diff --git a/Clickhouse最新全量建表语句/Clickhouse-dll.sql b/Clickhouse最新全量建表语句/Clickhouse-dll.sql
index dbf1e73..267b7d4 100644
--- a/Clickhouse最新全量建表语句/Clickhouse-dll.sql
+++ b/Clickhouse最新全量建表语句/Clickhouse-dll.sql
@@ -1,6 +1,2010 @@
 create database IF NOT EXISTS tsg_galaxy_dll ON CLUSTER ck_cluster;
 create database IF NOT EXISTS tsg_galaxy_dll ON CLUSTER ck_query;
 
+CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.sys_packet_capture_log_local on cluster ck_cluster(
+	common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	nic_name String,
+	origin_source_mac String,
+	origin_dest_mac String,
+	packet_url String,
+    pcap_storage_task_id Int64,
+    pcap_storage_duration Int64
+)
+ENGINE =MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) ORDER BY (common_log_id,common_policy_id,common_recv_time);
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.security_event_log_local on cluster ck_cluster(
+	common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	mail_protocol_type String,
+	mail_account String,
+	mail_to_cmd String,
+	mail_from_cmd String,
+	mail_from String,
+	mail_to String,
+	mail_cc String,
+	mail_bcc String,
+	mail_subject String,
+	mail_subject_charset String,
+	mail_content String,
+	mail_content_charset String,
+	mail_attachment_name String,
+	mail_attachment_name_charset String,
+	mail_attachment_content String,
+	mail_eml_file String,
+	mail_snapshot String,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_pinningst Nullable(Int64),
+	ssl_intercept_state Nullable(Int64),
+	ssl_server_side_latency Int64,
+	ssl_client_side_latency Int64,
+	ssl_server_side_version String,
+	ssl_client_side_version String,
+	ssl_cert_verify Nullable(Int64),
+	ssl_error String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	quic_version String,
+	quic_sni String,
+	quic_user_agent String,
+	ftp_account String,
+	ftp_url String,
+	ftp_content String,
+	bgp_type Int64,
+	bgp_as_num String,
+	bgp_route String,
+	voip_calling_account String,
+	voip_called_account String,
+	voip_calling_number String,
+	voip_called_number String,
+	streaming_media_url String,
+	streaming_media_protocol String,
+	app_extra_info String
+)
+ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) ORDER BY (common_log_id,common_policy_id,common_recv_time);
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.proxy_event_log_local on cluster ck_cluster(
+	common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	doh_url String,
+	doh_host String,
+	doh_request_line String,
+	doh_response_line String,
+	doh_cookie String,
+	doh_referer String,
+	doh_user_agent String,
+	doh_content_length String,
+	doh_content_type String,
+	doh_set_cookie String,
+	doh_version String,
+	doh_message_id Int64,
+	doh_qr Int64,
+	doh_opcode Int64,
+	doh_aa Int64,
+	doh_tc Int64,
+	doh_rd Int64,
+	doh_ra Int64,
+	doh_rcode Int64,
+	doh_qdcount Int64,
+	doh_ancount Int64,
+	doh_nscount Int64,
+	doh_arcount Int64,
+	doh_qname String,
+	doh_qtype Int64,
+	doh_qclass Int64,
+	doh_cname String,
+	doh_sub Int64,
+	doh_rr String
+)
+ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) ORDER BY (common_log_id,common_policy_id,common_recv_time);
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_local on cluster ck_cluster(
+	common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	mail_protocol_type String,
+	mail_account String,
+	mail_to_cmd String,
+	mail_from_cmd String,
+	mail_from String,
+	mail_to String,
+	mail_cc String,
+	mail_bcc String,
+	mail_subject String,
+	mail_subject_charset String,
+	mail_content String,
+	mail_content_charset String,
+	mail_attachment_name String,
+	mail_attachment_name_charset String,
+	mail_attachment_content String,
+	mail_eml_file String,
+	mail_snapshot String,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_pinningst Nullable(Int64),
+	ssl_intercept_state Nullable(Int64),
+	ssl_server_side_latency Int64,
+	ssl_client_side_latency Int64,
+	ssl_server_side_version String,
+	ssl_client_side_version String,
+	ssl_cert_verify Nullable(Int64),
+	ssl_error String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	quic_version String,
+	quic_sni String,
+	quic_user_agent String,
+	ftp_account String,
+	ftp_url String,
+	ftp_content String,
+	bgp_type Int64,
+	bgp_as_num String,
+	bgp_route String,
+	voip_calling_account String,
+	voip_called_account String,
+	voip_calling_number String,
+	voip_called_number String,
+	streaming_media_url String,
+	streaming_media_protocol String,
+	app_extra_info String
+)
+ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
+ORDER BY (common_log_id,common_data_center,common_recv_time);
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.radius_record_log_local on cluster ck_cluster (
+	common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	radius_packet_type Int64,
+	radius_nas_ip String,
+	radius_framed_ip String,
+	radius_account String,
+	radius_session_timeout Int64,
+	radius_idle_timeout Int64,
+	radius_acct_status_type Int64,
+	radius_acct_terminate_cause Int64,
+	radius_event_timestamp Int64,
+	radius_nas_port Int64,
+	radius_service_type Int64,
+	radius_framed_protocol Int64,
+	radius_callback_number String,
+	radius_callback_id String,
+	radius_termination_action Nullable(Int64),
+	radius_called_station_id String,
+	radius_calling_station_id String,
+	radius_acct_delay_time Int64,
+	radius_acct_session_id String,
+	radius_acct_multi_session_id String,
+	radius_acct_input_octets Int64,
+	radius_acct_output_octets Int64,
+	radius_acct_input_packets Int64,
+	radius_acct_output_packets Int64,
+	radius_acct_session_time Int64,
+	radius_acct_link_count Int64,
+	radius_acct_interim_interval Int64
+)
+ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
+ORDER BY (common_log_id,common_data_center,common_recv_time);
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_common_client_ip_local on cluster ck_cluster(
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+)
+ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
+ORDER BY (common_client_ip,common_server_ip,common_recv_time);
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_common_server_ip_local on cluster ck_cluster(
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+)
+ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
+ORDER BY (common_server_ip,common_client_ip,common_recv_time);
+
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_common_subscriber_id_local on cluster ck_cluster (
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+)
+ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
+ORDER BY (common_subscriber_id,common_recv_time);
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_http_domain_local on cluster ck_cluster(
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+)
+ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
+ORDER BY (http_domain,common_recv_time);
+
+
+CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_dll.common_client_ip  on cluster ck_cluster TO tsg_galaxy_dll.connection_record_log_common_client_ip_local  AS SELECT common_log_id, common_recv_time, common_policy_id, common_action, common_server_ip, common_client_ip, common_sled_ip, common_entrance_id, common_subscriber_id, common_stream_trace_id, http_domain, ssl_sni FROM tsg_galaxy_dll.connection_record_log_local;
+
+CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_dll.common_server_ip  on cluster ck_cluster TO tsg_galaxy_dll.connection_record_log_common_server_ip_local  AS SELECT common_log_id, common_recv_time, common_policy_id, common_action, common_server_ip, common_client_ip, common_sled_ip, common_entrance_id, common_subscriber_id, common_stream_trace_id, http_domain, ssl_sni FROM tsg_galaxy_dll.connection_record_log_local;
+
+CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_dll.common_subscriber_id  on cluster ck_cluster TO tsg_galaxy_dll.connection_record_log_common_subscriber_id_local  AS SELECT common_log_id, common_recv_time, common_policy_id, common_action, common_server_ip, common_client_ip, common_sled_ip, common_entrance_id, common_subscriber_id, common_stream_trace_id, http_domain, ssl_sni FROM tsg_galaxy_dll.connection_record_log_local;
+
+CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_dll.common_http_domain  on cluster ck_cluster TO tsg_galaxy_dll.connection_record_log_http_domain_local  AS SELECT common_log_id, common_recv_time, common_policy_id, common_action, common_server_ip, common_client_ip, common_sled_ip, common_entrance_id, common_subscriber_id, common_stream_trace_id, http_domain, ssl_sni FROM tsg_galaxy_dll.connection_record_log_local;
+
+
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.radius_onff_log_local on cluster ck_cluster(
+	event_timestamp Int64,
+	account String,
+	framed_ip String,
+	acct_status_type Int64,
+	acct_session_id String,
+	acct_session_time Int64
+)
+ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(event_timestamp))
+ORDER BY (account,event_timestamp);
+
+create table IF NOT EXISTS tsg_galaxy_dll.radius_record_log on cluster ck_query (
+common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	radius_packet_type Int64,
+	radius_nas_ip String,
+	radius_framed_ip String,
+	radius_account String,
+	radius_session_timeout Int64,
+	radius_idle_timeout Int64,
+	radius_acct_status_type Int64,
+	radius_acct_terminate_cause Int64,
+	radius_event_timestamp Int64,
+	radius_nas_port Int64,
+	radius_service_type Int64,
+	radius_framed_protocol Int64,
+	radius_callback_number String,
+	radius_callback_id String,
+	radius_termination_action Nullable(Int64),
+	radius_called_station_id String,
+	radius_calling_station_id String,
+	radius_acct_delay_time Int64,
+	radius_acct_session_id String,
+	radius_acct_multi_session_id String,
+	radius_acct_input_octets Int64,
+	radius_acct_output_octets Int64,
+	radius_acct_input_packets Int64,
+	radius_acct_output_packets Int64,
+	radius_acct_session_time Int64,
+	radius_acct_link_count Int64,
+	radius_acct_interim_interval Int64
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,radius_record_log_local,rand());
+
+create table IF NOT EXISTS tsg_galaxy_dll.connection_record_log on cluster ck_query (
+common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	mail_protocol_type String,
+	mail_account String,
+	mail_to_cmd String,
+	mail_from_cmd String,
+	mail_from String,
+	mail_to String,
+	mail_cc String,
+	mail_bcc String,
+	mail_subject String,
+	mail_subject_charset String,
+	mail_content String,
+	mail_content_charset String,
+	mail_attachment_name String,
+	mail_attachment_name_charset String,
+	mail_attachment_content String,
+	mail_eml_file String,
+	mail_snapshot String,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_pinningst Nullable(Int64),
+	ssl_intercept_state Nullable(Int64),
+	ssl_server_side_latency Int64,
+	ssl_client_side_latency Int64,
+	ssl_server_side_version String,
+	ssl_client_side_version String,
+	ssl_cert_verify Nullable(Int64),
+	ssl_error String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	quic_version String,
+	quic_sni String,
+	quic_user_agent String,
+	ftp_account String,
+	ftp_url String,
+	ftp_content String,
+	bgp_type Int64,
+	bgp_as_num String,
+	bgp_route String,
+	voip_calling_account String,
+	voip_called_account String,
+	voip_calling_number String,
+	voip_called_number String,
+	streaming_media_url String,
+	streaming_media_protocol String,
+	app_extra_info String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,connection_record_log_local,rand());
+
+create table IF NOT EXISTS tsg_galaxy_dll.proxy_event_log on cluster ck_query (
+common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	doh_url String,
+	doh_host String,
+	doh_request_line String,
+	doh_response_line String,
+	doh_cookie String,
+	doh_referer String,
+	doh_user_agent String,
+	doh_content_length String,
+	doh_content_type String,
+	doh_set_cookie String,
+	doh_version String,
+	doh_message_id Int64,
+	doh_qr Int64,
+	doh_opcode Int64,
+	doh_aa Int64,
+	doh_tc Int64,
+	doh_rd Int64,
+	doh_ra Int64,
+	doh_rcode Int64,
+	doh_qdcount Int64,
+	doh_ancount Int64,
+	doh_nscount Int64,
+	doh_arcount Int64,
+	doh_qname String,
+	doh_qtype Int64,
+	doh_qclass Int64,
+	doh_cname String,
+	doh_sub Int64,
+	doh_rr String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,proxy_event_log_local,rand());
+
+create table IF NOT EXISTS tsg_galaxy_dll.security_event_log on cluster ck_query (
+common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	mail_protocol_type String,
+	mail_account String,
+	mail_to_cmd String,
+	mail_from_cmd String,
+	mail_from String,
+	mail_to String,
+	mail_cc String,
+	mail_bcc String,
+	mail_subject String,
+	mail_subject_charset String,
+	mail_content String,
+	mail_content_charset String,
+	mail_attachment_name String,
+	mail_attachment_name_charset String,
+	mail_attachment_content String,
+	mail_eml_file String,
+	mail_snapshot String,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_pinningst Nullable(Int64),
+	ssl_intercept_state Nullable(Int64),
+	ssl_server_side_latency Int64,
+	ssl_client_side_latency Int64,
+	ssl_server_side_version String,
+	ssl_client_side_version String,
+	ssl_cert_verify Nullable(Int64),
+	ssl_error String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	quic_version String,
+	quic_sni String,
+	quic_user_agent String,
+	ftp_account String,
+	ftp_url String,
+	ftp_content String,
+	bgp_type Int64,
+	bgp_as_num String,
+	bgp_route String,
+	voip_calling_account String,
+	voip_called_account String,
+	voip_calling_number String,
+	voip_called_number String,
+	streaming_media_url String,
+	streaming_media_protocol String,
+	app_extra_info String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,security_event_log_local,rand());
+
+create table IF NOT EXISTS tsg_galaxy_dll.sys_packet_capture_log on cluster ck_query (
+common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	nic_name String,
+	origin_source_mac String,
+	origin_dest_mac String,
+	packet_url String,
+    pcap_storage_task_id Int64,
+    pcap_storage_duration Int64
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,sys_packet_capture_log_local,rand());
+	
+
+create table IF NOT EXISTS tsg_galaxy_dll.radius_onff_log on cluster ck_query(
+	event_timestamp Int64,
+	account String,
+	framed_ip String,
+	acct_status_type Int64,
+	acct_session_id String,
+	acct_session_time Int64
+)
+ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,radius_onff_log_local,rand());
+
+
+create table IF NOT EXISTS tsg_galaxy_dll.radius_record_log on cluster ck_cluster (
+common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	radius_packet_type Int64,
+	radius_nas_ip String,
+	radius_framed_ip String,
+	radius_account String,
+	radius_session_timeout Int64,
+	radius_idle_timeout Int64,
+	radius_acct_status_type Int64,
+	radius_acct_terminate_cause Int64,
+	radius_event_timestamp Int64,
+	radius_nas_port Int64,
+	radius_service_type Int64,
+	radius_framed_protocol Int64,
+	radius_callback_number String,
+	radius_callback_id String,
+	radius_termination_action Nullable(Int64),
+	radius_called_station_id String,
+	radius_calling_station_id String,
+	radius_acct_delay_time Int64,
+	radius_acct_session_id String,
+	radius_acct_multi_session_id String,
+	radius_acct_input_octets Int64,
+	radius_acct_output_octets Int64,
+	radius_acct_input_packets Int64,
+	radius_acct_output_packets Int64,
+	radius_acct_session_time Int64,
+	radius_acct_link_count Int64,
+	radius_acct_interim_interval Int64
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,radius_record_log_local,rand());
+
+create table IF NOT EXISTS tsg_galaxy_dll.connection_record_log on cluster ck_cluster (
+common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	mail_protocol_type String,
+	mail_account String,
+	mail_to_cmd String,
+	mail_from_cmd String,
+	mail_from String,
+	mail_to String,
+	mail_cc String,
+	mail_bcc String,
+	mail_subject String,
+	mail_subject_charset String,
+	mail_content String,
+	mail_content_charset String,
+	mail_attachment_name String,
+	mail_attachment_name_charset String,
+	mail_attachment_content String,
+	mail_eml_file String,
+	mail_snapshot String,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_pinningst Nullable(Int64),
+	ssl_intercept_state Nullable(Int64),
+	ssl_server_side_latency Int64,
+	ssl_client_side_latency Int64,
+	ssl_server_side_version String,
+	ssl_client_side_version String,
+	ssl_cert_verify Nullable(Int64),
+	ssl_error String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	quic_version String,
+	quic_sni String,
+	quic_user_agent String,
+	ftp_account String,
+	ftp_url String,
+	ftp_content String,
+	bgp_type Int64,
+	bgp_as_num String,
+	bgp_route String,
+	voip_calling_account String,
+	voip_called_account String,
+	voip_calling_number String,
+	voip_called_number String,
+	streaming_media_url String,
+	streaming_media_protocol String,
+	app_extra_info String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,connection_record_log_local,rand());
+
+create table IF NOT EXISTS tsg_galaxy_dll.proxy_event_log on cluster ck_cluster (
+common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	doh_url String,
+	doh_host String,
+	doh_request_line String,
+	doh_response_line String,
+	doh_cookie String,
+	doh_referer String,
+	doh_user_agent String,
+	doh_content_length String,
+	doh_content_type String,
+	doh_set_cookie String,
+	doh_version String,
+	doh_message_id Int64,
+	doh_qr Int64,
+	doh_opcode Int64,
+	doh_aa Int64,
+	doh_tc Int64,
+	doh_rd Int64,
+	doh_ra Int64,
+	doh_rcode Int64,
+	doh_qdcount Int64,
+	doh_ancount Int64,
+	doh_nscount Int64,
+	doh_arcount Int64,
+	doh_qname String,
+	doh_qtype Int64,
+	doh_qclass Int64,
+	doh_cname String,
+	doh_sub Int64,
+	doh_rr String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,proxy_event_log_local,rand());
+
+create table IF NOT EXISTS tsg_galaxy_dll.security_event_log on cluster ck_cluster (
+common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	mail_protocol_type String,
+	mail_account String,
+	mail_to_cmd String,
+	mail_from_cmd String,
+	mail_from String,
+	mail_to String,
+	mail_cc String,
+	mail_bcc String,
+	mail_subject String,
+	mail_subject_charset String,
+	mail_content String,
+	mail_content_charset String,
+	mail_attachment_name String,
+	mail_attachment_name_charset String,
+	mail_attachment_content String,
+	mail_eml_file String,
+	mail_snapshot String,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_pinningst Nullable(Int64),
+	ssl_intercept_state Nullable(Int64),
+	ssl_server_side_latency Int64,
+	ssl_client_side_latency Int64,
+	ssl_server_side_version String,
+	ssl_client_side_version String,
+	ssl_cert_verify Nullable(Int64),
+	ssl_error String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	quic_version String,
+	quic_sni String,
+	quic_user_agent String,
+	ftp_account String,
+	ftp_url String,
+	ftp_content String,
+	bgp_type Int64,
+	bgp_as_num String,
+	bgp_route String,
+	voip_calling_account String,
+	voip_called_account String,
+	voip_calling_number String,
+	voip_called_number String,
+	streaming_media_url String,
+	streaming_media_protocol String,
+	app_extra_info String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,security_event_log_local,rand());
+
+create table IF NOT EXISTS tsg_galaxy_dll.sys_packet_capture_log on cluster ck_cluster (
+common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	nic_name String,
+	origin_source_mac String,
+	origin_dest_mac String,
+	packet_url String,
+    pcap_storage_task_id Int64,
+    pcap_storage_duration Int64
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,sys_packet_capture_log_local,rand());
+
+
+create table IF NOT EXISTS tsg_galaxy_dll.radius_onff_log on cluster ck_cluster(
+	event_timestamp Int64,
+	account String,
+	framed_ip String,
+	acct_status_type Int64,
+	acct_session_id String,
+	acct_session_time Int64
+)
+ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,radius_onff_log_local,rand());
+
+
+
+ create table IF NOT EXISTS `system`.tables_cluster on cluster ck_query as `system`.tables  ENGINE =Distributed(ck_all,`system`,tables,rand());
+ create table IF NOT EXISTS `system`.disks_cluster on cluster ck_query as `system`.disks  ENGINE =Distributed(ck_all,`system`,disks,rand());
+ create table IF NOT EXISTS `system`.parts_cluster on cluster ck_query as `system`.parts  ENGINE =Distributed(ck_all,`system`,parts,rand());
+ create table IF NOT EXISTS `system`.query_log_cluster on cluster ck_query as `system`.query_log  ENGINE =Distributed(ck_all,`system`,query_log,rand());
+ CREATE TABLE IF NOT EXISTS `system`.columns_cluster ON cluster ck_query AS `system`.columns ENGINE=Distributed(ck_all,`system`,columns,rand());
+ 
+  
+CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_common_client_ip on cluster ck_cluster(
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,connection_record_log_common_client_ip_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_common_server_ip on cluster ck_cluster(
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,connection_record_log_common_server_ip_local,rand());
+
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_common_subscriber_id on cluster ck_cluster (
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,connection_record_log_common_subscriber_id_local,rand());
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_http_domain on cluster ck_cluster(
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,connection_record_log_http_domain_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_common_client_ip on cluster ck_query(
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,connection_record_log_common_client_ip_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_common_server_ip on cluster ck_query(
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,connection_record_log_common_server_ip_local,rand());
+
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_common_subscriber_id on cluster ck_query (
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,connection_record_log_common_subscriber_id_local,rand());
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_dll.connection_record_log_http_domain on cluster ck_query(
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_dll,connection_record_log_http_domain_local,rand());
 
 CREATE DICTIONARY IF NOT EXISTS tsg_galaxy_dll.cdn on cluster ck_cluster (
 cdn_id UInt64,