diff --git a/Clickhouse最新全量建表语句/江苏项目/js-tsg-2402-create-table.sql b/Clickhouse最新全量建表语句/江苏项目/js-tsg-2402-create-table.sql
new file mode 100644
index 0000000..6e34f6c
--- /dev/null
+++ b/Clickhouse最新全量建表语句/江苏项目/js-tsg-2402-create-table.sql
@@ -0,0 +1,3118 @@
+create database IF NOT EXISTS tsg_galaxy_v3 ON CLUSTER js_datahouse;
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.dos_event_local on cluster js_datahouse (
+    vsys_id Int32 COMMENT 'Vsys ID',
+    recv_time Int64 COMMENT 'Receive Time',
+    log_id UInt64 COMMENT 'Log ID',
+    profile_id Int64 COMMENT 'Profile ID',
+    start_time Int64 COMMENT 'Start Time',
+    end_time Int64 COMMENT 'End Time',
+    attack_type String COMMENT 'Attack Type',
+    severity String COMMENT 'Severity',
+    conditions String COMMENT 'Conditions',
+    destination_ip String COMMENT 'Destination IP',
+    destination_country String COMMENT 'Destination Country',
+    source_ip_list String COMMENT 'Source IP List',
+    source_country_list String COMMENT 'Source Country List',
+    session_rate Int64 COMMENT 'Sessions/s',
+    packet_rate Int64 COMMENT 'Packets/s',
+    bit_rate Int64 COMMENT 'Bits/s'
+
+) ENGINE = ReplicatedMergeTree('/clickhouse/tables/{shard}/dos_event_local', '{replica}')
+PARTITION BY toYYYYMMDD(toDate(recv_time))
+ORDER BY (vsys_id,destination_ip,recv_time,log_id)
+TTL toDateTime(recv_time) + toIntervalSecond(15552000)
+;
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.dos_event on cluster js_datahouse (
+    vsys_id Int32 COMMENT 'Vsys ID',
+    recv_time Int64 COMMENT 'Receive Time',
+    log_id UInt64 COMMENT 'Log ID',
+    profile_id Int64 COMMENT 'Profile ID',
+    start_time Int64 COMMENT 'Start Time',
+    end_time Int64 COMMENT 'End Time',
+    attack_type String COMMENT 'Attack Type',
+    severity String COMMENT 'Severity',
+    conditions String COMMENT 'Conditions',
+    destination_ip String COMMENT 'Destination IP',
+    destination_country String COMMENT 'Destination Country',
+    source_ip_list String COMMENT 'Source IP List',
+    source_country_list String COMMENT 'Source Country List',
+    session_rate Int64 COMMENT 'Sessions/s',
+    packet_rate Int64 COMMENT 'Packets/s',
+    bit_rate Int64 COMMENT 'Bits/s'
+)
+ENGINE =Distributed(js_datahouse,tsg_galaxy_v3,dos_event_local,rand());
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.assessment_event_local on cluster js_datahouse (
+    log_id UInt64 COMMENT 'Log ID',
+    recv_time Int64 COMMENT 'Receive Time',
+    vsys_id Int64 COMMENT 'Vsys ID',
+    assessment_date Int64 COMMENT 'Assessment Date',
+    lot_number String COMMENT 'Lot Number',
+    file_name String COMMENT 'File Name',
+    assessment_file String COMMENT 'Assessment File',
+    assessment_type String COMMENT 'Assessment Type',
+    features String COMMENT 'Features',
+    size Int64 COMMENT 'Size',
+    file_checksum_sha String COMMENT 'File Checksum SHA'
+)
+ENGINE = ReplicatedMergeTree('/clickhouse/tables/{shard}/assessment_event_local', '{replica}')
+PARTITION BY toYYYYMMDD(toDate(recv_time))
+ORDER BY (vsys_id,recv_time,log_id)
+TTL toDateTime(recv_time) + toIntervalSecond(15552000)
+;
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.assessment_event on cluster js_datahouse (
+    log_id UInt64 COMMENT 'Log ID',
+    recv_time Int64 COMMENT 'Receive Time',
+    vsys_id Int64 COMMENT 'Vsys ID',
+    assessment_date Int64 COMMENT 'Assessment Date',
+    lot_number String COMMENT 'Lot Number',
+    file_name String COMMENT 'File Name',
+    assessment_file String COMMENT 'Assessment File',
+    assessment_type String COMMENT 'Assessment Type',
+    features String COMMENT 'Features',
+    size Int64 COMMENT 'Size',
+    file_checksum_sha String COMMENT 'File Checksum SHA'
+)
+ENGINE =Distributed(js_datahouse,tsg_galaxy_v3,assessment_event_local,rand());
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.session_record_local on cluster js_datahouse (
+recv_time Int64 COMMENT 'Receive Time',
+log_id UInt64 COMMENT 'Log ID',
+decoded_as String COMMENT 'Decoded AS',
+session_id UInt64 COMMENT 'Session ID',
+start_timestamp_ms DateTime64(3) COMMENT 'Start Time',
+end_timestamp_ms DateTime64(3) COMMENT 'End Time',
+duration_ms Int32 COMMENT 'Duration',
+tcp_handshake_latency_ms Nullable(Int32) COMMENT 'TCP Handshake Latency',
+ingestion_time Int64 COMMENT 'Ingestion Time',
+processing_time Int64 COMMENT 'Processing Time',
+insert_time Int64 MATERIALIZED toUnixTimestamp(now()) COMMENT 'Insert Time',
+device_id String COMMENT 'Device ID',
+out_link_id Nullable(Int32) COMMENT 'Outgoing Link ID',
+in_link_id Nullable(Int32) COMMENT 'Incoming Link ID',
+device_tag String COMMENT 'Device Tag',
+data_center String COMMENT 'Data Center',
+device_group String COMMENT 'Device Group',
+sled_ip String COMMENT 'Sled IP',
+address_type Int32 COMMENT 'Address Type',
+vsys_id Int32 COMMENT 'Vsys ID',
+t_vsys_id Int32 COMMENT 'Traffic Vsys ID',
+flags Int64 COMMENT 'Flags',
+flags_identify_info String COMMENT 'Flags Identify Info',
+security_rule_list Array(Int64) COMMENT 'Security Rule List',
+security_action String COMMENT 'Security Action',
+monitor_rule_list Array(Int64) COMMENT 'Monitor Rule List',
+shaping_rule_list Array(Int64) COMMENT 'Shaping Rule List',
+proxy_rule_list Array(Int64) COMMENT 'Proxy Rule List',
+statistics_rule_list Array(Int64) COMMENT 'Statistics Rule List',
+sc_rule_list Array(Int64) COMMENT 'Service Chaining Rule List',
+sc_rsp_raw Array(Int64) COMMENT 'Service Chaining Rendered Service Path (Raw)',
+sc_rsp_decrypted Array(Int64) COMMENT 'Service Chaining Rendered Service Path (Decrypted)',
+proxy_action String COMMENT 'Proxy Action',
+proxy_pinning_status Nullable(Int32) COMMENT 'Proxy Pinning Status',
+proxy_intercept_status Nullable(Int32) COMMENT 'Proxy Intercept Status',
+proxy_passthrough_reason String COMMENT 'Proxy Passthrough Reason',
+proxy_client_side_latency_ms Nullable(Int32) COMMENT 'Proxy Client-Side Latency',
+proxy_server_side_latency_ms Nullable(Int32) COMMENT 'Proxy Server-Side Latency',
+proxy_client_side_version String COMMENT 'Proxy Client-Side Version',
+proxy_server_side_version String COMMENT 'Proxy Server-Side Version',
+proxy_cert_verify Nullable(Int32) COMMENT 'Proxy Certificate Verify',
+proxy_intercept_error String COMMENT 'Proxy Intercept Error',
+monitor_mirrored_pkts Nullable(Int32) COMMENT 'Monitor Mirrored Packets',
+monitor_mirrored_bytes Nullable(Int32) COMMENT 'Monitor Mirrored Bytes',
+client_ip String COMMENT 'Client IP',
+client_port Int32 COMMENT 'Client Port',
+client_os_desc String COMMENT 'Client OS Description',
+client_geolocation LowCardinality(String) COMMENT 'Client Geolocation',
+client_asn Nullable(Int64) COMMENT 'Client ASN',
+subscriber_id String COMMENT 'Subscriber ID',
+imei String COMMENT 'IMEI',
+imsi String COMMENT 'IMSI',
+phone_number String COMMENT 'Phone Number',
+apn String COMMENT 'APN',
+server_ip String COMMENT 'Server IP',
+server_port Int32 COMMENT 'Server Port',
+server_os_desc String COMMENT 'Server OS Description',
+server_geolocation LowCardinality(String) COMMENT 'Server Geolocation',
+server_asn Nullable(Int64) COMMENT 'Server ASN',
+server_fqdn String COMMENT 'Server FQDN',
+server_domain String COMMENT 'Server Domain',
+app_transition String COMMENT 'Application Transition',
+app LowCardinality(String) COMMENT 'Application',
+app_debug_info String COMMENT 'Application Debug Info',
+app_content String COMMENT 'Application Content',
+fqdn_category_list Array(Int64) COMMENT 'FQDN Category List',
+ip_protocol LowCardinality(String) COMMENT 'IP Protocol',
+decoded_path LowCardinality(String) COMMENT 'Decoded Path',
+dns_message_id Nullable(Int32) COMMENT 'DNS Message ID',
+dns_qr Nullable(Int32) COMMENT 'DNS QR',
+dns_opcode Nullable(Int32) COMMENT 'DNS OPCODE',
+dns_aa Nullable(Int32) COMMENT 'DNS AA',
+dns_tc Nullable(Int32) COMMENT 'DNS TC',
+dns_rd Nullable(Int32) COMMENT 'DNS RD',
+dns_ra Nullable(Int32) COMMENT 'DNS RA',
+dns_rcode Nullable(Int32) COMMENT 'DNS RCODE',
+dns_qdcount Nullable(Int32) COMMENT 'DNS QDCOUNT',
+dns_ancount Nullable(Int32) COMMENT 'DNS ANCOUNT',
+dns_nscount Nullable(Int32) COMMENT 'DNS NSCOUNT',
+dns_arcount Nullable(Int32) COMMENT 'DNS ARCOUNT',
+dns_qname String COMMENT 'DNS QNAME',
+dns_qtype Nullable(Int32) COMMENT 'DNS QTYPE',
+dns_qclass Nullable(Int32) COMMENT 'DNS QCLASS',
+dns_cname String COMMENT 'DNS CNAME',
+dns_sub Nullable(Int32) COMMENT 'DNS SUB',
+dns_rr String COMMENT 'DNS RR',
+dns_response_latency_ms Nullable(Int32) COMMENT 'DNS Response Latency',
+http_url String COMMENT 'HTTP URL',
+http_host String COMMENT 'HTTP Host',
+http_request_line String COMMENT 'HTTP Request Line',
+http_response_line String COMMENT 'HTTP Response Line',
+http_request_body String COMMENT 'HTTP Request Body',
+http_response_body String COMMENT 'HTTP Response Body',
+http_proxy_flag Nullable(Int32) COMMENT 'HTTP Proxy Flag',
+http_sequence Nullable(Int32) COMMENT 'HTTP Sequence',
+http_cookie String COMMENT 'HTTP Cookie',
+http_referer String COMMENT 'HTTP Referer',
+http_user_agent String COMMENT 'HTTP User-Agent',
+http_request_content_length Nullable(Int64) COMMENT 'HTTP Request Content-Length',
+http_request_content_type String COMMENT 'HTTP Request Content-Type',
+http_response_content_length Nullable(Int64) COMMENT 'HTTP Response Content-Length',
+http_response_content_type String COMMENT 'HTTP Response Content-Type',
+http_set_cookie String COMMENT 'HTTP Set-Cookie',
+http_version String COMMENT 'HTTP Version',
+http_status_code Nullable(Int32) COMMENT 'HTTP Status Code',
+http_response_latency_ms Nullable(Int32) COMMENT 'HTTP Response Latency',
+http_session_duration_ms Nullable(Int32) COMMENT 'HTTP Session Duration',
+http_action_file_size Nullable(Int64) COMMENT 'HTTP Action File Size',
+ssl_version String COMMENT 'SSL Version',
+ssl_sni String COMMENT 'SSL SNI',
+ssl_san String COMMENT 'SSL SAN',
+ssl_cn String COMMENT 'SSL CN',
+ssl_handshake_latency_ms Nullable(Int32) COMMENT 'SSL Handshake Latency',
+ssl_ja3_hash String COMMENT 'SSL JA3 Fingerprint',
+ssl_ja3s_hash String COMMENT 'SSL JA3 Hash',
+ssl_cert_issuer String COMMENT 'SSL JA3S Fingerprint',
+ssl_cert_subject String COMMENT 'SSL JA3S Hash',
+ssl_esni_flag Nullable(Int32) COMMENT 'SSL Issuer',
+ssl_ech_flag Nullable(Int32) COMMENT 'SSL Subject',
+dtls_cookie String COMMENT 'DTLS Cookie',
+dtls_version String COMMENT 'DTLS Version',
+dtls_sni String COMMENT 'DTLS SNI',
+dtls_san String COMMENT 'DTLS SAN',
+dtls_cn String COMMENT 'DTLS CN',
+dtls_handshake_latency_ms Nullable(Int32) COMMENT 'DTLS Handshake Latency',
+dtls_ja3_fingerprint String COMMENT 'DTLS JA3 Fingerprint',
+dtls_ja3_hash String COMMENT 'DTLS JA3 Hash',
+dtls_cert_issuer String COMMENT 'DTLS Certificate Issuer',
+dtls_cert_subject String COMMENT 'DTLS Certificate Subject',
+mail_protocol_type String COMMENT 'MAIL Protocol Type',
+mail_account String COMMENT 'MAIL Account',
+mail_from_cmd String COMMENT 'MAIL From CMD',
+mail_to_cmd String COMMENT 'MAIL To CMD',
+mail_from String COMMENT 'MAIL From',
+mail_password String COMMENT 'MAIL Password',
+mail_to String COMMENT 'MAIL To',
+mail_cc String COMMENT 'MAIL CC',
+mail_bcc String COMMENT 'MAIL BCC',
+mail_subject String COMMENT 'MAIL Subject',
+mail_subject_charset String COMMENT 'MAIL Subject Charset',
+mail_attachment_name String COMMENT 'MAIL Content',
+mail_attachment_name_charset String COMMENT 'MAIL Content Charset',
+mail_eml_file String COMMENT 'MAIL Attachment Name',
+ftp_account String COMMENT 'FTP Account',
+ftp_url String COMMENT 'FTP URL',
+ftp_link_type String COMMENT 'FTP Link Type',
+quic_version String COMMENT 'QUIC Version',
+quic_sni String COMMENT 'QUIC SNI',
+quic_user_agent String COMMENT 'QUIC User-Agent',
+rdp_cookie String COMMENT 'RDP Cookie',
+rdp_security_protocol String COMMENT 'RDP Security Protocol',
+rdp_client_channels String COMMENT 'RDP Client Channels',
+rdp_keyboard_layout String COMMENT 'RDP Keyboard Layout',
+rdp_client_version String COMMENT 'RDP Client Version',
+rdp_client_name String COMMENT 'RDP Client Name',
+rdp_client_product_id String COMMENT 'RDP Client Product ID',
+rdp_desktop_width String COMMENT 'RDP Desktop Width',
+rdp_desktop_height String COMMENT 'RDP Desktop Height',
+rdp_requested_color_depth String COMMENT 'RDP Requested Color Depth',
+rdp_certificate_type String COMMENT 'RDP Certificate Type',
+rdp_certificate_count Nullable(Int32) COMMENT 'RDP Certificate Count',
+rdp_certificate_permanent Nullable(Int32) COMMENT 'RDP Certificate Permanent',
+rdp_encryption_level String COMMENT 'RDP Encryption Level',
+rdp_encryption_method String COMMENT 'RDP Encryption Method',
+ssh_version String COMMENT 'SSH Version',
+ssh_auth_success String COMMENT 'SSH Authentication Result',
+ssh_client_version String COMMENT 'SSH Client Version',
+ssh_server_version String COMMENT 'SSH Server Version',
+ssh_cipher_alg String COMMENT 'SSH Encryption Algorithm',
+ssh_mac_alg String COMMENT 'SSH Signing Algorithm',
+ssh_compression_alg String COMMENT 'SSH Compression Algorithm',
+ssh_kex_alg String COMMENT 'SSH Key Exchange Algorithm',
+ssh_host_key_alg String COMMENT 'SSH Server Host Key Algorithm',
+ssh_host_key String COMMENT 'SSH Server Key Fingerprint',
+ssh_hassh String COMMENT 'SSH HASSH',
+sip_call_id String COMMENT 'SIP Call-ID',
+sip_originator_description String COMMENT 'SIP Originator',
+sip_responder_description String COMMENT 'SIP Responder',
+sip_user_agent String COMMENT 'SIP User-Agent',
+sip_server String COMMENT 'SIP Server',
+sip_originator_sdp_connect_ip String COMMENT 'SIP Originator IP',
+sip_originator_sdp_media_port Nullable(Int32) COMMENT 'SIP Originator Port',
+sip_originator_sdp_media_type String COMMENT 'SIP Originator Media Type',
+sip_originator_sdp_content String COMMENT 'SIP Originator Content',
+sip_responder_sdp_connect_ip String COMMENT 'SIP Responder IP',
+sip_responder_sdp_media_port Nullable(Int32) COMMENT 'SIP Responder Port',
+sip_responder_sdp_media_type String COMMENT 'SIP Responder Media Type',
+sip_responder_sdp_content String COMMENT 'SIP Responder Content',
+sip_duration_s Nullable(Int32) COMMENT 'SIP Duration',
+sip_bye String COMMENT 'SIP Bye',
+rtp_payload_type_c2s Nullable(Int32) COMMENT 'RTP Payload Type(C2S)',
+rtp_payload_type_s2c Nullable(Int32) COMMENT 'RTP Payload Type(S2C)',
+rtp_pcap_path String COMMENT 'RTP PCAP',
+rtp_originator_dir Nullable(Int32) COMMENT 'RTP Direction',
+stratum_cryptocurrency String COMMENT 'Stratum Cryptocurrency',
+stratum_mining_pools String COMMENT 'Stratum Mining Pools',
+stratum_mining_program String COMMENT 'Stratum Mining Program',
+stratum_mining_subscribe String COMMENT 'Stratum Mining Subscribe',
+sent_pkts Int64 COMMENT 'Packets Sent',
+received_pkts Int64 COMMENT 'Packets Received',
+sent_bytes Int64 COMMENT 'Bytes Sent',
+received_bytes Int64 COMMENT 'Bytes Received',
+tcp_c2s_ip_fragments Nullable(Int64) COMMENT 'Client-to-Server IP Fragments',
+tcp_s2c_ip_fragments Nullable(Int64) COMMENT 'Server-to-Client IP Fragments',
+tcp_c2s_lost_bytes Nullable(Int64) COMMENT 'Client-to-Server Lost Bytes',
+tcp_s2c_lost_bytes Nullable(Int64) COMMENT 'Server-to-Client Lost Bytes',
+tcp_c2s_o3_pkts Nullable(Int64) COMMENT 'Client-to-Server Out-of-OrderPackets',
+tcp_s2c_o3_pkts Nullable(Int64) COMMENT 'Server-to-Client Out-of-Order Packets',
+tcp_c2s_rtx_pkts Nullable(Int64) COMMENT 'Client-to-Server Retransmission Packets',
+tcp_s2c_rtx_pkts Nullable(Int64) COMMENT 'Server-to-Client Retransmission Packets',
+tcp_c2s_rtx_bytes Nullable(Int64) COMMENT 'Client-to-Server Retransmission Bytes',
+tcp_s2c_rtx_bytes Nullable(Int64) COMMENT 'Server-to-Client Retransmission Bytes',
+tcp_rtt_ms Nullable(Int32) COMMENT 'Round-trip Time',
+tcp_client_isn Nullable(Int64) COMMENT 'Client ISN',
+tcp_server_isn Nullable(Int64) COMMENT 'Server ISN',
+packet_capture_file String COMMENT 'Packet Capture File',
+in_src_mac String COMMENT 'Incoming Source MAC',
+out_src_mac String COMMENT 'Outgoing Source MAC',
+in_dest_mac String COMMENT 'Incoming Destination MAC',
+out_dest_mac String COMMENT 'Outgoing Destination MAC',
+encapsulation String COMMENT 'Encapsulation',
+dup_traffic_flag Nullable(Int32) COMMENT 'Duplicate Traffic Flag',
+tunnel_endpoint_a_desc String COMMENT 'Tunnel Endpoint A Description',
+tunnel_endpoint_b_desc String COMMENT 'Tunnel Endpoint B Description'
+)
+ENGINE = ReplicatedMergeTree('/clickhouse/tables/{shard}/session_record_local', '{replica}')
+PARTITION BY toYYYYMMDD(toDate(recv_time))
+ORDER BY (vsys_id, security_action,proxy_action,decoded_as,data_center, device_group,recv_time)
+TTL toDateTime(recv_time) + toIntervalSecond(15552000)
+;
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.session_record on cluster js_datahouse (
+recv_time Int64 COMMENT 'Receive Time',
+log_id UInt64 COMMENT 'Log ID',
+decoded_as String COMMENT 'Decoded AS',
+session_id UInt64 COMMENT 'Session ID',
+start_timestamp_ms DateTime64(3) COMMENT 'Start Time',
+end_timestamp_ms DateTime64(3) COMMENT 'End Time',
+duration_ms Int32 COMMENT 'Duration',
+tcp_handshake_latency_ms Nullable(Int32) COMMENT 'TCP Handshake Latency',
+ingestion_time Int64 COMMENT 'Ingestion Time',
+processing_time Int64 COMMENT 'Processing Time',
+insert_time Int64 MATERIALIZED toUnixTimestamp(now()) COMMENT 'Insert Time',
+device_id String COMMENT 'Device ID',
+out_link_id Nullable(Int32) COMMENT 'Outgoing Link ID',
+in_link_id Nullable(Int32) COMMENT 'Incoming Link ID',
+device_tag String COMMENT 'Device Tag',
+data_center String COMMENT 'Data Center',
+device_group String COMMENT 'Device Group',
+sled_ip String COMMENT 'Sled IP',
+address_type Int32 COMMENT 'Address Type',
+vsys_id Int32 COMMENT 'Vsys ID',
+t_vsys_id Int32 COMMENT 'Traffic Vsys ID',
+flags Int64 COMMENT 'Flags',
+flags_identify_info String COMMENT 'Flags Identify Info',
+security_rule_list Array(Int64) COMMENT 'Security Rule List',
+security_action String COMMENT 'Security Action',
+monitor_rule_list Array(Int64) COMMENT 'Monitor Rule List',
+shaping_rule_list Array(Int64) COMMENT 'Shaping Rule List',
+proxy_rule_list Array(Int64) COMMENT 'Proxy Rule List',
+statistics_rule_list Array(Int64) COMMENT 'Statistics Rule List',
+sc_rule_list Array(Int64) COMMENT 'Service Chaining Rule List',
+sc_rsp_raw Array(Int64) COMMENT 'Service Chaining Rendered Service Path (Raw)',
+sc_rsp_decrypted Array(Int64) COMMENT 'Service Chaining Rendered Service Path (Decrypted)',
+proxy_action String COMMENT 'Proxy Action',
+proxy_pinning_status Nullable(Int32) COMMENT 'Proxy Pinning Status',
+proxy_intercept_status Nullable(Int32) COMMENT 'Proxy Intercept Status',
+proxy_passthrough_reason String COMMENT 'Proxy Passthrough Reason',
+proxy_client_side_latency_ms Nullable(Int32) COMMENT 'Proxy Client-Side Latency',
+proxy_server_side_latency_ms Nullable(Int32) COMMENT 'Proxy Server-Side Latency',
+proxy_client_side_version String COMMENT 'Proxy Client-Side Version',
+proxy_server_side_version String COMMENT 'Proxy Server-Side Version',
+proxy_cert_verify Nullable(Int32) COMMENT 'Proxy Certificate Verify',
+proxy_intercept_error String COMMENT 'Proxy Intercept Error',
+monitor_mirrored_pkts Nullable(Int32) COMMENT 'Monitor Mirrored Packets',
+monitor_mirrored_bytes Nullable(Int32) COMMENT 'Monitor Mirrored Bytes',
+client_ip String COMMENT 'Client IP',
+client_port Int32 COMMENT 'Client Port',
+client_os_desc String COMMENT 'Client OS Description',
+client_geolocation LowCardinality(String) COMMENT 'Client Geolocation',
+client_asn Nullable(Int64) COMMENT 'Client ASN',
+subscriber_id String COMMENT 'Subscriber ID',
+imei String COMMENT 'IMEI',
+imsi String COMMENT 'IMSI',
+phone_number String COMMENT 'Phone Number',
+apn String COMMENT 'APN',
+server_ip String COMMENT 'Server IP',
+server_port Int32 COMMENT 'Server Port',
+server_os_desc String COMMENT 'Server OS Description',
+server_geolocation LowCardinality(String) COMMENT 'Server Geolocation',
+server_asn Nullable(Int64) COMMENT 'Server ASN',
+server_fqdn String COMMENT 'Server FQDN',
+server_domain String COMMENT 'Server Domain',
+app_transition String COMMENT 'Application Transition',
+app LowCardinality(String) COMMENT 'Application',
+app_debug_info String COMMENT 'Application Debug Info',
+app_content String COMMENT 'Application Content',
+fqdn_category_list Array(Int64) COMMENT 'FQDN Category List',
+ip_protocol LowCardinality(String) COMMENT 'IP Protocol',
+decoded_path LowCardinality(String) COMMENT 'Decoded Path',
+dns_message_id Nullable(Int32) COMMENT 'DNS Message ID',
+dns_qr Nullable(Int32) COMMENT 'DNS QR',
+dns_opcode Nullable(Int32) COMMENT 'DNS OPCODE',
+dns_aa Nullable(Int32) COMMENT 'DNS AA',
+dns_tc Nullable(Int32) COMMENT 'DNS TC',
+dns_rd Nullable(Int32) COMMENT 'DNS RD',
+dns_ra Nullable(Int32) COMMENT 'DNS RA',
+dns_rcode Nullable(Int32) COMMENT 'DNS RCODE',
+dns_qdcount Nullable(Int32) COMMENT 'DNS QDCOUNT',
+dns_ancount Nullable(Int32) COMMENT 'DNS ANCOUNT',
+dns_nscount Nullable(Int32) COMMENT 'DNS NSCOUNT',
+dns_arcount Nullable(Int32) COMMENT 'DNS ARCOUNT',
+dns_qname String COMMENT 'DNS QNAME',
+dns_qtype Nullable(Int32) COMMENT 'DNS QTYPE',
+dns_qclass Nullable(Int32) COMMENT 'DNS QCLASS',
+dns_cname String COMMENT 'DNS CNAME',
+dns_sub Nullable(Int32) COMMENT 'DNS SUB',
+dns_rr String COMMENT 'DNS RR',
+dns_response_latency_ms Nullable(Int32) COMMENT 'DNS Response Latency',
+http_url String COMMENT 'HTTP URL',
+http_host String COMMENT 'HTTP Host',
+http_request_line String COMMENT 'HTTP Request Line',
+http_response_line String COMMENT 'HTTP Response Line',
+http_request_body String COMMENT 'HTTP Request Body',
+http_response_body String COMMENT 'HTTP Response Body',
+http_proxy_flag Nullable(Int32) COMMENT 'HTTP Proxy Flag',
+http_sequence Nullable(Int32) COMMENT 'HTTP Sequence',
+http_cookie String COMMENT 'HTTP Cookie',
+http_referer String COMMENT 'HTTP Referer',
+http_user_agent String COMMENT 'HTTP User-Agent',
+http_request_content_length Nullable(Int64) COMMENT 'HTTP Request Content-Length',
+http_request_content_type String COMMENT 'HTTP Request Content-Type',
+http_response_content_length Nullable(Int64) COMMENT 'HTTP Response Content-Length',
+http_response_content_type String COMMENT 'HTTP Response Content-Type',
+http_set_cookie String COMMENT 'HTTP Set-Cookie',
+http_version String COMMENT 'HTTP Version',
+http_status_code Nullable(Int32) COMMENT 'HTTP Status Code',
+http_response_latency_ms Nullable(Int32) COMMENT 'HTTP Response Latency',
+http_session_duration_ms Nullable(Int32) COMMENT 'HTTP Session Duration',
+http_action_file_size Nullable(Int64) COMMENT 'HTTP Action File Size',
+ssl_version String COMMENT 'SSL Version',
+ssl_sni String COMMENT 'SSL SNI',
+ssl_san String COMMENT 'SSL SAN',
+ssl_cn String COMMENT 'SSL CN',
+ssl_handshake_latency_ms Nullable(Int32) COMMENT 'SSL Handshake Latency',
+ssl_ja3_hash String COMMENT 'SSL JA3 Fingerprint',
+ssl_ja3s_hash String COMMENT 'SSL JA3 Hash',
+ssl_cert_issuer String COMMENT 'SSL JA3S Fingerprint',
+ssl_cert_subject String COMMENT 'SSL JA3S Hash',
+ssl_esni_flag Nullable(Int32) COMMENT 'SSL Issuer',
+ssl_ech_flag Nullable(Int32) COMMENT 'SSL Subject',
+dtls_cookie String COMMENT 'DTLS Cookie',
+dtls_version String COMMENT 'DTLS Version',
+dtls_sni String COMMENT 'DTLS SNI',
+dtls_san String COMMENT 'DTLS SAN',
+dtls_cn String COMMENT 'DTLS CN',
+dtls_handshake_latency_ms Nullable(Int32) COMMENT 'DTLS Handshake Latency',
+dtls_ja3_fingerprint String COMMENT 'DTLS JA3 Fingerprint',
+dtls_ja3_hash String COMMENT 'DTLS JA3 Hash',
+dtls_cert_issuer String COMMENT 'DTLS Certificate Issuer',
+dtls_cert_subject String COMMENT 'DTLS Certificate Subject',
+mail_protocol_type String COMMENT 'MAIL Protocol Type',
+mail_account String COMMENT 'MAIL Account',
+mail_from_cmd String COMMENT 'MAIL From CMD',
+mail_to_cmd String COMMENT 'MAIL To CMD',
+mail_from String COMMENT 'MAIL From',
+mail_password String COMMENT 'MAIL Password',
+mail_to String COMMENT 'MAIL To',
+mail_cc String COMMENT 'MAIL CC',
+mail_bcc String COMMENT 'MAIL BCC',
+mail_subject String COMMENT 'MAIL Subject',
+mail_subject_charset String COMMENT 'MAIL Subject Charset',
+mail_attachment_name String COMMENT 'MAIL Content',
+mail_attachment_name_charset String COMMENT 'MAIL Content Charset',
+mail_eml_file String COMMENT 'MAIL Attachment Name',
+ftp_account String COMMENT 'FTP Account',
+ftp_url String COMMENT 'FTP URL',
+ftp_link_type String COMMENT 'FTP Link Type',
+quic_version String COMMENT 'QUIC Version',
+quic_sni String COMMENT 'QUIC SNI',
+quic_user_agent String COMMENT 'QUIC User-Agent',
+rdp_cookie String COMMENT 'RDP Cookie',
+rdp_security_protocol String COMMENT 'RDP Security Protocol',
+rdp_client_channels String COMMENT 'RDP Client Channels',
+rdp_keyboard_layout String COMMENT 'RDP Keyboard Layout',
+rdp_client_version String COMMENT 'RDP Client Version',
+rdp_client_name String COMMENT 'RDP Client Name',
+rdp_client_product_id String COMMENT 'RDP Client Product ID',
+rdp_desktop_width String COMMENT 'RDP Desktop Width',
+rdp_desktop_height String COMMENT 'RDP Desktop Height',
+rdp_requested_color_depth String COMMENT 'RDP Requested Color Depth',
+rdp_certificate_type String COMMENT 'RDP Certificate Type',
+rdp_certificate_count Nullable(Int32) COMMENT 'RDP Certificate Count',
+rdp_certificate_permanent Nullable(Int32) COMMENT 'RDP Certificate Permanent',
+rdp_encryption_level String COMMENT 'RDP Encryption Level',
+rdp_encryption_method String COMMENT 'RDP Encryption Method',
+ssh_version String COMMENT 'SSH Version',
+ssh_auth_success String COMMENT 'SSH Authentication Result',
+ssh_client_version String COMMENT 'SSH Client Version',
+ssh_server_version String COMMENT 'SSH Server Version',
+ssh_cipher_alg String COMMENT 'SSH Encryption Algorithm',
+ssh_mac_alg String COMMENT 'SSH Signing Algorithm',
+ssh_compression_alg String COMMENT 'SSH Compression Algorithm',
+ssh_kex_alg String COMMENT 'SSH Key Exchange Algorithm',
+ssh_host_key_alg String COMMENT 'SSH Server Host Key Algorithm',
+ssh_host_key String COMMENT 'SSH Server Key Fingerprint',
+ssh_hassh String COMMENT 'SSH HASSH',
+sip_call_id String COMMENT 'SIP Call-ID',
+sip_originator_description String COMMENT 'SIP Originator',
+sip_responder_description String COMMENT 'SIP Responder',
+sip_user_agent String COMMENT 'SIP User-Agent',
+sip_server String COMMENT 'SIP Server',
+sip_originator_sdp_connect_ip String COMMENT 'SIP Originator IP',
+sip_originator_sdp_media_port Nullable(Int32) COMMENT 'SIP Originator Port',
+sip_originator_sdp_media_type String COMMENT 'SIP Originator Media Type',
+sip_originator_sdp_content String COMMENT 'SIP Originator Content',
+sip_responder_sdp_connect_ip String COMMENT 'SIP Responder IP',
+sip_responder_sdp_media_port Nullable(Int32) COMMENT 'SIP Responder Port',
+sip_responder_sdp_media_type String COMMENT 'SIP Responder Media Type',
+sip_responder_sdp_content String COMMENT 'SIP Responder Content',
+sip_duration_s Nullable(Int32) COMMENT 'SIP Duration',
+sip_bye String COMMENT 'SIP Bye',
+rtp_payload_type_c2s Nullable(Int32) COMMENT 'RTP Payload Type(C2S)',
+rtp_payload_type_s2c Nullable(Int32) COMMENT 'RTP Payload Type(S2C)',
+rtp_pcap_path String COMMENT 'RTP PCAP',
+rtp_originator_dir Nullable(Int32) COMMENT 'RTP Direction',
+stratum_cryptocurrency String COMMENT 'Stratum Cryptocurrency',
+stratum_mining_pools String COMMENT 'Stratum Mining Pools',
+stratum_mining_program String COMMENT 'Stratum Mining Program',
+stratum_mining_subscribe String COMMENT 'Stratum Mining Subscribe',
+sent_pkts Int64 COMMENT 'Packets Sent',
+received_pkts Int64 COMMENT 'Packets Received',
+sent_bytes Int64 COMMENT 'Bytes Sent',
+received_bytes Int64 COMMENT 'Bytes Received',
+tcp_c2s_ip_fragments Nullable(Int64) COMMENT 'Client-to-Server IP Fragments',
+tcp_s2c_ip_fragments Nullable(Int64) COMMENT 'Server-to-Client IP Fragments',
+tcp_c2s_lost_bytes Nullable(Int64) COMMENT 'Client-to-Server Lost Bytes',
+tcp_s2c_lost_bytes Nullable(Int64) COMMENT 'Server-to-Client Lost Bytes',
+tcp_c2s_o3_pkts Nullable(Int64) COMMENT 'Client-to-Server Out-of-OrderPackets',
+tcp_s2c_o3_pkts Nullable(Int64) COMMENT 'Server-to-Client Out-of-Order Packets',
+tcp_c2s_rtx_pkts Nullable(Int64) COMMENT 'Client-to-Server Retransmission Packets',
+tcp_s2c_rtx_pkts Nullable(Int64) COMMENT 'Server-to-Client Retransmission Packets',
+tcp_c2s_rtx_bytes Nullable(Int64) COMMENT 'Client-to-Server Retransmission Bytes',
+tcp_s2c_rtx_bytes Nullable(Int64) COMMENT 'Server-to-Client Retransmission Bytes',
+tcp_rtt_ms Nullable(Int32) COMMENT 'Round-trip Time',
+tcp_client_isn Nullable(Int64) COMMENT 'Client ISN',
+tcp_server_isn Nullable(Int64) COMMENT 'Server ISN',
+packet_capture_file String COMMENT 'Packet Capture File',
+in_src_mac String COMMENT 'Incoming Source MAC',
+out_src_mac String COMMENT 'Outgoing Source MAC',
+in_dest_mac String COMMENT 'Incoming Destination MAC',
+out_dest_mac String COMMENT 'Outgoing Destination MAC',
+encapsulation String COMMENT 'Encapsulation',
+dup_traffic_flag Nullable(Int32) COMMENT 'Duplicate Traffic Flag',
+tunnel_endpoint_a_desc String COMMENT 'Tunnel Endpoint A Description',
+tunnel_endpoint_b_desc String COMMENT 'Tunnel Endpoint B Description'
+)
+ENGINE =Distributed(js_datahouse,tsg_galaxy_v3,session_record_local,rand());
+
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.security_event_local on cluster js_datahouse (
+recv_time Int64 COMMENT 'Receive Time',
+log_id UInt64 COMMENT 'Log ID',
+decoded_as String COMMENT 'Decoded AS',
+session_id UInt64 COMMENT 'Session ID',
+start_timestamp_ms DateTime64(3) COMMENT 'Start Time',
+end_timestamp_ms DateTime64(3) COMMENT 'End Time',
+duration_ms Int32 COMMENT 'Duration',
+tcp_handshake_latency_ms Nullable(Int32) COMMENT 'TCP Handshake Latency',
+ingestion_time Int64 COMMENT 'Ingestion Time',
+processing_time Int64 COMMENT 'Processing Time',
+insert_time Int64 MATERIALIZED toUnixTimestamp(now()) COMMENT 'Insert Time',
+device_id String COMMENT 'Device ID',
+out_link_id Nullable(Int32) COMMENT 'Outgoing Link ID',
+in_link_id Nullable(Int32) COMMENT 'Incoming Link ID',
+device_tag String COMMENT 'Device Tag',
+data_center String COMMENT 'Data Center',
+device_group String COMMENT 'Device Group',
+sled_ip String COMMENT 'Sled IP',
+address_type Int32 COMMENT 'Address Type',
+vsys_id Int32 COMMENT 'Vsys ID',
+t_vsys_id Int32 COMMENT 'Traffic Vsys ID',
+flags Int64 COMMENT 'Flags',
+flags_identify_info String COMMENT 'Flags Identify Info',
+security_rule_list Array(Int64) COMMENT 'Security Rule List',
+security_action String COMMENT 'Security Action',
+monitor_rule_list Array(Int64) COMMENT 'Monitor Rule List',
+shaping_rule_list Array(Int64) COMMENT 'Shaping Rule List',
+proxy_rule_list Array(Int64) COMMENT 'Proxy Rule List',
+statistics_rule_list Array(Int64) COMMENT 'Statistics Rule List',
+sc_rule_list Array(Int64) COMMENT 'Service Chaining Rule List',
+sc_rsp_raw Array(Int64) COMMENT 'Service Chaining Rendered Service Path (Raw)',
+sc_rsp_decrypted Array(Int64) COMMENT 'Service Chaining Rendered Service Path (Decrypted)',
+proxy_action String COMMENT 'Proxy Action',
+proxy_pinning_status Nullable(Int32) COMMENT 'Proxy Pinning Status',
+proxy_intercept_status Nullable(Int32) COMMENT 'Proxy Intercept Status',
+proxy_passthrough_reason String COMMENT 'Proxy Passthrough Reason',
+proxy_client_side_latency_ms Nullable(Int32) COMMENT 'Proxy Client-Side Latency',
+proxy_server_side_latency_ms Nullable(Int32) COMMENT 'Proxy Server-Side Latency',
+proxy_client_side_version String COMMENT 'Proxy Client-Side Version',
+proxy_server_side_version String COMMENT 'Proxy Server-Side Version',
+proxy_cert_verify Nullable(Int32) COMMENT 'Proxy Certificate Verify',
+proxy_intercept_error String COMMENT 'Proxy Intercept Error',
+monitor_mirrored_pkts Nullable(Int32) COMMENT 'Monitor Mirrored Packets',
+monitor_mirrored_bytes Nullable(Int32) COMMENT 'Monitor Mirrored Bytes',
+client_ip String COMMENT 'Client IP',
+client_port Int32 COMMENT 'Client Port',
+client_os_desc String COMMENT 'Client OS Description',
+client_geolocation LowCardinality(String) COMMENT 'Client Geolocation',
+client_asn Nullable(Int64) COMMENT 'Client ASN',
+subscriber_id String COMMENT 'Subscriber ID',
+imei String COMMENT 'IMEI',
+imsi String COMMENT 'IMSI',
+phone_number String COMMENT 'Phone Number',
+apn String COMMENT 'APN',
+server_ip String COMMENT 'Server IP',
+server_port Int32 COMMENT 'Server Port',
+server_os_desc String COMMENT 'Server OS Description',
+server_geolocation LowCardinality(String) COMMENT 'Server Geolocation',
+server_asn Nullable(Int64) COMMENT 'Server ASN',
+server_fqdn String COMMENT 'Server FQDN',
+server_domain String COMMENT 'Server Domain',
+app_transition String COMMENT 'Application Transition',
+app LowCardinality(String) COMMENT 'Application',
+app_debug_info String COMMENT 'Application Debug Info',
+app_content String COMMENT 'Application Content',
+fqdn_category_list Array(Int64) COMMENT 'FQDN Category List',
+ip_protocol LowCardinality(String) COMMENT 'IP Protocol',
+decoded_path LowCardinality(String) COMMENT 'Decoded Path',
+dns_message_id Nullable(Int32) COMMENT 'DNS Message ID',
+dns_qr Nullable(Int32) COMMENT 'DNS QR',
+dns_opcode Nullable(Int32) COMMENT 'DNS OPCODE',
+dns_aa Nullable(Int32) COMMENT 'DNS AA',
+dns_tc Nullable(Int32) COMMENT 'DNS TC',
+dns_rd Nullable(Int32) COMMENT 'DNS RD',
+dns_ra Nullable(Int32) COMMENT 'DNS RA',
+dns_rcode Nullable(Int32) COMMENT 'DNS RCODE',
+dns_qdcount Nullable(Int32) COMMENT 'DNS QDCOUNT',
+dns_ancount Nullable(Int32) COMMENT 'DNS ANCOUNT',
+dns_nscount Nullable(Int32) COMMENT 'DNS NSCOUNT',
+dns_arcount Nullable(Int32) COMMENT 'DNS ARCOUNT',
+dns_qname String COMMENT 'DNS QNAME',
+dns_qtype Nullable(Int32) COMMENT 'DNS QTYPE',
+dns_qclass Nullable(Int32) COMMENT 'DNS QCLASS',
+dns_cname String COMMENT 'DNS CNAME',
+dns_sub Nullable(Int32) COMMENT 'DNS SUB',
+dns_rr String COMMENT 'DNS RR',
+dns_response_latency_ms Nullable(Int32) COMMENT 'DNS Response Latency',
+http_url String COMMENT 'HTTP URL',
+http_host String COMMENT 'HTTP Host',
+http_request_line String COMMENT 'HTTP Request Line',
+http_response_line String COMMENT 'HTTP Response Line',
+http_request_body String COMMENT 'HTTP Request Body',
+http_response_body String COMMENT 'HTTP Response Body',
+http_proxy_flag Nullable(Int32) COMMENT 'HTTP Proxy Flag',
+http_sequence Nullable(Int32) COMMENT 'HTTP Sequence',
+http_cookie String COMMENT 'HTTP Cookie',
+http_referer String COMMENT 'HTTP Referer',
+http_user_agent String COMMENT 'HTTP User-Agent',
+http_request_content_length Nullable(Int64) COMMENT 'HTTP Request Content-Length',
+http_request_content_type String COMMENT 'HTTP Request Content-Type',
+http_response_content_length Nullable(Int64) COMMENT 'HTTP Response Content-Length',
+http_response_content_type String COMMENT 'HTTP Response Content-Type',
+http_set_cookie String COMMENT 'HTTP Set-Cookie',
+http_version String COMMENT 'HTTP Version',
+http_status_code Nullable(Int32) COMMENT 'HTTP Status Code',
+http_response_latency_ms Nullable(Int32) COMMENT 'HTTP Response Latency',
+http_session_duration_ms Nullable(Int32) COMMENT 'HTTP Session Duration',
+http_action_file_size Nullable(Int64) COMMENT 'HTTP Action File Size',
+ssl_version String COMMENT 'SSL Version',
+ssl_sni String COMMENT 'SSL SNI',
+ssl_san String COMMENT 'SSL SAN',
+ssl_cn String COMMENT 'SSL CN',
+ssl_handshake_latency_ms Nullable(Int32) COMMENT 'SSL Handshake Latency',
+ssl_ja3_hash String COMMENT 'SSL JA3 Fingerprint',
+ssl_ja3s_hash String COMMENT 'SSL JA3 Hash',
+ssl_cert_issuer String COMMENT 'SSL JA3S Fingerprint',
+ssl_cert_subject String COMMENT 'SSL JA3S Hash',
+ssl_esni_flag Nullable(Int32) COMMENT 'SSL Issuer',
+ssl_ech_flag Nullable(Int32) COMMENT 'SSL Subject',
+dtls_cookie String COMMENT 'DTLS Cookie',
+dtls_version String COMMENT 'DTLS Version',
+dtls_sni String COMMENT 'DTLS SNI',
+dtls_san String COMMENT 'DTLS SAN',
+dtls_cn String COMMENT 'DTLS CN',
+dtls_handshake_latency_ms Nullable(Int32) COMMENT 'DTLS Handshake Latency',
+dtls_ja3_fingerprint String COMMENT 'DTLS JA3 Fingerprint',
+dtls_ja3_hash String COMMENT 'DTLS JA3 Hash',
+dtls_cert_issuer String COMMENT 'DTLS Certificate Issuer',
+dtls_cert_subject String COMMENT 'DTLS Certificate Subject',
+mail_protocol_type String COMMENT 'MAIL Protocol Type',
+mail_account String COMMENT 'MAIL Account',
+mail_from_cmd String COMMENT 'MAIL From CMD',
+mail_to_cmd String COMMENT 'MAIL To CMD',
+mail_from String COMMENT 'MAIL From',
+mail_password String COMMENT 'MAIL Password',
+mail_to String COMMENT 'MAIL To',
+mail_cc String COMMENT 'MAIL CC',
+mail_bcc String COMMENT 'MAIL BCC',
+mail_subject String COMMENT 'MAIL Subject',
+mail_subject_charset String COMMENT 'MAIL Subject Charset',
+mail_attachment_name String COMMENT 'MAIL Content',
+mail_attachment_name_charset String COMMENT 'MAIL Content Charset',
+mail_eml_file String COMMENT 'MAIL Attachment Name',
+ftp_account String COMMENT 'FTP Account',
+ftp_url String COMMENT 'FTP URL',
+ftp_link_type String COMMENT 'FTP Link Type',
+quic_version String COMMENT 'QUIC Version',
+quic_sni String COMMENT 'QUIC SNI',
+quic_user_agent String COMMENT 'QUIC User-Agent',
+rdp_cookie String COMMENT 'RDP Cookie',
+rdp_security_protocol String COMMENT 'RDP Security Protocol',
+rdp_client_channels String COMMENT 'RDP Client Channels',
+rdp_keyboard_layout String COMMENT 'RDP Keyboard Layout',
+rdp_client_version String COMMENT 'RDP Client Version',
+rdp_client_name String COMMENT 'RDP Client Name',
+rdp_client_product_id String COMMENT 'RDP Client Product ID',
+rdp_desktop_width String COMMENT 'RDP Desktop Width',
+rdp_desktop_height String COMMENT 'RDP Desktop Height',
+rdp_requested_color_depth String COMMENT 'RDP Requested Color Depth',
+rdp_certificate_type String COMMENT 'RDP Certificate Type',
+rdp_certificate_count Nullable(Int32) COMMENT 'RDP Certificate Count',
+rdp_certificate_permanent Nullable(Int32) COMMENT 'RDP Certificate Permanent',
+rdp_encryption_level String COMMENT 'RDP Encryption Level',
+rdp_encryption_method String COMMENT 'RDP Encryption Method',
+ssh_version String COMMENT 'SSH Version',
+ssh_auth_success String COMMENT 'SSH Authentication Result',
+ssh_client_version String COMMENT 'SSH Client Version',
+ssh_server_version String COMMENT 'SSH Server Version',
+ssh_cipher_alg String COMMENT 'SSH Encryption Algorithm',
+ssh_mac_alg String COMMENT 'SSH Signing Algorithm',
+ssh_compression_alg String COMMENT 'SSH Compression Algorithm',
+ssh_kex_alg String COMMENT 'SSH Key Exchange Algorithm',
+ssh_host_key_alg String COMMENT 'SSH Server Host Key Algorithm',
+ssh_host_key String COMMENT 'SSH Server Key Fingerprint',
+ssh_hassh String COMMENT 'SSH HASSH',
+sip_call_id String COMMENT 'SIP Call-ID',
+sip_originator_description String COMMENT 'SIP Originator',
+sip_responder_description String COMMENT 'SIP Responder',
+sip_user_agent String COMMENT 'SIP User-Agent',
+sip_server String COMMENT 'SIP Server',
+sip_originator_sdp_connect_ip String COMMENT 'SIP Originator IP',
+sip_originator_sdp_media_port Nullable(Int32) COMMENT 'SIP Originator Port',
+sip_originator_sdp_media_type String COMMENT 'SIP Originator Media Type',
+sip_originator_sdp_content String COMMENT 'SIP Originator Content',
+sip_responder_sdp_connect_ip String COMMENT 'SIP Responder IP',
+sip_responder_sdp_media_port Nullable(Int32) COMMENT 'SIP Responder Port',
+sip_responder_sdp_media_type String COMMENT 'SIP Responder Media Type',
+sip_responder_sdp_content String COMMENT 'SIP Responder Content',
+sip_duration_s Nullable(Int32) COMMENT 'SIP Duration',
+sip_bye String COMMENT 'SIP Bye',
+rtp_payload_type_c2s Nullable(Int32) COMMENT 'RTP Payload Type(C2S)',
+rtp_payload_type_s2c Nullable(Int32) COMMENT 'RTP Payload Type(S2C)',
+rtp_pcap_path String COMMENT 'RTP PCAP',
+rtp_originator_dir Nullable(Int32) COMMENT 'RTP Direction',
+stratum_cryptocurrency String COMMENT 'Stratum Cryptocurrency',
+stratum_mining_pools String COMMENT 'Stratum Mining Pools',
+stratum_mining_program String COMMENT 'Stratum Mining Program',
+stratum_mining_subscribe String COMMENT 'Stratum Mining Subscribe',
+sent_pkts Int64 COMMENT 'Packets Sent',
+received_pkts Int64 COMMENT 'Packets Received',
+sent_bytes Int64 COMMENT 'Bytes Sent',
+received_bytes Int64 COMMENT 'Bytes Received',
+tcp_c2s_ip_fragments Nullable(Int64) COMMENT 'Client-to-Server IP Fragments',
+tcp_s2c_ip_fragments Nullable(Int64) COMMENT 'Server-to-Client IP Fragments',
+tcp_c2s_lost_bytes Nullable(Int64) COMMENT 'Client-to-Server Lost Bytes',
+tcp_s2c_lost_bytes Nullable(Int64) COMMENT 'Server-to-Client Lost Bytes',
+tcp_c2s_o3_pkts Nullable(Int64) COMMENT 'Client-to-Server Out-of-OrderPackets',
+tcp_s2c_o3_pkts Nullable(Int64) COMMENT 'Server-to-Client Out-of-Order Packets',
+tcp_c2s_rtx_pkts Nullable(Int64) COMMENT 'Client-to-Server Retransmission Packets',
+tcp_s2c_rtx_pkts Nullable(Int64) COMMENT 'Server-to-Client Retransmission Packets',
+tcp_c2s_rtx_bytes Nullable(Int64) COMMENT 'Client-to-Server Retransmission Bytes',
+tcp_s2c_rtx_bytes Nullable(Int64) COMMENT 'Server-to-Client Retransmission Bytes',
+tcp_rtt_ms Nullable(Int32) COMMENT 'Round-trip Time',
+tcp_client_isn Nullable(Int64) COMMENT 'Client ISN',
+tcp_server_isn Nullable(Int64) COMMENT 'Server ISN',
+packet_capture_file String COMMENT 'Packet Capture File',
+in_src_mac String COMMENT 'Incoming Source MAC',
+out_src_mac String COMMENT 'Outgoing Source MAC',
+in_dest_mac String COMMENT 'Incoming Destination MAC',
+out_dest_mac String COMMENT 'Outgoing Destination MAC',
+encapsulation String COMMENT 'Encapsulation',
+dup_traffic_flag Nullable(Int32) COMMENT 'Duplicate Traffic Flag',
+tunnel_endpoint_a_desc String COMMENT 'Tunnel Endpoint A Description',
+tunnel_endpoint_b_desc String COMMENT 'Tunnel Endpoint B Description'
+)
+ENGINE = ReplicatedMergeTree('/clickhouse/tables/{shard}/security_event_local', '{replica}')
+PARTITION BY toYYYYMMDD(toDate(recv_time))
+ORDER BY (vsys_id, security_action,proxy_action,decoded_as,data_center, device_group,recv_time)
+TTL toDateTime(recv_time) + toIntervalSecond(15552000)
+;
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.security_event on cluster js_datahouse (
+recv_time Int64 COMMENT 'Receive Time',
+log_id UInt64 COMMENT 'Log ID',
+decoded_as String COMMENT 'Decoded AS',
+session_id UInt64 COMMENT 'Session ID',
+start_timestamp_ms DateTime64(3) COMMENT 'Start Time',
+end_timestamp_ms DateTime64(3) COMMENT 'End Time',
+duration_ms Int32 COMMENT 'Duration',
+tcp_handshake_latency_ms Nullable(Int32) COMMENT 'TCP Handshake Latency',
+ingestion_time Int64 COMMENT 'Ingestion Time',
+processing_time Int64 COMMENT 'Processing Time',
+insert_time Int64 MATERIALIZED toUnixTimestamp(now()) COMMENT 'Insert Time',
+device_id String COMMENT 'Device ID',
+out_link_id Nullable(Int32) COMMENT 'Outgoing Link ID',
+in_link_id Nullable(Int32) COMMENT 'Incoming Link ID',
+device_tag String COMMENT 'Device Tag',
+data_center String COMMENT 'Data Center',
+device_group String COMMENT 'Device Group',
+sled_ip String COMMENT 'Sled IP',
+address_type Int32 COMMENT 'Address Type',
+vsys_id Int32 COMMENT 'Vsys ID',
+t_vsys_id Int32 COMMENT 'Traffic Vsys ID',
+flags Int64 COMMENT 'Flags',
+flags_identify_info String COMMENT 'Flags Identify Info',
+security_rule_list Array(Int64) COMMENT 'Security Rule List',
+security_action String COMMENT 'Security Action',
+monitor_rule_list Array(Int64) COMMENT 'Monitor Rule List',
+shaping_rule_list Array(Int64) COMMENT 'Shaping Rule List',
+proxy_rule_list Array(Int64) COMMENT 'Proxy Rule List',
+statistics_rule_list Array(Int64) COMMENT 'Statistics Rule List',
+sc_rule_list Array(Int64) COMMENT 'Service Chaining Rule List',
+sc_rsp_raw Array(Int64) COMMENT 'Service Chaining Rendered Service Path (Raw)',
+sc_rsp_decrypted Array(Int64) COMMENT 'Service Chaining Rendered Service Path (Decrypted)',
+proxy_action String COMMENT 'Proxy Action',
+proxy_pinning_status Nullable(Int32) COMMENT 'Proxy Pinning Status',
+proxy_intercept_status Nullable(Int32) COMMENT 'Proxy Intercept Status',
+proxy_passthrough_reason String COMMENT 'Proxy Passthrough Reason',
+proxy_client_side_latency_ms Nullable(Int32) COMMENT 'Proxy Client-Side Latency',
+proxy_server_side_latency_ms Nullable(Int32) COMMENT 'Proxy Server-Side Latency',
+proxy_client_side_version String COMMENT 'Proxy Client-Side Version',
+proxy_server_side_version String COMMENT 'Proxy Server-Side Version',
+proxy_cert_verify Nullable(Int32) COMMENT 'Proxy Certificate Verify',
+proxy_intercept_error String COMMENT 'Proxy Intercept Error',
+monitor_mirrored_pkts Nullable(Int32) COMMENT 'Monitor Mirrored Packets',
+monitor_mirrored_bytes Nullable(Int32) COMMENT 'Monitor Mirrored Bytes',
+client_ip String COMMENT 'Client IP',
+client_port Int32 COMMENT 'Client Port',
+client_os_desc String COMMENT 'Client OS Description',
+client_geolocation LowCardinality(String) COMMENT 'Client Geolocation',
+client_asn Nullable(Int64) COMMENT 'Client ASN',
+subscriber_id String COMMENT 'Subscriber ID',
+imei String COMMENT 'IMEI',
+imsi String COMMENT 'IMSI',
+phone_number String COMMENT 'Phone Number',
+apn String COMMENT 'APN',
+server_ip String COMMENT 'Server IP',
+server_port Int32 COMMENT 'Server Port',
+server_os_desc String COMMENT 'Server OS Description',
+server_geolocation LowCardinality(String) COMMENT 'Server Geolocation',
+server_asn Nullable(Int64) COMMENT 'Server ASN',
+server_fqdn String COMMENT 'Server FQDN',
+server_domain String COMMENT 'Server Domain',
+app_transition String COMMENT 'Application Transition',
+app LowCardinality(String) COMMENT 'Application',
+app_debug_info String COMMENT 'Application Debug Info',
+app_content String COMMENT 'Application Content',
+fqdn_category_list Array(Int64) COMMENT 'FQDN Category List',
+ip_protocol LowCardinality(String) COMMENT 'IP Protocol',
+decoded_path LowCardinality(String) COMMENT 'Decoded Path',
+dns_message_id Nullable(Int32) COMMENT 'DNS Message ID',
+dns_qr Nullable(Int32) COMMENT 'DNS QR',
+dns_opcode Nullable(Int32) COMMENT 'DNS OPCODE',
+dns_aa Nullable(Int32) COMMENT 'DNS AA',
+dns_tc Nullable(Int32) COMMENT 'DNS TC',
+dns_rd Nullable(Int32) COMMENT 'DNS RD',
+dns_ra Nullable(Int32) COMMENT 'DNS RA',
+dns_rcode Nullable(Int32) COMMENT 'DNS RCODE',
+dns_qdcount Nullable(Int32) COMMENT 'DNS QDCOUNT',
+dns_ancount Nullable(Int32) COMMENT 'DNS ANCOUNT',
+dns_nscount Nullable(Int32) COMMENT 'DNS NSCOUNT',
+dns_arcount Nullable(Int32) COMMENT 'DNS ARCOUNT',
+dns_qname String COMMENT 'DNS QNAME',
+dns_qtype Nullable(Int32) COMMENT 'DNS QTYPE',
+dns_qclass Nullable(Int32) COMMENT 'DNS QCLASS',
+dns_cname String COMMENT 'DNS CNAME',
+dns_sub Nullable(Int32) COMMENT 'DNS SUB',
+dns_rr String COMMENT 'DNS RR',
+dns_response_latency_ms Nullable(Int32) COMMENT 'DNS Response Latency',
+http_url String COMMENT 'HTTP URL',
+http_host String COMMENT 'HTTP Host',
+http_request_line String COMMENT 'HTTP Request Line',
+http_response_line String COMMENT 'HTTP Response Line',
+http_request_body String COMMENT 'HTTP Request Body',
+http_response_body String COMMENT 'HTTP Response Body',
+http_proxy_flag Nullable(Int32) COMMENT 'HTTP Proxy Flag',
+http_sequence Nullable(Int32) COMMENT 'HTTP Sequence',
+http_cookie String COMMENT 'HTTP Cookie',
+http_referer String COMMENT 'HTTP Referer',
+http_user_agent String COMMENT 'HTTP User-Agent',
+http_request_content_length Nullable(Int64) COMMENT 'HTTP Request Content-Length',
+http_request_content_type String COMMENT 'HTTP Request Content-Type',
+http_response_content_length Nullable(Int64) COMMENT 'HTTP Response Content-Length',
+http_response_content_type String COMMENT 'HTTP Response Content-Type',
+http_set_cookie String COMMENT 'HTTP Set-Cookie',
+http_version String COMMENT 'HTTP Version',
+http_status_code Nullable(Int32) COMMENT 'HTTP Status Code',
+http_response_latency_ms Nullable(Int32) COMMENT 'HTTP Response Latency',
+http_session_duration_ms Nullable(Int32) COMMENT 'HTTP Session Duration',
+http_action_file_size Nullable(Int64) COMMENT 'HTTP Action File Size',
+ssl_version String COMMENT 'SSL Version',
+ssl_sni String COMMENT 'SSL SNI',
+ssl_san String COMMENT 'SSL SAN',
+ssl_cn String COMMENT 'SSL CN',
+ssl_handshake_latency_ms Nullable(Int32) COMMENT 'SSL Handshake Latency',
+ssl_ja3_hash String COMMENT 'SSL JA3 Fingerprint',
+ssl_ja3s_hash String COMMENT 'SSL JA3 Hash',
+ssl_cert_issuer String COMMENT 'SSL JA3S Fingerprint',
+ssl_cert_subject String COMMENT 'SSL JA3S Hash',
+ssl_esni_flag Nullable(Int32) COMMENT 'SSL Issuer',
+ssl_ech_flag Nullable(Int32) COMMENT 'SSL Subject',
+dtls_cookie String COMMENT 'DTLS Cookie',
+dtls_version String COMMENT 'DTLS Version',
+dtls_sni String COMMENT 'DTLS SNI',
+dtls_san String COMMENT 'DTLS SAN',
+dtls_cn String COMMENT 'DTLS CN',
+dtls_handshake_latency_ms Nullable(Int32) COMMENT 'DTLS Handshake Latency',
+dtls_ja3_fingerprint String COMMENT 'DTLS JA3 Fingerprint',
+dtls_ja3_hash String COMMENT 'DTLS JA3 Hash',
+dtls_cert_issuer String COMMENT 'DTLS Certificate Issuer',
+dtls_cert_subject String COMMENT 'DTLS Certificate Subject',
+mail_protocol_type String COMMENT 'MAIL Protocol Type',
+mail_account String COMMENT 'MAIL Account',
+mail_from_cmd String COMMENT 'MAIL From CMD',
+mail_to_cmd String COMMENT 'MAIL To CMD',
+mail_from String COMMENT 'MAIL From',
+mail_password String COMMENT 'MAIL Password',
+mail_to String COMMENT 'MAIL To',
+mail_cc String COMMENT 'MAIL CC',
+mail_bcc String COMMENT 'MAIL BCC',
+mail_subject String COMMENT 'MAIL Subject',
+mail_subject_charset String COMMENT 'MAIL Subject Charset',
+mail_attachment_name String COMMENT 'MAIL Content',
+mail_attachment_name_charset String COMMENT 'MAIL Content Charset',
+mail_eml_file String COMMENT 'MAIL Attachment Name',
+ftp_account String COMMENT 'FTP Account',
+ftp_url String COMMENT 'FTP URL',
+ftp_link_type String COMMENT 'FTP Link Type',
+quic_version String COMMENT 'QUIC Version',
+quic_sni String COMMENT 'QUIC SNI',
+quic_user_agent String COMMENT 'QUIC User-Agent',
+rdp_cookie String COMMENT 'RDP Cookie',
+rdp_security_protocol String COMMENT 'RDP Security Protocol',
+rdp_client_channels String COMMENT 'RDP Client Channels',
+rdp_keyboard_layout String COMMENT 'RDP Keyboard Layout',
+rdp_client_version String COMMENT 'RDP Client Version',
+rdp_client_name String COMMENT 'RDP Client Name',
+rdp_client_product_id String COMMENT 'RDP Client Product ID',
+rdp_desktop_width String COMMENT 'RDP Desktop Width',
+rdp_desktop_height String COMMENT 'RDP Desktop Height',
+rdp_requested_color_depth String COMMENT 'RDP Requested Color Depth',
+rdp_certificate_type String COMMENT 'RDP Certificate Type',
+rdp_certificate_count Nullable(Int32) COMMENT 'RDP Certificate Count',
+rdp_certificate_permanent Nullable(Int32) COMMENT 'RDP Certificate Permanent',
+rdp_encryption_level String COMMENT 'RDP Encryption Level',
+rdp_encryption_method String COMMENT 'RDP Encryption Method',
+ssh_version String COMMENT 'SSH Version',
+ssh_auth_success String COMMENT 'SSH Authentication Result',
+ssh_client_version String COMMENT 'SSH Client Version',
+ssh_server_version String COMMENT 'SSH Server Version',
+ssh_cipher_alg String COMMENT 'SSH Encryption Algorithm',
+ssh_mac_alg String COMMENT 'SSH Signing Algorithm',
+ssh_compression_alg String COMMENT 'SSH Compression Algorithm',
+ssh_kex_alg String COMMENT 'SSH Key Exchange Algorithm',
+ssh_host_key_alg String COMMENT 'SSH Server Host Key Algorithm',
+ssh_host_key String COMMENT 'SSH Server Key Fingerprint',
+ssh_hassh String COMMENT 'SSH HASSH',
+sip_call_id String COMMENT 'SIP Call-ID',
+sip_originator_description String COMMENT 'SIP Originator',
+sip_responder_description String COMMENT 'SIP Responder',
+sip_user_agent String COMMENT 'SIP User-Agent',
+sip_server String COMMENT 'SIP Server',
+sip_originator_sdp_connect_ip String COMMENT 'SIP Originator IP',
+sip_originator_sdp_media_port Nullable(Int32) COMMENT 'SIP Originator Port',
+sip_originator_sdp_media_type String COMMENT 'SIP Originator Media Type',
+sip_originator_sdp_content String COMMENT 'SIP Originator Content',
+sip_responder_sdp_connect_ip String COMMENT 'SIP Responder IP',
+sip_responder_sdp_media_port Nullable(Int32) COMMENT 'SIP Responder Port',
+sip_responder_sdp_media_type String COMMENT 'SIP Responder Media Type',
+sip_responder_sdp_content String COMMENT 'SIP Responder Content',
+sip_duration_s Nullable(Int32) COMMENT 'SIP Duration',
+sip_bye String COMMENT 'SIP Bye',
+rtp_payload_type_c2s Nullable(Int32) COMMENT 'RTP Payload Type(C2S)',
+rtp_payload_type_s2c Nullable(Int32) COMMENT 'RTP Payload Type(S2C)',
+rtp_pcap_path String COMMENT 'RTP PCAP',
+rtp_originator_dir Nullable(Int32) COMMENT 'RTP Direction',
+stratum_cryptocurrency String COMMENT 'Stratum Cryptocurrency',
+stratum_mining_pools String COMMENT 'Stratum Mining Pools',
+stratum_mining_program String COMMENT 'Stratum Mining Program',
+stratum_mining_subscribe String COMMENT 'Stratum Mining Subscribe',
+sent_pkts Int64 COMMENT 'Packets Sent',
+received_pkts Int64 COMMENT 'Packets Received',
+sent_bytes Int64 COMMENT 'Bytes Sent',
+received_bytes Int64 COMMENT 'Bytes Received',
+tcp_c2s_ip_fragments Nullable(Int64) COMMENT 'Client-to-Server IP Fragments',
+tcp_s2c_ip_fragments Nullable(Int64) COMMENT 'Server-to-Client IP Fragments',
+tcp_c2s_lost_bytes Nullable(Int64) COMMENT 'Client-to-Server Lost Bytes',
+tcp_s2c_lost_bytes Nullable(Int64) COMMENT 'Server-to-Client Lost Bytes',
+tcp_c2s_o3_pkts Nullable(Int64) COMMENT 'Client-to-Server Out-of-OrderPackets',
+tcp_s2c_o3_pkts Nullable(Int64) COMMENT 'Server-to-Client Out-of-Order Packets',
+tcp_c2s_rtx_pkts Nullable(Int64) COMMENT 'Client-to-Server Retransmission Packets',
+tcp_s2c_rtx_pkts Nullable(Int64) COMMENT 'Server-to-Client Retransmission Packets',
+tcp_c2s_rtx_bytes Nullable(Int64) COMMENT 'Client-to-Server Retransmission Bytes',
+tcp_s2c_rtx_bytes Nullable(Int64) COMMENT 'Server-to-Client Retransmission Bytes',
+tcp_rtt_ms Nullable(Int32) COMMENT 'Round-trip Time',
+tcp_client_isn Nullable(Int64) COMMENT 'Client ISN',
+tcp_server_isn Nullable(Int64) COMMENT 'Server ISN',
+packet_capture_file String COMMENT 'Packet Capture File',
+in_src_mac String COMMENT 'Incoming Source MAC',
+out_src_mac String COMMENT 'Outgoing Source MAC',
+in_dest_mac String COMMENT 'Incoming Destination MAC',
+out_dest_mac String COMMENT 'Outgoing Destination MAC',
+encapsulation String COMMENT 'Encapsulation',
+dup_traffic_flag Nullable(Int32) COMMENT 'Duplicate Traffic Flag',
+tunnel_endpoint_a_desc String COMMENT 'Tunnel Endpoint A Description',
+tunnel_endpoint_b_desc String COMMENT 'Tunnel Endpoint B Description'
+)
+ENGINE =Distributed(js_datahouse,tsg_galaxy_v3,security_event_local,rand());
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.monitor_event_local on cluster js_datahouse (
+recv_time Int64 COMMENT 'Receive Time',
+log_id UInt64 COMMENT 'Log ID',
+decoded_as String COMMENT 'Decoded AS',
+session_id UInt64 COMMENT 'Session ID',
+start_timestamp_ms DateTime64(3) COMMENT 'Start Time',
+end_timestamp_ms DateTime64(3) COMMENT 'End Time',
+duration_ms Int32 COMMENT 'Duration',
+tcp_handshake_latency_ms Nullable(Int32) COMMENT 'TCP Handshake Latency',
+ingestion_time Int64 COMMENT 'Ingestion Time',
+processing_time Int64 COMMENT 'Processing Time',
+insert_time Int64 MATERIALIZED toUnixTimestamp(now()) COMMENT 'Insert Time',
+device_id String COMMENT 'Device ID',
+out_link_id Nullable(Int32) COMMENT 'Outgoing Link ID',
+in_link_id Nullable(Int32) COMMENT 'Incoming Link ID',
+device_tag String COMMENT 'Device Tag',
+data_center String COMMENT 'Data Center',
+device_group String COMMENT 'Device Group',
+sled_ip String COMMENT 'Sled IP',
+address_type Int32 COMMENT 'Address Type',
+vsys_id Int32 COMMENT 'Vsys ID',
+t_vsys_id Int32 COMMENT 'Traffic Vsys ID',
+flags Int64 COMMENT 'Flags',
+flags_identify_info String COMMENT 'Flags Identify Info',
+security_rule_list Array(Int64) COMMENT 'Security Rule List',
+security_action String COMMENT 'Security Action',
+monitor_rule_list Array(Int64) COMMENT 'Monitor Rule List',
+shaping_rule_list Array(Int64) COMMENT 'Shaping Rule List',
+proxy_rule_list Array(Int64) COMMENT 'Proxy Rule List',
+statistics_rule_list Array(Int64) COMMENT 'Statistics Rule List',
+sc_rule_list Array(Int64) COMMENT 'Service Chaining Rule List',
+sc_rsp_raw Array(Int64) COMMENT 'Service Chaining Rendered Service Path (Raw)',
+sc_rsp_decrypted Array(Int64) COMMENT 'Service Chaining Rendered Service Path (Decrypted)',
+proxy_action String COMMENT 'Proxy Action',
+proxy_pinning_status Nullable(Int32) COMMENT 'Proxy Pinning Status',
+proxy_intercept_status Nullable(Int32) COMMENT 'Proxy Intercept Status',
+proxy_passthrough_reason String COMMENT 'Proxy Passthrough Reason',
+proxy_client_side_latency_ms Nullable(Int32) COMMENT 'Proxy Client-Side Latency',
+proxy_server_side_latency_ms Nullable(Int32) COMMENT 'Proxy Server-Side Latency',
+proxy_client_side_version String COMMENT 'Proxy Client-Side Version',
+proxy_server_side_version String COMMENT 'Proxy Server-Side Version',
+proxy_cert_verify Nullable(Int32) COMMENT 'Proxy Certificate Verify',
+proxy_intercept_error String COMMENT 'Proxy Intercept Error',
+monitor_mirrored_pkts Nullable(Int32) COMMENT 'Monitor Mirrored Packets',
+monitor_mirrored_bytes Nullable(Int32) COMMENT 'Monitor Mirrored Bytes',
+client_ip String COMMENT 'Client IP',
+client_port Int32 COMMENT 'Client Port',
+client_os_desc String COMMENT 'Client OS Description',
+client_geolocation LowCardinality(String) COMMENT 'Client Geolocation',
+client_asn Nullable(Int64) COMMENT 'Client ASN',
+subscriber_id String COMMENT 'Subscriber ID',
+imei String COMMENT 'IMEI',
+imsi String COMMENT 'IMSI',
+phone_number String COMMENT 'Phone Number',
+apn String COMMENT 'APN',
+server_ip String COMMENT 'Server IP',
+server_port Int32 COMMENT 'Server Port',
+server_os_desc String COMMENT 'Server OS Description',
+server_geolocation LowCardinality(String) COMMENT 'Server Geolocation',
+server_asn Nullable(Int64) COMMENT 'Server ASN',
+server_fqdn String COMMENT 'Server FQDN',
+server_domain String COMMENT 'Server Domain',
+app_transition String COMMENT 'Application Transition',
+app LowCardinality(String) COMMENT 'Application',
+app_debug_info String COMMENT 'Application Debug Info',
+app_content String COMMENT 'Application Content',
+fqdn_category_list Array(Int64) COMMENT 'FQDN Category List',
+ip_protocol LowCardinality(String) COMMENT 'IP Protocol',
+decoded_path LowCardinality(String) COMMENT 'Decoded Path',
+dns_message_id Nullable(Int32) COMMENT 'DNS Message ID',
+dns_qr Nullable(Int32) COMMENT 'DNS QR',
+dns_opcode Nullable(Int32) COMMENT 'DNS OPCODE',
+dns_aa Nullable(Int32) COMMENT 'DNS AA',
+dns_tc Nullable(Int32) COMMENT 'DNS TC',
+dns_rd Nullable(Int32) COMMENT 'DNS RD',
+dns_ra Nullable(Int32) COMMENT 'DNS RA',
+dns_rcode Nullable(Int32) COMMENT 'DNS RCODE',
+dns_qdcount Nullable(Int32) COMMENT 'DNS QDCOUNT',
+dns_ancount Nullable(Int32) COMMENT 'DNS ANCOUNT',
+dns_nscount Nullable(Int32) COMMENT 'DNS NSCOUNT',
+dns_arcount Nullable(Int32) COMMENT 'DNS ARCOUNT',
+dns_qname String COMMENT 'DNS QNAME',
+dns_qtype Nullable(Int32) COMMENT 'DNS QTYPE',
+dns_qclass Nullable(Int32) COMMENT 'DNS QCLASS',
+dns_cname String COMMENT 'DNS CNAME',
+dns_sub Nullable(Int32) COMMENT 'DNS SUB',
+dns_rr String COMMENT 'DNS RR',
+dns_response_latency_ms Nullable(Int32) COMMENT 'DNS Response Latency',
+http_url String COMMENT 'HTTP URL',
+http_host String COMMENT 'HTTP Host',
+http_request_line String COMMENT 'HTTP Request Line',
+http_response_line String COMMENT 'HTTP Response Line',
+http_request_body String COMMENT 'HTTP Request Body',
+http_response_body String COMMENT 'HTTP Response Body',
+http_proxy_flag Nullable(Int32) COMMENT 'HTTP Proxy Flag',
+http_sequence Nullable(Int32) COMMENT 'HTTP Sequence',
+http_cookie String COMMENT 'HTTP Cookie',
+http_referer String COMMENT 'HTTP Referer',
+http_user_agent String COMMENT 'HTTP User-Agent',
+http_request_content_length Nullable(Int64) COMMENT 'HTTP Request Content-Length',
+http_request_content_type String COMMENT 'HTTP Request Content-Type',
+http_response_content_length Nullable(Int64) COMMENT 'HTTP Response Content-Length',
+http_response_content_type String COMMENT 'HTTP Response Content-Type',
+http_set_cookie String COMMENT 'HTTP Set-Cookie',
+http_version String COMMENT 'HTTP Version',
+http_status_code Nullable(Int32) COMMENT 'HTTP Status Code',
+http_response_latency_ms Nullable(Int32) COMMENT 'HTTP Response Latency',
+http_session_duration_ms Nullable(Int32) COMMENT 'HTTP Session Duration',
+http_action_file_size Nullable(Int64) COMMENT 'HTTP Action File Size',
+ssl_version String COMMENT 'SSL Version',
+ssl_sni String COMMENT 'SSL SNI',
+ssl_san String COMMENT 'SSL SAN',
+ssl_cn String COMMENT 'SSL CN',
+ssl_handshake_latency_ms Nullable(Int32) COMMENT 'SSL Handshake Latency',
+ssl_ja3_hash String COMMENT 'SSL JA3 Fingerprint',
+ssl_ja3s_hash String COMMENT 'SSL JA3 Hash',
+ssl_cert_issuer String COMMENT 'SSL JA3S Fingerprint',
+ssl_cert_subject String COMMENT 'SSL JA3S Hash',
+ssl_esni_flag Nullable(Int32) COMMENT 'SSL Issuer',
+ssl_ech_flag Nullable(Int32) COMMENT 'SSL Subject',
+dtls_cookie String COMMENT 'DTLS Cookie',
+dtls_version String COMMENT 'DTLS Version',
+dtls_sni String COMMENT 'DTLS SNI',
+dtls_san String COMMENT 'DTLS SAN',
+dtls_cn String COMMENT 'DTLS CN',
+dtls_handshake_latency_ms Nullable(Int32) COMMENT 'DTLS Handshake Latency',
+dtls_ja3_fingerprint String COMMENT 'DTLS JA3 Fingerprint',
+dtls_ja3_hash String COMMENT 'DTLS JA3 Hash',
+dtls_cert_issuer String COMMENT 'DTLS Certificate Issuer',
+dtls_cert_subject String COMMENT 'DTLS Certificate Subject',
+mail_protocol_type String COMMENT 'MAIL Protocol Type',
+mail_account String COMMENT 'MAIL Account',
+mail_from_cmd String COMMENT 'MAIL From CMD',
+mail_to_cmd String COMMENT 'MAIL To CMD',
+mail_from String COMMENT 'MAIL From',
+mail_password String COMMENT 'MAIL Password',
+mail_to String COMMENT 'MAIL To',
+mail_cc String COMMENT 'MAIL CC',
+mail_bcc String COMMENT 'MAIL BCC',
+mail_subject String COMMENT 'MAIL Subject',
+mail_subject_charset String COMMENT 'MAIL Subject Charset',
+mail_attachment_name String COMMENT 'MAIL Content',
+mail_attachment_name_charset String COMMENT 'MAIL Content Charset',
+mail_eml_file String COMMENT 'MAIL Attachment Name',
+ftp_account String COMMENT 'FTP Account',
+ftp_url String COMMENT 'FTP URL',
+ftp_link_type String COMMENT 'FTP Link Type',
+quic_version String COMMENT 'QUIC Version',
+quic_sni String COMMENT 'QUIC SNI',
+quic_user_agent String COMMENT 'QUIC User-Agent',
+rdp_cookie String COMMENT 'RDP Cookie',
+rdp_security_protocol String COMMENT 'RDP Security Protocol',
+rdp_client_channels String COMMENT 'RDP Client Channels',
+rdp_keyboard_layout String COMMENT 'RDP Keyboard Layout',
+rdp_client_version String COMMENT 'RDP Client Version',
+rdp_client_name String COMMENT 'RDP Client Name',
+rdp_client_product_id String COMMENT 'RDP Client Product ID',
+rdp_desktop_width String COMMENT 'RDP Desktop Width',
+rdp_desktop_height String COMMENT 'RDP Desktop Height',
+rdp_requested_color_depth String COMMENT 'RDP Requested Color Depth',
+rdp_certificate_type String COMMENT 'RDP Certificate Type',
+rdp_certificate_count Nullable(Int32) COMMENT 'RDP Certificate Count',
+rdp_certificate_permanent Nullable(Int32) COMMENT 'RDP Certificate Permanent',
+rdp_encryption_level String COMMENT 'RDP Encryption Level',
+rdp_encryption_method String COMMENT 'RDP Encryption Method',
+ssh_version String COMMENT 'SSH Version',
+ssh_auth_success String COMMENT 'SSH Authentication Result',
+ssh_client_version String COMMENT 'SSH Client Version',
+ssh_server_version String COMMENT 'SSH Server Version',
+ssh_cipher_alg String COMMENT 'SSH Encryption Algorithm',
+ssh_mac_alg String COMMENT 'SSH Signing Algorithm',
+ssh_compression_alg String COMMENT 'SSH Compression Algorithm',
+ssh_kex_alg String COMMENT 'SSH Key Exchange Algorithm',
+ssh_host_key_alg String COMMENT 'SSH Server Host Key Algorithm',
+ssh_host_key String COMMENT 'SSH Server Key Fingerprint',
+ssh_hassh String COMMENT 'SSH HASSH',
+sip_call_id String COMMENT 'SIP Call-ID',
+sip_originator_description String COMMENT 'SIP Originator',
+sip_responder_description String COMMENT 'SIP Responder',
+sip_user_agent String COMMENT 'SIP User-Agent',
+sip_server String COMMENT 'SIP Server',
+sip_originator_sdp_connect_ip String COMMENT 'SIP Originator IP',
+sip_originator_sdp_media_port Nullable(Int32) COMMENT 'SIP Originator Port',
+sip_originator_sdp_media_type String COMMENT 'SIP Originator Media Type',
+sip_originator_sdp_content String COMMENT 'SIP Originator Content',
+sip_responder_sdp_connect_ip String COMMENT 'SIP Responder IP',
+sip_responder_sdp_media_port Nullable(Int32) COMMENT 'SIP Responder Port',
+sip_responder_sdp_media_type String COMMENT 'SIP Responder Media Type',
+sip_responder_sdp_content String COMMENT 'SIP Responder Content',
+sip_duration_s Nullable(Int32) COMMENT 'SIP Duration',
+sip_bye String COMMENT 'SIP Bye',
+rtp_payload_type_c2s Nullable(Int32) COMMENT 'RTP Payload Type(C2S)',
+rtp_payload_type_s2c Nullable(Int32) COMMENT 'RTP Payload Type(S2C)',
+rtp_pcap_path String COMMENT 'RTP PCAP',
+rtp_originator_dir Nullable(Int32) COMMENT 'RTP Direction',
+stratum_cryptocurrency String COMMENT 'Stratum Cryptocurrency',
+stratum_mining_pools String COMMENT 'Stratum Mining Pools',
+stratum_mining_program String COMMENT 'Stratum Mining Program',
+stratum_mining_subscribe String COMMENT 'Stratum Mining Subscribe',
+sent_pkts Int64 COMMENT 'Packets Sent',
+received_pkts Int64 COMMENT 'Packets Received',
+sent_bytes Int64 COMMENT 'Bytes Sent',
+received_bytes Int64 COMMENT 'Bytes Received',
+tcp_c2s_ip_fragments Nullable(Int64) COMMENT 'Client-to-Server IP Fragments',
+tcp_s2c_ip_fragments Nullable(Int64) COMMENT 'Server-to-Client IP Fragments',
+tcp_c2s_lost_bytes Nullable(Int64) COMMENT 'Client-to-Server Lost Bytes',
+tcp_s2c_lost_bytes Nullable(Int64) COMMENT 'Server-to-Client Lost Bytes',
+tcp_c2s_o3_pkts Nullable(Int64) COMMENT 'Client-to-Server Out-of-OrderPackets',
+tcp_s2c_o3_pkts Nullable(Int64) COMMENT 'Server-to-Client Out-of-Order Packets',
+tcp_c2s_rtx_pkts Nullable(Int64) COMMENT 'Client-to-Server Retransmission Packets',
+tcp_s2c_rtx_pkts Nullable(Int64) COMMENT 'Server-to-Client Retransmission Packets',
+tcp_c2s_rtx_bytes Nullable(Int64) COMMENT 'Client-to-Server Retransmission Bytes',
+tcp_s2c_rtx_bytes Nullable(Int64) COMMENT 'Server-to-Client Retransmission Bytes',
+tcp_rtt_ms Nullable(Int32) COMMENT 'Round-trip Time',
+tcp_client_isn Nullable(Int64) COMMENT 'Client ISN',
+tcp_server_isn Nullable(Int64) COMMENT 'Server ISN',
+packet_capture_file String COMMENT 'Packet Capture File',
+in_src_mac String COMMENT 'Incoming Source MAC',
+out_src_mac String COMMENT 'Outgoing Source MAC',
+in_dest_mac String COMMENT 'Incoming Destination MAC',
+out_dest_mac String COMMENT 'Outgoing Destination MAC',
+encapsulation String COMMENT 'Encapsulation',
+dup_traffic_flag Nullable(Int32) COMMENT 'Duplicate Traffic Flag',
+tunnel_endpoint_a_desc String COMMENT 'Tunnel Endpoint A Description',
+tunnel_endpoint_b_desc String COMMENT 'Tunnel Endpoint B Description'
+)
+ENGINE = ReplicatedMergeTree('/clickhouse/tables/{shard}/monitor_event_local', '{replica}')
+PARTITION BY toYYYYMMDD(toDate(recv_time))
+ORDER BY (vsys_id, security_action,proxy_action,decoded_as,data_center, device_group,recv_time)
+TTL toDateTime(recv_time) + toIntervalSecond(15552000)
+;
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.monitor_event on cluster js_datahouse (
+recv_time Int64 COMMENT 'Receive Time',
+log_id UInt64 COMMENT 'Log ID',
+decoded_as String COMMENT 'Decoded AS',
+session_id UInt64 COMMENT 'Session ID',
+start_timestamp_ms DateTime64(3) COMMENT 'Start Time',
+end_timestamp_ms DateTime64(3) COMMENT 'End Time',
+duration_ms Int32 COMMENT 'Duration',
+tcp_handshake_latency_ms Nullable(Int32) COMMENT 'TCP Handshake Latency',
+ingestion_time Int64 COMMENT 'Ingestion Time',
+processing_time Int64 COMMENT 'Processing Time',
+insert_time Int64 MATERIALIZED toUnixTimestamp(now()) COMMENT 'Insert Time',
+device_id String COMMENT 'Device ID',
+out_link_id Nullable(Int32) COMMENT 'Outgoing Link ID',
+in_link_id Nullable(Int32) COMMENT 'Incoming Link ID',
+device_tag String COMMENT 'Device Tag',
+data_center String COMMENT 'Data Center',
+device_group String COMMENT 'Device Group',
+sled_ip String COMMENT 'Sled IP',
+address_type Int32 COMMENT 'Address Type',
+vsys_id Int32 COMMENT 'Vsys ID',
+t_vsys_id Int32 COMMENT 'Traffic Vsys ID',
+flags Int64 COMMENT 'Flags',
+flags_identify_info String COMMENT 'Flags Identify Info',
+security_rule_list Array(Int64) COMMENT 'Security Rule List',
+security_action String COMMENT 'Security Action',
+monitor_rule_list Array(Int64) COMMENT 'Monitor Rule List',
+shaping_rule_list Array(Int64) COMMENT 'Shaping Rule List',
+proxy_rule_list Array(Int64) COMMENT 'Proxy Rule List',
+statistics_rule_list Array(Int64) COMMENT 'Statistics Rule List',
+sc_rule_list Array(Int64) COMMENT 'Service Chaining Rule List',
+sc_rsp_raw Array(Int64) COMMENT 'Service Chaining Rendered Service Path (Raw)',
+sc_rsp_decrypted Array(Int64) COMMENT 'Service Chaining Rendered Service Path (Decrypted)',
+proxy_action String COMMENT 'Proxy Action',
+proxy_pinning_status Nullable(Int32) COMMENT 'Proxy Pinning Status',
+proxy_intercept_status Nullable(Int32) COMMENT 'Proxy Intercept Status',
+proxy_passthrough_reason String COMMENT 'Proxy Passthrough Reason',
+proxy_client_side_latency_ms Nullable(Int32) COMMENT 'Proxy Client-Side Latency',
+proxy_server_side_latency_ms Nullable(Int32) COMMENT 'Proxy Server-Side Latency',
+proxy_client_side_version String COMMENT 'Proxy Client-Side Version',
+proxy_server_side_version String COMMENT 'Proxy Server-Side Version',
+proxy_cert_verify Nullable(Int32) COMMENT 'Proxy Certificate Verify',
+proxy_intercept_error String COMMENT 'Proxy Intercept Error',
+monitor_mirrored_pkts Nullable(Int32) COMMENT 'Monitor Mirrored Packets',
+monitor_mirrored_bytes Nullable(Int32) COMMENT 'Monitor Mirrored Bytes',
+client_ip String COMMENT 'Client IP',
+client_port Int32 COMMENT 'Client Port',
+client_os_desc String COMMENT 'Client OS Description',
+client_geolocation LowCardinality(String) COMMENT 'Client Geolocation',
+client_asn Nullable(Int64) COMMENT 'Client ASN',
+subscriber_id String COMMENT 'Subscriber ID',
+imei String COMMENT 'IMEI',
+imsi String COMMENT 'IMSI',
+phone_number String COMMENT 'Phone Number',
+apn String COMMENT 'APN',
+server_ip String COMMENT 'Server IP',
+server_port Int32 COMMENT 'Server Port',
+server_os_desc String COMMENT 'Server OS Description',
+server_geolocation LowCardinality(String) COMMENT 'Server Geolocation',
+server_asn Nullable(Int64) COMMENT 'Server ASN',
+server_fqdn String COMMENT 'Server FQDN',
+server_domain String COMMENT 'Server Domain',
+app_transition String COMMENT 'Application Transition',
+app LowCardinality(String) COMMENT 'Application',
+app_debug_info String COMMENT 'Application Debug Info',
+app_content String COMMENT 'Application Content',
+fqdn_category_list Array(Int64) COMMENT 'FQDN Category List',
+ip_protocol LowCardinality(String) COMMENT 'IP Protocol',
+decoded_path LowCardinality(String) COMMENT 'Decoded Path',
+dns_message_id Nullable(Int32) COMMENT 'DNS Message ID',
+dns_qr Nullable(Int32) COMMENT 'DNS QR',
+dns_opcode Nullable(Int32) COMMENT 'DNS OPCODE',
+dns_aa Nullable(Int32) COMMENT 'DNS AA',
+dns_tc Nullable(Int32) COMMENT 'DNS TC',
+dns_rd Nullable(Int32) COMMENT 'DNS RD',
+dns_ra Nullable(Int32) COMMENT 'DNS RA',
+dns_rcode Nullable(Int32) COMMENT 'DNS RCODE',
+dns_qdcount Nullable(Int32) COMMENT 'DNS QDCOUNT',
+dns_ancount Nullable(Int32) COMMENT 'DNS ANCOUNT',
+dns_nscount Nullable(Int32) COMMENT 'DNS NSCOUNT',
+dns_arcount Nullable(Int32) COMMENT 'DNS ARCOUNT',
+dns_qname String COMMENT 'DNS QNAME',
+dns_qtype Nullable(Int32) COMMENT 'DNS QTYPE',
+dns_qclass Nullable(Int32) COMMENT 'DNS QCLASS',
+dns_cname String COMMENT 'DNS CNAME',
+dns_sub Nullable(Int32) COMMENT 'DNS SUB',
+dns_rr String COMMENT 'DNS RR',
+dns_response_latency_ms Nullable(Int32) COMMENT 'DNS Response Latency',
+http_url String COMMENT 'HTTP URL',
+http_host String COMMENT 'HTTP Host',
+http_request_line String COMMENT 'HTTP Request Line',
+http_response_line String COMMENT 'HTTP Response Line',
+http_request_body String COMMENT 'HTTP Request Body',
+http_response_body String COMMENT 'HTTP Response Body',
+http_proxy_flag Nullable(Int32) COMMENT 'HTTP Proxy Flag',
+http_sequence Nullable(Int32) COMMENT 'HTTP Sequence',
+http_cookie String COMMENT 'HTTP Cookie',
+http_referer String COMMENT 'HTTP Referer',
+http_user_agent String COMMENT 'HTTP User-Agent',
+http_request_content_length Nullable(Int64) COMMENT 'HTTP Request Content-Length',
+http_request_content_type String COMMENT 'HTTP Request Content-Type',
+http_response_content_length Nullable(Int64) COMMENT 'HTTP Response Content-Length',
+http_response_content_type String COMMENT 'HTTP Response Content-Type',
+http_set_cookie String COMMENT 'HTTP Set-Cookie',
+http_version String COMMENT 'HTTP Version',
+http_status_code Nullable(Int32) COMMENT 'HTTP Status Code',
+http_response_latency_ms Nullable(Int32) COMMENT 'HTTP Response Latency',
+http_session_duration_ms Nullable(Int32) COMMENT 'HTTP Session Duration',
+http_action_file_size Nullable(Int64) COMMENT 'HTTP Action File Size',
+ssl_version String COMMENT 'SSL Version',
+ssl_sni String COMMENT 'SSL SNI',
+ssl_san String COMMENT 'SSL SAN',
+ssl_cn String COMMENT 'SSL CN',
+ssl_handshake_latency_ms Nullable(Int32) COMMENT 'SSL Handshake Latency',
+ssl_ja3_hash String COMMENT 'SSL JA3 Fingerprint',
+ssl_ja3s_hash String COMMENT 'SSL JA3 Hash',
+ssl_cert_issuer String COMMENT 'SSL JA3S Fingerprint',
+ssl_cert_subject String COMMENT 'SSL JA3S Hash',
+ssl_esni_flag Nullable(Int32) COMMENT 'SSL Issuer',
+ssl_ech_flag Nullable(Int32) COMMENT 'SSL Subject',
+dtls_cookie String COMMENT 'DTLS Cookie',
+dtls_version String COMMENT 'DTLS Version',
+dtls_sni String COMMENT 'DTLS SNI',
+dtls_san String COMMENT 'DTLS SAN',
+dtls_cn String COMMENT 'DTLS CN',
+dtls_handshake_latency_ms Nullable(Int32) COMMENT 'DTLS Handshake Latency',
+dtls_ja3_fingerprint String COMMENT 'DTLS JA3 Fingerprint',
+dtls_ja3_hash String COMMENT 'DTLS JA3 Hash',
+dtls_cert_issuer String COMMENT 'DTLS Certificate Issuer',
+dtls_cert_subject String COMMENT 'DTLS Certificate Subject',
+mail_protocol_type String COMMENT 'MAIL Protocol Type',
+mail_account String COMMENT 'MAIL Account',
+mail_from_cmd String COMMENT 'MAIL From CMD',
+mail_to_cmd String COMMENT 'MAIL To CMD',
+mail_from String COMMENT 'MAIL From',
+mail_password String COMMENT 'MAIL Password',
+mail_to String COMMENT 'MAIL To',
+mail_cc String COMMENT 'MAIL CC',
+mail_bcc String COMMENT 'MAIL BCC',
+mail_subject String COMMENT 'MAIL Subject',
+mail_subject_charset String COMMENT 'MAIL Subject Charset',
+mail_attachment_name String COMMENT 'MAIL Content',
+mail_attachment_name_charset String COMMENT 'MAIL Content Charset',
+mail_eml_file String COMMENT 'MAIL Attachment Name',
+ftp_account String COMMENT 'FTP Account',
+ftp_url String COMMENT 'FTP URL',
+ftp_link_type String COMMENT 'FTP Link Type',
+quic_version String COMMENT 'QUIC Version',
+quic_sni String COMMENT 'QUIC SNI',
+quic_user_agent String COMMENT 'QUIC User-Agent',
+rdp_cookie String COMMENT 'RDP Cookie',
+rdp_security_protocol String COMMENT 'RDP Security Protocol',
+rdp_client_channels String COMMENT 'RDP Client Channels',
+rdp_keyboard_layout String COMMENT 'RDP Keyboard Layout',
+rdp_client_version String COMMENT 'RDP Client Version',
+rdp_client_name String COMMENT 'RDP Client Name',
+rdp_client_product_id String COMMENT 'RDP Client Product ID',
+rdp_desktop_width String COMMENT 'RDP Desktop Width',
+rdp_desktop_height String COMMENT 'RDP Desktop Height',
+rdp_requested_color_depth String COMMENT 'RDP Requested Color Depth',
+rdp_certificate_type String COMMENT 'RDP Certificate Type',
+rdp_certificate_count Nullable(Int32) COMMENT 'RDP Certificate Count',
+rdp_certificate_permanent Nullable(Int32) COMMENT 'RDP Certificate Permanent',
+rdp_encryption_level String COMMENT 'RDP Encryption Level',
+rdp_encryption_method String COMMENT 'RDP Encryption Method',
+ssh_version String COMMENT 'SSH Version',
+ssh_auth_success String COMMENT 'SSH Authentication Result',
+ssh_client_version String COMMENT 'SSH Client Version',
+ssh_server_version String COMMENT 'SSH Server Version',
+ssh_cipher_alg String COMMENT 'SSH Encryption Algorithm',
+ssh_mac_alg String COMMENT 'SSH Signing Algorithm',
+ssh_compression_alg String COMMENT 'SSH Compression Algorithm',
+ssh_kex_alg String COMMENT 'SSH Key Exchange Algorithm',
+ssh_host_key_alg String COMMENT 'SSH Server Host Key Algorithm',
+ssh_host_key String COMMENT 'SSH Server Key Fingerprint',
+ssh_hassh String COMMENT 'SSH HASSH',
+sip_call_id String COMMENT 'SIP Call-ID',
+sip_originator_description String COMMENT 'SIP Originator',
+sip_responder_description String COMMENT 'SIP Responder',
+sip_user_agent String COMMENT 'SIP User-Agent',
+sip_server String COMMENT 'SIP Server',
+sip_originator_sdp_connect_ip String COMMENT 'SIP Originator IP',
+sip_originator_sdp_media_port Nullable(Int32) COMMENT 'SIP Originator Port',
+sip_originator_sdp_media_type String COMMENT 'SIP Originator Media Type',
+sip_originator_sdp_content String COMMENT 'SIP Originator Content',
+sip_responder_sdp_connect_ip String COMMENT 'SIP Responder IP',
+sip_responder_sdp_media_port Nullable(Int32) COMMENT 'SIP Responder Port',
+sip_responder_sdp_media_type String COMMENT 'SIP Responder Media Type',
+sip_responder_sdp_content String COMMENT 'SIP Responder Content',
+sip_duration_s Nullable(Int32) COMMENT 'SIP Duration',
+sip_bye String COMMENT 'SIP Bye',
+rtp_payload_type_c2s Nullable(Int32) COMMENT 'RTP Payload Type(C2S)',
+rtp_payload_type_s2c Nullable(Int32) COMMENT 'RTP Payload Type(S2C)',
+rtp_pcap_path String COMMENT 'RTP PCAP',
+rtp_originator_dir Nullable(Int32) COMMENT 'RTP Direction',
+stratum_cryptocurrency String COMMENT 'Stratum Cryptocurrency',
+stratum_mining_pools String COMMENT 'Stratum Mining Pools',
+stratum_mining_program String COMMENT 'Stratum Mining Program',
+stratum_mining_subscribe String COMMENT 'Stratum Mining Subscribe',
+sent_pkts Int64 COMMENT 'Packets Sent',
+received_pkts Int64 COMMENT 'Packets Received',
+sent_bytes Int64 COMMENT 'Bytes Sent',
+received_bytes Int64 COMMENT 'Bytes Received',
+tcp_c2s_ip_fragments Nullable(Int64) COMMENT 'Client-to-Server IP Fragments',
+tcp_s2c_ip_fragments Nullable(Int64) COMMENT 'Server-to-Client IP Fragments',
+tcp_c2s_lost_bytes Nullable(Int64) COMMENT 'Client-to-Server Lost Bytes',
+tcp_s2c_lost_bytes Nullable(Int64) COMMENT 'Server-to-Client Lost Bytes',
+tcp_c2s_o3_pkts Nullable(Int64) COMMENT 'Client-to-Server Out-of-OrderPackets',
+tcp_s2c_o3_pkts Nullable(Int64) COMMENT 'Server-to-Client Out-of-Order Packets',
+tcp_c2s_rtx_pkts Nullable(Int64) COMMENT 'Client-to-Server Retransmission Packets',
+tcp_s2c_rtx_pkts Nullable(Int64) COMMENT 'Server-to-Client Retransmission Packets',
+tcp_c2s_rtx_bytes Nullable(Int64) COMMENT 'Client-to-Server Retransmission Bytes',
+tcp_s2c_rtx_bytes Nullable(Int64) COMMENT 'Server-to-Client Retransmission Bytes',
+tcp_rtt_ms Nullable(Int32) COMMENT 'Round-trip Time',
+tcp_client_isn Nullable(Int64) COMMENT 'Client ISN',
+tcp_server_isn Nullable(Int64) COMMENT 'Server ISN',
+packet_capture_file String COMMENT 'Packet Capture File',
+in_src_mac String COMMENT 'Incoming Source MAC',
+out_src_mac String COMMENT 'Outgoing Source MAC',
+in_dest_mac String COMMENT 'Incoming Destination MAC',
+out_dest_mac String COMMENT 'Outgoing Destination MAC',
+encapsulation String COMMENT 'Encapsulation',
+dup_traffic_flag Nullable(Int32) COMMENT 'Duplicate Traffic Flag',
+tunnel_endpoint_a_desc String COMMENT 'Tunnel Endpoint A Description',
+tunnel_endpoint_b_desc String COMMENT 'Tunnel Endpoint B Description'
+)
+ENGINE =Distributed(js_datahouse,tsg_galaxy_v3,monitor_event_local,rand());
+
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.transaction_record_local on cluster js_datahouse (
+recv_time Int64 COMMENT 'Receive Time',
+log_id UInt64 COMMENT 'Log ID',
+decoded_as String COMMENT 'Decoded AS',
+session_id UInt64 COMMENT 'Session ID',
+ingestion_time Int64 COMMENT 'Ingestion Time',
+processing_time Int64 COMMENT 'Processing Time',
+insert_time Int64 MATERIALIZED toUnixTimestamp(now()) COMMENT 'Insert Time',
+address_type Int32 COMMENT 'Address Type',
+vsys_id Int32 COMMENT 'Vsys ID',
+client_ip String COMMENT 'Client IP',
+client_port Int32 COMMENT 'Client Port',
+server_ip String COMMENT 'Server IP',
+server_port Int32 COMMENT 'Server Port',
+sent_pkts Int64 COMMENT 'Packets Sent',
+received_pkts Int64 COMMENT 'Packets Received',
+sent_bytes Int64 COMMENT 'Bytes Sent',
+received_bytes Int64 COMMENT 'Bytes Received',
+dns_message_id Nullable(Int32) COMMENT 'DNS Message ID',
+dns_qr Nullable(Int32) COMMENT 'DNS QR',
+dns_opcode Nullable(Int32) COMMENT 'DNS OPCODE',
+dns_aa Nullable(Int32) COMMENT 'DNS AA',
+dns_tc Nullable(Int32) COMMENT 'DNS TC',
+dns_rd Nullable(Int32) COMMENT 'DNS RD',
+dns_ra Nullable(Int32) COMMENT 'DNS RA',
+dns_rcode Nullable(Int32) COMMENT 'DNS RCODE',
+dns_qdcount Nullable(Int32) COMMENT 'DNS QDCOUNT',
+dns_ancount Nullable(Int32) COMMENT 'DNS ANCOUNT',
+dns_nscount Nullable(Int32) COMMENT 'DNS NSCOUNT',
+dns_arcount Nullable(Int32) COMMENT 'DNS ARCOUNT',
+dns_qname String COMMENT 'DNS QNAME',
+dns_qtype Nullable(Int32) COMMENT 'DNS QTYPE',
+dns_qclass Nullable(Int32) COMMENT 'DNS QCLASS',
+dns_cname String COMMENT 'DNS CNAME',
+dns_sub Nullable(Int32) COMMENT 'DNS SUB',
+dns_rr String COMMENT 'DNS RR',
+dns_response_latency_ms Nullable(Int32) COMMENT 'DNS Response Latency',
+http_url String COMMENT 'HTTP URL',
+http_host String COMMENT 'HTTP Host',
+http_request_line String COMMENT 'HTTP Request Line',
+http_response_line String COMMENT 'HTTP Response Line',
+http_request_body String COMMENT 'HTTP Request Body',
+http_response_body String COMMENT 'HTTP Response Body',
+http_proxy_flag Nullable(Int32) COMMENT 'HTTP Proxy Flag',
+http_sequence Nullable(Int32) COMMENT 'HTTP Sequence',
+http_cookie String COMMENT 'HTTP Cookie',
+http_referer String COMMENT 'HTTP Referer',
+http_user_agent String COMMENT 'HTTP User-Agent',
+http_request_content_length Nullable(Int64) COMMENT 'HTTP Request Content-Length',
+http_request_content_type String COMMENT 'HTTP Request Content-Type',
+http_response_content_length Nullable(Int64) COMMENT 'HTTP Response Content-Length',
+http_response_content_type String COMMENT 'HTTP Response Content-Type',
+http_set_cookie String COMMENT 'HTTP Set-Cookie',
+http_version String COMMENT 'HTTP Version',
+http_status_code Nullable(Int32) COMMENT 'HTTP Status Code',
+http_response_latency_ms Nullable(Int32) COMMENT 'HTTP Response Latency',
+http_session_duration_ms Nullable(Int32) COMMENT 'HTTP Session Duration',
+http_action_file_size Nullable(Int64) COMMENT 'HTTP Action File Size',
+mail_protocol_type String COMMENT 'MAIL Protocol Type',
+mail_account String COMMENT 'MAIL Account',
+mail_from_cmd String COMMENT 'MAIL From CMD',
+mail_to_cmd String COMMENT 'MAIL To CMD',
+mail_from String COMMENT 'MAIL From',
+mail_password String COMMENT 'MAIL Password',
+mail_to String COMMENT 'MAIL To',
+mail_cc String COMMENT 'MAIL CC',
+mail_bcc String COMMENT 'MAIL BCC',
+mail_subject String COMMENT 'MAIL Subject',
+mail_subject_charset String COMMENT 'MAIL Subject Charset',
+mail_attachment_name String COMMENT 'MAIL Content',
+mail_attachment_name_charset String COMMENT 'MAIL Content Charset',
+mail_eml_file String COMMENT 'MAIL Attachment Name',
+sip_call_id String COMMENT 'SIP Call-ID',
+sip_originator_description String COMMENT 'SIP Originator',
+sip_responder_description String COMMENT 'SIP Responder',
+sip_user_agent String COMMENT 'SIP User-Agent',
+sip_server String COMMENT 'SIP Server',
+sip_originator_sdp_connect_ip String COMMENT 'SIP Originator IP',
+sip_originator_sdp_media_port Nullable(Int32) COMMENT 'SIP Originator Port',
+sip_originator_sdp_media_type String COMMENT 'SIP Originator Media Type',
+sip_originator_sdp_content String COMMENT 'SIP Originator Content',
+sip_responder_sdp_connect_ip String COMMENT 'SIP Responder IP',
+sip_responder_sdp_media_port Nullable(Int32) COMMENT 'SIP Responder Port',
+sip_responder_sdp_media_type String COMMENT 'SIP Responder Media Type',
+sip_responder_sdp_content String COMMENT 'SIP Responder Content',
+sip_duration_s Nullable(Int32) COMMENT 'SIP Duration',
+sip_bye String COMMENT 'SIP Bye'
+)
+ENGINE = ReplicatedMergeTree('/clickhouse/tables/{shard}/transaction_record_local', '{replica}')
+PARTITION BY toYYYYMMDD(toDate(recv_time))
+ORDER BY (vsys_id,session_id,recv_time)
+TTL toDateTime(recv_time) + toIntervalSecond(15552000)
+;
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.transaction_record on cluster js_datahouse (
+recv_time Int64 COMMENT 'Receive Time',
+log_id UInt64 COMMENT 'Log ID',
+decoded_as String COMMENT 'Decoded AS',
+session_id UInt64 COMMENT 'Session ID',
+ingestion_time Int64 COMMENT 'Ingestion Time',
+processing_time Int64 COMMENT 'Processing Time',
+insert_time Int64 MATERIALIZED toUnixTimestamp(now()) COMMENT 'Insert Time',
+address_type Int32 COMMENT 'Address Type',
+vsys_id Int32 COMMENT 'Vsys ID',
+client_ip String COMMENT 'Client IP',
+client_port Int32 COMMENT 'Client Port',
+server_ip String COMMENT 'Server IP',
+server_port Int32 COMMENT 'Server Port',
+sent_pkts Int64 COMMENT 'Packets Sent',
+received_pkts Int64 COMMENT 'Packets Received',
+sent_bytes Int64 COMMENT 'Bytes Sent',
+received_bytes Int64 COMMENT 'Bytes Received',
+dns_message_id Nullable(Int32) COMMENT 'DNS Message ID',
+dns_qr Nullable(Int32) COMMENT 'DNS QR',
+dns_opcode Nullable(Int32) COMMENT 'DNS OPCODE',
+dns_aa Nullable(Int32) COMMENT 'DNS AA',
+dns_tc Nullable(Int32) COMMENT 'DNS TC',
+dns_rd Nullable(Int32) COMMENT 'DNS RD',
+dns_ra Nullable(Int32) COMMENT 'DNS RA',
+dns_rcode Nullable(Int32) COMMENT 'DNS RCODE',
+dns_qdcount Nullable(Int32) COMMENT 'DNS QDCOUNT',
+dns_ancount Nullable(Int32) COMMENT 'DNS ANCOUNT',
+dns_nscount Nullable(Int32) COMMENT 'DNS NSCOUNT',
+dns_arcount Nullable(Int32) COMMENT 'DNS ARCOUNT',
+dns_qname String COMMENT 'DNS QNAME',
+dns_qtype Nullable(Int32) COMMENT 'DNS QTYPE',
+dns_qclass Nullable(Int32) COMMENT 'DNS QCLASS',
+dns_cname String COMMENT 'DNS CNAME',
+dns_sub Nullable(Int32) COMMENT 'DNS SUB',
+dns_rr String COMMENT 'DNS RR',
+dns_response_latency_ms Nullable(Int32) COMMENT 'DNS Response Latency',
+http_url String COMMENT 'HTTP URL',
+http_host String COMMENT 'HTTP Host',
+http_request_line String COMMENT 'HTTP Request Line',
+http_response_line String COMMENT 'HTTP Response Line',
+http_request_body String COMMENT 'HTTP Request Body',
+http_response_body String COMMENT 'HTTP Response Body',
+http_proxy_flag Nullable(Int32) COMMENT 'HTTP Proxy Flag',
+http_sequence Nullable(Int32) COMMENT 'HTTP Sequence',
+http_cookie String COMMENT 'HTTP Cookie',
+http_referer String COMMENT 'HTTP Referer',
+http_user_agent String COMMENT 'HTTP User-Agent',
+http_request_content_length Nullable(Int64) COMMENT 'HTTP Request Content-Length',
+http_request_content_type String COMMENT 'HTTP Request Content-Type',
+http_response_content_length Nullable(Int64) COMMENT 'HTTP Response Content-Length',
+http_response_content_type String COMMENT 'HTTP Response Content-Type',
+http_set_cookie String COMMENT 'HTTP Set-Cookie',
+http_version String COMMENT 'HTTP Version',
+http_status_code Nullable(Int32) COMMENT 'HTTP Status Code',
+http_response_latency_ms Nullable(Int32) COMMENT 'HTTP Response Latency',
+http_session_duration_ms Nullable(Int32) COMMENT 'HTTP Session Duration',
+http_action_file_size Nullable(Int64) COMMENT 'HTTP Action File Size',
+mail_protocol_type String COMMENT 'MAIL Protocol Type',
+mail_account String COMMENT 'MAIL Account',
+mail_from_cmd String COMMENT 'MAIL From CMD',
+mail_to_cmd String COMMENT 'MAIL To CMD',
+mail_from String COMMENT 'MAIL From',
+mail_password String COMMENT 'MAIL Password',
+mail_to String COMMENT 'MAIL To',
+mail_cc String COMMENT 'MAIL CC',
+mail_bcc String COMMENT 'MAIL BCC',
+mail_subject String COMMENT 'MAIL Subject',
+mail_subject_charset String COMMENT 'MAIL Subject Charset',
+mail_attachment_name String COMMENT 'MAIL Content',
+mail_attachment_name_charset String COMMENT 'MAIL Content Charset',
+mail_eml_file String COMMENT 'MAIL Attachment Name',
+sip_call_id String COMMENT 'SIP Call-ID',
+sip_originator_description String COMMENT 'SIP Originator',
+sip_responder_description String COMMENT 'SIP Responder',
+sip_user_agent String COMMENT 'SIP User-Agent',
+sip_server String COMMENT 'SIP Server',
+sip_originator_sdp_connect_ip String COMMENT 'SIP Originator IP',
+sip_originator_sdp_media_port Nullable(Int32) COMMENT 'SIP Originator Port',
+sip_originator_sdp_media_type String COMMENT 'SIP Originator Media Type',
+sip_originator_sdp_content String COMMENT 'SIP Originator Content',
+sip_responder_sdp_connect_ip String COMMENT 'SIP Responder IP',
+sip_responder_sdp_media_port Nullable(Int32) COMMENT 'SIP Responder Port',
+sip_responder_sdp_media_type String COMMENT 'SIP Responder Media Type',
+sip_responder_sdp_content String COMMENT 'SIP Responder Content',
+sip_duration_s Nullable(Int32) COMMENT 'SIP Duration',
+sip_bye String COMMENT 'SIP Bye'
+)
+ENGINE =Distributed(js_datahouse,tsg_galaxy_v3,transaction_record_local,rand());
+
+
+
+alter table tsg_galaxy_v3.session_record_local on cluster js_datahouse add INDEX IF NOT EXISTS client_index client_ip type bloom_filter(0.05) GRANULARITY 1;
+alter table tsg_galaxy_v3.transaction_record_local on cluster js_datahouse add INDEX IF NOT EXISTS client_index client_ip type bloom_filter(0.05) GRANULARITY 1;
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.voip_record_local on cluster js_datahouse (
+recv_time Int64 COMMENT 'Receive Time',
+log_id UInt64 COMMENT 'Log ID',
+decoded_as String COMMENT 'Decoded AS',
+session_id UInt64 COMMENT 'Session ID',
+start_timestamp_ms DateTime64(3) COMMENT 'Start Time',
+end_timestamp_ms DateTime64(3) COMMENT 'End Time',
+duration_ms Int32 COMMENT 'Duration',
+tcp_handshake_latency_ms Nullable(Int32) COMMENT 'TCP Handshake Latency',
+ingestion_time Int64 COMMENT 'Ingestion Time',
+processing_time Int64 COMMENT 'Processing Time',
+insert_time Int64 MATERIALIZED toUnixTimestamp(now()) COMMENT 'Insert Time',
+device_id String COMMENT 'Device ID',
+out_link_id Nullable(Int32) COMMENT 'Outgoing Link ID',
+in_link_id Nullable(Int32) COMMENT 'Incoming Link ID',
+device_tag String COMMENT 'Device Tag',
+data_center String COMMENT 'Data Center',
+device_group String COMMENT 'Device Group',
+sled_ip String COMMENT 'Sled IP',
+address_type Int32 COMMENT 'Address Type',
+vsys_id Int32 COMMENT 'Vsys ID',
+t_vsys_id Int32 COMMENT 'Traffic Vsys ID',
+flags Int64 COMMENT 'Flags',
+flags_identify_info String COMMENT 'Flags Identify Info',
+security_rule_list Array(Int64) COMMENT 'Security Rule List',
+security_action String COMMENT 'Security Action',
+monitor_rule_list Array(Int64) COMMENT 'Monitor Rule List',
+shaping_rule_list Array(Int64) COMMENT 'Shaping Rule List',
+proxy_rule_list Array(Int64) COMMENT 'Proxy Rule List',
+statistics_rule_list Array(Int64) COMMENT 'Statistics Rule List',
+sc_rule_list Array(Int64) COMMENT 'Service Chaining Rule List',
+sc_rsp_raw Array(Int64) COMMENT 'Service Chaining Rendered Service Path (Raw)',
+sc_rsp_decrypted Array(Int64) COMMENT 'Service Chaining Rendered Service Path (Decrypted)',
+proxy_action String COMMENT 'Proxy Action',
+proxy_pinning_status Nullable(Int32) COMMENT 'Proxy Pinning Status',
+proxy_intercept_status Nullable(Int32) COMMENT 'Proxy Intercept Status',
+proxy_passthrough_reason String COMMENT 'Proxy Passthrough Reason',
+proxy_client_side_latency_ms Nullable(Int32) COMMENT 'Proxy Client-Side Latency',
+proxy_server_side_latency_ms Nullable(Int32) COMMENT 'Proxy Server-Side Latency',
+proxy_client_side_version String COMMENT 'Proxy Client-Side Version',
+proxy_server_side_version String COMMENT 'Proxy Server-Side Version',
+proxy_cert_verify Nullable(Int32) COMMENT 'Proxy Certificate Verify',
+proxy_intercept_error String COMMENT 'Proxy Intercept Error',
+monitor_mirrored_pkts Nullable(Int32) COMMENT 'Monitor Mirrored Packets',
+monitor_mirrored_bytes Nullable(Int32) COMMENT 'Monitor Mirrored Bytes',
+client_ip String COMMENT 'Client IP',
+client_port Int32 COMMENT 'Client Port',
+client_os_desc String COMMENT 'Client OS Description',
+client_geolocation LowCardinality(String) COMMENT 'Client Geolocation',
+client_asn Nullable(Int64) COMMENT 'Client ASN',
+subscriber_id String COMMENT 'Subscriber ID',
+imei String COMMENT 'IMEI',
+imsi String COMMENT 'IMSI',
+phone_number String COMMENT 'Phone Number',
+apn String COMMENT 'APN',
+server_ip String COMMENT 'Server IP',
+server_port Int32 COMMENT 'Server Port',
+server_os_desc String COMMENT 'Server OS Description',
+server_geolocation LowCardinality(String) COMMENT 'Server Geolocation',
+server_asn Nullable(Int64) COMMENT 'Server ASN',
+server_fqdn String COMMENT 'Server FQDN',
+server_domain String COMMENT 'Server Domain',
+app_transition String COMMENT 'Application Transition',
+app LowCardinality(String) COMMENT 'Application',
+app_debug_info String COMMENT 'Application Debug Info',
+app_content String COMMENT 'Application Content',
+fqdn_category_list Array(Int64) COMMENT 'FQDN Category List',
+ip_protocol LowCardinality(String) COMMENT 'IP Protocol',
+decoded_path LowCardinality(String) COMMENT 'Decoded Path',
+sip_call_id String COMMENT 'SIP Call-ID',
+sip_originator_description String COMMENT 'SIP Originator',
+sip_responder_description String COMMENT 'SIP Responder',
+sip_user_agent String COMMENT 'SIP User-Agent',
+sip_server String COMMENT 'SIP Server',
+sip_originator_sdp_connect_ip String COMMENT 'SIP Originator IP',
+sip_originator_sdp_media_port Nullable(Int32) COMMENT 'SIP Originator Port',
+sip_originator_sdp_media_type String COMMENT 'SIP Originator Media Type',
+sip_originator_sdp_content String COMMENT 'SIP Originator Content',
+sip_responder_sdp_connect_ip String COMMENT 'SIP Responder IP',
+sip_responder_sdp_media_port Nullable(Int32) COMMENT 'SIP Responder Port',
+sip_responder_sdp_media_type String COMMENT 'SIP Responder Media Type',
+sip_responder_sdp_content String COMMENT 'SIP Responder Content',
+sip_duration_s Nullable(Int32) COMMENT 'SIP Duration',
+sip_bye String COMMENT 'SIP Bye',
+rtp_payload_type_c2s Nullable(Int32) COMMENT 'RTP Payload Type(C2S)',
+rtp_payload_type_s2c Nullable(Int32) COMMENT 'RTP Payload Type(S2C)',
+rtp_pcap_path String COMMENT 'RTP PCAP',
+rtp_originator_dir Nullable(Int32) COMMENT 'RTP Direction',
+sent_pkts Int64 COMMENT 'Packets Sent',
+received_pkts Int64 COMMENT 'Packets Received',
+sent_bytes Int64 COMMENT 'Bytes Sent',
+received_bytes Int64 COMMENT 'Bytes Received',
+tcp_c2s_ip_fragments Nullable(Int64) COMMENT 'Client-to-Server IP Fragments',
+tcp_s2c_ip_fragments Nullable(Int64) COMMENT 'Server-to-Client IP Fragments',
+tcp_c2s_lost_bytes Nullable(Int64) COMMENT 'Client-to-Server Lost Bytes',
+tcp_s2c_lost_bytes Nullable(Int64) COMMENT 'Server-to-Client Lost Bytes',
+tcp_c2s_o3_pkts Nullable(Int64) COMMENT 'Client-to-Server Out-of-OrderPackets',
+tcp_s2c_o3_pkts Nullable(Int64) COMMENT 'Server-to-Client Out-of-Order Packets',
+tcp_c2s_rtx_pkts Nullable(Int64) COMMENT 'Client-to-Server Retransmission Packets',
+tcp_s2c_rtx_pkts Nullable(Int64) COMMENT 'Server-to-Client Retransmission Packets',
+tcp_c2s_rtx_bytes Nullable(Int64) COMMENT 'Client-to-Server Retransmission Bytes',
+tcp_s2c_rtx_bytes Nullable(Int64) COMMENT 'Server-to-Client Retransmission Bytes',
+tcp_rtt_ms Nullable(Int32) COMMENT 'Round-trip Time',
+tcp_client_isn Nullable(Int64) COMMENT 'Client ISN',
+tcp_server_isn Nullable(Int64) COMMENT 'Server ISN',
+packet_capture_file String COMMENT 'Packet Capture File',
+in_src_mac String COMMENT 'Incoming Source MAC',
+out_src_mac String COMMENT 'Outgoing Source MAC',
+in_dest_mac String COMMENT 'Incoming Destination MAC',
+out_dest_mac String COMMENT 'Outgoing Destination MAC',
+encapsulation String COMMENT 'Encapsulation',
+dup_traffic_flag Nullable(Int32) COMMENT 'Duplicate Traffic Flag',
+tunnel_endpoint_a_desc String COMMENT 'Tunnel Endpoint A Description',
+tunnel_endpoint_b_desc String COMMENT 'Tunnel Endpoint B Description'
+)
+ENGINE = ReplicatedMergeTree('/clickhouse/tables/{shard}/voip_record_local', '{replica}')
+PARTITION BY toYYYYMMDD(toDate(recv_time))
+ORDER BY (vsys_id,decoded_as,data_center, device_group,recv_time)
+TTL toDateTime(recv_time) + toIntervalSecond(15552000)
+;
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.voip_record on cluster js_datahouse (
+recv_time Int64 COMMENT 'Receive Time',
+log_id UInt64 COMMENT 'Log ID',
+decoded_as String COMMENT 'Decoded AS',
+session_id UInt64 COMMENT 'Session ID',
+start_timestamp_ms DateTime64(3) COMMENT 'Start Time',
+end_timestamp_ms DateTime64(3) COMMENT 'End Time',
+duration_ms Int32 COMMENT 'Duration',
+tcp_handshake_latency_ms Nullable(Int32) COMMENT 'TCP Handshake Latency',
+ingestion_time Int64 COMMENT 'Ingestion Time',
+processing_time Int64 COMMENT 'Processing Time',
+insert_time Int64 MATERIALIZED toUnixTimestamp(now()) COMMENT 'Insert Time',
+device_id String COMMENT 'Device ID',
+out_link_id Nullable(Int32) COMMENT 'Outgoing Link ID',
+in_link_id Nullable(Int32) COMMENT 'Incoming Link ID',
+device_tag String COMMENT 'Device Tag',
+data_center String COMMENT 'Data Center',
+device_group String COMMENT 'Device Group',
+sled_ip String COMMENT 'Sled IP',
+address_type Int32 COMMENT 'Address Type',
+vsys_id Int32 COMMENT 'Vsys ID',
+t_vsys_id Int32 COMMENT 'Traffic Vsys ID',
+flags Int64 COMMENT 'Flags',
+flags_identify_info String COMMENT 'Flags Identify Info',
+security_rule_list Array(Int64) COMMENT 'Security Rule List',
+security_action String COMMENT 'Security Action',
+monitor_rule_list Array(Int64) COMMENT 'Monitor Rule List',
+shaping_rule_list Array(Int64) COMMENT 'Shaping Rule List',
+proxy_rule_list Array(Int64) COMMENT 'Proxy Rule List',
+statistics_rule_list Array(Int64) COMMENT 'Statistics Rule List',
+sc_rule_list Array(Int64) COMMENT 'Service Chaining Rule List',
+sc_rsp_raw Array(Int64) COMMENT 'Service Chaining Rendered Service Path (Raw)',
+sc_rsp_decrypted Array(Int64) COMMENT 'Service Chaining Rendered Service Path (Decrypted)',
+proxy_action String COMMENT 'Proxy Action',
+proxy_pinning_status Nullable(Int32) COMMENT 'Proxy Pinning Status',
+proxy_intercept_status Nullable(Int32) COMMENT 'Proxy Intercept Status',
+proxy_passthrough_reason String COMMENT 'Proxy Passthrough Reason',
+proxy_client_side_latency_ms Nullable(Int32) COMMENT 'Proxy Client-Side Latency',
+proxy_server_side_latency_ms Nullable(Int32) COMMENT 'Proxy Server-Side Latency',
+proxy_client_side_version String COMMENT 'Proxy Client-Side Version',
+proxy_server_side_version String COMMENT 'Proxy Server-Side Version',
+proxy_cert_verify Nullable(Int32) COMMENT 'Proxy Certificate Verify',
+proxy_intercept_error String COMMENT 'Proxy Intercept Error',
+monitor_mirrored_pkts Nullable(Int32) COMMENT 'Monitor Mirrored Packets',
+monitor_mirrored_bytes Nullable(Int32) COMMENT 'Monitor Mirrored Bytes',
+client_ip String COMMENT 'Client IP',
+client_port Int32 COMMENT 'Client Port',
+client_os_desc String COMMENT 'Client OS Description',
+client_geolocation LowCardinality(String) COMMENT 'Client Geolocation',
+client_asn Nullable(Int64) COMMENT 'Client ASN',
+subscriber_id String COMMENT 'Subscriber ID',
+imei String COMMENT 'IMEI',
+imsi String COMMENT 'IMSI',
+phone_number String COMMENT 'Phone Number',
+apn String COMMENT 'APN',
+server_ip String COMMENT 'Server IP',
+server_port Int32 COMMENT 'Server Port',
+server_os_desc String COMMENT 'Server OS Description',
+server_geolocation LowCardinality(String) COMMENT 'Server Geolocation',
+server_asn Nullable(Int64) COMMENT 'Server ASN',
+server_fqdn String COMMENT 'Server FQDN',
+server_domain String COMMENT 'Server Domain',
+app_transition String COMMENT 'Application Transition',
+app LowCardinality(String) COMMENT 'Application',
+app_debug_info String COMMENT 'Application Debug Info',
+app_content String COMMENT 'Application Content',
+fqdn_category_list Array(Int64) COMMENT 'FQDN Category List',
+ip_protocol LowCardinality(String) COMMENT 'IP Protocol',
+decoded_path LowCardinality(String) COMMENT 'Decoded Path',
+sip_call_id String COMMENT 'SIP Call-ID',
+sip_originator_description String COMMENT 'SIP Originator',
+sip_responder_description String COMMENT 'SIP Responder',
+sip_user_agent String COMMENT 'SIP User-Agent',
+sip_server String COMMENT 'SIP Server',
+sip_originator_sdp_connect_ip String COMMENT 'SIP Originator IP',
+sip_originator_sdp_media_port Nullable(Int32) COMMENT 'SIP Originator Port',
+sip_originator_sdp_media_type String COMMENT 'SIP Originator Media Type',
+sip_originator_sdp_content String COMMENT 'SIP Originator Content',
+sip_responder_sdp_connect_ip String COMMENT 'SIP Responder IP',
+sip_responder_sdp_media_port Nullable(Int32) COMMENT 'SIP Responder Port',
+sip_responder_sdp_media_type String COMMENT 'SIP Responder Media Type',
+sip_responder_sdp_content String COMMENT 'SIP Responder Content',
+sip_duration_s Nullable(Int32) COMMENT 'SIP Duration',
+sip_bye String COMMENT 'SIP Bye',
+rtp_payload_type_c2s Nullable(Int32) COMMENT 'RTP Payload Type(C2S)',
+rtp_payload_type_s2c Nullable(Int32) COMMENT 'RTP Payload Type(S2C)',
+rtp_pcap_path String COMMENT 'RTP PCAP',
+rtp_originator_dir Nullable(Int32) COMMENT 'RTP Direction',
+sent_pkts Int64 COMMENT 'Packets Sent',
+received_pkts Int64 COMMENT 'Packets Received',
+sent_bytes Int64 COMMENT 'Bytes Sent',
+received_bytes Int64 COMMENT 'Bytes Received',
+tcp_c2s_ip_fragments Nullable(Int64) COMMENT 'Client-to-Server IP Fragments',
+tcp_s2c_ip_fragments Nullable(Int64) COMMENT 'Server-to-Client IP Fragments',
+tcp_c2s_lost_bytes Nullable(Int64) COMMENT 'Client-to-Server Lost Bytes',
+tcp_s2c_lost_bytes Nullable(Int64) COMMENT 'Server-to-Client Lost Bytes',
+tcp_c2s_o3_pkts Nullable(Int64) COMMENT 'Client-to-Server Out-of-OrderPackets',
+tcp_s2c_o3_pkts Nullable(Int64) COMMENT 'Server-to-Client Out-of-Order Packets',
+tcp_c2s_rtx_pkts Nullable(Int64) COMMENT 'Client-to-Server Retransmission Packets',
+tcp_s2c_rtx_pkts Nullable(Int64) COMMENT 'Server-to-Client Retransmission Packets',
+tcp_c2s_rtx_bytes Nullable(Int64) COMMENT 'Client-to-Server Retransmission Bytes',
+tcp_s2c_rtx_bytes Nullable(Int64) COMMENT 'Server-to-Client Retransmission Bytes',
+tcp_rtt_ms Nullable(Int32) COMMENT 'Round-trip Time',
+tcp_client_isn Nullable(Int64) COMMENT 'Client ISN',
+tcp_server_isn Nullable(Int64) COMMENT 'Server ISN',
+packet_capture_file String COMMENT 'Packet Capture File',
+in_src_mac String COMMENT 'Incoming Source MAC',
+out_src_mac String COMMENT 'Outgoing Source MAC',
+in_dest_mac String COMMENT 'Incoming Destination MAC',
+out_dest_mac String COMMENT 'Outgoing Destination MAC',
+encapsulation String COMMENT 'Encapsulation',
+dup_traffic_flag Nullable(Int32) COMMENT 'Duplicate Traffic Flag',
+tunnel_endpoint_a_desc String COMMENT 'Tunnel Endpoint A Description',
+tunnel_endpoint_b_desc String COMMENT 'Tunnel Endpoint B Description'
+)
+ENGINE =Distributed(js_datahouse,tsg_galaxy_v3,voip_record_local,rand());
+
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.proxy_event_local on cluster js_datahouse (
+recv_time Int64 COMMENT 'Receive Time',
+log_id UInt64 COMMENT 'Log ID',
+decoded_as String COMMENT 'Decoded AS',
+session_id UInt64 COMMENT 'Session ID',
+start_timestamp_ms DateTime64(3) COMMENT 'Start Time',
+end_timestamp_ms DateTime64(3) COMMENT 'End Time',
+duration_ms Int32 COMMENT 'Duration',
+tcp_handshake_latency_ms Nullable(Int32) COMMENT 'TCP Handshake Latency',
+ingestion_time Int64 COMMENT 'Ingestion Time',
+processing_time Int64 COMMENT 'Processing Time',
+insert_time Int64 MATERIALIZED toUnixTimestamp(now()) COMMENT 'Insert Time',
+device_id String COMMENT 'Device ID',
+out_link_id Nullable(Int32) COMMENT 'Outgoing Link ID',
+in_link_id Nullable(Int32) COMMENT 'Incoming Link ID',
+device_tag String COMMENT 'Device Tag',
+data_center String COMMENT 'Data Center',
+device_group String COMMENT 'Device Group',
+sled_ip String COMMENT 'Sled IP',
+address_type Int32 COMMENT 'Address Type',
+vsys_id Int32 COMMENT 'Vsys ID',
+t_vsys_id Int32 COMMENT 'Traffic Vsys ID',
+flags Int64 COMMENT 'Flags',
+flags_identify_info String COMMENT 'Flags Identify Info',
+security_rule_list Array(Int64) COMMENT 'Security Rule List',
+security_action String COMMENT 'Security Action',
+monitor_rule_list Array(Int64) COMMENT 'Monitor Rule List',
+shaping_rule_list Array(Int64) COMMENT 'Shaping Rule List',
+proxy_rule_list Array(Int64) COMMENT 'Proxy Rule List',
+statistics_rule_list Array(Int64) COMMENT 'Statistics Rule List',
+sc_rule_list Array(Int64) COMMENT 'Service Chaining Rule List',
+sc_rsp_raw Array(Int64) COMMENT 'Service Chaining Rendered Service Path (Raw)',
+sc_rsp_decrypted Array(Int64) COMMENT 'Service Chaining Rendered Service Path (Decrypted)',
+proxy_action String COMMENT 'Proxy Action',
+proxy_pinning_status Nullable(Int32) COMMENT 'Proxy Pinning Status',
+proxy_intercept_status Nullable(Int32) COMMENT 'Proxy Intercept Status',
+proxy_passthrough_reason String COMMENT 'Proxy Passthrough Reason',
+proxy_client_side_latency_ms Nullable(Int32) COMMENT 'Proxy Client-Side Latency',
+proxy_server_side_latency_ms Nullable(Int32) COMMENT 'Proxy Server-Side Latency',
+proxy_client_side_version String COMMENT 'Proxy Client-Side Version',
+proxy_server_side_version String COMMENT 'Proxy Server-Side Version',
+proxy_cert_verify Nullable(Int32) COMMENT 'Proxy Certificate Verify',
+proxy_intercept_error String COMMENT 'Proxy Intercept Error',
+monitor_mirrored_pkts Nullable(Int32) COMMENT 'Monitor Mirrored Packets',
+monitor_mirrored_bytes Nullable(Int32) COMMENT 'Monitor Mirrored Bytes',
+client_ip String COMMENT 'Client IP',
+client_port Int32 COMMENT 'Client Port',
+client_os_desc String COMMENT 'Client OS Description',
+client_geolocation LowCardinality(String) COMMENT 'Client Geolocation',
+client_asn Nullable(Int64) COMMENT 'Client ASN',
+subscriber_id String COMMENT 'Subscriber ID',
+imei String COMMENT 'IMEI',
+imsi String COMMENT 'IMSI',
+phone_number String COMMENT 'Phone Number',
+apn String COMMENT 'APN',
+server_ip String COMMENT 'Server IP',
+server_port Int32 COMMENT 'Server Port',
+server_os_desc String COMMENT 'Server OS Description',
+server_geolocation LowCardinality(String) COMMENT 'Server Geolocation',
+server_asn Nullable(Int64) COMMENT 'Server ASN',
+server_fqdn String COMMENT 'Server FQDN',
+server_domain String COMMENT 'Server Domain',
+app_transition String COMMENT 'Application Transition',
+app LowCardinality(String) COMMENT 'Application',
+app_debug_info String COMMENT 'Application Debug Info',
+app_content String COMMENT 'Application Content',
+fqdn_category_list Array(Int64) COMMENT 'FQDN Category List',
+ip_protocol LowCardinality(String) COMMENT 'IP Protocol',
+decoded_path LowCardinality(String) COMMENT 'Decoded Path',
+http_url String COMMENT 'HTTP URL',
+http_host String COMMENT 'HTTP Host',
+http_request_line String COMMENT 'HTTP Request Line',
+http_response_line String COMMENT 'HTTP Response Line',
+http_request_body String COMMENT 'HTTP Request Body',
+http_response_body String COMMENT 'HTTP Response Body',
+http_proxy_flag Nullable(Int32) COMMENT 'HTTP Proxy Flag',
+http_sequence Nullable(Int32) COMMENT 'HTTP Sequence',
+http_cookie String COMMENT 'HTTP Cookie',
+http_referer String COMMENT 'HTTP Referer',
+http_user_agent String COMMENT 'HTTP User-Agent',
+http_request_content_length Nullable(Int64) COMMENT 'HTTP Request Content-Length',
+http_request_content_type String COMMENT 'HTTP Request Content-Type',
+http_response_content_length Nullable(Int64) COMMENT 'HTTP Response Content-Length',
+http_response_content_type String COMMENT 'HTTP Response Content-Type',
+http_set_cookie String COMMENT 'HTTP Set-Cookie',
+http_version String COMMENT 'HTTP Version',
+http_status_code Nullable(Int32) COMMENT 'HTTP Status Code',
+http_response_latency_ms Nullable(Int32) COMMENT 'HTTP Response Latency',
+http_session_duration_ms Nullable(Int32) COMMENT 'HTTP Session Duration',
+http_action_file_size Nullable(Int64) COMMENT 'HTTP Action File Size',
+doh_url String COMMENT 'DoH URL',
+doh_host String COMMENT 'DoH Host',
+doh_request_line String COMMENT 'DoH Request Line',
+doh_response_line String COMMENT 'DoH Response Line',
+doh_cookie String COMMENT 'DoH Cookie',
+doh_referer String COMMENT 'DoH Referer',
+doh_user_agent String COMMENT 'DoH User-Agent',
+doh_content_length String COMMENT 'DoH Content Length',
+doh_content_type String COMMENT 'DoH Content Type',
+doh_set_cookie String COMMENT 'DoH Set Cookie',
+doh_version String COMMENT 'DoH Version',
+doh_message_id Int64 COMMENT 'DoH Message ID',
+doh_qr Nullable(Int64) COMMENT 'DoH QR',
+doh_opcode Nullable(Int64) COMMENT 'DoH OPCODE',
+doh_aa Nullable(Int64) COMMENT 'DoH AA',
+doh_tc Nullable(Int64) COMMENT 'DoH TC',
+doh_rd Nullable(Int64) COMMENT 'DoH RD',
+doh_ra Nullable(Int64) COMMENT 'DoH RA',
+doh_rcode Nullable(Int64) COMMENT 'DoH RCODE',
+doh_qdcount Nullable(Int64) COMMENT 'DoH QDCOUNT',
+doh_ancount Nullable(Int64) COMMENT 'DoH ANCOUNT',
+doh_nscount Nullable(Int64) COMMENT 'DoH NSCOUNT',
+doh_arcount Nullable(Int64) COMMENT 'DoH ARCOUNT',
+doh_qname String COMMENT 'DoH QNAME',
+doh_qtype Nullable(Int64) COMMENT 'DoH QTYPE',
+doh_qclass Nullable(Int64) COMMENT 'DoH QCLASS',
+doh_cname String COMMENT 'DoH CNAME',
+doh_sub Nullable(Int64) COMMENT 'DoH SUB',
+doh_rr String COMMENT 'DoH RR',
+sent_pkts Int64 COMMENT 'Packets Sent',
+received_pkts Int64 COMMENT 'Packets Received',
+sent_bytes Int64 COMMENT 'Bytes Sent',
+received_bytes Int64 COMMENT 'Bytes Received',
+tcp_c2s_ip_fragments Nullable(Int64) COMMENT 'Client-to-Server IP Fragments',
+tcp_s2c_ip_fragments Nullable(Int64) COMMENT 'Server-to-Client IP Fragments',
+tcp_c2s_lost_bytes Nullable(Int64) COMMENT 'Client-to-Server Lost Bytes',
+tcp_s2c_lost_bytes Nullable(Int64) COMMENT 'Server-to-Client Lost Bytes',
+tcp_c2s_o3_pkts Nullable(Int64) COMMENT 'Client-to-Server Out-of-OrderPackets',
+tcp_s2c_o3_pkts Nullable(Int64) COMMENT 'Server-to-Client Out-of-Order Packets',
+tcp_c2s_rtx_pkts Nullable(Int64) COMMENT 'Client-to-Server Retransmission Packets',
+tcp_s2c_rtx_pkts Nullable(Int64) COMMENT 'Server-to-Client Retransmission Packets',
+tcp_c2s_rtx_bytes Nullable(Int64) COMMENT 'Client-to-Server Retransmission Bytes',
+tcp_s2c_rtx_bytes Nullable(Int64) COMMENT 'Server-to-Client Retransmission Bytes',
+tcp_rtt_ms Nullable(Int32) COMMENT 'Round-trip Time',
+tcp_client_isn Nullable(Int64) COMMENT 'Client ISN',
+tcp_server_isn Nullable(Int64) COMMENT 'Server ISN',
+packet_capture_file String COMMENT 'Packet Capture File',
+in_src_mac String COMMENT 'Incoming Source MAC',
+out_src_mac String COMMENT 'Outgoing Source MAC',
+in_dest_mac String COMMENT 'Incoming Destination MAC',
+out_dest_mac String COMMENT 'Outgoing Destination MAC',
+encapsulation String COMMENT 'Encapsulation',
+dup_traffic_flag Nullable(Int32) COMMENT 'Duplicate Traffic Flag',
+tunnel_endpoint_a_desc String COMMENT 'Tunnel Endpoint A Description',
+tunnel_endpoint_b_desc String COMMENT 'Tunnel Endpoint B Description'
+)
+ENGINE = ReplicatedMergeTree('/clickhouse/tables/{shard}/proxy_event_local', '{replica}')
+PARTITION BY toYYYYMMDD(toDate(recv_time))
+ORDER BY (vsys_id,proxy_action,decoded_as,data_center, device_group,recv_time)
+TTL toDateTime(recv_time) + toIntervalSecond(15552000)
+;
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.proxy_event on cluster js_datahouse (
+recv_time Int64 COMMENT 'Receive Time',
+log_id UInt64 COMMENT 'Log ID',
+decoded_as String COMMENT 'Decoded AS',
+session_id UInt64 COMMENT 'Session ID',
+start_timestamp_ms DateTime64(3) COMMENT 'Start Time',
+end_timestamp_ms DateTime64(3) COMMENT 'End Time',
+duration_ms Int32 COMMENT 'Duration',
+tcp_handshake_latency_ms Nullable(Int32) COMMENT 'TCP Handshake Latency',
+ingestion_time Int64 COMMENT 'Ingestion Time',
+processing_time Int64 COMMENT 'Processing Time',
+insert_time Int64 MATERIALIZED toUnixTimestamp(now()) COMMENT 'Insert Time',
+device_id String COMMENT 'Device ID',
+out_link_id Nullable(Int32) COMMENT 'Outgoing Link ID',
+in_link_id Nullable(Int32) COMMENT 'Incoming Link ID',
+device_tag String COMMENT 'Device Tag',
+data_center String COMMENT 'Data Center',
+device_group String COMMENT 'Device Group',
+sled_ip String COMMENT 'Sled IP',
+address_type Int32 COMMENT 'Address Type',
+vsys_id Int32 COMMENT 'Vsys ID',
+t_vsys_id Int32 COMMENT 'Traffic Vsys ID',
+flags Int64 COMMENT 'Flags',
+flags_identify_info String COMMENT 'Flags Identify Info',
+security_rule_list Array(Int64) COMMENT 'Security Rule List',
+security_action String COMMENT 'Security Action',
+monitor_rule_list Array(Int64) COMMENT 'Monitor Rule List',
+shaping_rule_list Array(Int64) COMMENT 'Shaping Rule List',
+proxy_rule_list Array(Int64) COMMENT 'Proxy Rule List',
+statistics_rule_list Array(Int64) COMMENT 'Statistics Rule List',
+sc_rule_list Array(Int64) COMMENT 'Service Chaining Rule List',
+sc_rsp_raw Array(Int64) COMMENT 'Service Chaining Rendered Service Path (Raw)',
+sc_rsp_decrypted Array(Int64) COMMENT 'Service Chaining Rendered Service Path (Decrypted)',
+proxy_action String COMMENT 'Proxy Action',
+proxy_pinning_status Nullable(Int32) COMMENT 'Proxy Pinning Status',
+proxy_intercept_status Nullable(Int32) COMMENT 'Proxy Intercept Status',
+proxy_passthrough_reason String COMMENT 'Proxy Passthrough Reason',
+proxy_client_side_latency_ms Nullable(Int32) COMMENT 'Proxy Client-Side Latency',
+proxy_server_side_latency_ms Nullable(Int32) COMMENT 'Proxy Server-Side Latency',
+proxy_client_side_version String COMMENT 'Proxy Client-Side Version',
+proxy_server_side_version String COMMENT 'Proxy Server-Side Version',
+proxy_cert_verify Nullable(Int32) COMMENT 'Proxy Certificate Verify',
+proxy_intercept_error String COMMENT 'Proxy Intercept Error',
+monitor_mirrored_pkts Nullable(Int32) COMMENT 'Monitor Mirrored Packets',
+monitor_mirrored_bytes Nullable(Int32) COMMENT 'Monitor Mirrored Bytes',
+client_ip String COMMENT 'Client IP',
+client_port Int32 COMMENT 'Client Port',
+client_os_desc String COMMENT 'Client OS Description',
+client_geolocation LowCardinality(String) COMMENT 'Client Geolocation',
+client_asn Nullable(Int64) COMMENT 'Client ASN',
+subscriber_id String COMMENT 'Subscriber ID',
+imei String COMMENT 'IMEI',
+imsi String COMMENT 'IMSI',
+phone_number String COMMENT 'Phone Number',
+apn String COMMENT 'APN',
+server_ip String COMMENT 'Server IP',
+server_port Int32 COMMENT 'Server Port',
+server_os_desc String COMMENT 'Server OS Description',
+server_geolocation LowCardinality(String) COMMENT 'Server Geolocation',
+server_asn Nullable(Int64) COMMENT 'Server ASN',
+server_fqdn String COMMENT 'Server FQDN',
+server_domain String COMMENT 'Server Domain',
+app_transition String COMMENT 'Application Transition',
+app LowCardinality(String) COMMENT 'Application',
+app_debug_info String COMMENT 'Application Debug Info',
+app_content String COMMENT 'Application Content',
+fqdn_category_list Array(Int64) COMMENT 'FQDN Category List',
+ip_protocol LowCardinality(String) COMMENT 'IP Protocol',
+decoded_path LowCardinality(String) COMMENT 'Decoded Path',
+http_url String COMMENT 'HTTP URL',
+http_host String COMMENT 'HTTP Host',
+http_request_line String COMMENT 'HTTP Request Line',
+http_response_line String COMMENT 'HTTP Response Line',
+http_request_body String COMMENT 'HTTP Request Body',
+http_response_body String COMMENT 'HTTP Response Body',
+http_proxy_flag Nullable(Int32) COMMENT 'HTTP Proxy Flag',
+http_sequence Nullable(Int32) COMMENT 'HTTP Sequence',
+http_cookie String COMMENT 'HTTP Cookie',
+http_referer String COMMENT 'HTTP Referer',
+http_user_agent String COMMENT 'HTTP User-Agent',
+http_request_content_length Nullable(Int64) COMMENT 'HTTP Request Content-Length',
+http_request_content_type String COMMENT 'HTTP Request Content-Type',
+http_response_content_length Nullable(Int64) COMMENT 'HTTP Response Content-Length',
+http_response_content_type String COMMENT 'HTTP Response Content-Type',
+http_set_cookie String COMMENT 'HTTP Set-Cookie',
+http_version String COMMENT 'HTTP Version',
+http_status_code Nullable(Int32) COMMENT 'HTTP Status Code',
+http_response_latency_ms Nullable(Int32) COMMENT 'HTTP Response Latency',
+http_session_duration_ms Nullable(Int32) COMMENT 'HTTP Session Duration',
+http_action_file_size Nullable(Int64) COMMENT 'HTTP Action File Size',
+doh_url String COMMENT 'DoH URL',
+doh_host String COMMENT 'DoH Host',
+doh_request_line String COMMENT 'DoH Request Line',
+doh_response_line String COMMENT 'DoH Response Line',
+doh_cookie String COMMENT 'DoH Cookie',
+doh_referer String COMMENT 'DoH Referer',
+doh_user_agent String COMMENT 'DoH User-Agent',
+doh_content_length String COMMENT 'DoH Content Length',
+doh_content_type String COMMENT 'DoH Content Type',
+doh_set_cookie String COMMENT 'DoH Set Cookie',
+doh_version String COMMENT 'DoH Version',
+doh_message_id Int64 COMMENT 'DoH Message ID',
+doh_qr Nullable(Int64) COMMENT 'DoH QR',
+doh_opcode Nullable(Int64) COMMENT 'DoH OPCODE',
+doh_aa Nullable(Int64) COMMENT 'DoH AA',
+doh_tc Nullable(Int64) COMMENT 'DoH TC',
+doh_rd Nullable(Int64) COMMENT 'DoH RD',
+doh_ra Nullable(Int64) COMMENT 'DoH RA',
+doh_rcode Nullable(Int64) COMMENT 'DoH RCODE',
+doh_qdcount Nullable(Int64) COMMENT 'DoH QDCOUNT',
+doh_ancount Nullable(Int64) COMMENT 'DoH ANCOUNT',
+doh_nscount Nullable(Int64) COMMENT 'DoH NSCOUNT',
+doh_arcount Nullable(Int64) COMMENT 'DoH ARCOUNT',
+doh_qname String COMMENT 'DoH QNAME',
+doh_qtype Nullable(Int64) COMMENT 'DoH QTYPE',
+doh_qclass Nullable(Int64) COMMENT 'DoH QCLASS',
+doh_cname String COMMENT 'DoH CNAME',
+doh_sub Nullable(Int64) COMMENT 'DoH SUB',
+doh_rr String COMMENT 'DoH RR',
+sent_pkts Int64 COMMENT 'Packets Sent',
+received_pkts Int64 COMMENT 'Packets Received',
+sent_bytes Int64 COMMENT 'Bytes Sent',
+received_bytes Int64 COMMENT 'Bytes Received',
+tcp_c2s_ip_fragments Nullable(Int64) COMMENT 'Client-to-Server IP Fragments',
+tcp_s2c_ip_fragments Nullable(Int64) COMMENT 'Server-to-Client IP Fragments',
+tcp_c2s_lost_bytes Nullable(Int64) COMMENT 'Client-to-Server Lost Bytes',
+tcp_s2c_lost_bytes Nullable(Int64) COMMENT 'Server-to-Client Lost Bytes',
+tcp_c2s_o3_pkts Nullable(Int64) COMMENT 'Client-to-Server Out-of-OrderPackets',
+tcp_s2c_o3_pkts Nullable(Int64) COMMENT 'Server-to-Client Out-of-Order Packets',
+tcp_c2s_rtx_pkts Nullable(Int64) COMMENT 'Client-to-Server Retransmission Packets',
+tcp_s2c_rtx_pkts Nullable(Int64) COMMENT 'Server-to-Client Retransmission Packets',
+tcp_c2s_rtx_bytes Nullable(Int64) COMMENT 'Client-to-Server Retransmission Bytes',
+tcp_s2c_rtx_bytes Nullable(Int64) COMMENT 'Server-to-Client Retransmission Bytes',
+tcp_rtt_ms Nullable(Int32) COMMENT 'Round-trip Time',
+tcp_client_isn Nullable(Int64) COMMENT 'Client ISN',
+tcp_server_isn Nullable(Int64) COMMENT 'Server ISN',
+packet_capture_file String COMMENT 'Packet Capture File',
+in_src_mac String COMMENT 'Incoming Source MAC',
+out_src_mac String COMMENT 'Outgoing Source MAC',
+in_dest_mac String COMMENT 'Incoming Destination MAC',
+out_dest_mac String COMMENT 'Outgoing Destination MAC',
+encapsulation String COMMENT 'Encapsulation',
+dup_traffic_flag Nullable(Int32) COMMENT 'Duplicate Traffic Flag',
+tunnel_endpoint_a_desc String COMMENT 'Tunnel Endpoint A Description',
+tunnel_endpoint_b_desc String COMMENT 'Tunnel Endpoint B Description'
+)
+ENGINE =Distributed(js_datahouse,tsg_galaxy_v3,proxy_event_local,rand());
+
+
+-- tsg_galaxy_v3.security_event_materialized_view
+CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_v3.security_event_materialized_view on cluster js_datahouse 
+TO tsg_galaxy_v3.security_event_local
+(
+    recv_time Int64,
+    log_id UInt64,
+    decoded_as String,
+    session_id UInt64,
+    start_timestamp_ms DateTime64(3),
+    end_timestamp_ms DateTime64(3),
+    duration_ms Int32,
+    tcp_handshake_latency_ms Nullable(Int32),
+    ingestion_time Int64,
+    processing_time Int64,
+    -- insert_time Int64 MATERIALIZED toUnixTimestamp(now()),
+    device_id String,
+    out_link_id Nullable(Int32),
+    in_link_id Nullable(Int32),
+    device_tag String,
+    data_center String,
+    device_group String,
+    sled_ip String,
+    address_type Int32,
+    vsys_id Int32,
+    t_vsys_id Int32,
+    flags Int64,
+    flags_identify_info String,
+    security_rule_list Array(Int64),
+    security_action String,
+    monitor_rule_list Array(Int64),
+    shaping_rule_list Array(Int64),
+    proxy_rule_list Array(Int64),
+    statistics_rule_list Array(Int64),
+    sc_rule_list Array(Int64),
+    sc_rsp_raw Array(Int64),
+    sc_rsp_decrypted Array(Int64),
+    proxy_action String,
+    proxy_pinning_status Nullable(Int32),
+    proxy_intercept_status Nullable(Int32),
+    proxy_passthrough_reason String,
+    proxy_client_side_latency_ms Nullable(Int32),
+    proxy_server_side_latency_ms Nullable(Int32),
+    proxy_client_side_version String,
+    proxy_server_side_version String,
+    proxy_cert_verify Nullable(Int32),
+    proxy_intercept_error String,
+    monitor_mirrored_pkts Nullable(Int32),
+    monitor_mirrored_bytes Nullable(Int32),
+    client_ip String,
+    client_port Int32,
+    client_os_desc String,
+    client_geolocation LowCardinality(String),
+    client_asn Nullable(Int64),
+    subscriber_id String,
+    imei String,
+    imsi String,
+    phone_number String,
+    apn String,
+    server_ip String,
+    server_port Int32,
+    server_os_desc String,
+    server_geolocation LowCardinality(String),
+    server_asn Nullable(Int64),
+    server_fqdn String,
+    server_domain String,
+    app_transition String, 
+    app LowCardinality(String),
+    app_debug_info String,
+    app_content String,
+    fqdn_category_list Array(Int64),
+    ip_protocol LowCardinality(String),
+    decoded_path LowCardinality(String),
+    dns_message_id Nullable(Int32),
+    dns_qr Nullable(Int32),
+    dns_opcode Nullable(Int32),
+    dns_aa Nullable(Int32),
+    dns_tc Nullable(Int32),
+    dns_rd Nullable(Int32),
+    dns_ra Nullable(Int32),
+    dns_rcode Nullable(Int32),
+    dns_qdcount Nullable(Int32),
+    dns_ancount Nullable(Int32),
+    dns_nscount Nullable(Int32),
+    dns_arcount Nullable(Int32),
+    dns_qname String,
+    dns_qtype Nullable(Int32),
+    dns_qclass Nullable(Int32),
+    dns_cname String,
+    dns_sub Nullable(Int32),
+    dns_rr String,
+    dns_response_latency_ms Nullable(Int32),
+    http_url String,
+    http_host String,
+    http_request_line String,
+    http_response_line String,
+    http_request_body String,
+    http_response_body String,
+    http_proxy_flag Nullable(Int32),
+    http_sequence Nullable(Int32),
+    http_cookie String,
+    http_referer String,
+    http_user_agent String,
+    http_request_content_length Nullable(Int64),
+    http_request_content_type String,
+    http_response_content_length Nullable(Int64),
+    http_response_content_type String,
+    http_set_cookie String,
+    http_version String,
+    http_status_code Nullable(Int32),
+    http_response_latency_ms Nullable(Int32),
+    http_session_duration_ms Nullable(Int32),
+    http_action_file_size Nullable(Int64),
+    ssl_version String,
+    ssl_sni String,
+    ssl_san String,
+    ssl_cn String,
+    ssl_handshake_latency_ms Nullable(Int32),
+    ssl_ja3_hash String,
+    ssl_ja3s_hash String,
+    ssl_cert_issuer String,
+    ssl_cert_subject String,
+    ssl_esni_flag Nullable(Int32),
+    ssl_ech_flag Nullable(Int32),
+    dtls_cookie String,
+    dtls_version  String,
+    dtls_sni String,
+    dtls_san String,
+    dtls_cn String,
+    dtls_handshake_latency_ms Nullable(Int32),
+    dtls_ja3_fingerprint String,
+    dtls_ja3_hash String,
+    dtls_cert_issuer String,
+    dtls_cert_subject String,
+    mail_protocol_type String,
+    mail_account String,
+    mail_from_cmd String,
+    mail_to_cmd String,
+    mail_from String,
+    mail_password String,
+    mail_to String,
+    mail_cc String,
+    mail_bcc String,
+    mail_subject String,
+    mail_subject_charset String,
+    mail_attachment_name String,
+    mail_attachment_name_charset String,
+    mail_eml_file String,
+    ftp_account String,
+    ftp_url String,
+    ftp_link_type String,
+    quic_version String,
+    quic_sni String,
+    quic_user_agent String,
+    rdp_cookie String,
+    rdp_security_protocol String,
+    rdp_client_channels String,
+    rdp_keyboard_layout String,
+    rdp_client_version String,
+    rdp_client_name String,
+    rdp_client_product_id String,
+    rdp_desktop_width String,
+    rdp_desktop_height String,
+    rdp_requested_color_depth String,
+    rdp_certificate_type String,
+    rdp_certificate_count Nullable(Int32),
+    rdp_certificate_permanent Nullable(Int32),
+    rdp_encryption_level String,
+    rdp_encryption_method String,
+    ssh_version String,
+    ssh_auth_success String,
+    ssh_client_version String,
+    ssh_server_version String,
+    ssh_cipher_alg String,
+    ssh_mac_alg String,
+    ssh_compression_alg String,
+    ssh_kex_alg String,
+    ssh_host_key_alg String,
+    ssh_host_key String,
+    ssh_hassh String,
+    sip_call_id String,
+    sip_originator_description String,
+    sip_responder_description String,
+    sip_user_agent String,
+    sip_server String,
+    sip_originator_sdp_connect_ip String,
+    sip_originator_sdp_media_port Nullable(Int32),
+    sip_originator_sdp_media_type String,
+    sip_originator_sdp_content String,
+    sip_responder_sdp_connect_ip String,
+    sip_responder_sdp_media_port Nullable(Int32),
+    sip_responder_sdp_media_type String,
+    sip_responder_sdp_content String,
+    sip_duration_s Nullable(Int32),
+    sip_bye String,
+    rtp_payload_type_c2s Nullable(Int32),
+    rtp_payload_type_s2c Nullable(Int32),
+    rtp_pcap_path String,
+    rtp_originator_dir Nullable(Int32),
+    stratum_cryptocurrency String,
+    stratum_mining_pools String,
+    stratum_mining_program String,
+    stratum_mining_subscribe String,
+    sent_pkts Int64,
+    received_pkts Int64,
+    sent_bytes Int64,
+    received_bytes Int64,
+    tcp_c2s_ip_fragments Nullable(Int64),
+    tcp_s2c_ip_fragments Nullable(Int64),
+    tcp_c2s_lost_bytes Nullable(Int64),
+    tcp_s2c_lost_bytes Nullable(Int64),
+    tcp_c2s_o3_pkts Nullable(Int64),
+    tcp_s2c_o3_pkts Nullable(Int64),
+    tcp_c2s_rtx_pkts Nullable(Int64),
+    tcp_s2c_rtx_pkts Nullable(Int64),
+    tcp_c2s_rtx_bytes Nullable(Int64),
+    tcp_s2c_rtx_bytes Nullable(Int64),
+    tcp_rtt_ms Nullable(Int32),
+    tcp_client_isn Nullable(Int64),
+    tcp_server_isn Nullable(Int64),
+    packet_capture_file String,
+    in_src_mac String,
+    out_src_mac String,
+    in_dest_mac String,
+    out_dest_mac String,
+    encapsulation String,
+    dup_traffic_flag Nullable(Int32),
+    tunnel_endpoint_a_desc String,
+    tunnel_endpoint_b_desc String
+) 
+AS
+SELECT
+    recv_time,
+    log_id,
+    decoded_as,
+    session_id,
+    start_timestamp_ms,
+    end_timestamp_ms,
+    duration_ms,
+    tcp_handshake_latency_ms,
+    ingestion_time,
+    processing_time,
+    -- insert_time,
+    device_id,
+    out_link_id,
+    in_link_id,
+    device_tag,
+    data_center,
+    device_group,
+    sled_ip,
+    address_type,
+    vsys_id,
+    t_vsys_id,
+    flags,
+    flags_identify_info,
+    security_rule_list,
+    security_action,
+    monitor_rule_list,
+    shaping_rule_list,
+    proxy_rule_list,
+    statistics_rule_list,
+    sc_rule_list,
+    sc_rsp_raw,
+    sc_rsp_decrypted,
+    proxy_action,
+    proxy_pinning_status,
+    proxy_intercept_status,
+    proxy_passthrough_reason,
+    proxy_client_side_latency_ms,
+    proxy_server_side_latency_ms,
+    proxy_client_side_version,
+    proxy_server_side_version,
+    proxy_cert_verify,
+    proxy_intercept_error,
+    monitor_mirrored_pkts,
+    monitor_mirrored_bytes,
+    client_ip,
+    client_port,
+    client_os_desc,
+    client_geolocation,
+    client_asn,
+    subscriber_id,
+    imei,
+    imsi,
+    phone_number,
+    apn,
+    server_ip,
+    server_port,
+    server_os_desc,
+    server_geolocation,
+    server_asn,
+    server_fqdn,
+    server_domain,
+    app_transition,
+    app,
+    app_debug_info,
+    app_content,
+    fqdn_category_list,
+    ip_protocol,
+    decoded_path,
+    dns_message_id,
+    dns_qr,
+    dns_opcode,
+    dns_aa,
+    dns_tc,
+    dns_rd,
+    dns_ra,
+    dns_rcode,
+    dns_qdcount,
+    dns_ancount,
+    dns_nscount,
+    dns_arcount,
+    dns_qname,
+    dns_qtype,
+    dns_qclass,
+    dns_cname,
+    dns_sub,
+    dns_rr,
+    dns_response_latency_ms,
+    http_url,
+    http_host,
+    http_request_line,
+    http_response_line,
+    http_request_body,
+    http_response_body,
+    http_proxy_flag,
+    http_sequence,
+    http_cookie,
+    http_referer,
+    http_user_agent,
+    http_request_content_length,
+    http_request_content_type,
+    http_response_content_length,
+    http_response_content_type,
+    http_set_cookie,
+    http_version,
+    http_status_code,
+    http_response_latency_ms,
+    http_session_duration_ms,
+    http_action_file_size,
+    ssl_version,
+    ssl_sni,
+    ssl_san,
+    ssl_cn,
+    ssl_handshake_latency_ms,
+    ssl_ja3_hash,
+    ssl_ja3s_hash,
+    ssl_cert_issuer,
+    ssl_cert_subject,
+    ssl_esni_flag,
+    ssl_ech_flag,
+    dtls_cookie,
+    dtls_version,
+    dtls_sni,
+    dtls_san,
+    dtls_cn,
+    dtls_handshake_latency_ms,
+    dtls_ja3_fingerprint,
+    dtls_ja3_hash,
+    dtls_cert_issuer,
+    dtls_cert_subject,
+    mail_protocol_type,
+    mail_account,
+    mail_from_cmd,
+    mail_to_cmd,
+    mail_from,
+    mail_password,
+    mail_to,
+    mail_cc,
+    mail_bcc,
+    mail_subject,
+    mail_subject_charset,
+    mail_attachment_name,
+    mail_attachment_name_charset,
+    mail_eml_file,
+    ftp_account,
+    ftp_url,
+    ftp_link_type,
+    quic_version,
+    quic_sni,
+    quic_user_agent,
+    rdp_cookie,
+    rdp_security_protocol,
+    rdp_client_channels,
+    rdp_keyboard_layout,
+    rdp_client_version,
+    rdp_client_name,
+    rdp_client_product_id,
+    rdp_desktop_width,
+    rdp_desktop_height,
+    rdp_requested_color_depth,
+    rdp_certificate_type,
+    rdp_certificate_count,
+    rdp_certificate_permanent,
+    rdp_encryption_level,
+    rdp_encryption_method,
+    ssh_version,
+    ssh_auth_success,
+    ssh_client_version,
+    ssh_server_version,
+    ssh_cipher_alg,
+    ssh_mac_alg,
+    ssh_compression_alg,
+    ssh_kex_alg,
+    ssh_host_key_alg,
+    ssh_host_key,
+    ssh_hassh,
+    sip_call_id,
+    sip_originator_description,
+    sip_responder_description,
+    sip_user_agent,
+    sip_server,
+    sip_originator_sdp_connect_ip,
+    sip_originator_sdp_media_port,
+    sip_originator_sdp_media_type,
+    sip_originator_sdp_content,
+    sip_responder_sdp_connect_ip,
+    sip_responder_sdp_media_port,
+    sip_responder_sdp_media_type,
+    sip_responder_sdp_content,
+    sip_duration_s,
+    sip_bye,
+    rtp_payload_type_c2s,
+    rtp_payload_type_s2c,
+    rtp_pcap_path,
+    rtp_originator_dir,
+    stratum_cryptocurrency,
+    stratum_mining_pools,
+    stratum_mining_program,
+    stratum_mining_subscribe,
+    sent_pkts,
+    received_pkts,
+    sent_bytes,
+    received_bytes,
+    tcp_c2s_ip_fragments,
+    tcp_s2c_ip_fragments,
+    tcp_c2s_lost_bytes,
+    tcp_s2c_lost_bytes,
+    tcp_c2s_o3_pkts,
+    tcp_s2c_o3_pkts,
+    tcp_c2s_rtx_pkts,
+    tcp_s2c_rtx_pkts,
+    tcp_c2s_rtx_bytes,
+    tcp_s2c_rtx_bytes,
+    tcp_rtt_ms,
+    tcp_client_isn,
+    tcp_server_isn,
+    packet_capture_file,
+    in_src_mac,
+    out_src_mac,
+    in_dest_mac,
+    out_dest_mac,
+    encapsulation,
+    dup_traffic_flag,
+    tunnel_endpoint_a_desc,
+    tunnel_endpoint_b_desc
+FROM tsg_galaxy_v3.session_record_local
+WHERE empty(security_rule_list) = 0
+;
+
+-- tsg_galaxy_v3.monitor_event_materialized_view
+CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_v3.monitor_event_materialized_view on cluster js_datahouse 
+TO tsg_galaxy_v3.monitor_event_local
+(
+    recv_time Int64,
+    log_id UInt64,
+    decoded_as String,
+    session_id UInt64,
+    start_timestamp_ms DateTime64(3),
+    end_timestamp_ms DateTime64(3),
+    duration_ms Int32,
+    tcp_handshake_latency_ms Nullable(Int32),
+    ingestion_time Int64,
+    processing_time Int64,
+    -- insert_time Int64 MATERIALIZED toUnixTimestamp(now()),
+    device_id String,
+    out_link_id Nullable(Int32),
+    in_link_id Nullable(Int32),
+    device_tag String,
+    data_center String,
+    device_group String,
+    sled_ip String,
+    address_type Int32,
+    vsys_id Int32,
+    t_vsys_id Int32,
+    flags Int64,
+    flags_identify_info String,
+    security_rule_list Array(Int64),
+    security_action String,
+    monitor_rule_list Array(Int64),
+    shaping_rule_list Array(Int64),
+    proxy_rule_list Array(Int64),
+    statistics_rule_list Array(Int64),
+    sc_rule_list Array(Int64),
+    sc_rsp_raw Array(Int64),
+    sc_rsp_decrypted Array(Int64),
+    proxy_action String,
+    proxy_pinning_status Nullable(Int32),
+    proxy_intercept_status Nullable(Int32),
+    proxy_passthrough_reason String,
+    proxy_client_side_latency_ms Nullable(Int32),
+    proxy_server_side_latency_ms Nullable(Int32),
+    proxy_client_side_version String,
+    proxy_server_side_version String,
+    proxy_cert_verify Nullable(Int32),
+    proxy_intercept_error String,
+    monitor_mirrored_pkts Nullable(Int32),
+    monitor_mirrored_bytes Nullable(Int32),
+    client_ip String,
+    client_port Int32,
+    client_os_desc String,
+    client_geolocation LowCardinality(String),
+    client_asn Nullable(Int64),
+    subscriber_id String,
+    imei String,
+    imsi String,
+    phone_number String,
+    apn String,
+    server_ip String,
+    server_port Int32,
+    server_os_desc String,
+    server_geolocation LowCardinality(String),
+    server_asn Nullable(Int64),
+    server_fqdn String,
+    server_domain String,
+    app_transition String, 
+    app LowCardinality(String),
+    app_debug_info String,
+    app_content String,
+    fqdn_category_list Array(Int64),
+    ip_protocol LowCardinality(String),
+    decoded_path LowCardinality(String),
+    dns_message_id Nullable(Int32),
+    dns_qr Nullable(Int32),
+    dns_opcode Nullable(Int32),
+    dns_aa Nullable(Int32),
+    dns_tc Nullable(Int32),
+    dns_rd Nullable(Int32),
+    dns_ra Nullable(Int32),
+    dns_rcode Nullable(Int32),
+    dns_qdcount Nullable(Int32),
+    dns_ancount Nullable(Int32),
+    dns_nscount Nullable(Int32),
+    dns_arcount Nullable(Int32),
+    dns_qname String,
+    dns_qtype Nullable(Int32),
+    dns_qclass Nullable(Int32),
+    dns_cname String,
+    dns_sub Nullable(Int32),
+    dns_rr String,
+    dns_response_latency_ms Nullable(Int32),
+    http_url String,
+    http_host String,
+    http_request_line String,
+    http_response_line String,
+    http_request_body String,
+    http_response_body String,
+    http_proxy_flag Nullable(Int32),
+    http_sequence Nullable(Int32),
+    http_cookie String,
+    http_referer String,
+    http_user_agent String,
+    http_request_content_length Nullable(Int64),
+    http_request_content_type String,
+    http_response_content_length Nullable(Int64),
+    http_response_content_type String,
+    http_set_cookie String,
+    http_version String,
+    http_status_code Nullable(Int32),
+    http_response_latency_ms Nullable(Int32),
+    http_session_duration_ms Nullable(Int32),
+    http_action_file_size Nullable(Int64),
+    ssl_version String,
+    ssl_sni String,
+    ssl_san String,
+    ssl_cn String,
+    ssl_handshake_latency_ms Nullable(Int32),
+    ssl_ja3_hash String,
+    ssl_ja3s_hash String,
+    ssl_cert_issuer String,
+    ssl_cert_subject String,
+    ssl_esni_flag Nullable(Int32),
+    ssl_ech_flag Nullable(Int32),
+    dtls_cookie String,
+    dtls_version  String,
+    dtls_sni String,
+    dtls_san String,
+    dtls_cn String,
+    dtls_handshake_latency_ms Nullable(Int32),
+    dtls_ja3_fingerprint String,
+    dtls_ja3_hash String,
+    dtls_cert_issuer String,
+    dtls_cert_subject String,
+    mail_protocol_type String,
+    mail_account String,
+    mail_from_cmd String,
+    mail_to_cmd String,
+    mail_from String,
+    mail_password String,
+    mail_to String,
+    mail_cc String,
+    mail_bcc String,
+    mail_subject String,
+    mail_subject_charset String,
+    mail_attachment_name String,
+    mail_attachment_name_charset String,
+    mail_eml_file String,
+    ftp_account String,
+    ftp_url String,
+    ftp_link_type String,
+    quic_version String,
+    quic_sni String,
+    quic_user_agent String,
+    rdp_cookie String,
+    rdp_security_protocol String,
+    rdp_client_channels String,
+    rdp_keyboard_layout String,
+    rdp_client_version String,
+    rdp_client_name String,
+    rdp_client_product_id String,
+    rdp_desktop_width String,
+    rdp_desktop_height String,
+    rdp_requested_color_depth String,
+    rdp_certificate_type String,
+    rdp_certificate_count Nullable(Int32),
+    rdp_certificate_permanent Nullable(Int32),
+    rdp_encryption_level String,
+    rdp_encryption_method String,
+    ssh_version String,
+    ssh_auth_success String,
+    ssh_client_version String,
+    ssh_server_version String,
+    ssh_cipher_alg String,
+    ssh_mac_alg String,
+    ssh_compression_alg String,
+    ssh_kex_alg String,
+    ssh_host_key_alg String,
+    ssh_host_key String,
+    ssh_hassh String,
+    sip_call_id String,
+    sip_originator_description String,
+    sip_responder_description String,
+    sip_user_agent String,
+    sip_server String,
+    sip_originator_sdp_connect_ip String,
+    sip_originator_sdp_media_port Nullable(Int32),
+    sip_originator_sdp_media_type String,
+    sip_originator_sdp_content String,
+    sip_responder_sdp_connect_ip String,
+    sip_responder_sdp_media_port Nullable(Int32),
+    sip_responder_sdp_media_type String,
+    sip_responder_sdp_content String,
+    sip_duration_s Nullable(Int32),
+    sip_bye String,
+    rtp_payload_type_c2s Nullable(Int32),
+    rtp_payload_type_s2c Nullable(Int32),
+    rtp_pcap_path String,
+    rtp_originator_dir Nullable(Int32),
+    stratum_cryptocurrency String,
+    stratum_mining_pools String,
+    stratum_mining_program String,
+    stratum_mining_subscribe String,
+    sent_pkts Int64,
+    received_pkts Int64,
+    sent_bytes Int64,
+    received_bytes Int64,
+    tcp_c2s_ip_fragments Nullable(Int64),
+    tcp_s2c_ip_fragments Nullable(Int64),
+    tcp_c2s_lost_bytes Nullable(Int64),
+    tcp_s2c_lost_bytes Nullable(Int64),
+    tcp_c2s_o3_pkts Nullable(Int64),
+    tcp_s2c_o3_pkts Nullable(Int64),
+    tcp_c2s_rtx_pkts Nullable(Int64),
+    tcp_s2c_rtx_pkts Nullable(Int64),
+    tcp_c2s_rtx_bytes Nullable(Int64),
+    tcp_s2c_rtx_bytes Nullable(Int64),
+    tcp_rtt_ms Nullable(Int32),
+    tcp_client_isn Nullable(Int64),
+    tcp_server_isn Nullable(Int64),
+    packet_capture_file String,
+    in_src_mac String,
+    out_src_mac String,
+    in_dest_mac String,
+    out_dest_mac String,
+    encapsulation String,
+    dup_traffic_flag Nullable(Int32),
+    tunnel_endpoint_a_desc String,
+    tunnel_endpoint_b_desc String
+) 
+AS
+SELECT
+    recv_time,
+    log_id,
+    decoded_as,
+    session_id,
+    start_timestamp_ms,
+    end_timestamp_ms,
+    duration_ms,
+    tcp_handshake_latency_ms,
+    ingestion_time,
+    processing_time,
+    -- insert_time,
+    device_id,
+    out_link_id,
+    in_link_id,
+    device_tag,
+    data_center,
+    device_group,
+    sled_ip,
+    address_type,
+    vsys_id,
+    t_vsys_id,
+    flags,
+    flags_identify_info,
+    security_rule_list,
+    security_action,
+    monitor_rule_list,
+    shaping_rule_list,
+    proxy_rule_list,
+    statistics_rule_list,
+    sc_rule_list,
+    sc_rsp_raw,
+    sc_rsp_decrypted,
+    proxy_action,
+    proxy_pinning_status,
+    proxy_intercept_status,
+    proxy_passthrough_reason,
+    proxy_client_side_latency_ms,
+    proxy_server_side_latency_ms,
+    proxy_client_side_version,
+    proxy_server_side_version,
+    proxy_cert_verify,
+    proxy_intercept_error,
+    monitor_mirrored_pkts,
+    monitor_mirrored_bytes,
+    client_ip,
+    client_port,
+    client_os_desc,
+    client_geolocation,
+    client_asn,
+    subscriber_id,
+    imei,
+    imsi,
+    phone_number,
+    apn,
+    server_ip,
+    server_port,
+    server_os_desc,
+    server_geolocation,
+    server_asn,
+    server_fqdn,
+    server_domain,
+    app_transition,
+    app,
+    app_debug_info,
+    app_content,
+    fqdn_category_list,
+    ip_protocol,
+    decoded_path,
+    dns_message_id,
+    dns_qr,
+    dns_opcode,
+    dns_aa,
+    dns_tc,
+    dns_rd,
+    dns_ra,
+    dns_rcode,
+    dns_qdcount,
+    dns_ancount,
+    dns_nscount,
+    dns_arcount,
+    dns_qname,
+    dns_qtype,
+    dns_qclass,
+    dns_cname,
+    dns_sub,
+    dns_rr,
+    dns_response_latency_ms,
+    http_url,
+    http_host,
+    http_request_line,
+    http_response_line,
+    http_request_body,
+    http_response_body,
+    http_proxy_flag,
+    http_sequence,
+    http_cookie,
+    http_referer,
+    http_user_agent,
+    http_request_content_length,
+    http_request_content_type,
+    http_response_content_length,
+    http_response_content_type,
+    http_set_cookie,
+    http_version,
+    http_status_code,
+    http_response_latency_ms,
+    http_session_duration_ms,
+    http_action_file_size,
+    ssl_version,
+    ssl_sni,
+    ssl_san,
+    ssl_cn,
+    ssl_handshake_latency_ms,
+    ssl_ja3_hash,
+    ssl_ja3s_hash,
+    ssl_cert_issuer,
+    ssl_cert_subject,
+    ssl_esni_flag,
+    ssl_ech_flag,
+    dtls_cookie,
+    dtls_version,
+    dtls_sni,
+    dtls_san,
+    dtls_cn,
+    dtls_handshake_latency_ms,
+    dtls_ja3_fingerprint,
+    dtls_ja3_hash,
+    dtls_cert_issuer,
+    dtls_cert_subject,
+    mail_protocol_type,
+    mail_account,
+    mail_from_cmd,
+    mail_to_cmd,
+    mail_from,
+    mail_password,
+    mail_to,
+    mail_cc,
+    mail_bcc,
+    mail_subject,
+    mail_subject_charset,
+    mail_attachment_name,
+    mail_attachment_name_charset,
+    mail_eml_file,
+    ftp_account,
+    ftp_url,
+    ftp_link_type,
+    quic_version,
+    quic_sni,
+    quic_user_agent,
+    rdp_cookie,
+    rdp_security_protocol,
+    rdp_client_channels,
+    rdp_keyboard_layout,
+    rdp_client_version,
+    rdp_client_name,
+    rdp_client_product_id,
+    rdp_desktop_width,
+    rdp_desktop_height,
+    rdp_requested_color_depth,
+    rdp_certificate_type,
+    rdp_certificate_count,
+    rdp_certificate_permanent,
+    rdp_encryption_level,
+    rdp_encryption_method,
+    ssh_version,
+    ssh_auth_success,
+    ssh_client_version,
+    ssh_server_version,
+    ssh_cipher_alg,
+    ssh_mac_alg,
+    ssh_compression_alg,
+    ssh_kex_alg,
+    ssh_host_key_alg,
+    ssh_host_key,
+    ssh_hassh,
+    sip_call_id,
+    sip_originator_description,
+    sip_responder_description,
+    sip_user_agent,
+    sip_server,
+    sip_originator_sdp_connect_ip,
+    sip_originator_sdp_media_port,
+    sip_originator_sdp_media_type,
+    sip_originator_sdp_content,
+    sip_responder_sdp_connect_ip,
+    sip_responder_sdp_media_port,
+    sip_responder_sdp_media_type,
+    sip_responder_sdp_content,
+    sip_duration_s,
+    sip_bye,
+    rtp_payload_type_c2s,
+    rtp_payload_type_s2c,
+    rtp_pcap_path,
+    rtp_originator_dir,
+    stratum_cryptocurrency,
+    stratum_mining_pools,
+    stratum_mining_program,
+    stratum_mining_subscribe,
+    sent_pkts,
+    received_pkts,
+    sent_bytes,
+    received_bytes,
+    tcp_c2s_ip_fragments,
+    tcp_s2c_ip_fragments,
+    tcp_c2s_lost_bytes,
+    tcp_s2c_lost_bytes,
+    tcp_c2s_o3_pkts,
+    tcp_s2c_o3_pkts,
+    tcp_c2s_rtx_pkts,
+    tcp_s2c_rtx_pkts,
+    tcp_c2s_rtx_bytes,
+    tcp_s2c_rtx_bytes,
+    tcp_rtt_ms,
+    tcp_client_isn,
+    tcp_server_isn,
+    packet_capture_file,
+    in_src_mac,
+    out_src_mac,
+    in_dest_mac,
+    out_dest_mac,
+    encapsulation,
+    dup_traffic_flag,
+    tunnel_endpoint_a_desc,
+    tunnel_endpoint_b_desc
+FROM tsg_galaxy_v3.session_record_local
+WHERE empty(monitor_rule_list) = 0
+;