diff --git a/Clickhouse最新全量建表语句/Clickhouse_TSG_建表语句.sql b/Clickhouse最新全量建表语句/Clickhouse_TSG_建表语句.sql
index 818d4ae..41347dd 100644
--- a/Clickhouse最新全量建表语句/Clickhouse_TSG_建表语句.sql
+++ b/Clickhouse最新全量建表语句/Clickhouse_TSG_建表语句.sql
@@ -150,6 +150,8 @@ vsys_id Int32,
 t_vsys_id Int32,
 flags Int64,
 flags_identify_info String,
+c2s_ttl Nullable(Int32),
+s2c_ttl Nullable(Int32),
 security_rule_list Array(Int64),
 security_action String,
 monitor_rule_list Array(Int64),
@@ -277,8 +279,8 @@ mail_bcc String,
 mail_subject String,
 mail_subject_charset String,
 mail_attachment_name String,
-mail_attachment_name_charset String,
-mail_starttls_flag Nullable(Int32),
+mail_attachment_name_charset String,
+mail_starttls_flag Nullable(Int32),
 mail_eml_file String,
 ftp_account String,
 ftp_url String,
@@ -392,6 +394,8 @@ vsys_id Int32,
 t_vsys_id Int32,
 flags Int64,
 flags_identify_info String,
+c2s_ttl Nullable(Int32),
+s2c_ttl Nullable(Int32),
 security_rule_list Array(Int64),
 security_action String,
 monitor_rule_list Array(Int64),
@@ -519,8 +523,8 @@ mail_bcc String,
 mail_subject String,
 mail_subject_charset String,
 mail_attachment_name String,
-mail_attachment_name_charset String,
-mail_starttls_flag Nullable(Int32),
+mail_attachment_name_charset String,
+mail_starttls_flag Nullable(Int32),
 mail_eml_file String,
 ftp_account String,
 ftp_url String,
@@ -632,6 +636,8 @@ vsys_id Int32,
 t_vsys_id Int32,
 flags Int64,
 flags_identify_info String,
+c2s_ttl Nullable(Int32),
+s2c_ttl Nullable(Int32),
 security_rule_list Array(Int64),
 security_action String,
 monitor_rule_list Array(Int64),
@@ -759,8 +765,8 @@ mail_bcc String,
 mail_subject String,
 mail_subject_charset String,
 mail_attachment_name String,
-mail_attachment_name_charset String,
-mail_starttls_flag Nullable(Int32),
+mail_attachment_name_charset String,
+mail_starttls_flag Nullable(Int32),
 mail_eml_file String,
 ftp_account String,
 ftp_url String,
@@ -871,6 +877,8 @@ vsys_id Int32,
 t_vsys_id Int32,
 flags Int64,
 flags_identify_info String,
+c2s_ttl Nullable(Int32),
+s2c_ttl Nullable(Int32),
 security_rule_list Array(Int64),
 security_action String,
 monitor_rule_list Array(Int64),
@@ -998,8 +1006,8 @@ mail_bcc String,
 mail_subject String,
 mail_subject_charset String,
 mail_attachment_name String,
-mail_attachment_name_charset String,
-mail_starttls_flag Nullable(Int32),
+mail_attachment_name_charset String,
+mail_starttls_flag Nullable(Int32),
 mail_eml_file String,
 ftp_account String,
 ftp_url String,
@@ -1112,6 +1120,8 @@ vsys_id Int32,
 t_vsys_id Int32,
 flags Int64,
 flags_identify_info String,
+c2s_ttl Nullable(Int32),
+s2c_ttl Nullable(Int32),
 security_rule_list Array(Int64),
 security_action String,
 monitor_rule_list Array(Int64),
@@ -1239,8 +1249,8 @@ mail_bcc String,
 mail_subject String,
 mail_subject_charset String,
 mail_attachment_name String,
-mail_attachment_name_charset String,
-mail_starttls_flag Nullable(Int32),
+mail_attachment_name_charset String,
+mail_starttls_flag Nullable(Int32),
 mail_eml_file String,
 ftp_account String,
 ftp_url String,
@@ -1351,6 +1361,8 @@ vsys_id Int32,
 t_vsys_id Int32,
 flags Int64,
 flags_identify_info String,
+c2s_ttl Nullable(Int32),
+s2c_ttl Nullable(Int32),
 security_rule_list Array(Int64),
 security_action String,
 monitor_rule_list Array(Int64),
@@ -1478,8 +1490,8 @@ mail_bcc String,
 mail_subject String,
 mail_subject_charset String,
 mail_attachment_name String,
-mail_attachment_name_charset String,
-mail_starttls_flag Nullable(Int32),
+mail_attachment_name_charset String,
+mail_starttls_flag Nullable(Int32),
 mail_eml_file String,
 ftp_account String,
 ftp_url String,
@@ -1591,6 +1603,8 @@ vsys_id Int32,
 t_vsys_id Int32,
 flags Int64,
 flags_identify_info String,
+c2s_ttl Nullable(Int32),
+s2c_ttl Nullable(Int32),
 security_rule_list Array(Int64),
 security_action String,
 monitor_rule_list Array(Int64),
@@ -1718,8 +1732,8 @@ mail_bcc String,
 mail_subject String,
 mail_subject_charset String,
 mail_attachment_name String,
-mail_attachment_name_charset String,
-mail_starttls_flag Nullable(Int32),
+mail_attachment_name_charset String,
+mail_starttls_flag Nullable(Int32),
 mail_eml_file String,
 ftp_account String,
 ftp_url String,
@@ -1832,6 +1846,8 @@ vsys_id Int32,
 t_vsys_id Int32,
 flags Int64,
 flags_identify_info String,
+c2s_ttl Nullable(Int32),
+s2c_ttl Nullable(Int32),
 security_rule_list Array(Int64),
 security_action String,
 monitor_rule_list Array(Int64),
@@ -1959,8 +1975,8 @@ mail_bcc String,
 mail_subject String,
 mail_subject_charset String,
 mail_attachment_name String,
-mail_attachment_name_charset String,
-mail_starttls_flag Nullable(Int32),
+mail_attachment_name_charset String,
+mail_starttls_flag Nullable(Int32),
 mail_eml_file String,
 ftp_account String,
 ftp_url String,
@@ -2071,6 +2087,8 @@ vsys_id Int32,
 t_vsys_id Int32,
 flags Int64,
 flags_identify_info String,
+c2s_ttl Nullable(Int32),
+s2c_ttl Nullable(Int32),
 security_rule_list Array(Int64),
 security_action String,
 monitor_rule_list Array(Int64),
@@ -2198,8 +2216,8 @@ mail_bcc String,
 mail_subject String,
 mail_subject_charset String,
 mail_attachment_name String,
-mail_attachment_name_charset String,
-mail_starttls_flag Nullable(Int32),
+mail_attachment_name_charset String,
+mail_starttls_flag Nullable(Int32),
 mail_eml_file String,
 ftp_account String,
 ftp_url String,
@@ -2357,8 +2375,8 @@ mail_bcc String,
 mail_subject String,
 mail_subject_charset String,
 mail_attachment_name String,
-mail_attachment_name_charset String,
-mail_starttls_flag Nullable(Int32),
+mail_attachment_name_charset String,
+mail_starttls_flag Nullable(Int32),
 mail_eml_file String,
 sip_call_id String,
 sip_originator_description String,
@@ -2451,8 +2469,8 @@ mail_bcc String,
 mail_subject String,
 mail_subject_charset String,
 mail_attachment_name String,
-mail_attachment_name_charset String,
-mail_starttls_flag Nullable(Int32),
+mail_attachment_name_charset String,
+mail_starttls_flag Nullable(Int32),
 mail_eml_file String,
 sip_call_id String,
 sip_originator_description String,
@@ -2543,8 +2561,8 @@ mail_bcc String,
 mail_subject String,
 mail_subject_charset String,
 mail_attachment_name String,
-mail_attachment_name_charset String,
-mail_starttls_flag Nullable(Int32),
+mail_attachment_name_charset String,
+mail_starttls_flag Nullable(Int32),
 mail_eml_file String,
 sip_call_id String,
 sip_originator_description String,
@@ -2593,27 +2611,6 @@ vsys_id Int32,
 t_vsys_id Int32,
 flags Int64,
 flags_identify_info String,
-security_rule_list Array(Int64),
-security_action String,
-monitor_rule_list Array(Int64),
-shaping_rule_list Array(Int64),
-proxy_rule_list Array(Int64),
-statistics_rule_list Array(Int64),
-sc_rule_list Array(Int64),
-sc_rsp_raw Array(Int64),
-sc_rsp_decrypted Array(Int64),
-proxy_action String,
-proxy_pinning_status Nullable(Int32),
-proxy_intercept_status Nullable(Int32),
-proxy_passthrough_reason String,
-proxy_client_side_latency_ms Nullable(Int32),
-proxy_server_side_latency_ms Nullable(Int32),
-proxy_client_side_version String,
-proxy_server_side_version String,
-proxy_cert_verify Nullable(Int32),
-proxy_intercept_error String,
-monitor_mirrored_pkts Nullable(Int32),
-monitor_mirrored_bytes Nullable(Int32),
 client_ip String,
 client_port Int32,
 client_os_desc String,
@@ -2623,11 +2620,6 @@ client_super_administrative_area String,
 client_administrative_area String,
 client_sub_administrative_area String,
 client_asn Nullable(Int64),
-subscriber_id String,
-imei String,
-imsi String,
-phone_number String,
-apn String,
 server_ip String,
 server_port Int32,
 server_os_desc String,
@@ -2637,16 +2629,7 @@ server_super_administrative_area String,
 server_administrative_area String,
 server_sub_administrative_area String,
 server_asn Nullable(Int64),
-server_fqdn String,
-server_domain String,
-app_transition String, 
-app LowCardinality(String),
-app_debug_info String,
-app_content String,
-app_extra_info String,
-fqdn_category_list Array(Int64),
 ip_protocol LowCardinality(String),
-decoded_path LowCardinality(String),
 sip_call_id String,
 sip_originator_description String,
 sip_responder_description String,
@@ -2669,30 +2652,7 @@ rtp_originator_dir Nullable(Int32),
 sent_pkts Int64,
 received_pkts Int64,
 sent_bytes Int64,
-received_bytes Int64,
-tcp_c2s_ip_fragments Nullable(Int64),
-tcp_s2c_ip_fragments Nullable(Int64),
-tcp_c2s_lost_bytes Nullable(Int64),
-tcp_s2c_lost_bytes Nullable(Int64),
-tcp_c2s_o3_pkts Nullable(Int64),
-tcp_s2c_o3_pkts Nullable(Int64),
-tcp_c2s_rtx_pkts Nullable(Int64),
-tcp_s2c_rtx_pkts Nullable(Int64),
-tcp_c2s_rtx_bytes Nullable(Int64),
-tcp_s2c_rtx_bytes Nullable(Int64),
-tcp_rtt_ms Nullable(Int32),
-tcp_client_isn Nullable(Int64),
-tcp_server_isn Nullable(Int64),
-packet_capture_file String,
-in_src_mac String,
-out_src_mac String,
-in_dest_mac String,
-out_dest_mac String,
-encapsulation String,
-dup_traffic_flag Nullable(Int32),
-tunnel_id_list Array(Int64),
-tunnel_endpoint_a_desc String,
-tunnel_endpoint_b_desc String
+received_bytes Int64
 )
 ENGINE = MergeTree
 PARTITION BY toYYYYMMDD(toDate(recv_time))
@@ -2722,27 +2682,6 @@ vsys_id Int32,
 t_vsys_id Int32,
 flags Int64,
 flags_identify_info String,
-security_rule_list Array(Int64),
-security_action String,
-monitor_rule_list Array(Int64),
-shaping_rule_list Array(Int64),
-proxy_rule_list Array(Int64),
-statistics_rule_list Array(Int64),
-sc_rule_list Array(Int64),
-sc_rsp_raw Array(Int64),
-sc_rsp_decrypted Array(Int64),
-proxy_action String,
-proxy_pinning_status Nullable(Int32),
-proxy_intercept_status Nullable(Int32),
-proxy_passthrough_reason String,
-proxy_client_side_latency_ms Nullable(Int32),
-proxy_server_side_latency_ms Nullable(Int32),
-proxy_client_side_version String,
-proxy_server_side_version String,
-proxy_cert_verify Nullable(Int32),
-proxy_intercept_error String,
-monitor_mirrored_pkts Nullable(Int32),
-monitor_mirrored_bytes Nullable(Int32),
 client_ip String,
 client_port Int32,
 client_os_desc String,
@@ -2752,11 +2691,6 @@ client_super_administrative_area String,
 client_administrative_area String,
 client_sub_administrative_area String,
 client_asn Nullable(Int64),
-subscriber_id String,
-imei String,
-imsi String,
-phone_number String,
-apn String,
 server_ip String,
 server_port Int32,
 server_os_desc String,
@@ -2766,16 +2700,7 @@ server_super_administrative_area String,
 server_administrative_area String,
 server_sub_administrative_area String,
 server_asn Nullable(Int64),
-server_fqdn String,
-server_domain String,
-app_transition String, 
-app LowCardinality(String),
-app_debug_info String,
-app_content String,
-app_extra_info String,
-fqdn_category_list Array(Int64),
 ip_protocol LowCardinality(String),
-decoded_path LowCardinality(String),
 sip_call_id String,
 sip_originator_description String,
 sip_responder_description String,
@@ -2798,30 +2723,7 @@ rtp_originator_dir Nullable(Int32),
 sent_pkts Int64,
 received_pkts Int64,
 sent_bytes Int64,
-received_bytes Int64,
-tcp_c2s_ip_fragments Nullable(Int64),
-tcp_s2c_ip_fragments Nullable(Int64),
-tcp_c2s_lost_bytes Nullable(Int64),
-tcp_s2c_lost_bytes Nullable(Int64),
-tcp_c2s_o3_pkts Nullable(Int64),
-tcp_s2c_o3_pkts Nullable(Int64),
-tcp_c2s_rtx_pkts Nullable(Int64),
-tcp_s2c_rtx_pkts Nullable(Int64),
-tcp_c2s_rtx_bytes Nullable(Int64),
-tcp_s2c_rtx_bytes Nullable(Int64),
-tcp_rtt_ms Nullable(Int32),
-tcp_client_isn Nullable(Int64),
-tcp_server_isn Nullable(Int64),
-packet_capture_file String,
-in_src_mac String,
-out_src_mac String,
-in_dest_mac String,
-out_dest_mac String,
-encapsulation String,
-dup_traffic_flag Nullable(Int32),
-tunnel_id_list Array(Int64),
-tunnel_endpoint_a_desc String,
-tunnel_endpoint_b_desc String
+received_bytes Int64
 )
 ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,voip_record_local,rand());
 
@@ -2849,27 +2751,6 @@ vsys_id Int32,
 t_vsys_id Int32,
 flags Int64,
 flags_identify_info String,
-security_rule_list Array(Int64),
-security_action String,
-monitor_rule_list Array(Int64),
-shaping_rule_list Array(Int64),
-proxy_rule_list Array(Int64),
-statistics_rule_list Array(Int64),
-sc_rule_list Array(Int64),
-sc_rsp_raw Array(Int64),
-sc_rsp_decrypted Array(Int64),
-proxy_action String,
-proxy_pinning_status Nullable(Int32),
-proxy_intercept_status Nullable(Int32),
-proxy_passthrough_reason String,
-proxy_client_side_latency_ms Nullable(Int32),
-proxy_server_side_latency_ms Nullable(Int32),
-proxy_client_side_version String,
-proxy_server_side_version String,
-proxy_cert_verify Nullable(Int32),
-proxy_intercept_error String,
-monitor_mirrored_pkts Nullable(Int32),
-monitor_mirrored_bytes Nullable(Int32),
 client_ip String,
 client_port Int32,
 client_os_desc String,
@@ -2879,11 +2760,6 @@ client_super_administrative_area String,
 client_administrative_area String,
 client_sub_administrative_area String,
 client_asn Nullable(Int64),
-subscriber_id String,
-imei String,
-imsi String,
-phone_number String,
-apn String,
 server_ip String,
 server_port Int32,
 server_os_desc String,
@@ -2893,16 +2769,7 @@ server_super_administrative_area String,
 server_administrative_area String,
 server_sub_administrative_area String,
 server_asn Nullable(Int64),
-server_fqdn String,
-server_domain String,
-app_transition String, 
-app LowCardinality(String),
-app_debug_info String,
-app_content String,
-app_extra_info String,
-fqdn_category_list Array(Int64),
 ip_protocol LowCardinality(String),
-decoded_path LowCardinality(String),
 sip_call_id String,
 sip_originator_description String,
 sip_responder_description String,
@@ -2925,30 +2792,7 @@ rtp_originator_dir Nullable(Int32),
 sent_pkts Int64,
 received_pkts Int64,
 sent_bytes Int64,
-received_bytes Int64,
-tcp_c2s_ip_fragments Nullable(Int64),
-tcp_s2c_ip_fragments Nullable(Int64),
-tcp_c2s_lost_bytes Nullable(Int64),
-tcp_s2c_lost_bytes Nullable(Int64),
-tcp_c2s_o3_pkts Nullable(Int64),
-tcp_s2c_o3_pkts Nullable(Int64),
-tcp_c2s_rtx_pkts Nullable(Int64),
-tcp_s2c_rtx_pkts Nullable(Int64),
-tcp_c2s_rtx_bytes Nullable(Int64),
-tcp_s2c_rtx_bytes Nullable(Int64),
-tcp_rtt_ms Nullable(Int32),
-tcp_client_isn Nullable(Int64),
-tcp_server_isn Nullable(Int64),
-packet_capture_file String,
-in_src_mac String,
-out_src_mac String,
-in_dest_mac String,
-out_dest_mac String,
-encapsulation String,
-dup_traffic_flag Nullable(Int32),
-tunnel_id_list Array(Int64),
-tunnel_endpoint_a_desc String,
-tunnel_endpoint_b_desc String
+received_bytes Int64
 )
 ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,voip_record_local,rand());
 
@@ -2978,6 +2822,8 @@ vsys_id Int32,
 t_vsys_id Int32,
 flags Int64,
 flags_identify_info String,
+c2s_ttl Nullable(Int32),
+s2c_ttl Nullable(Int32),
 security_rule_list Array(Int64),
 security_action String,
 monitor_rule_list Array(Int64),
@@ -3139,6 +2985,8 @@ vsys_id Int32,
 t_vsys_id Int32,
 flags Int64,
 flags_identify_info String,
+c2s_ttl Nullable(Int32),
+s2c_ttl Nullable(Int32),
 security_rule_list Array(Int64),
 security_action String,
 monitor_rule_list Array(Int64),
@@ -3297,6 +3145,8 @@ vsys_id Int32,
 t_vsys_id Int32,
 flags Int64,
 flags_identify_info String,
+c2s_ttl Nullable(Int32),
+s2c_ttl Nullable(Int32),
 security_rule_list Array(Int64),
 security_action String,
 monitor_rule_list Array(Int64),
@@ -3459,6 +3309,8 @@ TO tsg_galaxy_v3.security_event_local
     t_vsys_id Int32,
     flags Int64,
     flags_identify_info String,
+    c2s_ttl Nullable(Int32),
+    s2c_ttl Nullable(Int32),
     security_rule_list Array(Int64),
     security_action String,
     monitor_rule_list Array(Int64),
@@ -3697,6 +3549,8 @@ SELECT
     t_vsys_id,
     flags,
     flags_identify_info,
+    c2s_ttl,
+    s2c_ttl,
     security_rule_list,
     security_action,
     monitor_rule_list,
@@ -3940,6 +3794,8 @@ TO tsg_galaxy_v3.monitor_event_local
     t_vsys_id Int32,
     flags Int64,
     flags_identify_info String,
+    c2s_ttl Nullable(Int32),
+    s2c_ttl Nullable(Int32),
     security_rule_list Array(Int64),
     security_action String,
     monitor_rule_list Array(Int64),
@@ -4178,6 +4034,8 @@ SELECT
     t_vsys_id,
     flags,
     flags_identify_info,
+    c2s_ttl,
+    s2c_ttl,
     security_rule_list,
     security_action,
     monitor_rule_list,
diff --git a/Clickhouse最新全量建表语句/Clickhouse_TSG_校验sql.sql b/Clickhouse最新全量建表语句/Clickhouse_TSG_校验sql.sql
index b21c871..5eb0ff7 100644
--- a/Clickhouse最新全量建表语句/Clickhouse_TSG_校验sql.sql
+++ b/Clickhouse最新全量建表语句/Clickhouse_TSG_校验sql.sql
@@ -2,17 +2,17 @@ SELECT log_id, recv_time, vsys_id, assessment_date, lot_number, file_name, asses
 FROM tsg_galaxy_v3.assessment_event where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
 SELECT vsys_id, recv_time, log_id, profile_id, rule_id, start_time, end_time, attack_type, severity, conditions, destination_ip, destination_country, source_ip_list, source_country_list, sessions, session_rate, packets, packet_rate, bytes, bit_rate
 FROM tsg_galaxy_v3.dos_event where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
-SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, shaping_rule_list, proxy_rule_list, statistics_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_country, client_super_administrative_area, client_administrative_area, client_sub_administrative_area, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_country, server_super_administrative_area, server_administrative_area, server_sub_administrative_area, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, app_extra_info, fqdn_category_list, ip_protocol, decoded_path, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_starttls_flag, mail_eml_file, ftp_account, ftp_url, ftp_link_type, quic_version, quic_sni, quic_user_agent, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, encapsulation, dup_traffic_flag, tunnel_id_list, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc
+SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, c2s_ttl, s2c_ttl, security_rule_list, security_action, monitor_rule_list, shaping_rule_list, proxy_rule_list, statistics_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_country, client_super_administrative_area, client_administrative_area, client_sub_administrative_area, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_country, server_super_administrative_area, server_administrative_area, server_sub_administrative_area, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, app_extra_info, fqdn_category_list, ip_protocol, decoded_path, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_starttls_flag, mail_eml_file, ftp_account, ftp_url, ftp_link_type, quic_version, quic_sni, quic_user_agent, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, encapsulation, dup_traffic_flag, tunnel_id_list, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc
 FROM tsg_galaxy_v3.monitor_event where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
-SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, shaping_rule_list, proxy_rule_list, statistics_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_country, client_super_administrative_area, client_administrative_area, client_sub_administrative_area, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_country, server_super_administrative_area, server_administrative_area, server_sub_administrative_area, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, app_extra_info, fqdn_category_list, ip_protocol, decoded_path, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, doh_url, doh_host, doh_request_line, doh_response_line, doh_cookie, doh_referer, doh_user_agent, doh_content_length, doh_content_type, doh_set_cookie, doh_version, doh_message_id, doh_qr, doh_opcode, doh_aa, doh_tc, doh_rd, doh_ra, doh_rcode, doh_qdcount, doh_ancount, doh_nscount, doh_arcount, doh_qname, doh_qtype, doh_qclass, doh_cname, doh_sub, doh_rr, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, encapsulation, dup_traffic_flag, tunnel_id_list, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc
+SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, c2s_ttl, s2c_ttl, security_rule_list, security_action, monitor_rule_list, shaping_rule_list, proxy_rule_list, statistics_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_country, client_super_administrative_area, client_administrative_area, client_sub_administrative_area, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_country, server_super_administrative_area, server_administrative_area, server_sub_administrative_area, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, app_extra_info, fqdn_category_list, ip_protocol, decoded_path, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, doh_url, doh_host, doh_request_line, doh_response_line, doh_cookie, doh_referer, doh_user_agent, doh_content_length, doh_content_type, doh_set_cookie, doh_version, doh_message_id, doh_qr, doh_opcode, doh_aa, doh_tc, doh_rd, doh_ra, doh_rcode, doh_qdcount, doh_ancount, doh_nscount, doh_arcount, doh_qname, doh_qtype, doh_qclass, doh_cname, doh_sub, doh_rr, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, encapsulation, dup_traffic_flag, tunnel_id_list, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc
 FROM tsg_galaxy_v3.proxy_event where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
-SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, shaping_rule_list, proxy_rule_list, statistics_rule_list, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_country, client_super_administrative_area, client_administrative_area, client_sub_administrative_area, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_country, server_super_administrative_area, server_administrative_area, server_sub_administrative_area, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, app_extra_info, fqdn_category_list, ip_protocol, decoded_path, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_starttls_flag, mail_eml_file, ftp_account, ftp_url, ftp_link_type, quic_version, quic_sni, quic_user_agent, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, encapsulation, dup_traffic_flag, tunnel_id_list, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc
+SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, c2s_ttl, s2c_ttl, security_rule_list, security_action, monitor_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, shaping_rule_list, proxy_rule_list, statistics_rule_list, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_country, client_super_administrative_area, client_administrative_area, client_sub_administrative_area, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_country, server_super_administrative_area, server_administrative_area, server_sub_administrative_area, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, app_extra_info, fqdn_category_list, ip_protocol, decoded_path, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_starttls_flag, mail_eml_file, ftp_account, ftp_url, ftp_link_type, quic_version, quic_sni, quic_user_agent, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, encapsulation, dup_traffic_flag, tunnel_id_list, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc
 FROM tsg_galaxy_v3.security_event where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
-SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, shaping_rule_list, proxy_rule_list, statistics_rule_list, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_country, client_super_administrative_area, client_administrative_area, client_sub_administrative_area, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_country, server_super_administrative_area, server_administrative_area, server_sub_administrative_area, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, app_extra_info, fqdn_category_list, ip_protocol, decoded_path, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_starttls_flag, mail_eml_file, ftp_account, ftp_url, ftp_link_type, quic_version, quic_sni, quic_user_agent, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, encapsulation, dup_traffic_flag, tunnel_id_list, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc
+SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, c2s_ttl, s2c_ttl, security_rule_list, security_action, monitor_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, shaping_rule_list, proxy_rule_list, statistics_rule_list, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_country, client_super_administrative_area, client_administrative_area, client_sub_administrative_area, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_country, server_super_administrative_area, server_administrative_area, server_sub_administrative_area, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, app_extra_info, fqdn_category_list, ip_protocol, decoded_path, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, ssl_version, ssl_sni, ssl_san, ssl_cn, ssl_handshake_latency_ms, ssl_ja3_hash, ssl_ja3s_hash, ssl_cert_issuer, ssl_cert_subject, ssl_esni_flag, ssl_ech_flag, dtls_cookie, dtls_version, dtls_sni, dtls_san, dtls_cn, dtls_handshake_latency_ms, dtls_ja3_fingerprint, dtls_ja3_hash, dtls_cert_issuer, dtls_cert_subject, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_starttls_flag, mail_eml_file, ftp_account, ftp_url, ftp_link_type, quic_version, quic_sni, quic_user_agent, rdp_cookie, rdp_security_protocol, rdp_client_channels, rdp_keyboard_layout, rdp_client_version, rdp_client_name, rdp_client_product_id, rdp_desktop_width, rdp_desktop_height, rdp_requested_color_depth, rdp_certificate_type, rdp_certificate_count, rdp_certificate_permanent, rdp_encryption_level, rdp_encryption_method, ssh_version, ssh_auth_success, ssh_client_version, ssh_server_version, ssh_cipher_alg, ssh_mac_alg, ssh_compression_alg, ssh_kex_alg, ssh_host_key_alg, ssh_host_key, ssh_hassh, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, stratum_cryptocurrency, stratum_mining_pools, stratum_mining_program, stratum_mining_subscribe, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, encapsulation, dup_traffic_flag, tunnel_id_list, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc
 FROM tsg_galaxy_v3.session_record where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
 SELECT recv_time, log_id, decoded_as, session_id, ingestion_time, processing_time, insert_time, address_type, vsys_id, client_ip, client_port, server_ip, server_port, sent_pkts, received_pkts, sent_bytes, received_bytes, dns_message_id, dns_qr, dns_opcode, dns_aa, dns_tc, dns_rd, dns_ra, dns_rcode, dns_qdcount, dns_ancount, dns_nscount, dns_arcount, dns_qname, dns_qtype, dns_qclass, dns_cname, dns_sub, dns_rr, dns_response_latency_ms, http_url, http_host, http_request_line, http_response_line, http_request_body, http_response_body, http_proxy_flag, http_sequence, http_cookie, http_referer, http_user_agent, http_request_content_length, http_request_content_type, http_response_content_length, http_response_content_type, http_set_cookie, http_version, http_status_code, http_response_latency_ms, http_session_duration_ms, http_action_file_size, mail_protocol_type, mail_account, mail_from_cmd, mail_to_cmd, mail_from, mail_password, mail_to, mail_cc, mail_bcc, mail_subject, mail_subject_charset, mail_attachment_name, mail_attachment_name_charset, mail_starttls_flag, mail_eml_file, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye
 FROM tsg_galaxy_v3.transaction_record where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');
-SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, security_rule_list, security_action, monitor_rule_list, shaping_rule_list, proxy_rule_list, statistics_rule_list, sc_rule_list, sc_rsp_raw, sc_rsp_decrypted, proxy_action, proxy_pinning_status, proxy_intercept_status, proxy_passthrough_reason, proxy_client_side_latency_ms, proxy_server_side_latency_ms, proxy_client_side_version, proxy_server_side_version, proxy_cert_verify, proxy_intercept_error, monitor_mirrored_pkts, monitor_mirrored_bytes, client_ip, client_port, client_os_desc, client_geolocation, client_country, client_super_administrative_area, client_administrative_area, client_sub_administrative_area, client_asn, subscriber_id, imei, imsi, phone_number, apn, server_ip, server_port, server_os_desc, server_geolocation, server_country, server_super_administrative_area, server_administrative_area, server_sub_administrative_area, server_asn, server_fqdn, server_domain, app_transition, app, app_debug_info, app_content, app_extra_info, fqdn_category_list, ip_protocol, decoded_path, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, sent_pkts, received_pkts, sent_bytes, received_bytes, tcp_c2s_ip_fragments, tcp_s2c_ip_fragments, tcp_c2s_lost_bytes, tcp_s2c_lost_bytes, tcp_c2s_o3_pkts, tcp_s2c_o3_pkts, tcp_c2s_rtx_pkts, tcp_s2c_rtx_pkts, tcp_c2s_rtx_bytes, tcp_s2c_rtx_bytes, tcp_rtt_ms, tcp_client_isn, tcp_server_isn, packet_capture_file, in_src_mac, out_src_mac, in_dest_mac, out_dest_mac, encapsulation, dup_traffic_flag, tunnel_id_list, tunnel_endpoint_a_desc, tunnel_endpoint_b_desc
+SELECT recv_time, log_id, decoded_as, session_id, start_timestamp_ms, end_timestamp_ms, duration_ms, tcp_handshake_latency_ms, ingestion_time, processing_time, insert_time, device_id, out_link_id, in_link_id, device_tag, data_center, device_group, sled_ip, address_type, vsys_id, t_vsys_id, flags, flags_identify_info, client_ip, client_port, client_os_desc, client_geolocation, client_country, client_super_administrative_area, client_administrative_area, client_sub_administrative_area, client_asn, server_ip, server_port, server_os_desc, server_geolocation, server_country, server_super_administrative_area, server_administrative_area, server_sub_administrative_area, server_asn, ip_protocol, sip_call_id, sip_originator_description, sip_responder_description, sip_user_agent, sip_server, sip_originator_sdp_connect_ip, sip_originator_sdp_media_port, sip_originator_sdp_media_type, sip_originator_sdp_content, sip_responder_sdp_connect_ip, sip_responder_sdp_media_port, sip_responder_sdp_media_type, sip_responder_sdp_content, sip_duration_s, sip_bye, rtp_payload_type_c2s, rtp_payload_type_s2c, rtp_pcap_path, rtp_originator_dir, sent_pkts, received_pkts, sent_bytes, received_bytes
 FROM tsg_galaxy_v3.voip_record where recv_time >= toUnixTimestamp('2030-01-01 00:00:00') AND recv_time <toUnixTimestamp('2030-01-01 00:00:01');