "int"
+    },
+    {
+      "name": "rdp_certificate_permanent",
+      "label": "RDP.Certificate Permanent",
+      "type": "int"
+    },
+    {
+      "name": "rdp_encryption_level",
+      "label": "RDP.Encryption Level",
+      "type": "string"
+    },
+    {
+      "name": "rdp_encryption_method",
+      "label": "RDP.Encryption Method",
+      "type": "string"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/TSG发布版本更新记录/TSG-22.05/qgw/config/session_record.json b/TSG发布版本更新记录/TSG-22.05/qgw/config/session_record.json
new file mode 100644
index 0000000..dfe313f
--- /dev/null
+++ b/TSG发布版本更新记录/TSG-22.05/qgw/config/session_record.json
@@ -0,0 +1,2396 @@
+{
+  "type": "record",
+  "name": "session_record",
+  "namespace": "tsg_galaxy_v3",
+  "doc": {
+    "primary_key": "common_log_id",
+    "partition_key": "common_recv_time",
+    "index_table": "session_record_common_client_ip,session_record_common_server_ip,session_record_http_domain",
+    "functions": {
+      "$ref": "public_schema_info.json#/functions"
+    },
+    "schema_query": {
+      "dimensions": [
+        "common_server_ip",
+        "common_client_ip",
+        "common_internal_ip",
+        "common_external_ip",
+        "common_sled_ip",
+        "common_device_id",
+        "common_client_location",
+        "common_server_location",
+        "common_subscriber_id",
+        "common_client_port",
+        "common_server_port",
+        "common_schema_type",
+        "common_l4_protocol",
+        "common_l7_protocol",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_client_asn",
+        "common_server_asn",
+        "common_start_time",
+        "common_end_time",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_app_label",
+        "http_host",
+        "http_domain",
+        "http_url",
+        "http_cookie",
+        "http_referer",
+        "http_user_agent",
+        "ssl_sni",
+        "ssl_ja3_hash",
+        "ssl_cert_issuer",
+        "ssl_cert_subject",
+        "quic_sni",
+        "quic_version"
+      ],
+      "metrics": [
+        "common_server_ip",
+        "common_client_ip",
+        "common_internal_ip",
+        "common_external_ip",
+        "common_subscriber_id",
+        "common_sled_ip",
+        "common_device_id",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_sessions",
+        "common_con_duration_ms",
+        "common_establish_latency_ms",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_app_label",
+        "http_host",
+        "http_domain",
+        "http_url",
+        "http_cookie",
+        "http_referer",
+        "http_user_agent",
+        "ssl_sni",
+        "ssl_ja3_hash",
+        "ssl_cert_issuer",
+        "ssl_cert_subject",
+        "quic_sni"
+      ],
+      "filters": [
+        "common_address_type",
+        "common_server_ip",
+        "common_client_ip",
+        "common_internal_ip",
+        "common_external_ip",
+        "common_client_port",
+        "common_server_port",
+        "common_client_location",
+        "common_server_location",
+        "common_subscriber_id",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_l4_protocol",
+        "common_l7_protocol",
+        "common_stream_dir",
+        "common_direction",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_sled_ip",
+        "common_device_id",
+        "common_schema_type",
+        "common_client_asn",
+        "common_server_asn",
+        "common_start_time",
+        "common_end_time",
+        "common_con_duration_ms",
+        "common_establish_latency_ms",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "common_app_label",
+        "http_host",
+        "http_domain",
+        "http_url",
+        "http_cookie",
+        "http_referer",
+        "http_user_agent",
+        "ssl_sni",
+        "ssl_ja3_hash",
+        "ssl_cert_issuer",
+        "ssl_cert_subject",
+        "quic_sni",
+        "quic_version"
+      ],
+      "references": {
+        "$ref": "public_schema_info.json#/schema_query/references"
+      },
+      "details": {
+        "general": [
+          "common_recv_time",
+          "common_log_id",
+          "common_stream_trace_id",
+          "common_direction",
+          "common_stream_dir",
+          "common_start_time",
+          "common_end_time",
+          "common_con_duration_ms",
+          "common_establish_latency_ms",
+          "common_processing_time",
+          "common_ingestion_time",
+          "common_entrance_id",
+          "common_device_id",
+          "common_egress_link_id",
+          "common_ingress_link_id",
+          "common_isp",
+          "common_data_center",
+          "common_device_group",
+          "common_sled_ip"
+        ],
+        "source": [
+          "common_client_ip",
+          "common_internal_ip",
+          "common_client_port",
+          "common_client_location",
+          "common_client_asn",
+          "common_subscriber_id",
+          "common_imei",
+          "common_imsi",
+          "common_phone_number"
+        ],
+        "destination": [
+          "common_server_ip",
+          "common_external_ip",
+          "common_server_port",
+          "common_server_location",
+          "common_server_asn"
+        ],
+        "application": [
+          "common_app_id",
+          "common_userdefine_app_name",
+          "common_app_label",
+          "common_app_surrogate_id",
+          "common_l7_protocol",
+          "common_protocol_label",
+          "common_service_category",
+          "common_service",
+          "common_l4_protocol",
+          "common_app_behavior"
+        ],
+        "transmission": [
+          "common_sessions",
+          "common_c2s_pkt_num",
+          "common_s2c_pkt_num",
+          "common_c2s_byte_num",
+          "common_s2c_byte_num",
+          "common_c2s_pkt_diff",
+          "common_s2c_pkt_diff",
+          "common_c2s_byte_diff",
+          "common_s2c_byte_diff",
+          "common_c2s_ipfrag_num",
+          "common_s2c_ipfrag_num",
+          "common_c2s_tcp_lostlen",
+          "common_s2c_tcp_lostlen",
+          "common_c2s_tcp_unorder_num",
+          "common_s2c_tcp_unorder_num",
+          "common_c2s_pkt_retrans",
+          "common_s2c_pkt_retrans",
+          "common_c2s_byte_retrans",
+          "common_s2c_byte_retrans",
+          "common_first_ttl",
+          "common_tcp_client_isn",
+          "common_tcp_server_isn",
+          "common_mirrored_pkts",
+          "common_mirrored_bytes"
+        ],
+        "other": [
+          "common_address_type",
+          "common_schema_type",
+          "common_device_tag",
+          "common_encapsulation",
+          "common_tunnels",
+          "common_address_list",
+          "common_has_dup_traffic",
+          "common_stream_error",
+          "common_link_info_c2s",
+          "common_link_info_s2c",
+          "common_packet_capture_file",
+          "common_action",
+          "common_sub_action",
+          "common_policy_id",
+          "common_user_tags",
+          "common_user_region"
+        ]
+      }
+    },
+    "schema_type": {
+      "BASE": {
+        "$ref": "public_schema_info.json#/schema_type/BASE"
+      },
+      "HTTP": {
+        "$ref": "public_schema_info.json#/schema_type/HTTP"
+      },
+      "MAIL": {
+        "$ref": "public_schema_info.json#/schema_type/MAIL"
+      },
+      "DNS": {
+        "$ref": "public_schema_info.json#/schema_type/DNS"
+      },
+      "SSL": {
+        "$ref": "public_schema_info.json#/schema_type/SSL"
+      },
+      "QUIC": {
+        "$ref": "public_schema_info.json#/schema_type/QUIC"
+      },
+      "FTP": {
+        "$ref": "public_schema_info.json#/schema_type/FTP"
+      },
+      "BGP": {
+        "$ref": "public_schema_info.json#/schema_type/BGP"
+      },
+      "APP": {
+        "$ref": "public_schema_info.json#/schema_type/APP"
+      },
+      "SSH": {
+        "$ref": "public_schema_info.json#/schema_type/SSH"
+      },
+      "Stratum": {
+        "$ref": "public_schema_info.json#/schema_type/Stratum"
+      },
+      "RDP": {
+        "$ref": "public_schema_info.json#/schema_type/RDP"
+      }
+    },
+    "default_columns": [
+      "common_recv_time",
+      "common_log_id",
+      "common_subscriber_id",
+      "common_client_ip",
+      "common_server_ip",
+      "common_server_port",
+      "common_schema_type"
+    ],
+    "internal_columns": [
+      "common_recv_time",
+      "common_log_id",
+      "common_processing_time",
+      "common_ingestion_time",
+      "common_userdefine_app_name",
+      "common_tunnels",
+      "common_packet_capture_file",
+      "rtp_pcap_path",
+      "http_request_body",
+      "http_response_body",
+      "mail_eml_file"
+    ],
+    "tunnel_type": {
+      "$ref": "public_schema_info.json#/tunnel_type"
+    }
+  },
+  "fields": [
+    {
+      "name": "common_recv_time",
+      "label": "Receive Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_log_id",
+      "label": "Log ID",
+      "doc": {
+        "format": {
+          "functions": "snowflake_id"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_policy_id",
+      "label": "Policy ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_subscriber_id",
+      "label": "Subscriber ID",
+      "type": "string"
+    },
+    {
+      "name": "common_imei",
+      "label": "IMEI",
+      "type": "string"
+    },
+    {
+      "name": "common_imsi",
+      "label": "IMSI",
+      "type": "string"
+    },
+    {
+      "name": "common_phone_number",
+      "label": "Phone Number",
+      "type": "string"
+    },
+    {
+      "name": "common_client_ip",
+      "label": "Client IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "geo_asn,radius_match",
+          "appendTo": "common_client_asn,common_subscriber_id"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_internal_ip",
+      "label": "Internal IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "if",
+          "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_client_port",
+      "label": "Client Port",
+      "type": "int"
+    },
+    {
+      "name": "common_l4_protocol",
+      "label": "L4 Protocol",
+      "type": "string"
+    },
+    {
+      "name": "common_address_type",
+      "label": "Address Type",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "4",
+            "value": "ipv4"
+          },
+          {
+            "code": "6",
+            "value": "ipv6"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_server_ip",
+      "label": "Server IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "geo_asn",
+          "appendTo": "common_server_asn"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_server_port",
+      "label": "Server Port",
+      "type": "int"
+    },
+    {
+      "name": "common_external_ip",
+      "label": "External IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "if",
+          "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_action",
+      "label": "Action",
+      "doc": {
+        "visibility": "hidden",
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "None"
+          },
+          {
+            "code": "1",
+            "value": "Monitor"
+          },
+          {
+            "code": "2",
+            "value": "Intercept"
+          },
+          {
+            "code": "16",
+            "value": "Deny"
+          },
+          {
+            "code": "128",
+            "value": "Allow"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_direction",
+      "label": "Direction",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "69",
+            "value": "outbound"
+          },
+          {
+            "code": "73",
+            "value": "inbound"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_entrance_id",
+      "label": "Entrance ID",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_sled_ip",
+      "label": "Sled IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_client_location",
+      "label": "Client Location",
+      "type": "string"
+    },
+    {
+      "name": "common_client_asn",
+      "label": "Client ASN",
+      "type": "string"
+    },
+    {
+      "name": "common_server_location",
+      "label": "Server Location",
+      "type": "string"
+    },
+    {
+      "name": "common_server_asn",
+      "label": "Server ASN",
+      "type": "string"
+    },
+    {
+      "name": "common_sessions",
+      "label": "Sessions",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_pkt_num",
+      "label": "Packets Sent",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_num",
+      "label": "Packets Received",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_num",
+      "label": "Bytes Sent",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_num",
+      "label": "Bytes Received",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_pkt_diff",
+      "label": "Packets Sent(Diff)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_diff",
+      "label": "Packets Received(Diff)",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_diff",
+      "label": "Bytes Sent(Diff)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_diff",
+      "label": "Bytes Received(Diff)",
+      "type": "long"
+    },
+    {
+      "name": "common_service",
+      "label": "Service",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_schema_type",
+      "label": "Schema Type",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "BASE",
+            "value": "BASE"
+          },
+          {
+            "code": "MAIL",
+            "value": "MAIL"
+          },
+          {
+            "code": "DNS",
+            "value": "DNS"
+          },
+          {
+            "code": "HTTP",
+            "value": "HTTP"
+          },
+          {
+            "code": "SSL",
+            "value": "SSL"
+          },
+          {
+            "code": "QUIC",
+            "value": "QUIC"
+          },
+          {
+            "code": "FTP",
+            "value": "FTP"
+          },
+          {
+            "code": "SSH",
+            "value": "SSH"
+          },
+          {
+            "code": "Stratum",
+            "value": "Stratum"
+          },
+          {
+            "code": "RDP",
+            "value": "RDP"
+          }
+        ]
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_user_tags",
+      "label": "User Tags",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_sub_action",
+      "label": "Sub Action",
+      "doc": {
+        "data": [
+          {
+            "code": "allow",
+            "value": "Allow"
+          },
+          {
+            "code": "deny",
+            "value": "Deny"
+          },
+          {
+            "code": "monitor",
+            "value": "Monitor"
+          },
+          {
+            "code": "replace",
+            "value": "Replace"
+          },
+          {
+            "code": "redirect",
+            "value": "Redirect"
+          },
+          {
+            "code": "insert",
+            "value": "Insert"
+          },
+          {
+            "code": "hijack",
+            "value": "Hijack"
+          }
+        ],
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_user_region",
+      "label": "User Region",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_id",
+      "label": "Device ID",
+      "type": "string"
+    },
+    {
+      "name": "common_egress_link_id",
+      "label": "Egress Link ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_ingress_link_id",
+      "label": "Ingress Link ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_isp",
+      "label": "ISP",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_tag",
+      "label": "Device Tag",
+      "doc": {
+        "visibility": "hidden",
+        "format": {
+          "functions": "flattenSpec,flattenSpec",
+          "appendTo": "common_data_center,common_device_group",
+          "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_data_center",
+      "label": "Data Center",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "device_tag.json#",
+          "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']",
+          "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_group",
+      "label": "Device Group",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "device_tag.json#",
+          "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']",
+          "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_app_behavior",
+      "label": "Application Behavior",
+      "type": "string"
+    },
+    {
+      "name": "common_encapsulation",
+      "label": "Encapsulation",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "public_schema_info.json#/fields/common_encapsulation/data"
+        },
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_app_label",
+      "label": "Application Label",
+      "type": "string"
+    },
+    {
+      "name": "common_tunnels",
+      "label": "Tunnels",
+      "type": "string"
+    },
+    {
+      "name": "common_protocol_label",
+      "label": "Protocol Label",
+      "type": "string"
+    },
+    {
+      "name": "common_app_id",
+      "label": "Application ID",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_userdefine_app_name",
+      "label": "User Define APP Name",
+      "type": "string"
+    },
+    {
+      "name": "common_app_surrogate_id",
+      "label": "Surrogate ID",
+      "type": "string"
+    },
+    {
+      "name": "common_l7_protocol",
+      "label": "L7 Protocol",
+      "type": "string"
+    },
+    {
+      "name": "common_service_category",
+      "label": "FQDN Category",
+      "doc": {
+        "constraints": {
+          "operator_functions": "has"
+        },
+        "dict_location": {
+          "path": "/v1/category/dict",
+          "key": "categoryId",
+          "value": "categoryName"
+        }
+      },
+      "type": {
+        "type": "array",
+        "items": "int"
+      }
+    },
+    {
+      "name": "common_start_time",
+      "label": "Start Time",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_end_time",
+      "label": "End Time",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "get_value",
+          "appendTo": "common_recv_time"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_establish_latency_ms",
+      "label": "Establish Latency(ms)",
+      "type": "long"
+    },
+    {
+      "name": "common_con_duration_ms",
+      "label": "Duration(ms)",
+      "type": "long"
+    },
+    {
+      "name": "common_stream_dir",
+      "label": "Stream Direction",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "c2s"
+          },
+          {
+            "code": "2",
+            "value": "s2c"
+          },
+          {
+            "code": "3",
+            "value": "double"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_address_list",
+      "label": "Address List",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_has_dup_traffic",
+      "label": "Duplication Traffic",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data"
+        },
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_stream_error",
+      "label": "Stream Error",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_stream_trace_id",
+      "label": "Session ID",
+      "type": "long"
+    },
+    {
+      "name": "common_link_info_c2s",
+      "label": "Link Info(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_link_info_s2c",
+      "label": "Link Info(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_packet_capture_file",
+      "label": "Packet Capture File",
+      "doc": {
+        "visibility": "hidden",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_c2s_ipfrag_num",
+      "label": "Fragmentation Packets(c2s)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_ipfrag_num",
+      "label": "Fragmentation Packets(s2c)",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_tcp_lostlen",
+      "label": "Sequence Gap Loss(c2s)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_tcp_lostlen",
+      "label": "Sequence Gap Loss(s2c)",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_tcp_unorder_num",
+      "label": "Unorder Packets(c2s)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_tcp_unorder_num",
+      "label": "Unorder Packets(s2c)",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_pkt_retrans",
+      "label": "Packet Retransmission(c2s)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_retrans",
+      "label": "Packet Retransmission(s2c)",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_retrans",
+      "label": "Byte Retransmission(c2s)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_retrans",
+      "label": "Byte Retransmission(s2c)",
+      "type": "long"
+    },
+    {
+      "name": "common_tcp_client_isn",
+      "label": "TCP Client ISN",
+      "type": "long"
+    },
+    {
+      "name": "common_tcp_server_isn",
+      "label": "TCP Server ISN",
+      "type": "long"
+    },
+    {
+      "name": "common_first_ttl",
+      "label": "First TTL",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_processing_time",
+      "label": "Processing Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "current_timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_ingestion_time",
+      "label": "Ingestion Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "ingestion_time"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_mirrored_pkts",
+      "label": "Mirrored Packets",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_mirrored_bytes",
+      "label": "Mirrored Bytes",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "http_url",
+      "label": "HTTP.URL",
+      "type": "string"
+    },
+    {
+      "name": "http_host",
+      "label": "HTTP.Host",
+      "doc": {
+        "format": {
+          "functions": "sub_domain",
+          "appendTo": "http_domain"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_domain",
+      "label": "HTTP.Domain",
+      "type": "string"
+    },
+    {
+      "name": "http_request_line",
+      "label": "HTTP.Request Line",
+      "type": "string"
+    },
+    {
+      "name": "http_response_line",
+      "label": "HTTP.Response Line",
+      "type": "string"
+    },
+    {
+      "name": "http_request_header",
+      "label": "HTTP.Request Headers",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_response_header",
+      "label": "HTTP.Response Headers",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_request_content",
+      "label": "HTTP.Request Content",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_request_content_length",
+      "label": "HTTP.Request Content Length",
+      "type": "string"
+    },
+    {
+      "name": "http_request_content_type",
+      "label": "HTTP.Request Content Type",
+      "type": "string"
+    },
+    {
+      "name": "http_response_content",
+      "label": "HTTP.Response Content",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_response_content_length",
+      "label": "HTTP.Response Content Length",
+      "type": "string"
+    },
+    {
+      "name": "http_response_content_type",
+      "label": "HTTP.Response Content Type",
+      "type": "string"
+    },
+    {
+      "name": "http_request_body",
+      "label": "HTTP.Request Body",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_response_body",
+      "label": "HTTP.Response Body",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_request_body_key",
+      "label": "HTTP.Request Body Key",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_response_body_key",
+      "label": "HTTP.Response Body Key",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_proxy_flag",
+      "label": "HTTP.Proxy Flag",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "http_sequence",
+      "label": "HTTP.Sequence",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "http_snapshot",
+      "label": "HTTP.Snapshot",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_cookie",
+      "label": "HTTP.Cookie",
+      "type": "string"
+    },
+    {
+      "name": "http_referer",
+      "label": "HTTP.Referer",
+      "type": "string"
+    },
+    {
+      "name": "http_user_agent",
+      "label": "HTTP.User Agent",
+      "type": "string"
+    },
+    {
+      "name": "http_content_length",
+      "label": "HTTP.Content Length",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_content_type",
+      "label": "HTTP.Content Type",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "http_set_cookie",
+      "label": "HTTP.Set Cookie",
+      "type": "string"
+    },
+    {
+      "name": "http_version",
+      "label": "HTTP.Version",
+      "type": "string"
+    },
+    {
+      "name": "http_response_latency_ms",
+      "label": "HTTP.Response Latency(ms)",
+      "type": "long"
+    },
+    {
+      "name": "http_session_duration_ms",
+      "label": "HTTP.Session Duration(ms)",
+      "type": "long"
+    },
+    {
+      "name": "http_action_file_size",
+      "label": "HTTP.Action File Size",
+      "type": "int"
+    },
+    {
+      "name": "mail_protocol_type",
+      "label": "Mail.Protocol Type",
+      "type": "string"
+    },
+    {
+      "name": "mail_account",
+      "label": "Mail.Account",
+      "type": "string"
+    },
+    {
+      "name": "mail_from_cmd",
+      "label": "Mail.From CMD",
+      "type": "string"
+    },
+    {
+      "name": "mail_to_cmd",
+      "label": "Mail.To CMD",
+      "type": "string"
+    },
+    {
+      "name": "mail_from",
+      "label": "Mail.From",
+      "doc": {
+        "constraints": {
+          "type": "email"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_to",
+      "label": "Mail.To",
+      "doc": {
+        "constraints": {
+          "type": "email"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_cc",
+      "label": "Mail.CC",
+      "type": "string"
+    },
+    {
+      "name": "mail_bcc",
+      "label": "Mail.BCC",
+      "type": "string"
+    },
+    {
+      "name": "mail_subject",
+      "label": "Mail.Subject",
+      "doc": {
+        "format": {
+          "functions": "decode_of_base64",
+          "param": "$.mail_subject_charset"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_subject_charset",
+      "label": "Mail.Subject Charset",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_content",
+      "label": "Mail.Content",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_content_charset",
+      "label": "Mail.Content Charset",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_attachment_name",
+      "label": "Mail.Attachment",
+      "doc": {
+        "format": {
+          "functions": "decode_of_base64",
+          "param": "$.mail_attachment_name_charset"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_attachment_name_charset",
+      "label": "Mail.Attachment Charset",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_attachment_content",
+      "label": "Mail.Attachment Content",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_eml_file",
+      "label": "Mail.EML File",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "mail_snapshot",
+      "label": "Mail.Snapshot",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "dns_message_id",
+      "label": "DNS.Message ID",
+      "type": "int"
+    },
+    {
+      "name": "dns_qr",
+      "label": "DNS.QR",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "QUERY"
+          },
+          {
+            "code": "1",
+            "value": "RESPONSE"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "dns_opcode",
+      "label": "DNS.OPCODE",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "QUERY"
+          },
+          {
+            "code": "1",
+            "value": "IQUERY"
+          },
+          {
+            "code": "2",
+            "value": "STATUS"
+          },
+          {
+            "code": "5",
+            "value": "UPDATE"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "dns_aa",
+      "label": "DNS.AA",
+      "type": "int"
+    },
+    {
+      "name": "dns_tc",
+      "label": "DNS.TC",
+      "type": "int"
+    },
+    {
+      "name": "dns_rd",
+      "label": "DNS.RD",
+      "type": "int"
+    },
+    {
+      "name": "dns_ra",
+      "label": "DNS.RA",
+      "type": "int"
+    },
+    {
+      "name": "dns_rcode",
+      "label": "DNS.RCODE",
+      "type": "int"
+    },
+    {
+      "name": "dns_qdcount",
+      "label": "DNS.QDCOUNT",
+      "type": "int"
+    },
+    {
+      "name": "dns_ancount",
+      "label": "DNS.ANCOUNT",
+      "type": "int"
+    },
+    {
+      "name": "dns_nscount",
+      "label": "DNS.NSCOUNT",
+      "type": "int"
+    },
+    {
+      "name": "dns_arcount",
+      "label": "DNS.ARCOUNT",
+      "type": "int"
+    },
+    {
+      "name": "dns_qname",
+      "label": "DNS.QNAME",
+      "type": "string"
+    },
+    {
+      "name": "dns_qtype",
+      "label": "DNS.QTYPE",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "A"
+          },
+          {
+            "code": "2",
+            "value": "NS"
+          },
+          {
+            "code": "5",
+            "value": "CNAME"
+          },
+          {
+            "code": "6",
+            "value": "SOA"
+          },
+          {
+            "code": "11",
+            "value": "WKS"
+          },
+          {
+            "code": "12",
+            "value": "PTR"
+          },
+          {
+            "code": "13",
+            "value": "HINFO"
+          },
+          {
+            "code": "11",
+            "value": "WKS"
+          },
+          {
+            "code": "15",
+            "value": "MX"
+          },
+          {
+            "code": "28",
+            "value": "AAAA"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "dns_qclass",
+      "label": "DNS.QCLASS",
+      "type": "int"
+    },
+    {
+      "name": "dns_cname",
+      "label": "DNS.CNAME",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "dns_sub",
+      "label": "DNS.SUB",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "DNS"
+          },
+          {
+            "code": "2",
+            "value": "DNSSEC"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "dns_rr",
+      "label": "DNS.RR",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "dns_response_latency_ms",
+      "label": "DNS.Response Latency(ms)",
+      "type": "int"
+    },
+    {
+      "name": "ssl_version",
+      "label": "SSL.Version",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "ssl_sni",
+      "label": "SSL.SNI",
+      "doc": {
+        "format": {
+          "functions": "sub_domain",
+          "appendTo": "http_domain"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "ssl_san",
+      "label": "SSL.SAN",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "ssl_cn",
+      "label": "SSL.CN",
+      "type": "string"
+    },
+    {
+      "name": "ssl_pinningst",
+      "label": "SSL.Pinning",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "Not Pinning"
+          },
+          {
+            "code": "1",
+            "value": "Pinning"
+          },
+          {
+            "code": "2",
+            "value": "Maybe Pinning"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "ssl_intercept_state",
+      "label": "SSL.Intercept State",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "Passthrough"
+          },
+          {
+            "code": "1",
+            "value": "Intercept"
+          },
+          {
+            "code": "2",
+            "value": "Shutdown"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "ssl_passthrough_reason",
+      "label": "SSL.Passthrough Reason",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "ssl_server_side_latency",
+      "label": "SSL.Server Side Latency(ms)",
+      "type": "int"
+    },
+    {
+      "name": "ssl_client_side_latency",
+      "label": "SSL.Client Side Latency(ms)",
+      "type": "int"
+    },
+    {
+      "name": "ssl_server_side_version",
+      "label": "SSL.Server Side Version",
+      "type": "string"
+    },
+    {
+      "name": "ssl_client_side_version",
+      "label": "SSL.Client Side Version",
+      "type": "string"
+    },
+    {
+      "name": "ssl_cert_verify",
+      "label": "SSL.Certificate Verify",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "No"
+          },
+          {
+            "code": "1",
+            "value": "Yes"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "ssl_error",
+      "label": "SSL.Error",
+      "type": "string"
+    },
+    {
+      "name": "ssl_con_latency_ms",
+      "label": "SSL.Connection Latency(ms)",
+      "type": "int"
+    },
+    {
+      "name": "ssl_ja3_fingerprint",
+      "label": "SSL.JA3",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "ssl_ja3_hash",
+      "label": "SSL.JA3 hash",
+      "type": "string"
+    },
+    {
+      "name": "ssl_cert_issuer",
+      "label": "SSL.Issuer",
+      "doc": {
+        "constraints": {
+          "type": "items"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "ssl_cert_subject",
+      "label": "SSL.Subject",
+      "doc": {
+        "constraints": {
+          "type": "items"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "quic_version",
+      "label": "QUIC.Version",
+      "type": "string"
+    },
+    {
+      "name": "quic_sni",
+      "label": "QUIC.SNI",
+      "doc": {
+        "format": {
+          "functions": "sub_domain",
+          "appendTo": "http_domain"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "quic_user_agent",
+      "label": "QUIC.User Agent",
+      "type": "string"
+    },
+    {
+      "name": "ftp_account",
+      "label": "FTP.Account",
+      "type": "string"
+    },
+    {
+      "name": "ftp_url",
+      "label": "FTP.URL",
+      "type": "string"
+    },
+    {
+      "name": "ftp_content",
+      "label": "FTP.Content",
+      "type": "string"
+    },
+    {
+      "name": "ftp_link_type",
+      "label": "FTP.Link Type",
+      "type": "string"
+    },
+    {
+      "name": "bgp_type",
+      "label": "BGP.Type",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "int"
+    },
+    {
+      "name": "bgp_as_num",
+      "label": "BGP.AS Number",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "bgp_route",
+      "label": "BGP.Route",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "voip_calling_account",
+      "label": "VoIP.Calling Account",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "voip_called_account",
+      "label": "VoIP.Called Account",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "voip_calling_number",
+      "label": "VoIP.Calling Number",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "voip_called_number",
+      "label": "VoIP.Called Number",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "streaming_media_url",
+      "label": "Streaming.Media URL",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "streaming_media_protocol",
+      "label": "Streaming.Media Protocol",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "app_extra_info",
+      "label": "APP.Extra Info",
+      "type": "string"
+    },
+    {
+      "name": "sip_call_id",
+      "label": "SIP.Call-ID",
+      "type": "string"
+    },
+    {
+      "name": "sip_originator_description",
+      "label": "SIP.Originator",
+      "type": "string"
+    },
+    {
+      "name": "sip_responder_description",
+      "label": "SIP.Responder",
+      "type": "string"
+    },
+    {
+      "name": "sip_user_agent",
+      "label": "SIP.User-Agent",
+      "type": "string"
+    },
+    {
+      "name": "sip_server",
+      "label": "SIP.Server",
+      "type": "string"
+    },
+    {
+      "name": "sip_originator_sdp_connect_ip",
+      "label": "SIP.Originator IP",
+      "type": "string"
+    },
+    {
+      "name": "sip_originator_sdp_media_port",
+      "label": "SIP.Originator Port",
+      "type": "int"
+    },
+    {
+      "name": "sip_originator_sdp_media_type",
+      "label": "SIP.Originator Media Type",
+      "type": "string"
+    },
+    {
+      "name": "sip_originator_sdp_content",
+      "label": "SIP.Originator Content",
+      "type": "string"
+    },
+    {
+      "name": "sip_responder_sdp_connect_ip",
+      "label": "SIP.Responder IP",
+      "type": "string"
+    },
+    {
+      "name": "sip_responder_sdp_media_port",
+      "label": "SIP.Responder Port",
+      "type": "int"
+    },
+    {
+      "name": "sip_responder_sdp_media_type",
+      "label": "SIP.Responder Media Type",
+      "type": "string"
+    },
+    {
+      "name": "sip_responder_sdp_content",
+      "label": "SIP.Responder Content",
+      "type": "string"
+    },
+    {
+      "name": "sip_duration_s",
+      "label": "SIP.Duration(s)",
+      "type": "int"
+    },
+    {
+      "name": "sip_bye",
+      "label": "SIP.Bye",
+      "type": "string"
+    },
+    {
+      "name": "rtp_payload_type_c2s",
+      "label": "RTP.Payload Type(c2s)",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "PCMU"
+          },
+          {
+            "code": "1",
+            "value": "1016"
+          },
+          {
+            "code": "2",
+            "value": "G721"
+          },
+          {
+            "code": "3",
+            "value": "GSM"
+          },
+          {
+            "code": "4",
+            "value": "G723"
+          },
+          {
+            "code": "5",
+            "value": "DVI4_8000"
+          },
+          {
+            "code": "6",
+            "value": "DVI4_16000"
+          },
+          {
+            "code": "7",
+            "value": "LPC"
+          },
+          {
+            "code": "8",
+            "value": "PCMA"
+          },
+          {
+            "code": "9",
+            "value": "G722"
+          },
+          {
+            "code": "10",
+            "value": "L16_STEREO"
+          },
+          {
+            "code": "11",
+            "value": "L16_MONO"
+          },
+          {
+            "code": "12",
+            "value": "QCELP"
+          },
+          {
+            "code": "13",
+            "value": "CN"
+          },
+          {
+            "code": "14",
+            "value": "MPA"
+          },
+          {
+            "code": "15",
+            "value": "G728"
+          },
+          {
+            "code": "16",
+            "value": "DVI4_11025"
+          },
+          {
+            "code": "17",
+            "value": "DVI4_22050"
+          },
+          {
+            "code": "18",
+            "value": "G729"
+          },
+          {
+            "code": "19",
+            "value": "CN_OLD"
+          },
+          {
+            "code": "25",
+            "value": "CELB"
+          },
+          {
+            "code": "26",
+            "value": "JPEG"
+          },
+          {
+            "code": "28",
+            "value": "NV"
+          },
+          {
+            "code": "31",
+            "value": "H261"
+          },
+          {
+            "code": "32",
+            "value": "MPV"
+          },
+          {
+            "code": "33",
+            "value": "MP2T"
+          },
+          {
+            "code": "34",
+            "value": "H263"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "rtp_payload_type_s2c",
+      "label": "RTP.Payload Type(s2c)",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "PCMU"
+          },
+          {
+            "code": "1",
+            "value": "1016"
+          },
+          {
+            "code": "2",
+            "value": "G721"
+          },
+          {
+            "code": "3",
+            "value": "GSM"
+          },
+          {
+            "code": "4",
+            "value": "G723"
+          },
+          {
+            "code": "5",
+            "value": "DVI4_8000"
+          },
+          {
+            "code": "6",
+            "value": "DVI4_16000"
+          },
+          {
+            "code": "7",
+            "value": "LPC"
+          },
+          {
+            "code": "8",
+            "value": "PCMA"
+          },
+          {
+            "code": "9",
+            "value": "G722"
+          },
+          {
+            "code": "10",
+            "value": "L16_STEREO"
+          },
+          {
+            "code": "11",
+            "value": "L16_MONO"
+          },
+          {
+            "code": "12",
+            "value": "QCELP"
+          },
+          {
+            "code": "13",
+            "value": "CN"
+          },
+          {
+            "code": "14",
+            "value": "MPA"
+          },
+          {
+            "code": "15",
+            "value": "G728"
+          },
+          {
+            "code": "16",
+            "value": "DVI4_11025"
+          },
+          {
+            "code": "17",
+            "value": "DVI4_22050"
+          },
+          {
+            "code": "18",
+            "value": "G729"
+          },
+          {
+            "code": "19",
+            "value": "CN_OLD"
+          },
+          {
+            "code": "25",
+            "value": "CELB"
+          },
+          {
+            "code": "26",
+            "value": "JPEG"
+          },
+          {
+            "code": "28",
+            "value": "NV"
+          },
+          {
+            "code": "31",
+            "value": "H261"
+          },
+          {
+            "code": "32",
+            "value": "MPV"
+          },
+          {
+            "code": "33",
+            "value": "MP2T"
+          },
+          {
+            "code": "34",
+            "value": "H263"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "rtp_pcap_path",
+      "label": "RTP.PCAP",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "files"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "rtp_originator_dir",
+      "label": "RTP.Direction",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "unknown"
+          },
+          {
+            "code": "1",
+            "value": "c2s"
+          },
+          {
+            "code": "2",
+            "value": "s2c"
+          }
+        ],
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "ssh_version",
+      "label": "SSH.Version",
+      "type": "string"
+    },
+    {
+      "name": "ssh_auth_success",
+      "label": "SSH.Authentication Result",
+      "type": "string"
+    },
+    {
+      "name": "ssh_client_version",
+      "label": "SSH.Client Version",
+      "type": "string"
+    },
+    {
+      "name": "ssh_server_version",
+      "label": "SSH.Server Version",
+      "type": "string"
+    },
+    {
+      "name": "ssh_cipher_alg",
+      "label": "SSH.Encryption Algorithm",
+      "type": "string"
+    },
+    {
+      "name": "ssh_mac_alg",
+      "label": "SSH.Signing Algorithm",
+      "type": "string"
+    },
+    {
+      "name": "ssh_compression_alg",
+      "label": "SSH.Compression Algorithm",
+      "type": "string"
+    },
+    {
+      "name": "ssh_kex_alg",
+      "label": "SSH. Key Exchange Algorithm",
+      "type": "string"
+    },
+    {
+      "name": "ssh_host_key_alg",
+      "label": "SSH.Server Host Key Algorithm",
+      "type": "string"
+    },
+    {
+      "name": "ssh_host_key",
+      "label": "SSH.Server Key Fingerprint",
+      "type": "string"
+    },
+    {
+      "name": "ssh_hassh",
+      "label": "SSH.HASSH",
+      "type": "string"
+    },
+    {
+      "name": "stratum_cryptocurrency",
+      "label": "Stratum.Cryptocurrency",
+      "type": "string"
+    },
+    {
+      "name": "stratum_mining_pools",
+      "label": "Stratum.Mining Pools",
+      "type": "string"
+    },
+    {
+      "name": "stratum_mining_program",
+      "label": "Stratum.Mining Program",
+      "type": "string"
+    },
+    {
+      "name": "rdp_cookie",
+      "label": "RDP.Cookie",
+      "type": "string"
+    },
+    {
+      "name": "rdp_security_protocol",
+      "label": "RDP.Security Protocol",
+      "type": "string"
+    },
+    {
+      "name": "rdp_client_channels",
+      "label": "RDP.Client Channels",
+      "type": "string"
+    },
+    {
+      "name": "rdp_keyboard_layout",
+      "label": "RDP.Keyboard Layout",
+      "type": "string"
+    },
+    {
+      "name": "rdp_client_version",
+      "label": "RDP.Client Version",
+      "type": "string"
+    },
+    {
+      "name": "rdp_client_name",
+      "label": "RDP.Client Name",
+      "type": "string"
+    },
+    {
+      "name": "rdp_client_product_id",
+      "label": "RDP.Client Product ID",
+      "type": "string"
+    },
+    {
+      "name": "rdp_desktop_width",
+      "label": "RDP. Desktop Width",
+      "type": "string"
+    },
+    {
+      "name": "rdp_desktop_height",
+      "label": "RDP.Desktop Height",
+      "type": "string"
+    },
+    {
+      "name": "rdp_requested_color_depth",
+      "label": "RDP.Requested Color Depth",
+      "type": "string"
+    },
+    {
+      "name": "rdp_certificate_type",
+      "label": "RDP.Certificate Type",
+      "type": "string"
+    },
+    {
+      "name": "rdp_certificate_count",
+      "label": "RDP.Certificate Count",
+      "type": "int"
+    },
+    {
+      "name": "rdp_certificate_permanent",
+      "label": "RDP.Certificate Permanent",
+      "type": "int"
+    },
+    {
+      "name": "rdp_encryption_level",
+      "label": "RDP.Encryption Level",
+      "type": "string"
+    },
+    {
+      "name": "rdp_encryption_method",
+      "label": "RDP.Encryption Method",
+      "type": "string"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/TSG发布版本更新记录/TSG-22.05/qgw/config/session_record_common_client_ip.json b/TSG发布版本更新记录/TSG-22.05/qgw/config/session_record_common_client_ip.json
new file mode 100644
index 0000000..9184e36
--- /dev/null
+++ b/TSG发布版本更新记录/TSG-22.05/qgw/config/session_record_common_client_ip.json
@@ -0,0 +1,71 @@
+{
+  "type": "record",
+  "name": "session_record_common_client_ip",
+  "namespace": "tsg_galaxy_v3",
+  "doc": {
+    "primary_key": "common_log_id",
+    "index_key": "common_client_ip"
+  },
+  "fields": [
+    {
+      "name": "common_log_id",
+      "type": "long"
+    },
+    {
+      "name": "common_recv_time",
+      "type": "long"
+    },
+    {
+      "name": "common_server_ip",
+      "type": "string"
+    },
+    {
+      "name": "common_client_ip",
+      "type": "string"
+    },
+    {
+      "name": "common_sled_ip",
+      "type": "string"
+    },
+    {
+      "name": "common_entrance_id",
+      "type": "int"
+    },
+    {
+      "name": "common_subscriber_id",
+      "type": "string"
+    },
+    {
+      "name": "common_stream_trace_id",
+      "type": "long"
+    },
+    {
+      "name": "common_schema_type",
+      "type": "string"
+    },
+    {
+      "name": "common_client_port",
+      "type": "int"
+    },
+    {
+      "name": "common_server_port",
+      "type": "int"
+    },
+    {
+      "name": "common_app_label",
+      "type": "string"
+    },
+    {
+      "name": "common_direction",
+      "type": "int"
+    },
+    {
+      "name": "http_domain",
+      "type": "string"
+    },
+    {
+      "name": "ssl_sni",
+      "type": "string"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/TSG发布版本更新记录/TSG-22.05/qgw/config/session_record_common_server_ip.json b/TSG发布版本更新记录/TSG-22.05/qgw/config/session_record_common_server_ip.json
new file mode 100644
index 0000000..a7c977f
--- /dev/null
+++ b/TSG发布版本更新记录/TSG-22.05/qgw/config/session_record_common_server_ip.json
@@ -0,0 +1,71 @@
+{
+  "type": "record",
+  "name": "session_record_common_server_ip",
+  "namespace": "tsg_galaxy_v3",
+  "doc": {
+    "primary_key": "common_log_id",
+    "index_key": "common_server_ip"
+  },
+  "fields": [
+    {
+      "name": "common_log_id",
+      "type": "long"
+    },
+    {
+      "name": "common_recv_time",
+      "type": "long"
+    },
+    {
+      "name": "common_server_ip",
+      "type": "string"
+    },
+    {
+      "name": "common_client_ip",
+      "type": "string"
+    },
+    {
+      "name": "common_sled_ip",
+      "type": "string"
+    },
+    {
+      "name": "common_entrance_id",
+      "type": "int"
+    },
+    {
+      "name": "common_subscriber_id",
+      "type": "string"
+    },
+    {
+      "name": "common_stream_trace_id",
+      "type": "long"
+    },
+    {
+      "name": "common_schema_type",
+      "type": "string"
+    },
+    {
+      "name": "common_client_port",
+      "type": "int"
+    },
+    {
+      "name": "common_server_port",
+      "type": "int"
+    },
+    {
+      "name": "common_app_label",
+      "type": "string"
+    },
+    {
+      "name": "common_direction",
+      "type": "int"
+    },
+    {
+      "name": "http_domain",
+      "type": "string"
+    },
+    {
+      "name": "ssl_sni",
+      "type": "string"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/TSG发布版本更新记录/TSG-22.05/qgw/config/session_record_http_domain.json b/TSG发布版本更新记录/TSG-22.05/qgw/config/session_record_http_domain.json
new file mode 100644
index 0000000..65414ea
--- /dev/null
+++ b/TSG发布版本更新记录/TSG-22.05/qgw/config/session_record_http_domain.json
@@ -0,0 +1,71 @@
+{
+  "type": "record",
+  "name": "session_record_http_domain",
+  "namespace": "tsg_galaxy_v3",
+  "doc": {
+    "primary_key": "common_log_id",
+    "index_key": "http_domain"
+  },
+  "fields": [
+    {
+      "name": "common_log_id",
+      "type": "long"
+    },
+    {
+      "name": "common_recv_time",
+      "type": "long"
+    },
+    {
+      "name": "common_server_ip",
+      "type": "string"
+    },
+    {
+      "name": "common_client_ip",
+      "type": "string"
+    },
+    {
+      "name": "common_sled_ip",
+      "type": "string"
+    },
+    {
+      "name": "common_entrance_id",
+      "type": "int"
+    },
+    {
+      "name": "common_subscriber_id",
+      "type": "string"
+    },
+    {
+      "name": "common_stream_trace_id",
+      "type": "long"
+    },
+    {
+      "name": "common_schema_type",
+      "type": "string"
+    },
+    {
+      "name": "common_client_port",
+      "type": "int"
+    },
+    {
+      "name": "common_server_port",
+      "type": "int"
+    },
+    {
+      "name": "common_app_label",
+      "type": "string"
+    },
+    {
+      "name": "common_direction",
+      "type": "int"
+    },
+    {
+      "name": "http_domain",
+      "type": "string"
+    },
+    {
+      "name": "ssl_sni",
+      "type": "string"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/TSG发布版本更新记录/TSG-22.05/qgw/config/sys_packet_capture_event.json b/TSG发布版本更新记录/TSG-22.05/qgw/config/sys_packet_capture_event.json
new file mode 100644
index 0000000..0a5d0ce
--- /dev/null
+++ b/TSG发布版本更新记录/TSG-22.05/qgw/config/sys_packet_capture_event.json
@@ -0,0 +1,819 @@
+{
+  "type": "record",
+  "name": "sys_packet_capture_event",
+  "namespace": "tsg_galaxy_v3",
+  "doc": {
+    "primary_key": "common_log_id",
+    "partition_key": "common_recv_time"
+  },
+  "fields": [
+    {
+      "name": "common_recv_time",
+      "type": "long",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "current_timestamp"
+        }
+      },
+      "label": "Receive Time"
+    },
+    {
+      "name": "common_log_id",
+      "type": "long",
+      "doc": {
+        "format": {
+          "functions": "snowflake_id"
+        }
+      },
+      "label": "Log ID"
+    },
+    {
+      "name": "common_policy_id",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Policy ID"
+    },
+    {
+      "name": "common_subscriber_id",
+      "type": "string",
+      "label": "Subscriber ID"
+    },
+    {
+      "name": "common_imei",
+      "type": "string",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "label": "IMEI"
+    },
+    {
+      "name": "common_imsi",
+      "type": "string",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "label": "IMSI"
+    },
+    {
+      "name": "common_phone_number",
+      "type": "string",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "label": "Phone Number"
+    },
+    {
+      "name": "common_client_ip",
+      "type": "string",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        }
+      },
+      "label": "Client IP"
+    },
+    {
+      "name": "common_internal_ip",
+      "type": "string",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        }
+      },
+      "label": "Internal IP"
+    },
+    {
+      "name": "common_client_port",
+      "type": "int",
+      "label": "Client Port"
+    },
+    {
+      "name": "common_l4_protocol",
+      "type": "string",
+      "label": "L4 Protocol"
+    },
+    {
+      "name": "common_address_type",
+      "type": "int",
+      "doc": {
+        "data": [
+          {
+            "code": "4",
+            "value": "ipv4"
+          },
+          {
+            "code": "6",
+            "value": "ipv6"
+          }
+        ]
+      },
+      "label": "Address Type"
+    },
+    {
+      "name": "common_server_ip",
+      "type": "string",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        }
+      },
+      "label": "Server IP"
+    },
+    {
+      "name": "common_server_port",
+      "type": "int",
+      "label": "Server Port"
+    },
+    {
+      "name": "common_external_ip",
+      "type": "string",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        }
+      },
+      "label": "External IP"
+    },
+    {
+      "name": "common_action",
+      "type": "int",
+      "doc": {
+        "data": [
+          {
+            "code": "0",
+            "value": "None"
+          },
+          {
+            "code": "1",
+            "value": "Monitor"
+          },
+          {
+            "code": "2",
+            "value": "Intercept"
+          },
+          {
+            "code": "16",
+            "value": "Deny"
+          },
+          {
+            "code": "128",
+            "value": "Allow"
+          }
+        ]
+      },
+      "label": "Action"
+    },
+    {
+      "name": "common_direction",
+      "type": "int",
+      "doc": {
+        "data": [
+          {
+            "code": "69",
+            "value": "outbound"
+          },
+          {
+            "code": "73",
+            "value": "inbound"
+          }
+        ]
+      },
+      "label": "Direction"
+    },
+    {
+      "name": "common_entrance_id",
+      "type": "int",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "label": "Entrance ID"
+    },
+    {
+      "name": "common_sled_ip",
+      "type": "string",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        }
+      },
+      "label": "Sled IP"
+    },
+    {
+      "name": "common_client_location",
+      "type": "string",
+      "label": "Client Location"
+    },
+    {
+      "name": "common_client_asn",
+      "type": "string",
+      "label": "Client ASN"
+    },
+    {
+      "name": "common_server_location",
+      "type": "string",
+      "label": "Server Location"
+    },
+    {
+      "name": "common_server_asn",
+      "type": "string",
+      "label": "Server ASN"
+    },
+    {
+      "name": "common_sessions",
+      "type": "long",
+      "label": "Sessions"
+    },
+    {
+      "name": "common_c2s_pkt_num",
+      "type": "long",
+      "label": "Packets Sent"
+    },
+    {
+      "name": "common_s2c_pkt_num",
+      "type": "long",
+      "label": "Packets Received"
+    },
+    {
+      "name": "common_c2s_byte_num",
+      "type": "long",
+      "label": "Bytes Sent"
+    },
+    {
+      "name": "common_s2c_byte_num",
+      "type": "long",
+      "label": "Bytes Received"
+    },
+    {
+      "name": "common_c2s_pkt_diff",
+      "label": "Packets Sent(Diff)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_diff",
+      "label": "Packets Received(Diff)",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_diff",
+      "label": "Bytes Sent(Diff)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_diff",
+      "label": "Bytes Received(Diff)",
+      "type": "long"
+    },
+    {
+      "name": "common_service",
+      "type": "int",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "label": "Service"
+    },
+    {
+      "name": "common_schema_type",
+      "type": "string",
+      "doc": {
+        "data": [
+          {
+            "code": "BASE",
+            "value": "BASE"
+          },
+          {
+            "code": "HTTP",
+            "value": "HTTP"
+          },
+          {
+            "code": "MAIL",
+            "value": "MAIL"
+          },
+          {
+            "code": "DNS",
+            "value": "DNS"
+          },
+          {
+            "code": "SSL",
+            "value": "SSL"
+          },
+          {
+            "code": "FTP",
+            "value": "FTP"
+          }
+        ],
+        "visibility": "hidden"
+      },
+      "label": "Schema Type"
+    },
+    {
+      "name": "common_user_tags",
+      "type": "string",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "label": "User Tags"
+    },
+    {
+      "name": "common_sub_action",
+      "type": "string",
+      "doc": {
+        "data": [
+          {
+            "code": "allow",
+            "value": "Allow"
+          },
+          {
+            "code": "deny",
+            "value": "Deny"
+          },
+          {
+            "code": "monitor",
+            "value": "Monitor"
+          },
+          {
+            "code": "replace",
+            "value": "Replace"
+          },
+          {
+            "code": "redirect",
+            "value": "Redirect"
+          },
+          {
+            "code": "insert",
+            "value": "Insert"
+          },
+          {
+            "code": "hijack",
+            "value": "Hijack"
+          }
+        ],
+        "visibility": "hidden"
+      },
+      "label": "Sub Action"
+    },
+    {
+      "name": "common_user_region",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "User Region"
+    },
+    {
+      "name": "common_device_id",
+      "type": "string",
+      "label": "Device ID"
+    },
+    {
+      "name": "common_egress_link_id",
+      "label": "Egress Link ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_ingress_link_id",
+      "label": "Ingress Link ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_isp",
+      "type": "string",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "label": "ISP"
+    },
+    {
+      "name": "common_device_tag",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden",
+        "format": {
+          "functions": "flattenSpec,flattenSpec",
+          "appendTo": "common_data_center,common_device_group",
+          "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value"
+        }
+      },
+      "label": "Device Tag"
+    },
+    {
+      "name": "common_data_center",
+      "label": "Data Center",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "device_tag.json#",
+          "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']",
+          "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_group",
+      "label": "Device Group",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "device_tag.json#",
+          "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']",
+          "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_app_behavior",
+      "label": "Application Behavior",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_encapsulation",
+      "type": "int",
+      "doc": {
+        "data": [
+          {
+            "code": "0",
+            "value": "Ethernet"
+          },
+          {
+            "code": "8",
+            "value": "PPP"
+          },
+          {
+            "code": "12",
+            "value": "CiscoHDLC"
+          }
+        ]
+      },
+      "label": "Encapsulation"
+    },
+    {
+      "name": "common_app_label",
+      "type": "string",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "label": "Application Label"
+    },
+    {
+      "name": "common_tunnels",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Tunnels"
+    },
+    {
+      "name": "common_protocol_label",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Protocol Label"
+    },
+    {
+      "name": "common_app_id",
+      "type": "string",
+      "label": "Application ID",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_userdefine_app_name",
+      "label": "User Define APP Name",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_app_surrogate_id",
+      "type": "string",
+      "label": "Surrogate ID",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_l7_protocol",
+      "type": "string",
+      "label": "L7 Protocol"
+    },
+    {
+      "name": "common_service_category",
+      "label": "FQDN Category",
+      "type": {
+        "type": "array",
+        "items": "int"
+      }
+    },
+    {
+      "name": "common_start_time",
+      "type": "long",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "visibility": "hidden"
+      },
+      "label": "Start Time"
+    },
+    {
+      "name": "common_end_time",
+      "type": "long",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "visibility": "hidden"
+      },
+      "label": "End Time"
+    },
+    {
+      "name": "common_establish_latency_ms",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Establish Latency(ms)"
+    },
+    {
+      "name": "common_con_duration_ms",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Duration(ms)"
+    },
+    {
+      "name": "common_stream_dir",
+      "type": "int",
+      "doc": {
+        "data": [
+          {
+            "code": "1",
+            "value": "c2s"
+          },
+          {
+            "code": "2",
+            "value": "s2c"
+          },
+          {
+            "code": "3",
+            "value": "double"
+          }
+        ]
+      },
+      "label": "Stream Direction"
+    },
+    {
+      "name": "common_address_list",
+      "type": "string",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "label": "Address List"
+    },
+    {
+      "name": "common_has_dup_traffic",
+      "type": "int",
+      "doc": {
+        "data": [
+          {
+            "code": "0",
+            "value": "No"
+          },
+          {
+            "code": "1",
+            "value": "Yes"
+          }
+        ],
+        "visibility": "hidden"
+      },
+      "label": "Duplication Traffic"
+    },
+    {
+      "name": "common_stream_error",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Stream Error"
+    },
+    {
+      "name": "common_stream_trace_id",
+      "type": "long",
+      "label": "Session ID"
+    },
+    {
+      "name": "common_link_info_c2s",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Link Info(c2s)"
+    },
+    {
+      "name": "common_link_info_s2c",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Link Info(s2c)"
+    },
+    {
+      "name": "common_packet_capture_file",
+      "label": "Packet Capture File",
+      "doc": {
+        "visibility": "hidden",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_c2s_ipfrag_num",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Fragmentation Packets(c2s)"
+    },
+    {
+      "name": "common_s2c_ipfrag_num",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Fragmentation Packets(s2c)"
+    },
+    {
+      "name": "common_c2s_tcp_lostlen",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Sequence Gap Loss(c2s)"
+    },
+    {
+      "name": "common_s2c_tcp_lostlen",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Sequence Gap Loss(s2c)"
+    },
+    {
+      "name": "common_c2s_tcp_unorder_num",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Unorder Packets(c2s)"
+    },
+    {
+      "name": "common_s2c_tcp_unorder_num",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Unorder Packets(s2c)"
+    },
+    {
+      "name": "common_c2s_pkt_retrans",
+      "type": "long",
+      "label": "Packet Retransmission(c2s)"
+    },
+    {
+      "name": "common_s2c_pkt_retrans",
+      "type": "long",
+      "label": "Packet Retransmission(s2c)"
+    },
+    {
+      "name": "common_c2s_byte_retrans",
+      "type": "long",
+      "label": "Byte Retransmission(c2s)"
+    },
+    {
+      "name": "common_s2c_byte_retrans",
+      "type": "long",
+      "label": "Byte Retransmission(s2c)"
+    },
+    {
+      "name": "common_tcp_client_isn",
+      "label": "TCP Client ISN",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_tcp_server_isn",
+      "label": "TCP Server ISN",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_first_ttl",
+      "type": "int",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "First TTL"
+    },
+    {
+      "name": "common_processing_time",
+      "type": "long",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "current_timestamp"
+        }
+      },
+      "label": "Processing Time"
+    },
+    {
+      "name": "common_ingestion_time",
+      "label": "Ingestion Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "ingestion_time"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_mirrored_pkts",
+      "label": "Mirrored Packets",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_mirrored_bytes",
+      "label": "Mirrored Bytes",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "nic_name",
+      "type": "string",
+      "label": "Nic Name"
+    },
+    {
+      "name": "origin_source_mac",
+      "type": "string",
+      "label": "Origin Source Mac"
+    },
+    {
+      "name": "origin_dest_mac",
+      "type": "string",
+      "label": "Origin Dest Mac"
+    },
+    {
+      "name": "packet_url",
+      "type": "string",
+      "label": "Packet URL"
+    },
+    {
+      "name": "pcap_storage_task_id",
+      "type": "int",
+      "label": "Task ID"
+    },
+    {
+      "name": "pcap_storage_duration",
+      "type": "int",
+      "label": "Duration"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/TSG发布版本更新记录/TSG-22.05/qgw/config/transaction_record.json b/TSG发布版本更新记录/TSG-22.05/qgw/config/transaction_record.json
new file mode 100644
index 0000000..c2d3e38
--- /dev/null
+++ b/TSG发布版本更新记录/TSG-22.05/qgw/config/transaction_record.json
@@ -0,0 +1,1519 @@
+{
+  "type": "record",
+  "name": "transaction_record",
+  "namespace": "tsg_galaxy_v3",
+  "doc": {
+    "primary_key": "common_stream_trace_id",
+    "partition_key": "common_recv_time",
+    "functions": {
+      "$ref": "public_schema_info.json#/functions"
+    },
+    "schema_query": {
+      "dimensions": [
+        "common_server_ip",
+        "common_client_ip",
+        "common_internal_ip",
+        "common_external_ip",
+        "common_sled_ip",
+        "common_device_id",
+        "common_client_location",
+        "common_server_location",
+        "common_subscriber_id",
+        "common_client_port",
+        "common_server_port",
+        "common_schema_type",
+        "common_l4_protocol",
+        "common_l7_protocol",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_client_asn",
+        "common_server_asn",
+        "common_start_time",
+        "common_end_time",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "http_host",
+        "http_domain",
+        "http_url"
+      ],
+      "metrics": [
+        "common_server_ip",
+        "common_client_ip",
+        "common_internal_ip",
+        "common_external_ip",
+        "common_subscriber_id",
+        "common_sled_ip",
+        "common_device_id",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_sessions",
+        "common_con_duration_ms",
+        "common_establish_latency_ms",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "http_host",
+        "http_domain",
+        "http_url"
+      ],
+      "filters": [
+        "common_address_type",
+        "common_server_ip",
+        "common_client_ip",
+        "common_internal_ip",
+        "common_external_ip",
+        "common_client_port",
+        "common_server_port",
+        "common_client_location",
+        "common_server_location",
+        "common_subscriber_id",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_l4_protocol",
+        "common_l7_protocol",
+        "common_stream_dir",
+        "common_direction",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_sled_ip",
+        "common_device_id",
+        "common_schema_type",
+        "common_client_asn",
+        "common_server_asn",
+        "common_start_time",
+        "common_end_time",
+        "common_con_duration_ms",
+        "common_establish_latency_ms",
+        "common_imei",
+        "common_imsi",
+        "common_phone_number",
+        "http_host",
+        "http_domain",
+        "http_url"
+      ],
+      "references": {
+        "$ref": "public_schema_info.json#/schema_query/references"
+      },
+      "details": {
+        "general": [
+          "common_recv_time",
+          "common_log_id",
+          "common_stream_trace_id",
+          "common_direction",
+          "common_stream_dir",
+          "common_start_time",
+          "common_end_time",
+          "common_con_duration_ms",
+          "common_establish_latency_ms",
+          "common_processing_time",
+          "common_ingestion_time",
+          "common_entrance_id",
+          "common_device_id",
+          "common_egress_link_id",
+          "common_ingress_link_id",
+          "common_isp",
+          "common_data_center",
+          "common_device_group",
+          "common_sled_ip"
+        ],
+        "source": [
+          "common_client_ip",
+          "common_internal_ip",
+          "common_client_port",
+          "common_client_location",
+          "common_client_asn",
+          "common_subscriber_id",
+          "common_imei",
+          "common_imsi",
+          "common_phone_number"
+        ],
+        "destination": [
+          "common_server_ip",
+          "common_external_ip",
+          "common_server_port",
+          "common_server_location",
+          "common_server_asn"
+        ],
+        "application": [
+          "common_app_id",
+          "common_userdefine_app_name",
+          "common_app_label",
+          "common_app_surrogate_id",
+          "common_l7_protocol",
+          "common_protocol_label",
+          "common_service_category",
+          "common_service",
+          "common_l4_protocol",
+          "common_app_behavior"
+        ],
+        "transmission": [
+          "common_sessions",
+          "common_c2s_pkt_num",
+          "common_s2c_pkt_num",
+          "common_c2s_byte_num",
+          "common_s2c_byte_num",
+          "common_c2s_pkt_diff",
+          "common_s2c_pkt_diff",
+          "common_c2s_byte_diff",
+          "common_s2c_byte_diff",
+          "common_c2s_ipfrag_num",
+          "common_s2c_ipfrag_num",
+          "common_c2s_tcp_lostlen",
+          "common_s2c_tcp_lostlen",
+          "common_c2s_tcp_unorder_num",
+          "common_s2c_tcp_unorder_num",
+          "common_c2s_pkt_retrans",
+          "common_s2c_pkt_retrans",
+          "common_c2s_byte_retrans",
+          "common_s2c_byte_retrans",
+          "common_first_ttl",
+          "common_tcp_client_isn",
+          "common_tcp_server_isn",
+          "common_mirrored_pkts",
+          "common_mirrored_bytes"
+        ],
+        "other": [
+          "common_address_type",
+          "common_schema_type",
+          "common_device_tag",
+          "common_encapsulation",
+          "common_tunnels",
+          "common_address_list",
+          "common_has_dup_traffic",
+          "common_stream_error",
+          "common_link_info_c2s",
+          "common_link_info_s2c",
+          "common_packet_capture_file",
+          "common_action",
+          "common_sub_action",
+          "common_policy_id",
+          "common_user_tags",
+          "common_user_region"
+        ]
+      }
+    },
+    "schema_type": {
+      "BASE": {
+        "$ref": "public_schema_info.json#/schema_type/BASE"
+      },
+      "HTTP": {
+        "$ref": "public_schema_info.json#/schema_type/HTTP"
+      },
+      "MAIL": {
+        "$ref": "public_schema_info.json#/schema_type/MAIL"
+      },
+      "DNS": {
+        "$ref": "public_schema_info.json#/schema_type/DNS"
+      },
+      "SSL": {
+        "$ref": "public_schema_info.json#/schema_type/SSL"
+      },
+      "QUIC": {
+        "$ref": "public_schema_info.json#/schema_type/QUIC"
+      },
+      "FTP": {
+        "$ref": "public_schema_info.json#/schema_type/FTP"
+      },
+      "BGP": {
+        "$ref": "public_schema_info.json#/schema_type/BGP"
+      },
+      "SIP": {
+        "$ref": "public_schema_info.json#/schema_type/SIP"
+      },
+      "RTP": {
+        "$ref": "public_schema_info.json#/schema_type/RTP"
+      },
+      "APP": {
+        "$ref": "public_schema_info.json#/schema_type/APP"
+      }
+    },
+    "default_columns": [
+      "common_recv_time",
+      "common_log_id",
+      "common_subscriber_id",
+      "common_client_ip",
+      "common_server_ip",
+      "common_server_port",
+      "common_schema_type"
+    ],
+    "internal_columns": [
+      "common_recv_time",
+      "common_log_id",
+      "common_processing_time",
+      "common_ingestion_time",
+      "common_tunnels",
+      "common_packet_capture_file",
+      "http_request_body",
+      "http_response_body"
+    ],
+    "tunnel_type": {
+      "$ref": "public_schema_info.json#/tunnel_type"
+    }
+  },
+  "fields": [
+    {
+      "name": "common_recv_time",
+      "type": "long",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        }
+      },
+      "label": "Receive Time"
+    },
+    {
+      "name": "common_log_id",
+      "type": "long",
+      "doc": {
+        "format": {
+          "functions": "snowflake_id"
+        }
+      },
+      "label": "Log ID"
+    },
+    {
+      "name": "common_policy_id",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Policy ID"
+    },
+    {
+      "name": "common_subscriber_id",
+      "type": "string",
+      "label": "Subscriber ID"
+    },
+    {
+      "name": "common_imei",
+      "type": "string",
+      "label": "IMEI"
+    },
+    {
+      "name": "common_imsi",
+      "type": "string",
+      "label": "IMSI"
+    },
+    {
+      "name": "common_phone_number",
+      "type": "string",
+      "label": "Phone Number"
+    },
+    {
+      "name": "common_client_ip",
+      "type": "string",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "geo_asn,radius_match",
+          "appendTo": "common_client_asn,common_subscriber_id"
+        }
+      },
+      "label": "Client IP"
+    },
+    {
+      "name": "common_internal_ip",
+      "type": "string",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "if",
+          "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip"
+        }
+      },
+      "label": "Internal IP"
+    },
+    {
+      "name": "common_client_port",
+      "type": "int",
+      "label": "Client Port"
+    },
+    {
+      "name": "common_l4_protocol",
+      "type": "string",
+      "label": "L4 Protocol"
+    },
+    {
+      "name": "common_address_type",
+      "type": "int",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "4",
+            "value": "ipv4"
+          },
+          {
+            "code": "6",
+            "value": "ipv6"
+          }
+        ]
+      },
+      "label": "Address Type"
+    },
+    {
+      "name": "common_server_ip",
+      "type": "string",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "geo_asn",
+          "appendTo": "common_server_asn"
+        }
+      },
+      "label": "Server IP"
+    },
+    {
+      "name": "common_server_port",
+      "type": "int",
+      "label": "Server Port"
+    },
+    {
+      "name": "common_external_ip",
+      "type": "string",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "if",
+          "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip"
+        }
+      },
+      "label": "External IP"
+    },
+    {
+      "name": "common_action",
+      "type": "int",
+      "doc": {
+        "visibility": "hidden",
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "None"
+          },
+          {
+            "code": "1",
+            "value": "Monitor"
+          },
+          {
+            "code": "2",
+            "value": "Intercept"
+          },
+          {
+            "code": "16",
+            "value": "Deny"
+          },
+          {
+            "code": "128",
+            "value": "Allow"
+          }
+        ]
+      },
+      "label": "Action"
+    },
+    {
+      "name": "common_direction",
+      "type": "int",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "69",
+            "value": "outbound"
+          },
+          {
+            "code": "73",
+            "value": "inbound"
+          }
+        ]
+      },
+      "label": "Direction"
+    },
+    {
+      "name": "common_entrance_id",
+      "type": "int",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "label": "Entrance ID"
+    },
+    {
+      "name": "common_sled_ip",
+      "type": "string",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        }
+      },
+      "label": "Sled IP"
+    },
+    {
+      "name": "common_client_location",
+      "type": "string",
+      "label": "Client Location"
+    },
+    {
+      "name": "common_client_asn",
+      "type": "string",
+      "label": "Client ASN"
+    },
+    {
+      "name": "common_server_location",
+      "type": "string",
+      "label": "Server Location"
+    },
+    {
+      "name": "common_server_asn",
+      "type": "string",
+      "label": "Server ASN"
+    },
+    {
+      "name": "common_sessions",
+      "type": "long",
+      "label": "Sessions"
+    },
+    {
+      "name": "common_c2s_pkt_num",
+      "type": "long",
+      "label": "Packets Sent"
+    },
+    {
+      "name": "common_s2c_pkt_num",
+      "type": "long",
+      "label": "Packets Received"
+    },
+    {
+      "name": "common_c2s_byte_num",
+      "type": "long",
+      "label": "Bytes Sent"
+    },
+    {
+      "name": "common_s2c_byte_num",
+      "type": "long",
+      "label": "Bytes Received"
+    },
+    {
+      "name": "common_c2s_pkt_diff",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Packets Sent(Diff)"
+    },
+    {
+      "name": "common_s2c_pkt_diff",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Packets Received(Diff)"
+    },
+    {
+      "name": "common_c2s_byte_diff",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Bytes Sent(Diff)"
+    },
+    {
+      "name": "common_s2c_byte_diff",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Bytes Received(Diff)"
+    },
+    {
+      "name": "common_service",
+      "type": "int",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "label": "Service"
+    },
+    {
+      "name": "common_schema_type",
+      "type": "string",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "BASE",
+            "value": "BASE"
+          },
+          {
+            "code": "DNS",
+            "value": "DNS"
+          },
+          {
+            "code": "HTTP",
+            "value": "HTTP"
+          },
+          {
+            "code": "SIP",
+            "value": "SIP"
+          }
+        ]
+      },
+      "label": "Schema Type"
+    },
+    {
+      "name": "common_user_tags",
+      "type": "string",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "label": "User Tags"
+    },
+    {
+      "name": "common_sub_action",
+      "type": "string",
+      "doc": {
+        "data": [
+          {
+            "code": "allow",
+            "value": "Allow"
+          },
+          {
+            "code": "deny",
+            "value": "Deny"
+          },
+          {
+            "code": "monitor",
+            "value": "Monitor"
+          },
+          {
+            "code": "replace",
+            "value": "Replace"
+          },
+          {
+            "code": "redirect",
+            "value": "Redirect"
+          },
+          {
+            "code": "insert",
+            "value": "Insert"
+          },
+          {
+            "code": "hijack",
+            "value": "Hijack"
+          }
+        ],
+        "visibility": "hidden"
+      },
+      "label": "Sub Action"
+    },
+    {
+      "name": "common_user_region",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "User Region"
+    },
+    {
+      "name": "common_device_id",
+      "type": "string",
+      "label": "Device ID"
+    },
+    {
+      "name": "common_egress_link_id",
+      "label": "Egress Link ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_ingress_link_id",
+      "label": "Ingress Link ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_isp",
+      "type": "string",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "label": "ISP"
+    },
+    {
+      "name": "common_device_tag",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden",
+        "format": {
+          "functions": "flattenSpec,flattenSpec",
+          "appendTo": "common_data_center,common_device_group",
+          "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value"
+        }
+      },
+      "label": "Device Tag"
+    },
+    {
+      "name": "common_data_center",
+      "label": "Data Center",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "device_tag.json#",
+          "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']",
+          "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_group",
+      "label": "Device Group",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "device_tag.json#",
+          "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']",
+          "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_app_behavior",
+      "label": "Application Behavior",
+      "type": "string"
+    },
+    {
+      "name": "common_encapsulation",
+      "type": "int",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "public_schema_info.json#/fields/common_encapsulation/data"
+        },
+        "visibility": "hidden"
+      },
+      "label": "Encapsulation"
+    },
+    {
+      "name": "common_app_label",
+      "type": "string",
+      "label": "Application Label"
+    },
+    {
+      "name": "common_tunnels",
+      "type": "string",
+      "label": "Tunnels"
+    },
+    {
+      "name": "common_protocol_label",
+      "type": "string",
+      "label": "Protocol Label"
+    },
+    {
+      "name": "common_app_id",
+      "type": "string",
+      "label": "Application ID",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_userdefine_app_name",
+      "label": "User Define APP Name",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_app_surrogate_id",
+      "type": "string",
+      "label": "Surrogate ID",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_l7_protocol",
+      "type": "string",
+      "label": "L7 Protocol"
+    },
+    {
+      "name": "common_service_category",
+      "type": {
+        "type": "array",
+        "items": "int"
+      },
+      "doc": {
+        "constraints": {
+          "operator_functions": "has"
+        },
+        "dict_location": {
+          "path": "/v1/category/dict",
+          "key": "categoryId",
+          "value": "categoryName"
+        }
+      },
+      "label": "FQDN Category"
+    },
+    {
+      "name": "common_start_time",
+      "type": "long",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "timestamp"
+        }
+      },
+      "label": "Start Time"
+    },
+    {
+      "name": "common_end_time",
+      "type": "long",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "get_value",
+          "appendTo": "common_recv_time"
+        }
+      },
+      "label": "End Time"
+    },
+    {
+      "name": "common_establish_latency_ms",
+      "type": "long",
+      "label": "Establish Latency(ms)"
+    },
+    {
+      "name": "common_con_duration_ms",
+      "type": "long",
+      "label": "Duration(ms)"
+    },
+    {
+      "name": "common_stream_dir",
+      "type": "int",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "c2s"
+          },
+          {
+            "code": "2",
+            "value": "s2c"
+          },
+          {
+            "code": "3",
+            "value": "double"
+          }
+        ]
+      },
+      "label": "Stream Direction"
+    },
+    {
+      "name": "common_address_list",
+      "type": "string",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "label": "Address List"
+    },
+    {
+      "name": "common_has_dup_traffic",
+      "type": "int",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data"
+        },
+        "visibility": "hidden"
+      },
+      "label": "Duplication Traffic"
+    },
+    {
+      "name": "common_stream_error",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Stream Error"
+    },
+    {
+      "name": "common_stream_trace_id",
+      "type": "long",
+      "label": "Session ID"
+    },
+    {
+      "name": "common_link_info_c2s",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Link Info(c2s)"
+    },
+    {
+      "name": "common_link_info_s2c",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "Link Info(s2c)"
+    },
+    {
+      "name": "common_packet_capture_file",
+      "label": "Packet Capture File",
+      "doc": {
+        "visibility": "hidden",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_c2s_ipfrag_num",
+      "type": "long",
+      "label": "Fragmentation Packets(c2s)"
+    },
+    {
+      "name": "common_s2c_ipfrag_num",
+      "type": "long",
+      "label": "Fragmentation Packets(s2c)"
+    },
+    {
+      "name": "common_c2s_tcp_lostlen",
+      "type": "long",
+      "label": "Sequence Gap Loss(c2s)"
+    },
+    {
+      "name": "common_s2c_tcp_lostlen",
+      "type": "long",
+      "label": "Sequence Gap Loss(s2c)"
+    },
+    {
+      "name": "common_c2s_tcp_unorder_num",
+      "type": "long",
+      "label": "Unorder Packets(c2s)"
+    },
+    {
+      "name": "common_s2c_tcp_unorder_num",
+      "type": "long",
+      "label": "Unorder Packets(s2c)"
+    },
+    {
+      "name": "common_c2s_pkt_retrans",
+      "type": "long",
+      "label": "Packet Retransmission(c2s)"
+    },
+    {
+      "name": "common_s2c_pkt_retrans",
+      "type": "long",
+      "label": "Packet Retransmission(s2c)"
+    },
+    {
+      "name": "common_c2s_byte_retrans",
+      "type": "long",
+      "label": "Byte Retransmission(c2s)"
+    },
+    {
+      "name": "common_s2c_byte_retrans",
+      "type": "long",
+      "label": "Byte Retransmission(s2c)"
+    },
+    {
+      "name": "common_tcp_client_isn",
+      "type": "long",
+      "label": "TCP Client ISN"
+    },
+    {
+      "name": "common_tcp_server_isn",
+      "type": "long",
+      "label": "TCP Server ISN"
+    },
+    {
+      "name": "common_first_ttl",
+      "type": "int",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "First TTL"
+    },
+    {
+      "name": "common_processing_time",
+      "type": "long",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "current_timestamp"
+        }
+      },
+      "label": "Processing Time"
+    },
+    {
+      "name": "common_ingestion_time",
+      "label": "Ingestion Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "ingestion_time"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_mirrored_pkts",
+      "label": "Mirrored Packets",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_mirrored_bytes",
+      "label": "Mirrored Bytes",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "http_url",
+      "type": "string",
+      "label": "HTTP.URL"
+    },
+    {
+      "name": "http_host",
+      "type": "string",
+      "doc": {
+        "format": {
+          "functions": "sub_domain",
+          "appendTo": "http_domain"
+        }
+      },
+      "label": "HTTP.Host"
+    },
+    {
+      "name": "http_domain",
+      "type": "string",
+      "label": "HTTP.Domain"
+    },
+    {
+      "name": "http_request_line",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "HTTP.Request Line"
+    },
+    {
+      "name": "http_response_line",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "HTTP.Response Line"
+    },
+    {
+      "name": "http_request_header",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "HTTP.Request Headers"
+    },
+    {
+      "name": "http_response_header",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "HTTP.Response Headers"
+    },
+    {
+      "name": "http_request_content",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "HTTP.Request Content"
+    },
+    {
+      "name": "http_request_content_length",
+      "label": "HTTP.Request Content Length",
+      "type": "string"
+    },
+    {
+      "name": "http_request_content_type",
+      "label": "HTTP.Request Content Type",
+      "type": "string"
+    },
+    {
+      "name": "http_response_content",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "HTTP.Response Content"
+    },
+    {
+      "name": "http_response_content_length",
+      "label": "HTTP.Response Content Length",
+      "type": "string"
+    },
+    {
+      "name": "http_response_content_type",
+      "label": "HTTP.Response Content Type",
+      "type": "string"
+    },
+    {
+      "name": "http_request_body",
+      "type": "string",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "label": "HTTP.Request Body"
+    },
+    {
+      "name": "http_response_body",
+      "type": "string",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "label": "HTTP.Response Body"
+    },
+    {
+      "name": "http_request_body_key",
+      "type": "string",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "label": "HTTP.Request Body Key"
+    },
+    {
+      "name": "http_response_body_key",
+      "type": "string",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "label": "HTTP.Response Body Key"
+    },
+    {
+      "name": "http_proxy_flag",
+      "type": "int",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "HTTP.Proxy Flag"
+    },
+    {
+      "name": "http_sequence",
+      "type": "int",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "HTTP.Sequence"
+    },
+    {
+      "name": "http_snapshot",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "HTTP.Snapshot"
+    },
+    {
+      "name": "http_cookie",
+      "type": "string",
+      "label": "HTTP.Cookie"
+    },
+    {
+      "name": "http_referer",
+      "type": "string",
+      "label": "HTTP.Referer"
+    },
+    {
+      "name": "http_user_agent",
+      "type": "string",
+      "label": "HTTP.User Agent"
+    },
+    {
+      "name": "http_content_length",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "HTTP.Content Length"
+    },
+    {
+      "name": "http_content_type",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "label": "HTTP.Content Type"
+    },
+    {
+      "name": "http_set_cookie",
+      "type": "string",
+      "label": "HTTP.Set Cookie"
+    },
+    {
+      "name": "http_version",
+      "type": "string",
+      "label": "HTTP.Version"
+    },
+    {
+      "name": "http_response_latency_ms",
+      "type": "long",
+      "label": "HTTP.Response Latency(ms)"
+    },
+    {
+      "name": "http_session_duration_ms",
+      "type": "long",
+      "label": "HTTP.Session Duration(ms)"
+    },
+    {
+      "name": "http_action_file_size",
+      "type": "int",
+      "label": "HTTP.Action File Size"
+    },
+    {
+      "name": "dns_message_id",
+      "type": "int",
+      "label": "DNS.Message ID"
+    },
+    {
+      "name": "dns_qr",
+      "type": "int",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "QUERY"
+          },
+          {
+            "code": "1",
+            "value": "RESPONSE"
+          }
+        ]
+      },
+      "label": "DNS.QR"
+    },
+    {
+      "name": "dns_opcode",
+      "type": "int",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "QUERY"
+          },
+          {
+            "code": "1",
+            "value": "IQUERY"
+          },
+          {
+            "code": "2",
+            "value": "STATUS"
+          },
+          {
+            "code": "5",
+            "value": "UPDATE"
+          }
+        ]
+      },
+      "label": "DNS.OPCODE"
+    },
+    {
+      "name": "dns_aa",
+      "type": "int",
+      "label": "DNS.AA"
+    },
+    {
+      "name": "dns_tc",
+      "type": "int",
+      "label": "DNS.TC"
+    },
+    {
+      "name": "dns_rd",
+      "type": "int",
+      "label": "DNS.RD"
+    },
+    {
+      "name": "dns_ra",
+      "type": "int",
+      "label": "DNS.RA"
+    },
+    {
+      "name": "dns_rcode",
+      "type": "int",
+      "label": "DNS.RCODE"
+    },
+    {
+      "name": "dns_qdcount",
+      "type": "int",
+      "label": "DNS.QDCOUNT"
+    },
+    {
+      "name": "dns_ancount",
+      "type": "int",
+      "label": "DNS.ANCOUNT"
+    },
+    {
+      "name": "dns_nscount",
+      "type": "int",
+      "label": "DNS.NSCOUNT"
+    },
+    {
+      "name": "dns_arcount",
+      "type": "int",
+      "label": "DNS.ARCOUNT"
+    },
+    {
+      "name": "dns_qname",
+      "type": "string",
+      "label": "DNS.QNAME"
+    },
+    {
+      "name": "dns_qtype",
+      "type": "int",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "A"
+          },
+          {
+            "code": "2",
+            "value": "NS"
+          },
+          {
+            "code": "5",
+            "value": "CNAME"
+          },
+          {
+            "code": "6",
+            "value": "SOA"
+          },
+          {
+            "code": "11",
+            "value": "WKS"
+          },
+          {
+            "code": "12",
+            "value": "PTR"
+          },
+          {
+            "code": "13",
+            "value": "HINFO"
+          },
+          {
+            "code": "11",
+            "value": "WKS"
+          },
+          {
+            "code": "15",
+            "value": "MX"
+          },
+          {
+            "code": "28",
+            "value": "AAAA"
+          }
+        ]
+      },
+      "label": "DNS.QTYPE"
+    },
+    {
+      "name": "dns_qclass",
+      "type": "int",
+      "label": "DNS.QCLASS"
+    },
+    {
+      "name": "dns_cname",
+      "type": "string",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "label": "DNS.CNAME"
+    },
+    {
+      "name": "dns_sub",
+      "type": "int",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "DNS"
+          },
+          {
+            "code": "2",
+            "value": "DNSSEC"
+          }
+        ]
+      },
+      "label": "DNS.SUB"
+    },
+    {
+      "name": "dns_rr",
+      "type": "string",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "label": "DNS.RR"
+    },
+    {
+      "name": "dns_response_latency_ms",
+      "label": "DNS.Response Latency(ms)",
+      "type": "int"
+    },
+    {
+      "name": "sip_call_id",
+      "type": "string",
+      "label": "SIP.Call-ID"
+    },
+    {
+      "name": "sip_originator_description",
+      "type": "string",
+      "label": "SIP.Originator"
+    },
+    {
+      "name": "sip_responder_description",
+      "type": "string",
+      "label": "SIP.Responder"
+    },
+    {
+      "name": "sip_user_agent",
+      "type": "string",
+      "label": "SIP.User-Agent"
+    },
+    {
+      "name": "sip_server",
+      "type": "string",
+      "label": "SIP.Server"
+    },
+    {
+      "name": "sip_originator_sdp_connect_ip",
+      "type": "string",
+      "label": "SIP.Originator IP"
+    },
+    {
+      "name": "sip_originator_sdp_media_port",
+      "type": "int",
+      "label": "SIP.Originator Port"
+    },
+    {
+      "name": "sip_originator_sdp_media_type",
+      "type": "string",
+      "label": "SIP.Originator Media Type"
+    },
+    {
+      "name": "sip_originator_sdp_content",
+      "type": "string",
+      "label": "SIP.Originator Content"
+    },
+    {
+      "name": "sip_responder_sdp_connect_ip",
+      "type": "string",
+      "label": "SIP.Responder IP"
+    },
+    {
+      "name": "sip_responder_sdp_media_port",
+      "type": "int",
+      "label": "SIP.Responder Port"
+    },
+    {
+      "name": "sip_responder_sdp_media_type",
+      "type": "string",
+      "label": "SIP.Responder Media Type"
+    },
+    {
+      "name": "sip_responder_sdp_content",
+      "type": "string",
+      "label": "SIP.Responder Content"
+    },
+    {
+      "name": "sip_duration_s",
+      "type": "int",
+      "label": "SIP.Duration(s)"
+    },
+    {
+      "name": "sip_bye",
+      "type": "string",
+      "label": "SIP.Bye"
+    }
+  ]
+}
\ No newline at end of file
diff --git a/TSG发布版本更新记录/TSG-22.05/qgw/config/voip_record.json b/TSG发布版本更新记录/TSG-22.05/qgw/config/voip_record.json
new file mode 100644
index 0000000..c321165
--- /dev/null
+++ b/TSG发布版本更新记录/TSG-22.05/qgw/config/voip_record.json
@@ -0,0 +1,1396 @@
+{
+  "type": "record",
+  "name": "voip_record",
+  "namespace": "tsg_galaxy_v3",
+  "doc": {
+    "primary_key": "common_log_id",
+    "partition_key": "common_recv_time",
+    "functions": {
+      "$ref": "public_schema_info.json#/functions"
+    },
+    "schema_query": {
+      "dimensions": [
+        "common_server_ip",
+        "common_client_ip",
+        "common_internal_ip",
+        "common_external_ip",
+        "common_sled_ip",
+        "common_device_id",
+        "common_client_location",
+        "common_server_location",
+        "common_subscriber_id",
+        "common_client_port",
+        "common_server_port",
+        "common_schema_type",
+        "common_l4_protocol",
+        "common_l7_protocol",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_client_asn",
+        "common_server_asn",
+        "common_start_time",
+        "common_end_time",
+        "sip_call_id",
+        "sip_originator_description",
+        "sip_responder_description",
+        "sip_user_agent",
+        "sip_server",
+        "sip_duration_s",
+        "sip_bye",
+        "rtp_payload_type_c2s",
+        "rtp_payload_type_s2c",
+        "rtp_originator_dir"
+      ],
+      "metrics": [
+        "common_server_ip",
+        "common_client_ip",
+        "common_internal_ip",
+        "common_external_ip",
+        "common_subscriber_id",
+        "common_sled_ip",
+        "common_device_id",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_sessions",
+        "common_con_duration_ms",
+        "common_establish_latency_ms",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "sip_call_id",
+        "sip_originator_description",
+        "sip_responder_description",
+        "sip_user_agent",
+        "sip_server",
+        "sip_duration_s"
+      ],
+      "filters": [
+        "common_address_type",
+        "common_server_ip",
+        "common_client_ip",
+        "common_internal_ip",
+        "common_external_ip",
+        "common_client_port",
+        "common_server_port",
+        "common_client_location",
+        "common_server_location",
+        "common_subscriber_id",
+        "common_c2s_pkt_num",
+        "common_s2c_pkt_num",
+        "common_c2s_byte_num",
+        "common_s2c_byte_num",
+        "common_c2s_ipfrag_num",
+        "common_s2c_ipfrag_num",
+        "common_c2s_tcp_lostlen",
+        "common_s2c_tcp_lostlen",
+        "common_c2s_tcp_unorder_num",
+        "common_s2c_tcp_unorder_num",
+        "common_l4_protocol",
+        "common_l7_protocol",
+        "common_stream_dir",
+        "common_direction",
+        "common_data_center",
+        "common_device_group",
+        "common_app_behavior",
+        "common_sled_ip",
+        "common_device_id",
+        "common_schema_type",
+        "common_client_asn",
+        "common_server_asn",
+        "common_start_time",
+        "common_end_time",
+        "common_con_duration_ms",
+        "common_establish_latency_ms",
+        "sip_call_id",
+        "sip_originator_description",
+        "sip_responder_description",
+        "sip_user_agent",
+        "sip_server",
+        "sip_duration_s",
+        "sip_bye",
+        "rtp_payload_type_c2s",
+        "rtp_payload_type_s2c",
+        "rtp_originator_dir"
+      ],
+      "references": {
+        "$ref": "public_schema_info.json#/schema_query/references"
+      },
+      "details": {
+        "general": [
+          "common_recv_time",
+          "common_log_id",
+          "common_stream_trace_id",
+          "common_direction",
+          "common_stream_dir",
+          "common_start_time",
+          "common_end_time",
+          "common_con_duration_ms",
+          "common_establish_latency_ms",
+          "common_processing_time",
+          "common_ingestion_time",
+          "common_entrance_id",
+          "common_device_id",
+          "common_egress_link_id",
+          "common_ingress_link_id",
+          "common_isp",
+          "common_data_center",
+          "common_device_group",
+          "common_sled_ip"
+        ],
+        "source": [
+          "common_client_ip",
+          "common_internal_ip",
+          "common_client_port",
+          "common_client_location",
+          "common_client_asn",
+          "common_subscriber_id",
+          "common_imei",
+          "common_imsi",
+          "common_phone_number"
+        ],
+        "destination": [
+          "common_server_ip",
+          "common_external_ip",
+          "common_server_port",
+          "common_server_location",
+          "common_server_asn"
+        ],
+        "application": [
+          "common_app_id",
+          "common_userdefine_app_name",
+          "common_app_label",
+          "common_app_surrogate_id",
+          "common_l7_protocol",
+          "common_protocol_label",
+          "common_service_category",
+          "common_service",
+          "common_l4_protocol",
+          "common_app_behavior"
+        ],
+        "transmission": [
+          "common_sessions",
+          "common_c2s_pkt_num",
+          "common_s2c_pkt_num",
+          "common_c2s_byte_num",
+          "common_s2c_byte_num",
+          "common_c2s_pkt_diff",
+          "common_s2c_pkt_diff",
+          "common_c2s_byte_diff",
+          "common_s2c_byte_diff",
+          "common_c2s_ipfrag_num",
+          "common_s2c_ipfrag_num",
+          "common_c2s_tcp_lostlen",
+          "common_s2c_tcp_lostlen",
+          "common_c2s_tcp_unorder_num",
+          "common_s2c_tcp_unorder_num",
+          "common_c2s_pkt_retrans",
+          "common_s2c_pkt_retrans",
+          "common_c2s_byte_retrans",
+          "common_s2c_byte_retrans",
+          "common_first_ttl",
+          "common_tcp_client_isn",
+          "common_tcp_server_isn",
+          "common_mirrored_pkts",
+          "common_mirrored_bytes"
+        ],
+        "other": [
+          "common_address_type",
+          "common_schema_type",
+          "common_device_tag",
+          "common_encapsulation",
+          "common_tunnels",
+          "common_address_list",
+          "common_has_dup_traffic",
+          "common_stream_error",
+          "common_link_info_c2s",
+          "common_link_info_s2c",
+          "common_packet_capture_file",
+          "common_action",
+          "common_sub_action",
+          "common_policy_id",
+          "common_user_tags",
+          "common_user_region"
+        ]
+      }
+    },
+    "schema_type": {
+      "SIP": {
+        "$ref": "public_schema_info.json#/schema_type/SIP"
+      },
+      "RTP": {
+        "$ref": "public_schema_info.json#/schema_type/RTP"
+      },
+      "VoIP": {
+        "$ref": "public_schema_info.json#/schema_type/VoIP"
+      }
+    },
+    "default_columns": [
+      "common_recv_time",
+      "common_log_id",
+      "common_subscriber_id",
+      "common_client_ip",
+      "sip_originator_description",
+      "sip_responder_description",
+      "sip_call_id",
+      "common_server_ip",
+      "common_server_port",
+      "rtp_pcap_path",
+      "rtp_originator_dir"
+    ],
+    "internal_columns": [
+      "common_recv_time",
+      "common_log_id",
+      "common_processing_time",
+      "common_ingestion_time",
+      "common_packet_capture_file",
+      "rtp_pcap_path"
+    ],
+    "tunnel_type": {
+      "$ref": "public_schema_info.json#/tunnel_type"
+    }
+  },
+  "fields": [
+    {
+      "name": "common_recv_time",
+      "label": "Receive Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_log_id",
+      "label": "Log ID",
+      "doc": {
+        "format": {
+          "functions": "snowflake_id"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_policy_id",
+      "label": "Policy ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_subscriber_id",
+      "label": "Subscriber ID",
+      "type": "string"
+    },
+    {
+      "name": "common_imei",
+      "label": "IMEI",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_imsi",
+      "label": "IMSI",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_phone_number",
+      "label": "Phone Number",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_client_ip",
+      "label": "Client IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "geo_asn,radius_match",
+          "appendTo": "common_client_asn,common_subscriber_id"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_internal_ip",
+      "label": "Internal IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "if",
+          "param": "$.common_direction=69,$.common_client_ip,$.common_server_ip"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_client_port",
+      "label": "Client Port",
+      "type": "int"
+    },
+    {
+      "name": "common_l4_protocol",
+      "label": "L4 Protocol",
+      "type": "string"
+    },
+    {
+      "name": "common_address_type",
+      "label": "Address Type",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "4",
+            "value": "ipv4"
+          },
+          {
+            "code": "6",
+            "value": "ipv6"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_server_ip",
+      "label": "Server IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "geo_asn",
+          "appendTo": "common_server_asn"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_server_port",
+      "label": "Server Port",
+      "type": "int"
+    },
+    {
+      "name": "common_external_ip",
+      "label": "External IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        },
+        "format": {
+          "functions": "if",
+          "param": "$.common_direction=73,$.common_client_ip,$.common_server_ip"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_action",
+      "label": "Action",
+      "doc": {
+        "visibility": "hidden",
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "None"
+          },
+          {
+            "code": "1",
+            "value": "Monitor"
+          },
+          {
+            "code": "2",
+            "value": "Intercept"
+          },
+          {
+            "code": "16",
+            "value": "Deny"
+          },
+          {
+            "code": "128",
+            "value": "Allow"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_direction",
+      "label": "Direction",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "69",
+            "value": "outbound"
+          },
+          {
+            "code": "73",
+            "value": "inbound"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_entrance_id",
+      "label": "Entrance ID",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_sled_ip",
+      "label": "Sled IP",
+      "doc": {
+        "constraints": {
+          "type": "ip"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_client_location",
+      "label": "Client Location",
+      "type": "string"
+    },
+    {
+      "name": "common_client_asn",
+      "label": "Client ASN",
+      "type": "string"
+    },
+    {
+      "name": "common_server_location",
+      "label": "Server Location",
+      "type": "string"
+    },
+    {
+      "name": "common_server_asn",
+      "label": "Server ASN",
+      "type": "string"
+    },
+    {
+      "name": "common_sessions",
+      "label": "Sessions",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_pkt_num",
+      "label": "Packets Sent",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_num",
+      "label": "Packets Received",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_num",
+      "label": "Bytes Sent",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_num",
+      "label": "Bytes Received",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_pkt_diff",
+      "label": "Packets Sent(Diff)",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_diff",
+      "label": "Packets Received(Diff)",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_diff",
+      "label": "Bytes Sent(Diff)",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_diff",
+      "label": "Bytes Received(Diff)",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_service",
+      "label": "Service",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_schema_type",
+      "label": "Schema Type",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "VoIP",
+            "value": "VoIP"
+          },
+          {
+            "code": "SIP",
+            "value": "SIP"
+          },
+          {
+            "code": "RTP",
+            "value": "RTP"
+          }
+        ]
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_user_tags",
+      "label": "User Tags",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_sub_action",
+      "label": "Sub Action",
+      "doc": {
+        "data": [
+          {
+            "code": "allow",
+            "value": "Allow"
+          },
+          {
+            "code": "deny",
+            "value": "Deny"
+          },
+          {
+            "code": "monitor",
+            "value": "Monitor"
+          },
+          {
+            "code": "replace",
+            "value": "Replace"
+          },
+          {
+            "code": "redirect",
+            "value": "Redirect"
+          },
+          {
+            "code": "insert",
+            "value": "Insert"
+          },
+          {
+            "code": "hijack",
+            "value": "Hijack"
+          }
+        ],
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_user_region",
+      "label": "User Region",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_id",
+      "label": "Device ID",
+      "type": "string"
+    },
+    {
+      "name": "common_egress_link_id",
+      "label": "Egress Link ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_ingress_link_id",
+      "label": "Ingress Link ID",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_isp",
+      "label": "ISP",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_tag",
+      "label": "Device Tag",
+      "doc": {
+        "visibility": "hidden",
+        "format": {
+          "functions": "flattenSpec,flattenSpec",
+          "appendTo": "common_data_center,common_device_group",
+          "param": "$.tags[?(@.tag=='data_center')].value,$.tags[?(@.tag=='device_group')].value"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_data_center",
+      "label": "Data Center",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "device_tag.json#",
+          "key": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagValue']",
+          "value": "$[?(@.tagType=='data_center')].subTags.[?(@.tagType=='data_center')]['tagName']"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_device_group",
+      "label": "Device Group",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "device_tag.json#",
+          "key": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagValue']",
+          "value": "$[?(@.tagType=='device_group')].subTags.[?(@.tagType=='device_group')]['tagName']"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_app_behavior",
+      "label": "Application Behavior",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_encapsulation",
+      "label": "Encapsulation",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "public_schema_info.json#/fields/common_encapsulation/data"
+        },
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_app_label",
+      "label": "Application Label",
+      "type": "string"
+    },
+    {
+      "name": "common_tunnels",
+      "label": "Tunnels",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_protocol_label",
+      "label": "Protocol Label",
+      "type": "string"
+    },
+    {
+      "name": "common_app_id",
+      "label": "Application ID",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_userdefine_app_name",
+      "label": "User Define APP Name",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_app_surrogate_id",
+      "label": "Surrogate ID",
+      "type": "string",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_l7_protocol",
+      "label": "L7 Protocol",
+      "type": "string"
+    },
+    {
+      "name": "common_service_category",
+      "label": "FQDN Category",
+      "doc": {
+        "constraints": {
+          "operator_functions": "has"
+        },
+        "visibility": "disabled",
+        "dict_location": {
+          "path": "/v1/category/dict",
+          "key": "categoryId",
+          "value": "categoryName"
+        }
+      },
+      "type": {
+        "type": "array",
+        "items": "int"
+      }
+    },
+    {
+      "name": "common_start_time",
+      "label": "Start Time",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_end_time",
+      "label": "End Time",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "get_value",
+          "appendTo": "common_recv_time"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_establish_latency_ms",
+      "label": "Establish Latency(ms)",
+      "type": "long"
+    },
+    {
+      "name": "common_con_duration_ms",
+      "label": "Duration(ms)",
+      "type": "long"
+    },
+    {
+      "name": "common_stream_dir",
+      "label": "Stream Direction",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "1",
+            "value": "c2s"
+          },
+          {
+            "code": "2",
+            "value": "s2c"
+          },
+          {
+            "code": "3",
+            "value": "double"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_address_list",
+      "label": "Address List",
+      "doc": {
+        "visibility": "disabled"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_has_dup_traffic",
+      "label": "Duplication Traffic",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": {
+          "$ref": "public_schema_info.json#/fields/common_has_dup_traffic/data"
+        },
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_stream_error",
+      "label": "Stream Error",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_stream_trace_id",
+      "label": "Session ID",
+      "type": "long"
+    },
+    {
+      "name": "common_link_info_c2s",
+      "label": "Link Info(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_link_info_s2c",
+      "label": "Link Info(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_packet_capture_file",
+      "label": "Packet Capture File",
+      "doc": {
+        "visibility": "hidden",
+        "constraints": {
+          "type": "file"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "common_c2s_ipfrag_num",
+      "label": "Fragmentation Packets(c2s)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_ipfrag_num",
+      "label": "Fragmentation Packets(s2c)",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_tcp_lostlen",
+      "label": "Sequence Gap Loss(c2s)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_tcp_lostlen",
+      "label": "Sequence Gap Loss(s2c)",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_tcp_unorder_num",
+      "label": "Unorder Packets(c2s)",
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_tcp_unorder_num",
+      "label": "Unorder Packets(s2c)",
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_pkt_retrans",
+      "label": "Packet Retransmission(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_pkt_retrans",
+      "label": "Packet Retransmission(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_c2s_byte_retrans",
+      "label": "Byte Retransmission(c2s)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_s2c_byte_retrans",
+      "label": "Byte Retransmission(s2c)",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_tcp_client_isn",
+      "label": "TCP Client ISN",
+      "type": "long"
+    },
+    {
+      "name": "common_tcp_server_isn",
+      "label": "TCP Server ISN",
+      "type": "long"
+    },
+    {
+      "name": "common_first_ttl",
+      "label": "First TTL",
+      "doc": {
+        "visibility": "hidden"
+      },
+      "type": "int"
+    },
+    {
+      "name": "common_processing_time",
+      "label": "Processing Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "current_timestamp"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_ingestion_time",
+      "label": "Ingestion Time",
+      "doc": {
+        "constraints": {
+          "type": "timestamp"
+        },
+        "format": {
+          "functions": "ingestion_time"
+        }
+      },
+      "type": "long"
+    },
+    {
+      "name": "common_mirrored_pkts",
+      "label": "Mirrored Packets",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "common_mirrored_bytes",
+      "label": "Mirrored Bytes",
+      "type": "long",
+      "doc": {
+        "visibility": "hidden"
+      }
+    },
+    {
+      "name": "sip_call_id",
+      "label": "SIP.Call-ID",
+      "type": "string"
+    },
+    {
+      "name": "sip_originator_description",
+      "label": "SIP.Originator",
+      "type": "string"
+    },
+    {
+      "name": "sip_responder_description",
+      "label": "SIP.Responder",
+      "type": "string"
+    },
+    {
+      "name": "sip_user_agent",
+      "label": "SIP.User-Agent",
+      "type": "string"
+    },
+    {
+      "name": "sip_server",
+      "label": "SIP.Server",
+      "type": "string"
+    },
+    {
+      "name": "sip_originator_sdp_connect_ip",
+      "label": "SIP.Originator IP",
+      "type": "string"
+    },
+    {
+      "name": "sip_originator_sdp_media_port",
+      "label": "SIP.Originator Port",
+      "type": "int"
+    },
+    {
+      "name": "sip_originator_sdp_media_type",
+      "label": "SIP.Originator Media Type",
+      "type": "string"
+    },
+    {
+      "name": "sip_originator_sdp_content",
+      "label": "SIP.Originator Content",
+      "type": "string"
+    },
+    {
+      "name": "sip_responder_sdp_connect_ip",
+      "label": "SIP.Responder IP",
+      "type": "string"
+    },
+    {
+      "name": "sip_responder_sdp_media_port",
+      "label": "SIP.Responder Port",
+      "type": "int"
+    },
+    {
+      "name": "sip_responder_sdp_media_type",
+      "label": "SIP.Responder Media Type",
+      "type": "string"
+    },
+    {
+      "name": "sip_responder_sdp_content",
+      "label": "SIP.Responder Content",
+      "type": "string"
+    },
+    {
+      "name": "sip_duration_s",
+      "label": "SIP.Duration(s)",
+      "type": "int"
+    },
+    {
+      "name": "sip_bye",
+      "label": "SIP.Bye",
+      "type": "string"
+    },
+    {
+      "name": "rtp_payload_type_c2s",
+      "label": "RTP.Payload Type(c2s)",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "PCMU"
+          },
+          {
+            "code": "1",
+            "value": "1016"
+          },
+          {
+            "code": "2",
+            "value": "G721"
+          },
+          {
+            "code": "3",
+            "value": "GSM"
+          },
+          {
+            "code": "4",
+            "value": "G723"
+          },
+          {
+            "code": "5",
+            "value": "DVI4_8000"
+          },
+          {
+            "code": "6",
+            "value": "DVI4_16000"
+          },
+          {
+            "code": "7",
+            "value": "LPC"
+          },
+          {
+            "code": "8",
+            "value": "PCMA"
+          },
+          {
+            "code": "9",
+            "value": "G722"
+          },
+          {
+            "code": "10",
+            "value": "L16_STEREO"
+          },
+          {
+            "code": "11",
+            "value": "L16_MONO"
+          },
+          {
+            "code": "12",
+            "value": "QCELP"
+          },
+          {
+            "code": "13",
+            "value": "CN"
+          },
+          {
+            "code": "14",
+            "value": "MPA"
+          },
+          {
+            "code": "15",
+            "value": "G728"
+          },
+          {
+            "code": "16",
+            "value": "DVI4_11025"
+          },
+          {
+            "code": "17",
+            "value": "DVI4_22050"
+          },
+          {
+            "code": "18",
+            "value": "G729"
+          },
+          {
+            "code": "19",
+            "value": "CN_OLD"
+          },
+          {
+            "code": "25",
+            "value": "CELB"
+          },
+          {
+            "code": "26",
+            "value": "JPEG"
+          },
+          {
+            "code": "28",
+            "value": "NV"
+          },
+          {
+            "code": "31",
+            "value": "H261"
+          },
+          {
+            "code": "32",
+            "value": "MPV"
+          },
+          {
+            "code": "33",
+            "value": "MP2T"
+          },
+          {
+            "code": "34",
+            "value": "H263"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "rtp_payload_type_s2c",
+      "label": "RTP.Payload Type(s2c)",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "PCMU"
+          },
+          {
+            "code": "1",
+            "value": "1016"
+          },
+          {
+            "code": "2",
+            "value": "G721"
+          },
+          {
+            "code": "3",
+            "value": "GSM"
+          },
+          {
+            "code": "4",
+            "value": "G723"
+          },
+          {
+            "code": "5",
+            "value": "DVI4_8000"
+          },
+          {
+            "code": "6",
+            "value": "DVI4_16000"
+          },
+          {
+            "code": "7",
+            "value": "LPC"
+          },
+          {
+            "code": "8",
+            "value": "PCMA"
+          },
+          {
+            "code": "9",
+            "value": "G722"
+          },
+          {
+            "code": "10",
+            "value": "L16_STEREO"
+          },
+          {
+            "code": "11",
+            "value": "L16_MONO"
+          },
+          {
+            "code": "12",
+            "value": "QCELP"
+          },
+          {
+            "code": "13",
+            "value": "CN"
+          },
+          {
+            "code": "14",
+            "value": "MPA"
+          },
+          {
+            "code": "15",
+            "value": "G728"
+          },
+          {
+            "code": "16",
+            "value": "DVI4_11025"
+          },
+          {
+            "code": "17",
+            "value": "DVI4_22050"
+          },
+          {
+            "code": "18",
+            "value": "G729"
+          },
+          {
+            "code": "19",
+            "value": "CN_OLD"
+          },
+          {
+            "code": "25",
+            "value": "CELB"
+          },
+          {
+            "code": "26",
+            "value": "JPEG"
+          },
+          {
+            "code": "28",
+            "value": "NV"
+          },
+          {
+            "code": "31",
+            "value": "H261"
+          },
+          {
+            "code": "32",
+            "value": "MPV"
+          },
+          {
+            "code": "33",
+            "value": "MP2T"
+          },
+          {
+            "code": "34",
+            "value": "H263"
+          }
+        ]
+      },
+      "type": "int"
+    },
+    {
+      "name": "rtp_pcap_path",
+      "label": "RTP.PCAP",
+      "doc": {
+        "allow_query": "false",
+        "constraints": {
+          "type": "files"
+        }
+      },
+      "type": "string"
+    },
+    {
+      "name": "rtp_originator_dir",
+      "label": "RTP.Direction",
+      "doc": {
+        "constraints": {
+          "operator_functions": "=,!="
+        },
+        "data": [
+          {
+            "code": "0",
+            "value": "unknown"
+          },
+          {
+            "code": "1",
+            "value": "c2s"
+          },
+          {
+            "code": "2",
+            "value": "s2c"
+          }
+        ]
+      },
+      "type": "int"
+    }
+  ]
+}
\ No newline at end of file