2301升级2302第一次更新

TSG发布版本更新记录/TSG-23.02/clickhouse/drop-tmp-23.02-ck.sql

@@ -0,0 +1,3 @@
+drop view IF EXISTS tsg_galaxy_tmp.common_client_ip ON CLUSTER ck_cluster;
+drop view IF EXISTS tsg_galaxy_tmp.common_server_ip ON CLUSTER ck_cluster;
+drop view IF EXISTS tsg_galaxy_tmp.common_http_domain ON CLUSTER ck_cluster;

TSG发布版本更新记录/TSG-23.02/clickhouse/rename-old-23.02-ck.sql

@@ -0,0 +1,15 @@
+RENAME TABLE tsg_galaxy_v3.dos_event_local TO tsg_galaxy_tmp.dos_event_local_old on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_v3.gtpc_record_local TO tsg_galaxy_tmp.gtpc_record_local_old on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_v3.voip_record_local TO tsg_galaxy_tmp.voip_record_local_old on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_v3.security_event_local TO tsg_galaxy_tmp.security_event_local_old on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_v3.proxy_event_local TO tsg_galaxy_tmp.proxy_event_local_old on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_v3.session_record_local TO tsg_galaxy_tmp.session_record_local_old on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_v3.radius_record_local TO tsg_galaxy_tmp.radius_record_local_old on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_v3.sys_packet_capture_event_local TO tsg_galaxy_tmp.sys_packet_capture_event_local_old on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_v3.interim_session_record_local TO tsg_galaxy_tmp.interim_session_record_local_old on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_v3.radius_onff_log_local TO tsg_galaxy_tmp.radius_onff_log_local_old on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_v3.assessment_event_local TO tsg_galaxy_tmp.assessment_event_local_old on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_v3.transaction_record_local TO tsg_galaxy_tmp.transaction_record_local_old on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_v3.session_record_common_client_ip_local TO tsg_galaxy_tmp.session_record_common_client_ip_local_old on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_v3.session_record_common_server_ip_local TO tsg_galaxy_tmp.session_record_common_server_ip_local_old on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_v3.session_record_http_domain_local TO tsg_galaxy_tmp.session_record_http_domain_local_old on cluster ck_cluster;

TSG发布版本更新记录/TSG-23.02/clickhouse/rename-tmp-23.02-ck.sql

@@ -0,0 +1,15 @@
+RENAME TABLE tsg_galaxy_tmp.dos_event_local TO tsg_galaxy_v3.dos_event_local on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_tmp.gtpc_record_local TO tsg_galaxy_v3.gtpc_record_local on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_tmp.voip_record_local TO tsg_galaxy_v3.voip_record_local on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_tmp.security_event_local TO tsg_galaxy_v3.security_event_local on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_tmp.proxy_event_local TO tsg_galaxy_v3.proxy_event_local on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_tmp.session_record_local TO tsg_galaxy_v3.session_record_local on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_tmp.radius_record_local TO tsg_galaxy_v3.radius_record_local on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_tmp.sys_packet_capture_event_local TO tsg_galaxy_v3.sys_packet_capture_event_local on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_tmp.interim_session_record_local TO tsg_galaxy_v3.interim_session_record_local on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_tmp.radius_onff_log_local TO tsg_galaxy_v3.radius_onff_log_local on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_tmp.assessment_event_local TO tsg_galaxy_v3.assessment_event_local on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_tmp.transaction_record_local TO tsg_galaxy_v3.transaction_record_local on cluster ck_cluster; 
+RENAME TABLE tsg_galaxy_tmp.session_record_common_client_ip_local TO tsg_galaxy_tmp.session_record_common_client_ip_local on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_tmp.session_record_common_server_ip_local TO tsg_galaxy_tmp.session_record_common_server_ip_local on cluster ck_cluster;
+RENAME TABLE tsg_galaxy_tmp.session_record_http_domain_local TO tsg_galaxy_tmp.session_record_http_domain_local on cluster ck_cluster;

TSG发布版本更新记录/TSG-23.02/hbase/hbase-site.xml

@@ -0,0 +1,262 @@
+<?xml version="1.0"?>
+<?xml-stylesheet type="text/xsl" href="configuration.xsl"?>
+<!--
+/**
+ *
+ * Licensed to the Apache Software Foundation (ASF) under one
+ * or more contributor license agreements.  See the NOTICE file
+ * distributed with this work for additional information
+ * regarding copyright ownership.  The ASF licenses this file
+ * to you under the Apache License, Version 2.0 (the
+ * "License"); you may not use this file except in compliance
+ * with the License.  You may obtain a copy of the License at
+ *
+ *     http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+-->
+<configuration>
+<property>
+    <name>hbase.rootdir</name>
+    <value>hdfs://ns1/hbase/hbase-2.2.3</value>
+</property>
+
+<property>
+    <name>hbase.cluster.distributed</name>
+    <value>true</value>
+</property>
+
+<property>
+  <name>hbase.zookeeper.quorum</name>
+  <value>192.168.44.11,192.168.44.14,192.168.44.15</value>
+</property>
+
+<property>
+  <name>hbase.zookeeper.property.clientPort</name>
+  <value>2181</value>
+</property>
+
+<property> 
+  <name>hbase.master.info.port</name>
+  <value>60010</value> 
+</property> 
+
+<property>
+  <name>hbase.server.keyvalue.maxsize</name>
+  <value>5368709120</value>
+</property>
+
+<property>
+  <name>zookeeper.znode.parent</name>
+  <value>/hbase</value>
+</property>
+
+<property>
+  <name>hbase.cluster.distributed</name>
+  <value>true</value>
+</property>
+
+<property>
+  <name>hbase.rpc.timeout</name>
+  <value>300000</value>
+  <description>This is for the RPC layer to define how long (millisecond) HBase client applications
+      take for a remote call to time out. It uses pings to check connections
+      but will eventually throw a TimeoutException.</description>
+</property>
+  
+<property>
+    <name>zookeeper.session.timeout</name>
+    <value>300000</value>
+</property>
+
+<property>
+    <name>hbase.regionserver.maxlogs</name>
+    <value>64</value>
+</property>
+
+<!--超过该值的文件将在mob compaction中合并-->
+<property>
+     <name>hbase.mob.compaction.mergeable.threshold</name>     
+     <value>1342177280</value> 
+</property>
+
+<property>
+    <name>hbase.mob.file.cache.size</name>
+    <value>10000</value>
+    <description>
+      Number of opened file handlers to cache.
+      A larger value will benefit reads by providing more file handlers per mob
+      file cache and would reduce frequent file opening and closing.
+      However, if this is set too high, this could lead to a "too many opened file handers"
+      The default value is 1000.
+    </description>
+</property>
+
+<!--mob cache回收缓存周期-->
+<property>
+    <name>hbase.mob.cache.evict.period</name>
+    <value>3600</value>
+    <description>
+      The amount of time in seconds after which an unused file is evicted from the
+      MOB cache. The default value is 3600 seconds.
+    </description>
+</property>
+
+<!--mob cache回收之后cache中保留文件个数比例，cache数量超过hbase.mob.file.cache.size会回收-->
+<property>
+    <name>hbase.mob.cache.evict.remain.ratio</name>
+    <value>0.5f</value>
+    <description>
+      A multiplier (between 0.0 and 1.0), which determines how many files remain cached
+      after the threshold of files that remains cached after a cache eviction occurs
+      which is triggered by reaching the `hbase.mob.file.cache.size` threshold.
+      The default value is 0.5f, which means that half the files (the least-recently-used
+      ones) are evicted.
+    </description>
+</property>
+
+<!--开启mob-->
+<property>
+  <name>hfile.format.version</name>
+  <value>3</value>
+</property>
+
+<property> 
+    <name>hbase.hregion.memstore.flush.size</name> 
+    <value>33554432</value> 
+    <description> 
+    memstore的大小超过该限制（单位：byte）后将被flush到磁盘。这个大小由一个线程间断性的检查，检查的间隔由 
+    hbase.server.thread.wakefrequency决定 
+    </description> 
+</property> 
+
+<property>
+    <name>hbase.hstore.flusher.count</name>
+    <value>2</value>
+</property>
+
+<property>
+    <name>hbase.regionserver.flush.check.period</name>
+    <value>10000</value>
+    <description>
+	It determines the flushing check period of PeriodicFlusher in regionserver.
+    If unset, it uses hbase.server.thread.wakefrequency as default value.
+    (in milliseconds)
+	</description>
+</property>
+  
+<property>
+    <name>hbase.regionserver.compaction.check.period</name>
+    <value>10000</value>
+</property>
+
+  <property>
+    <name>hbase.regionserver.global.memstore.size.lower.limit</name>
+    <value>0.95</value>
+  </property>
+
+  <property>
+    <name>hbase.regionserver.global.memstore.size</name>
+    <value>0.45</value>
+  </property>
+
+<property>
+  <name>hfile.block.cache.size</name>
+  <value>0.3</value>
+  <description>
+    Percentage of maximum heap (-Xmx setting) to allocate to block cache
+    used by a StoreFile. Default of 0.4 means allocate 40%.
+    Set to 0 to disable but it's not recommended; you need at least
+    enough cache to hold the storefile indices.
+  </description>
+</property>
+  
+<property> 
+    <name>hbase.hregion.memstore.block.multiplier</name> 
+    <value>2</value>
+</property> 
+
+<property>
+    <name>hbase.ipc.server.max.callqueue.length</name>
+    <value>1073741824</value>
+</property>
+
+<property>
+  <name>hbase.regionserver.handler.count</name>
+  <value>10</value>
+  <description>
+    Count of RPC Listener instances spun up on RegionServers.
+    Same property is used by the Master for count of master handlers.
+  </description>
+</property>
+
+<property>
+  <name>hbase.zookeeper.property.maxClientCnxns</name>
+  <value>1000</value>
+</property>
+
+<property>
+    <name>hbase.ipc.max.request.size</name>
+    <value>1173741824</value>
+  </property>
+  
+<property>
+    <name>hbase.hstore.blockingWaitTime</name>
+    <value>30000</value>
+    <description>
+      The time an HRegion will block updates for after hitting the StoreFile
+      limit defined by hbase.hstore.blockingStoreFiles.
+      After this time has elapsed, the HRegion will stop blocking updates even
+      if a compaction has not been completed.
+    </description>
+  </property>
+  
+<property>
+    <name>hbase.hstore.blockingStoreFiles</name>
+    <value>100</value>
+    <description>
+    If more than this number of StoreFiles in any one Store
+    (one StoreFile is written per flush of MemStore) then updates are
+    blocked for this HRegion until a compaction is completed, or
+    until hbase.hstore.blockingWaitTime has been exceeded.
+    </description>
+</property>
+
+<property>
+　  <name>hbase.hregion.max.filesize</name>
+　  <value>3221225472</value>
+</property>
+  
+<property>
+    <name>hbase.regionserver.regionSplitLimit</name>
+    <value>1000</value>
+</property>
+  
+<property>
+    <name>hbase.replication</name>
+    <value>true</value>
+</property>
+
+<property>
+   <name>phoenix.schema.isNamespaceMappingEnabled</name>
+   <value>true</value>
+</property>
+
+<property>
+  <name>phoenix.schema.mapSystemTablesToNamespace</name>
+  <value>true</value>
+</property>
+<property>
+    <name>hbase.coprocessor.master.classes</name>
+    <value>org.apache.hadoop.hbase.rsgroup.RSGroupAdminEndpoint</value>
+  </property>
+  <property>
+    <name>hbase.master.loadbalancer.class</name>
+    <value>org.apache.hadoop.hbase.rsgroup.RSGroupBasedLoadBalancer</value>
+  </property>
+</configuration>

TSG发布版本更新记录/TSG-23.02/hbase/update-2302-hbase.sql

@@ -0,0 +1,5 @@
+disable "tsg_galaxy:job_result"
+alter "tsg_galaxy:job_result",NAME=>'detail',TTL=>'1800'
+alter "tsg_galaxy:job_result",NAME=>'statistics',TTL=>'1800'
+alter "tsg_galaxy:job_result",NAME=>'field_discovery',TTL=>'1800'
+enable "tsg_galaxy:job_result"

TSG发布版本更新记录/TSG-23.02/phoenix/update-2302-phoenix.sql

@@ -0,0 +1,352 @@
+CREATE schema IF NOT EXISTS "tsg_galaxy";
+
+DROP table IF EXISTS "tsg_galaxy"."job_result";
+
+CREATE table IF NOT EXISTS "tsg_galaxy"."job_result"(
+ROWKEY VARCHAR PRIMARY KEY,
+"detail"."is_error" BOOLEAN,
+"detail"."is_canceled" BOOLEAN,
+"detail"."is_done" BOOLEAN,
+"detail"."done_progress" UNSIGNED_FLOAT,
+"detail"."last_query_time" UNSIGNED_LONG,
+"detail"."duration_time" UNSIGNED_LONG,
+"detail"."count" UNSIGNED_LONG,
+"detail"."job_property" VARCHAR,
+"statistics"."result" VARCHAR,
+
+"field_discovery"."common_recv_time" VARCHAR,
+"field_discovery"."common_log_id" VARCHAR,
+"field_discovery"."common_policy_id" VARCHAR,
+"field_discovery"."common_subscriber_id" VARCHAR,
+"field_discovery"."common_imei" VARCHAR,
+"field_discovery"."common_imsi" VARCHAR,
+"field_discovery"."common_phone_number" VARCHAR,
+"field_discovery"."common_client_ip" VARCHAR,
+"field_discovery"."common_internal_ip" VARCHAR,
+"field_discovery"."common_client_port" VARCHAR,
+"field_discovery"."common_l4_protocol" VARCHAR,
+"field_discovery"."common_address_type" VARCHAR,
+"field_discovery"."common_server_ip" VARCHAR,
+"field_discovery"."common_server_port" VARCHAR,
+"field_discovery"."common_external_ip" VARCHAR,
+"field_discovery"."common_action" VARCHAR,
+"field_discovery"."common_direction" VARCHAR,
+"field_discovery"."common_entrance_id" VARCHAR,
+"field_discovery"."common_sled_ip" VARCHAR,
+"field_discovery"."common_client_location" VARCHAR,
+"field_discovery"."common_client_asn" VARCHAR,
+"field_discovery"."common_server_location" VARCHAR,
+"field_discovery"."common_server_asn" VARCHAR,
+"field_discovery"."common_server_fqdn" VARCHAR,
+"field_discovery"."common_server_domain" VARCHAR,
+"field_discovery"."common_sessions" VARCHAR,
+"field_discovery"."common_c2s_pkt_num" VARCHAR,
+"field_discovery"."common_s2c_pkt_num" VARCHAR,
+"field_discovery"."common_c2s_byte_num" VARCHAR,
+"field_discovery"."common_s2c_byte_num" VARCHAR,
+"field_discovery"."common_c2s_pkt_diff" VARCHAR,
+"field_discovery"."common_s2c_pkt_diff" VARCHAR,
+"field_discovery"."common_c2s_byte_diff" VARCHAR,
+"field_discovery"."common_s2c_byte_diff" VARCHAR,
+"field_discovery"."common_service" VARCHAR,
+"field_discovery"."common_schema_type" VARCHAR,
+"field_discovery"."common_vsys_id" VARCHAR,
+"field_discovery"."common_t_vsys_id" VARCHAR,
+"field_discovery"."common_flags" VARCHAR,
+"field_discovery"."common_flags_identify_info" VARCHAR,
+"field_discovery"."common_user_tags" VARCHAR,
+"field_discovery"."common_sub_action" VARCHAR,
+"field_discovery"."common_user_region" VARCHAR,
+"field_discovery"."common_shaping_rule_ids" VARCHAR,
+"field_discovery"."common_device_id" VARCHAR,
+"field_discovery"."common_egress_link_id" VARCHAR,
+"field_discovery"."common_ingress_link_id" VARCHAR,
+"field_discovery"."common_isp" VARCHAR,
+"field_discovery"."common_device_tag" VARCHAR,
+"field_discovery"."common_data_center" VARCHAR,
+"field_discovery"."common_device_group" VARCHAR,
+"field_discovery"."common_app_behavior" VARCHAR,
+"field_discovery"."common_encapsulation" VARCHAR,
+"field_discovery"."common_app_label" VARCHAR,
+"field_discovery"."common_tunnels" VARCHAR,
+"field_discovery"."common_protocol_label" VARCHAR,
+"field_discovery"."common_app_id" VARCHAR,
+"field_discovery"."common_app_full_path" VARCHAR,
+"field_discovery"."common_userdefine_app_name" VARCHAR,
+"field_discovery"."common_app_identify_info" VARCHAR,
+"field_discovery"."common_app_surrogate_id" VARCHAR,
+"field_discovery"."common_l7_protocol" VARCHAR,
+"field_discovery"."common_service_category" VARCHAR,
+"field_discovery"."common_start_time" VARCHAR,
+"field_discovery"."common_end_time" VARCHAR,
+"field_discovery"."common_establish_latency_ms" VARCHAR,
+"field_discovery"."common_con_duration_ms" VARCHAR,
+"field_discovery"."common_stream_dir" VARCHAR,
+"field_discovery"."common_address_list" VARCHAR,
+"field_discovery"."common_has_dup_traffic" VARCHAR,
+"field_discovery"."common_stream_error" VARCHAR,
+"field_discovery"."common_stream_trace_id" VARCHAR,
+"field_discovery"."common_link_info_c2s" VARCHAR,
+"field_discovery"."common_link_info_s2c" VARCHAR,
+"field_discovery"."common_packet_capture_file" VARCHAR,
+"field_discovery"."common_tunnel_endpoint_a_desc" VARCHAR,
+"field_discovery"."common_tunnel_endpoint_b_desc" VARCHAR,
+"field_discovery"."common_c2s_ipfrag_num" VARCHAR,
+"field_discovery"."common_s2c_ipfrag_num" VARCHAR,
+"field_discovery"."common_c2s_tcp_lostlen" VARCHAR,
+"field_discovery"."common_s2c_tcp_lostlen" VARCHAR,
+"field_discovery"."common_c2s_tcp_unorder_num" VARCHAR,
+"field_discovery"."common_s2c_tcp_unorder_num" VARCHAR,
+"field_discovery"."common_c2s_pkt_retrans" VARCHAR,
+"field_discovery"."common_s2c_pkt_retrans" VARCHAR,
+"field_discovery"."common_c2s_byte_retrans" VARCHAR,
+"field_discovery"."common_s2c_byte_retrans" VARCHAR,
+"field_discovery"."common_tcp_client_isn" VARCHAR,
+"field_discovery"."common_tcp_server_isn" VARCHAR,
+"field_discovery"."common_first_ttl" VARCHAR,
+"field_discovery"."common_processing_time" VARCHAR,
+"field_discovery"."common_ingestion_time" VARCHAR,
+"field_discovery"."common_mirrored_pkts" VARCHAR,
+"field_discovery"."common_mirrored_bytes" VARCHAR,
+"field_discovery"."http_url" VARCHAR,
+"field_discovery"."http_host" VARCHAR,
+"field_discovery"."http_domain" VARCHAR,
+"field_discovery"."http_request_line" VARCHAR,
+"field_discovery"."http_response_line" VARCHAR,
+"field_discovery"."http_request_header" VARCHAR,
+"field_discovery"."http_response_header" VARCHAR,
+"field_discovery"."http_request_content" VARCHAR,
+"field_discovery"."http_request_content_length" VARCHAR,
+"field_discovery"."http_request_content_type" VARCHAR,
+"field_discovery"."http_response_content" VARCHAR,
+"field_discovery"."http_response_content_length" VARCHAR,
+"field_discovery"."http_response_content_type" VARCHAR,
+"field_discovery"."http_request_body" VARCHAR,
+"field_discovery"."http_response_body" VARCHAR,
+"field_discovery"."http_request_body_key" VARCHAR,
+"field_discovery"."http_response_body_key" VARCHAR,
+"field_discovery"."http_proxy_flag" VARCHAR,
+"field_discovery"."http_sequence" VARCHAR,
+"field_discovery"."http_snapshot" VARCHAR,
+"field_discovery"."http_cookie" VARCHAR,
+"field_discovery"."http_referer" VARCHAR,
+"field_discovery"."http_user_agent" VARCHAR,
+"field_discovery"."http_content_length" VARCHAR,
+"field_discovery"."http_content_type" VARCHAR,
+"field_discovery"."http_set_cookie" VARCHAR,
+"field_discovery"."http_version" VARCHAR,
+"field_discovery"."http_response_latency_ms" VARCHAR,
+"field_discovery"."http_action_file_size" VARCHAR,
+"field_discovery"."http_session_duration_ms" VARCHAR,
+"field_discovery"."mail_protocol_type" VARCHAR,
+"field_discovery"."mail_account" VARCHAR,
+"field_discovery"."mail_from_cmd" VARCHAR,
+"field_discovery"."mail_to_cmd" VARCHAR,
+"field_discovery"."mail_from" VARCHAR,
+"field_discovery"."mail_to" VARCHAR,
+"field_discovery"."mail_cc" VARCHAR,
+"field_discovery"."mail_bcc" VARCHAR,
+"field_discovery"."mail_subject" VARCHAR,
+"field_discovery"."mail_subject_charset" VARCHAR,
+"field_discovery"."mail_content" VARCHAR,
+"field_discovery"."mail_content_charset" VARCHAR,
+"field_discovery"."mail_attachment_name" VARCHAR,
+"field_discovery"."mail_attachment_name_charset" VARCHAR,
+"field_discovery"."mail_attachment_content" VARCHAR,
+"field_discovery"."mail_eml_file" VARCHAR,
+"field_discovery"."mail_snapshot" VARCHAR,
+"field_discovery"."dns_message_id" VARCHAR,
+"field_discovery"."dns_qr" VARCHAR,
+"field_discovery"."dns_opcode" VARCHAR,
+"field_discovery"."dns_aa" VARCHAR,
+"field_discovery"."dns_tc" VARCHAR,
+"field_discovery"."dns_rd" VARCHAR,
+"field_discovery"."dns_ra" VARCHAR,
+"field_discovery"."dns_rcode" VARCHAR,
+"field_discovery"."dns_qdcount" VARCHAR,
+"field_discovery"."dns_ancount" VARCHAR,
+"field_discovery"."dns_nscount" VARCHAR,
+"field_discovery"."dns_arcount" VARCHAR,
+"field_discovery"."dns_qname" VARCHAR,
+"field_discovery"."dns_qtype" VARCHAR,
+"field_discovery"."dns_qclass" VARCHAR,
+"field_discovery"."dns_cname" VARCHAR,
+"field_discovery"."dns_sub" VARCHAR,
+"field_discovery"."dns_rr" VARCHAR,
+"field_discovery"."dns_response_latency_ms" VARCHAR,
+"field_discovery"."ssl_version" VARCHAR,
+"field_discovery"."ssl_sni" VARCHAR,
+"field_discovery"."ssl_san" VARCHAR,
+"field_discovery"."ssl_cn" VARCHAR,
+"field_discovery"."ssl_pinningst" VARCHAR,
+"field_discovery"."ssl_intercept_state" VARCHAR,
+"field_discovery"."ssl_passthrough_reason" VARCHAR,
+"field_discovery"."ssl_server_side_latency" VARCHAR,
+"field_discovery"."ssl_client_side_latency" VARCHAR,
+"field_discovery"."ssl_server_side_version" VARCHAR,
+"field_discovery"."ssl_client_side_version" VARCHAR,
+"field_discovery"."ssl_cert_verify" VARCHAR,
+"field_discovery"."ssl_error" VARCHAR,
+"field_discovery"."ssl_con_latency_ms" VARCHAR,
+"field_discovery"."ssl_ja3_fingerprint" VARCHAR,
+"field_discovery"."ssl_ja3_hash" VARCHAR,
+"field_discovery"."ssl_ja3s_fingerprint" VARCHAR,
+"field_discovery"."ssl_ja3s_hash" VARCHAR,
+"field_discovery"."ssl_cert_issuer" VARCHAR,
+"field_discovery"."ssl_cert_subject" VARCHAR,
+"field_discovery"."dtls_cookie" VARCHAR,
+"field_discovery"."dtls_version" VARCHAR,
+"field_discovery"."dtls_sni" VARCHAR,
+"field_discovery"."dtls_san" VARCHAR,
+"field_discovery"."dtls_cn" VARCHAR,
+"field_discovery"."dtls_con_latency_ms" VARCHAR,
+"field_discovery"."dtls_ja3_fingerprint" VARCHAR,
+"field_discovery"."dtls_ja3_hash" VARCHAR,
+"field_discovery"."dtls_cert_issuer" VARCHAR,
+"field_discovery"."dtls_cert_subject" VARCHAR,
+"field_discovery"."quic_version" VARCHAR,
+"field_discovery"."quic_sni" VARCHAR,
+"field_discovery"."quic_user_agent" VARCHAR,
+"field_discovery"."ftp_account" VARCHAR,
+"field_discovery"."ftp_url" VARCHAR,
+"field_discovery"."ftp_content" VARCHAR,
+"field_discovery"."ftp_link_type" VARCHAR,
+"field_discovery"."bgp_type" VARCHAR,
+"field_discovery"."bgp_as_num" VARCHAR,
+"field_discovery"."bgp_route" VARCHAR,
+"field_discovery"."voip_calling_account" VARCHAR,
+"field_discovery"."voip_called_account" VARCHAR,
+"field_discovery"."voip_calling_number" VARCHAR,
+"field_discovery"."voip_called_number" VARCHAR,
+"field_discovery"."streaming_media_url" VARCHAR,
+"field_discovery"."streaming_media_protocol" VARCHAR,
+"field_discovery"."app_extra_info" VARCHAR,
+"field_discovery"."sip_call_id" VARCHAR,
+"field_discovery"."sip_originator_description" VARCHAR,
+"field_discovery"."sip_responder_description" VARCHAR,
+"field_discovery"."sip_user_agent" VARCHAR,
+"field_discovery"."sip_server" VARCHAR,
+"field_discovery"."sip_originator_sdp_connect_ip" VARCHAR,
+"field_discovery"."sip_originator_sdp_media_port" VARCHAR,
+"field_discovery"."sip_originator_sdp_media_type" VARCHAR,
+"field_discovery"."sip_originator_sdp_content" VARCHAR,
+"field_discovery"."sip_responder_sdp_connect_ip" VARCHAR,
+"field_discovery"."sip_responder_sdp_media_port" VARCHAR,
+"field_discovery"."sip_responder_sdp_media_type" VARCHAR,
+"field_discovery"."sip_responder_sdp_content" VARCHAR,
+"field_discovery"."sip_duration_s" VARCHAR,
+"field_discovery"."sip_bye" VARCHAR,
+"field_discovery"."rtp_payload_type_c2s" VARCHAR,
+"field_discovery"."rtp_payload_type_s2c" VARCHAR,
+"field_discovery"."rtp_pcap_path" VARCHAR,
+"field_discovery"."rtp_originator_dir" VARCHAR,
+"field_discovery"."ssh_version" VARCHAR,
+"field_discovery"."ssh_auth_success" VARCHAR,
+"field_discovery"."ssh_client_version" VARCHAR,
+"field_discovery"."ssh_server_version" VARCHAR,
+"field_discovery"."ssh_cipher_alg" VARCHAR,
+"field_discovery"."ssh_mac_alg" VARCHAR,
+"field_discovery"."ssh_compression_alg" VARCHAR,
+"field_discovery"."ssh_kex_alg" VARCHAR,
+"field_discovery"."ssh_host_key_alg" VARCHAR,
+"field_discovery"."ssh_host_key" VARCHAR,
+"field_discovery"."ssh_hassh" VARCHAR,
+"field_discovery"."stratum_cryptocurrency" VARCHAR,
+"field_discovery"."stratum_mining_pools" VARCHAR,
+"field_discovery"."stratum_mining_program" VARCHAR,
+"field_discovery"."rdp_cookie" VARCHAR,
+"field_discovery"."rdp_security_protocol" VARCHAR,
+"field_discovery"."rdp_client_channels" VARCHAR,
+"field_discovery"."rdp_keyboard_layout" VARCHAR,
+"field_discovery"."rdp_client_version" VARCHAR,
+"field_discovery"."rdp_client_name" VARCHAR,
+"field_discovery"."rdp_client_product_id" VARCHAR,
+"field_discovery"."rdp_desktop_width" VARCHAR,
+"field_discovery"."rdp_desktop_height" VARCHAR,
+"field_discovery"."rdp_requested_color_depth" VARCHAR,
+"field_discovery"."rdp_certificate_type" VARCHAR,
+"field_discovery"."rdp_certificate_count" VARCHAR,
+"field_discovery"."rdp_certificate_permanent" VARCHAR,
+"field_discovery"."rdp_encryption_level" VARCHAR,
+"field_discovery"."rdp_encryption_method" VARCHAR,
+"field_discovery"."doh_url" VARCHAR,
+"field_discovery"."doh_host" VARCHAR,
+"field_discovery"."doh_request_line" VARCHAR,
+"field_discovery"."doh_response_line" VARCHAR,
+"field_discovery"."doh_cookie" VARCHAR,
+"field_discovery"."doh_referer" VARCHAR,
+"field_discovery"."doh_user_agent" VARCHAR,
+"field_discovery"."doh_content_length" VARCHAR,
+"field_discovery"."doh_content_type" VARCHAR,
+"field_discovery"."doh_set_cookie" VARCHAR,
+"field_discovery"."doh_version" VARCHAR,
+"field_discovery"."doh_message_id" VARCHAR,
+"field_discovery"."doh_qr" VARCHAR,
+"field_discovery"."doh_opcode" VARCHAR,
+"field_discovery"."doh_aa" VARCHAR,
+"field_discovery"."doh_tc" VARCHAR,
+"field_discovery"."doh_rd" VARCHAR,
+"field_discovery"."doh_ra" VARCHAR,
+"field_discovery"."doh_rcode" VARCHAR,
+"field_discovery"."doh_qdcount" VARCHAR,
+"field_discovery"."doh_ancount" VARCHAR,
+"field_discovery"."doh_nscount" VARCHAR,
+"field_discovery"."doh_arcount" VARCHAR,
+"field_discovery"."doh_qname" VARCHAR,
+"field_discovery"."doh_qtype" VARCHAR,
+"field_discovery"."doh_qclass" VARCHAR,
+"field_discovery"."doh_cname" VARCHAR,
+"field_discovery"."doh_sub" VARCHAR,
+"field_discovery"."doh_rr" VARCHAR,
+"field_discovery"."radius_packet_type" VARCHAR,
+"field_discovery"."radius_account" VARCHAR,
+"field_discovery"."radius_nas_ip" VARCHAR,
+"field_discovery"."radius_framed_ip" VARCHAR,
+"field_discovery"."radius_session_timeout" VARCHAR,
+"field_discovery"."radius_idle_timeout" VARCHAR,
+"field_discovery"."radius_acct_status_type" VARCHAR,
+"field_discovery"."radius_acct_terminate_cause" VARCHAR,
+"field_discovery"."radius_event_timestamp" VARCHAR,
+"field_discovery"."radius_service_type" VARCHAR,
+"field_discovery"."radius_nas_port" VARCHAR,
+"field_discovery"."radius_framed_protocol" VARCHAR,
+"field_discovery"."radius_callback_number" VARCHAR,
+"field_discovery"."radius_callback_id" VARCHAR,
+"field_discovery"."radius_termination_action" VARCHAR,
+"field_discovery"."radius_called_station_id" VARCHAR,
+"field_discovery"."radius_calling_station_id" VARCHAR,
+"field_discovery"."radius_acct_delay_time" VARCHAR,
+"field_discovery"."radius_acct_session_id" VARCHAR,
+"field_discovery"."radius_acct_multi_session_id" VARCHAR,
+"field_discovery"."radius_acct_input_octets" VARCHAR,
+"field_discovery"."radius_acct_output_octets" VARCHAR,
+"field_discovery"."radius_acct_input_packets" VARCHAR,
+"field_discovery"."radius_acct_output_packets" VARCHAR,
+"field_discovery"."radius_acct_session_time" VARCHAR,
+"field_discovery"."radius_acct_link_count" VARCHAR,
+"field_discovery"."radius_acct_interim_interval" VARCHAR,
+"field_discovery"."radius_acct_authentic" VARCHAR,
+"field_discovery"."gtp_version" VARCHAR,
+"field_discovery"."gtp_apn" VARCHAR,
+"field_discovery"."gtp_imei" VARCHAR,
+"field_discovery"."gtp_imsi" VARCHAR,
+"field_discovery"."gtp_phone_number" VARCHAR,
+"field_discovery"."gtp_uplink_teid" VARCHAR,
+"field_discovery"."gtp_downlink_teid" VARCHAR,
+"field_discovery"."gtp_msg_type" VARCHAR,
+"field_discovery"."gtp_end_user_ipv4" VARCHAR,
+"field_discovery"."gtp_end_user_ipv6" VARCHAR,
+"field_discovery"."start_time" VARCHAR,
+"field_discovery"."end_time" VARCHAR,
+"field_discovery"."log_id" VARCHAR,
+"field_discovery"."vsys_id" VARCHAR,
+"field_discovery"."attack_type" VARCHAR,
+"field_discovery"."severity" VARCHAR,
+"field_discovery"."conditions" VARCHAR,
+"field_discovery"."destination_ip" VARCHAR,
+"field_discovery"."destination_country" VARCHAR,
+"field_discovery"."source_ip_list" VARCHAR,
+"field_discovery"."source_country_list" VARCHAR,
+"field_discovery"."session_rate" VARCHAR,
+"field_discovery"."packet_rate" VARCHAR,
+"field_discovery"."bit_rate" VARCHAR);