From 99e1dfab9f681456f192110b2fe5fd6bab7e1d26 Mon Sep 17 00:00:00 2001
From: qidaijie <qidaijie@mesalab.cn>
Date: Fri, 6 Aug 2021 11:47:19 +0800
Subject: [PATCH] =?UTF-8?q?=E5=A2=9E=E5=8A=A021.08sql?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

---
 .../createAllTables/create_ck_table.sql       | 4022 +++++++++++++++++
 TSG-21.06/clickhouse/createAllTables/dll.sql  |  200 +
 .../clickhouse/active_defence_event_log.sql   |    9 +
 .../clickhouse/connection_record_log.sql      |    9 +
 TSG-21.08/clickhouse/gtpc_record_log.sql      |    9 +
 .../clickhouse/live_session_record_log.sql    |    9 +
 TSG-21.08/clickhouse/proxy_event_log.sql      |    9 +
 TSG-21.08/clickhouse/radius_record_log.sql    |    9 +
 TSG-21.08/clickhouse/security_event_log.sql   |    9 +
 .../clickhouse/sys_packet_capture_log.sql     |    9 +
 .../clickhouse/transaction_record_log.sql     |    9 +
 TSG-21.08/clickhouse/voip_record_log.sql      |    9 +
 updata-record.zip                             |  Bin 0 -> 9429 bytes
 13 files changed, 4312 insertions(+)
 create mode 100644 TSG-21.06/clickhouse/createAllTables/create_ck_table.sql
 create mode 100644 TSG-21.06/clickhouse/createAllTables/dll.sql
 create mode 100644 TSG-21.08/clickhouse/active_defence_event_log.sql
 create mode 100644 TSG-21.08/clickhouse/connection_record_log.sql
 create mode 100644 TSG-21.08/clickhouse/gtpc_record_log.sql
 create mode 100644 TSG-21.08/clickhouse/live_session_record_log.sql
 create mode 100644 TSG-21.08/clickhouse/proxy_event_log.sql
 create mode 100644 TSG-21.08/clickhouse/radius_record_log.sql
 create mode 100644 TSG-21.08/clickhouse/security_event_log.sql
 create mode 100644 TSG-21.08/clickhouse/sys_packet_capture_log.sql
 create mode 100644 TSG-21.08/clickhouse/transaction_record_log.sql
 create mode 100644 TSG-21.08/clickhouse/voip_record_log.sql
 create mode 100644 updata-record.zip

diff --git a/TSG-21.06/clickhouse/createAllTables/create_ck_table.sql b/TSG-21.06/clickhouse/createAllTables/create_ck_table.sql
new file mode 100644
index 0000000..2d4f882
--- /dev/null
+++ b/TSG-21.06/clickhouse/createAllTables/create_ck_table.sql
@@ -0,0 +1,4022 @@
+create database IF NOT EXISTS tsg_galaxy_v3 ON CLUSTER ck_cluster;
+create database IF NOT EXISTS tsg_galaxy_v3 ON CLUSTER ck_query;
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.gtpc_record_log_local ON CLUSTER ck_cluster(
+	common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	gtp_version String,
+	gtp_apn String,
+	gtp_imei String,
+	gtp_imsi String,
+	gtp_phone_number String,
+	gtp_uplink_teid Int64,
+	gtp_downlink_teid Int64,
+	gtp_msg_type String,
+	gtp_end_user_ipv4 String,
+	gtp_end_user_ipv6 String
+)
+ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
+ORDER BY (common_log_id,common_data_center,common_recv_time);
+
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.gtpc_record_log ON CLUSTER ck_cluster(
+		common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	gtp_version String,
+	gtp_apn String,
+	gtp_imei String,
+	gtp_imsi String,
+	gtp_phone_number String,
+	gtp_uplink_teid Int64,
+	gtp_downlink_teid Int64,
+	gtp_msg_type String,
+	gtp_end_user_ipv4 String,
+	gtp_end_user_ipv6 String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,gtpc_record_log_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.gtpc_record_log ON CLUSTER ck_query(
+	common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	gtp_version String,
+	gtp_apn String,
+	gtp_imei String,
+	gtp_imsi String,
+	gtp_phone_number String,
+	gtp_uplink_teid Int64,
+	gtp_downlink_teid Int64,
+	gtp_msg_type String,
+	gtp_end_user_ipv4 String,
+	gtp_end_user_ipv6 String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,gtpc_record_log_local,rand());
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.live_session_record_log_local ON CLUSTER ck_cluster(
+		common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_content String,
+	http_response_content String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	mail_protocol_type String,
+	mail_account String,
+	mail_to_cmd String,
+	mail_from_cmd String,
+	mail_from String,
+	mail_to String,
+	mail_cc String,
+	mail_bcc String,
+	mail_subject String,
+	mail_subject_charset String,
+	mail_content String,
+	mail_content_charset String,
+	mail_attachment_name String,
+	mail_attachment_name_charset String,
+	mail_attachment_content String,
+	mail_eml_file String,
+	mail_snapshot String,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_pinningst Nullable(Int64),
+	ssl_intercept_state Nullable(Int64),
+	ssl_server_side_latency Int64,
+	ssl_client_side_latency Int64,
+	ssl_server_side_version String,
+	ssl_client_side_version String,
+	ssl_cert_verify Nullable(Int64),
+	ssl_error String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	ssl_cert_issuer String,
+	ssl_cert_subject String,
+	quic_version String,
+	quic_sni String,
+	quic_user_agent String,
+	ftp_account String,
+	ftp_url String,
+	ftp_content String,
+	ftp_link_type String,
+	bgp_type Int64,
+	bgp_as_num String,
+	bgp_route String,
+	voip_calling_account String,
+	voip_called_account String,
+	voip_calling_number String,
+	voip_called_number String,
+	streaming_media_url String,
+	streaming_media_protocol String,
+	app_extra_info String,
+	sip_call_id String,
+	sip_originator_description String,
+	sip_responder_description String,
+	sip_user_agent String,
+	sip_server String,
+	sip_originator_sdp_connect_ip String,
+	sip_originator_sdp_media_port Int64,
+	sip_originator_sdp_media_type String,
+	sip_originator_sdp_content String,
+	sip_responder_sdp_connect_ip String,
+	sip_responder_sdp_media_port Int64,
+	sip_responder_sdp_media_type String,
+	sip_responder_sdp_content String,
+	sip_duration Int64,
+	sip_bye String,
+	rtp_payload_type_c2s Nullable(Int64),
+	rtp_payload_type_s2c Nullable(Int64),
+	rtp_pcap_path String,
+	rtp_originator_dir Int64
+)
+ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
+ORDER BY (common_log_id,common_data_center,common_recv_time);
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.transaction_record_log_local ON CLUSTER ck_cluster(
+		common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_content String,
+	http_response_content String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	sip_call_id String,
+	sip_originator_description String,
+	sip_responder_description String,
+	sip_user_agent String,
+	sip_server String,
+	sip_originator_sdp_connect_ip String,
+	sip_originator_sdp_media_port Int64,
+	sip_originator_sdp_media_type String,
+	sip_originator_sdp_content String,
+	sip_responder_sdp_connect_ip String,
+	sip_responder_sdp_media_port Int64,
+	sip_responder_sdp_media_type String,
+	sip_responder_sdp_content String,
+	sip_duration Int64,
+	sip_bye String
+)
+ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
+ORDER BY (common_stream_trace_id,common_data_center,common_recv_time);
+
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.live_session_record_log ON CLUSTER ck_query(
+	common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_content String,
+	http_response_content String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	mail_protocol_type String,
+	mail_account String,
+	mail_to_cmd String,
+	mail_from_cmd String,
+	mail_from String,
+	mail_to String,
+	mail_cc String,
+	mail_bcc String,
+	mail_subject String,
+	mail_subject_charset String,
+	mail_content String,
+	mail_content_charset String,
+	mail_attachment_name String,
+	mail_attachment_name_charset String,
+	mail_attachment_content String,
+	mail_eml_file String,
+	mail_snapshot String,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_pinningst Nullable(Int64),
+	ssl_intercept_state Nullable(Int64),
+	ssl_server_side_latency Int64,
+	ssl_client_side_latency Int64,
+	ssl_server_side_version String,
+	ssl_client_side_version String,
+	ssl_cert_verify Nullable(Int64),
+	ssl_error String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	ssl_cert_issuer String,
+	ssl_cert_subject String,
+	quic_version String,
+	quic_sni String,
+	quic_user_agent String,
+	ftp_account String,
+	ftp_url String,
+	ftp_content String,
+	ftp_link_type String,
+	bgp_type Int64,
+	bgp_as_num String,
+	bgp_route String,
+	voip_calling_account String,
+	voip_called_account String,
+	voip_calling_number String,
+	voip_called_number String,
+	streaming_media_url String,
+	streaming_media_protocol String,
+	app_extra_info String,
+	sip_call_id String,
+	sip_originator_description String,
+	sip_responder_description String,
+	sip_user_agent String,
+	sip_server String,
+	sip_originator_sdp_connect_ip String,
+	sip_originator_sdp_media_port Int64,
+	sip_originator_sdp_media_type String,
+	sip_originator_sdp_content String,
+	sip_responder_sdp_connect_ip String,
+	sip_responder_sdp_media_port Int64,
+	sip_responder_sdp_media_type String,
+	sip_responder_sdp_content String,
+	sip_duration Int64,
+	sip_bye String,
+	rtp_payload_type_c2s Nullable(Int64),
+	rtp_payload_type_s2c Nullable(Int64),
+	rtp_pcap_path String,
+	rtp_originator_dir Int64
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,live_session_record_log_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.live_session_record_log ON CLUSTER ck_cluster(
+		common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_content String,
+	http_response_content String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	mail_protocol_type String,
+	mail_account String,
+	mail_to_cmd String,
+	mail_from_cmd String,
+	mail_from String,
+	mail_to String,
+	mail_cc String,
+	mail_bcc String,
+	mail_subject String,
+	mail_subject_charset String,
+	mail_content String,
+	mail_content_charset String,
+	mail_attachment_name String,
+	mail_attachment_name_charset String,
+	mail_attachment_content String,
+	mail_eml_file String,
+	mail_snapshot String,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_pinningst Nullable(Int64),
+	ssl_intercept_state Nullable(Int64),
+	ssl_server_side_latency Int64,
+	ssl_client_side_latency Int64,
+	ssl_server_side_version String,
+	ssl_client_side_version String,
+	ssl_cert_verify Nullable(Int64),
+	ssl_error String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	ssl_cert_issuer String,
+	ssl_cert_subject String,
+	quic_version String,
+	quic_sni String,
+	quic_user_agent String,
+	ftp_account String,
+	ftp_url String,
+	ftp_content String,
+	ftp_link_type String,
+	bgp_type Int64,
+	bgp_as_num String,
+	bgp_route String,
+	voip_calling_account String,
+	voip_called_account String,
+	voip_calling_number String,
+	voip_called_number String,
+	streaming_media_url String,
+	streaming_media_protocol String,
+	app_extra_info String,
+	sip_call_id String,
+	sip_originator_description String,
+	sip_responder_description String,
+	sip_user_agent String,
+	sip_server String,
+	sip_originator_sdp_connect_ip String,
+	sip_originator_sdp_media_port Int64,
+	sip_originator_sdp_media_type String,
+	sip_originator_sdp_content String,
+	sip_responder_sdp_connect_ip String,
+	sip_responder_sdp_media_port Int64,
+	sip_responder_sdp_media_type String,
+	sip_responder_sdp_content String,
+	sip_duration Int64,
+	sip_bye String,
+	rtp_payload_type_c2s Nullable(Int64),
+	rtp_payload_type_s2c Nullable(Int64),
+	rtp_pcap_path String,
+	rtp_originator_dir Int64
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,live_session_record_log_local,rand());
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.transaction_record_log ON CLUSTER ck_query(
+	common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_content String,
+	http_response_content String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	sip_call_id String,
+	sip_originator_description String,
+	sip_responder_description String,
+	sip_user_agent String,
+	sip_server String,
+	sip_originator_sdp_connect_ip String,
+	sip_originator_sdp_media_port Int64,
+	sip_originator_sdp_media_type String,
+	sip_originator_sdp_content String,
+	sip_responder_sdp_connect_ip String,
+	sip_responder_sdp_media_port Int64,
+	sip_responder_sdp_media_type String,
+	sip_responder_sdp_content String,
+	sip_duration Int64,
+	sip_bye String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,transaction_record_log_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.transaction_record_log ON CLUSTER ck_cluster(
+	common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_content String,
+	http_response_content String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	sip_call_id String,
+	sip_originator_description String,
+	sip_responder_description String,
+	sip_user_agent String,
+	sip_server String,
+	sip_originator_sdp_connect_ip String,
+	sip_originator_sdp_media_port Int64,
+	sip_originator_sdp_media_type String,
+	sip_originator_sdp_content String,
+	sip_responder_sdp_connect_ip String,
+	sip_responder_sdp_media_port Int64,
+	sip_responder_sdp_media_type String,
+	sip_responder_sdp_content String,
+	sip_duration Int64,
+	sip_bye String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,transaction_record_log_local,rand());
+
+
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.voip_record_log_local ON CLUSTER ck_cluster(
+	common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	sip_call_id String,
+	sip_originator_description String,
+	sip_responder_description String,
+	sip_user_agent String,
+	sip_server String,
+	sip_originator_sdp_connect_ip String,
+	sip_originator_sdp_media_port Int64,
+	sip_originator_sdp_media_type String,
+	sip_originator_sdp_content String,
+	sip_responder_sdp_connect_ip String,
+	sip_responder_sdp_media_port Int64,
+	sip_responder_sdp_media_type String,
+	sip_responder_sdp_content String,
+	sip_duration Int64,
+	sip_bye String,
+	rtp_payload_type_c2s Nullable(Int64),
+	rtp_payload_type_s2c Nullable(Int64),
+	rtp_pcap_path String,
+	rtp_originator_dir Int64
+)ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) ORDER BY (common_log_id,common_data_center,common_recv_time);
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.voip_record_log ON CLUSTER ck_query(
+	common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	sip_call_id String,
+	sip_originator_description String,
+	sip_responder_description String,
+	sip_user_agent String,
+	sip_server String,
+	sip_originator_sdp_connect_ip String,
+	sip_originator_sdp_media_port Int64,
+	sip_originator_sdp_media_type String,
+	sip_originator_sdp_content String,
+	sip_responder_sdp_connect_ip String,
+	sip_responder_sdp_media_port Int64,
+	sip_responder_sdp_media_type String,
+	sip_responder_sdp_content String,
+	sip_duration Int64,
+	sip_bye String,
+	rtp_payload_type_c2s Nullable(Int64),
+	rtp_payload_type_s2c Nullable(Int64),
+	rtp_pcap_path String,
+	rtp_originator_dir Int64
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,voip_record_log_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.voip_record_log ON CLUSTER ck_cluster(
+	common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	sip_call_id String,
+	sip_originator_description String,
+	sip_responder_description String,
+	sip_user_agent String,
+	sip_server String,
+	sip_originator_sdp_connect_ip String,
+	sip_originator_sdp_media_port Int64,
+	sip_originator_sdp_media_type String,
+	sip_originator_sdp_content String,
+	sip_responder_sdp_connect_ip String,
+	sip_responder_sdp_media_port Int64,
+	sip_responder_sdp_media_type String,
+	sip_responder_sdp_content String,
+	sip_duration Int64,
+	sip_bye String,
+	rtp_payload_type_c2s Nullable(Int64),
+	rtp_payload_type_s2c Nullable(Int64),
+	rtp_pcap_path String,
+	rtp_originator_dir Int64
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,voip_record_log_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.sys_packet_capture_log_local ON CLUSTER ck_cluster(
+	common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	nic_name String,
+	origin_source_mac String,
+	origin_dest_mac String,
+	packet_url String,
+	pcap_storage_task_id Int64,
+	pcap_storage_duration Int64
+)
+ENGINE =MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) ORDER BY (common_log_id,common_policy_id,common_recv_time);
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.security_event_log_local ON CLUSTER ck_cluster(
+	common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_content String,
+	http_response_content String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	mail_protocol_type String,
+	mail_account String,
+	mail_to_cmd String,
+	mail_from_cmd String,
+	mail_from String,
+	mail_to String,
+	mail_cc String,
+	mail_bcc String,
+	mail_subject String,
+	mail_subject_charset String,
+	mail_content String,
+	mail_content_charset String,
+	mail_attachment_name String,
+	mail_attachment_name_charset String,
+	mail_attachment_content String,
+	mail_eml_file String,
+	mail_snapshot String,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_pinningst Nullable(Int64),
+	ssl_intercept_state Nullable(Int64),
+	ssl_server_side_latency Int64,
+	ssl_client_side_latency Int64,
+	ssl_server_side_version String,
+	ssl_client_side_version String,
+	ssl_cert_verify Nullable(Int64),
+	ssl_error String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	ssl_cert_issuer String,
+	ssl_cert_subject String,
+	quic_version String,
+	quic_sni String,
+	quic_user_agent String,
+	ftp_account String,
+	ftp_url String,
+	ftp_content String,
+	ftp_link_type String,
+	bgp_type Int64,
+	bgp_as_num String,
+	bgp_route String,
+	voip_calling_account String,
+	voip_called_account String,
+	voip_calling_number String,
+	voip_called_number String,
+	streaming_media_url String,
+	streaming_media_protocol String,
+	app_extra_info String,
+	sip_call_id String,
+	sip_originator_description String,
+	sip_responder_description String,
+	sip_user_agent String,
+	sip_server String,
+	sip_originator_sdp_connect_ip String,
+	sip_originator_sdp_media_port Int64,
+	sip_originator_sdp_media_type String,
+	sip_originator_sdp_content String,
+	sip_responder_sdp_connect_ip String,
+	sip_responder_sdp_media_port Int64,
+	sip_responder_sdp_media_type String,
+	sip_responder_sdp_content String,
+	sip_duration Int64,
+	sip_bye String,
+	rtp_payload_type_c2s Nullable(Int64),
+	rtp_payload_type_s2c Nullable(Int64),
+	rtp_pcap_path String,
+	rtp_originator_dir Int64
+	
+)
+ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) ORDER BY (common_log_id,common_policy_id,common_recv_time);
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.proxy_event_log_local ON CLUSTER ck_cluster(
+	common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_content String,
+	http_response_content String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	doh_url String,
+	doh_host String,
+	doh_request_line String,
+	doh_response_line String,
+	doh_cookie String,
+	doh_referer String,
+	doh_user_agent String,
+	doh_content_length String,
+	doh_content_type String,
+	doh_set_cookie String,
+	doh_version String,
+	doh_message_id Int64,
+	doh_qr Int64,
+	doh_opcode Int64,
+	doh_aa Int64,
+	doh_tc Int64,
+	doh_rd Int64,
+	doh_ra Int64,
+	doh_rcode Int64,
+	doh_qdcount Int64,
+	doh_ancount Int64,
+	doh_nscount Int64,
+	doh_arcount Int64,
+	doh_qname String,
+	doh_qtype Int64,
+	doh_qclass Int64,
+	doh_cname String,
+	doh_sub Int64,
+	doh_rr String
+)
+ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) ORDER BY (common_log_id,common_policy_id,common_recv_time);
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_local ON CLUSTER ck_cluster(
+		common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_content String,
+	http_response_content String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	mail_protocol_type String,
+	mail_account String,
+	mail_to_cmd String,
+	mail_from_cmd String,
+	mail_from String,
+	mail_to String,
+	mail_cc String,
+	mail_bcc String,
+	mail_subject String,
+	mail_subject_charset String,
+	mail_content String,
+	mail_content_charset String,
+	mail_attachment_name String,
+	mail_attachment_name_charset String,
+	mail_attachment_content String,
+	mail_eml_file String,
+	mail_snapshot String,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_pinningst Nullable(Int64),
+	ssl_intercept_state Nullable(Int64),
+	ssl_server_side_latency Int64,
+	ssl_client_side_latency Int64,
+	ssl_server_side_version String,
+	ssl_client_side_version String,
+	ssl_cert_verify Nullable(Int64),
+	ssl_error String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	ssl_cert_issuer String,
+	ssl_cert_subject String,
+	quic_version String,
+	quic_sni String,
+	quic_user_agent String,
+	ftp_account String,
+	ftp_url String,
+	ftp_content String,
+	ftp_link_type String,
+	bgp_type Int64,
+	bgp_as_num String,
+	bgp_route String,
+	voip_calling_account String,
+	voip_called_account String,
+	voip_calling_number String,
+	voip_called_number String,
+	streaming_media_url String,
+	streaming_media_protocol String,
+	app_extra_info String,
+	sip_call_id String,
+	sip_originator_description String,
+	sip_responder_description String,
+	sip_user_agent String,
+	sip_server String,
+	sip_originator_sdp_connect_ip String,
+	sip_originator_sdp_media_port Int64,
+	sip_originator_sdp_media_type String,
+	sip_originator_sdp_content String,
+	sip_responder_sdp_connect_ip String,
+	sip_responder_sdp_media_port Int64,
+	sip_responder_sdp_media_type String,
+	sip_responder_sdp_content String,
+	sip_duration Int64,
+	sip_bye String,
+	rtp_payload_type_c2s Nullable(Int64),
+	rtp_payload_type_s2c Nullable(Int64),
+	rtp_pcap_path String,
+	rtp_originator_dir Int64
+)
+ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
+ORDER BY (common_log_id,common_data_center,common_recv_time);
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.radius_record_log_local ON CLUSTER ck_cluster (
+		common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	radius_packet_type Int64,
+	radius_nas_ip String,
+	radius_framed_ip String,
+	radius_account String,
+	radius_session_timeout Int64,
+	radius_idle_timeout Int64,
+	radius_acct_status_type Int64,
+	radius_acct_terminate_cause Int64,
+	radius_event_timestamp Int64,
+	radius_nas_port Int64,
+	radius_service_type Int64,
+	radius_framed_protocol Int64,
+	radius_callback_number String,
+	radius_callback_id String,
+	radius_termination_action Nullable(Int64),
+	radius_called_station_id String,
+	radius_calling_station_id String,
+	radius_acct_delay_time Int64,
+	radius_acct_session_id String,
+	radius_acct_multi_session_id String,
+	radius_acct_input_octets Int64,
+	radius_acct_output_octets Int64,
+	radius_acct_input_packets Int64,
+	radius_acct_output_packets Int64,
+	radius_acct_session_time Int64,
+	radius_acct_link_count Int64,
+	radius_acct_interim_interval Int64
+)
+ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
+ORDER BY (common_log_id,common_data_center,common_recv_time);
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_common_client_ip_local ON CLUSTER ck_cluster(
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+)
+ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
+ORDER BY (common_client_ip,common_server_ip,common_recv_time);
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_common_server_ip_local ON CLUSTER ck_cluster(
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+)
+ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
+ORDER BY (common_server_ip,common_client_ip,common_recv_time);
+
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_common_subscriber_id_local ON CLUSTER ck_cluster (
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+)
+ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
+ORDER BY (common_subscriber_id,common_recv_time);
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_http_domain_local ON CLUSTER ck_cluster(
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+)
+ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
+ORDER BY (http_domain,common_recv_time);
+
+
+CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_v3.common_client_ip  ON CLUSTER ck_cluster TO tsg_galaxy_v3.connection_record_log_common_client_ip_local  AS SELECT common_log_id, common_recv_time, common_policy_id, common_action, common_server_ip, common_client_ip, common_sled_ip, common_entrance_id, common_subscriber_id, common_stream_trace_id, http_domain, ssl_sni FROM tsg_galaxy_v3.connection_record_log_local;
+
+CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_v3.common_server_ip  ON CLUSTER ck_cluster TO tsg_galaxy_v3.connection_record_log_common_server_ip_local  AS SELECT common_log_id, common_recv_time, common_policy_id, common_action, common_server_ip, common_client_ip, common_sled_ip, common_entrance_id, common_subscriber_id, common_stream_trace_id, http_domain, ssl_sni FROM tsg_galaxy_v3.connection_record_log_local;
+
+CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_v3.common_subscriber_id  ON CLUSTER ck_cluster TO tsg_galaxy_v3.connection_record_log_common_subscriber_id_local  AS SELECT common_log_id, common_recv_time, common_policy_id, common_action, common_server_ip, common_client_ip, common_sled_ip, common_entrance_id, common_subscriber_id, common_stream_trace_id, http_domain, ssl_sni FROM tsg_galaxy_v3.connection_record_log_local;
+
+CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_v3.common_http_domain  ON CLUSTER ck_cluster TO tsg_galaxy_v3.connection_record_log_http_domain_local  AS SELECT common_log_id, common_recv_time, common_policy_id, common_action, common_server_ip, common_client_ip, common_sled_ip, common_entrance_id, common_subscriber_id, common_stream_trace_id, http_domain, ssl_sni FROM tsg_galaxy_v3.connection_record_log_local;
+
+
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.radius_onff_log_local ON CLUSTER ck_cluster(
+	event_timestamp Int64,
+	account String,
+	framed_ip String,
+	acct_status_type Int64,
+	acct_session_id String,
+	acct_session_time Int64
+)
+ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(event_timestamp))
+ORDER BY (account,event_timestamp);
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.radius_record_log ON CLUSTER ck_query (
+	common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	radius_packet_type Int64,
+	radius_nas_ip String,
+	radius_framed_ip String,
+	radius_account String,
+	radius_session_timeout Int64,
+	radius_idle_timeout Int64,
+	radius_acct_status_type Int64,
+	radius_acct_terminate_cause Int64,
+	radius_event_timestamp Int64,
+	radius_nas_port Int64,
+	radius_service_type Int64,
+	radius_framed_protocol Int64,
+	radius_callback_number String,
+	radius_callback_id String,
+	radius_termination_action Nullable(Int64),
+	radius_called_station_id String,
+	radius_calling_station_id String,
+	radius_acct_delay_time Int64,
+	radius_acct_session_id String,
+	radius_acct_multi_session_id String,
+	radius_acct_input_octets Int64,
+	radius_acct_output_octets Int64,
+	radius_acct_input_packets Int64,
+	radius_acct_output_packets Int64,
+	radius_acct_session_time Int64,
+	radius_acct_link_count Int64,
+	radius_acct_interim_interval Int64
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,radius_record_log_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log ON CLUSTER ck_query (
+	common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_content String,
+	http_response_content String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	mail_protocol_type String,
+	mail_account String,
+	mail_to_cmd String,
+	mail_from_cmd String,
+	mail_from String,
+	mail_to String,
+	mail_cc String,
+	mail_bcc String,
+	mail_subject String,
+	mail_subject_charset String,
+	mail_content String,
+	mail_content_charset String,
+	mail_attachment_name String,
+	mail_attachment_name_charset String,
+	mail_attachment_content String,
+	mail_eml_file String,
+	mail_snapshot String,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_pinningst Nullable(Int64),
+	ssl_intercept_state Nullable(Int64),
+	ssl_server_side_latency Int64,
+	ssl_client_side_latency Int64,
+	ssl_server_side_version String,
+	ssl_client_side_version String,
+	ssl_cert_verify Nullable(Int64),
+	ssl_error String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	ssl_cert_issuer String,
+	ssl_cert_subject String,
+	quic_version String,
+	quic_sni String,
+	quic_user_agent String,
+	ftp_account String,
+	ftp_url String,
+	ftp_content String,
+	ftp_link_type String,
+	bgp_type Int64,
+	bgp_as_num String,
+	bgp_route String,
+	voip_calling_account String,
+	voip_called_account String,
+	voip_calling_number String,
+	voip_called_number String,
+	streaming_media_url String,
+	streaming_media_protocol String,
+	app_extra_info String,
+	sip_call_id String,
+	sip_originator_description String,
+	sip_responder_description String,
+	sip_user_agent String,
+	sip_server String,
+	sip_originator_sdp_connect_ip String,
+	sip_originator_sdp_media_port Int64,
+	sip_originator_sdp_media_type String,
+	sip_originator_sdp_content String,
+	sip_responder_sdp_connect_ip String,
+	sip_responder_sdp_media_port Int64,
+	sip_responder_sdp_media_type String,
+	sip_responder_sdp_content String,
+	sip_duration Int64,
+	sip_bye String,
+	rtp_payload_type_c2s Nullable(Int64),
+	rtp_payload_type_s2c Nullable(Int64),
+	rtp_pcap_path String,
+	rtp_originator_dir Int64
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,connection_record_log_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.proxy_event_log ON CLUSTER ck_query (
+	common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_content String,
+	http_response_content String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	doh_url String,
+	doh_host String,
+	doh_request_line String,
+	doh_response_line String,
+	doh_cookie String,
+	doh_referer String,
+	doh_user_agent String,
+	doh_content_length String,
+	doh_content_type String,
+	doh_set_cookie String,
+	doh_version String,
+	doh_message_id Int64,
+	doh_qr Int64,
+	doh_opcode Int64,
+	doh_aa Int64,
+	doh_tc Int64,
+	doh_rd Int64,
+	doh_ra Int64,
+	doh_rcode Int64,
+	doh_qdcount Int64,
+	doh_ancount Int64,
+	doh_nscount Int64,
+	doh_arcount Int64,
+	doh_qname String,
+	doh_qtype Int64,
+	doh_qclass Int64,
+	doh_cname String,
+	doh_sub Int64,
+	doh_rr String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,proxy_event_log_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.security_event_log ON CLUSTER ck_query (
+	common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_content String,
+	http_response_content String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	mail_protocol_type String,
+	mail_account String,
+	mail_to_cmd String,
+	mail_from_cmd String,
+	mail_from String,
+	mail_to String,
+	mail_cc String,
+	mail_bcc String,
+	mail_subject String,
+	mail_subject_charset String,
+	mail_content String,
+	mail_content_charset String,
+	mail_attachment_name String,
+	mail_attachment_name_charset String,
+	mail_attachment_content String,
+	mail_eml_file String,
+	mail_snapshot String,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_pinningst Nullable(Int64),
+	ssl_intercept_state Nullable(Int64),
+	ssl_server_side_latency Int64,
+	ssl_client_side_latency Int64,
+	ssl_server_side_version String,
+	ssl_client_side_version String,
+	ssl_cert_verify Nullable(Int64),
+	ssl_error String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	ssl_cert_issuer String,
+	ssl_cert_subject String,
+	quic_version String,
+	quic_sni String,
+	quic_user_agent String,
+	ftp_account String,
+	ftp_url String,
+	ftp_content String,
+	ftp_link_type String,
+	bgp_type Int64,
+	bgp_as_num String,
+	bgp_route String,
+	voip_calling_account String,
+	voip_called_account String,
+	voip_calling_number String,
+	voip_called_number String,
+	streaming_media_url String,
+	streaming_media_protocol String,
+	app_extra_info String,
+	sip_call_id String,
+	sip_originator_description String,
+	sip_responder_description String,
+	sip_user_agent String,
+	sip_server String,
+	sip_originator_sdp_connect_ip String,
+	sip_originator_sdp_media_port Int64,
+	sip_originator_sdp_media_type String,
+	sip_originator_sdp_content String,
+	sip_responder_sdp_connect_ip String,
+	sip_responder_sdp_media_port Int64,
+	sip_responder_sdp_media_type String,
+	sip_responder_sdp_content String,
+	sip_duration Int64,
+	sip_bye String,
+	rtp_payload_type_c2s Nullable(Int64),
+	rtp_payload_type_s2c Nullable(Int64),
+	rtp_pcap_path String,
+	rtp_originator_dir Int64
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,security_event_log_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.sys_packet_capture_log ON CLUSTER ck_query (
+	common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	nic_name String,
+	origin_source_mac String,
+	origin_dest_mac String,
+	packet_url String,
+	pcap_storage_task_id Int64,
+	pcap_storage_duration Int64
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,sys_packet_capture_log_local,rand());
+	
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.radius_onff_log ON CLUSTER ck_query(
+	event_timestamp Int64,
+	account String,
+	framed_ip String,
+	acct_status_type Int64,
+	acct_session_id String,
+	acct_session_time Int64
+)
+ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,radius_onff_log_local,rand());
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.radius_record_log ON CLUSTER ck_cluster (
+	common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	radius_packet_type Int64,
+	radius_nas_ip String,
+	radius_framed_ip String,
+	radius_account String,
+	radius_session_timeout Int64,
+	radius_idle_timeout Int64,
+	radius_acct_status_type Int64,
+	radius_acct_terminate_cause Int64,
+	radius_event_timestamp Int64,
+	radius_nas_port Int64,
+	radius_service_type Int64,
+	radius_framed_protocol Int64,
+	radius_callback_number String,
+	radius_callback_id String,
+	radius_termination_action Nullable(Int64),
+	radius_called_station_id String,
+	radius_calling_station_id String,
+	radius_acct_delay_time Int64,
+	radius_acct_session_id String,
+	radius_acct_multi_session_id String,
+	radius_acct_input_octets Int64,
+	radius_acct_output_octets Int64,
+	radius_acct_input_packets Int64,
+	radius_acct_output_packets Int64,
+	radius_acct_session_time Int64,
+	radius_acct_link_count Int64,
+	radius_acct_interim_interval Int64
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,radius_record_log_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log ON CLUSTER ck_cluster (
+	common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_content String,
+	http_response_content String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	mail_protocol_type String,
+	mail_account String,
+	mail_to_cmd String,
+	mail_from_cmd String,
+	mail_from String,
+	mail_to String,
+	mail_cc String,
+	mail_bcc String,
+	mail_subject String,
+	mail_subject_charset String,
+	mail_content String,
+	mail_content_charset String,
+	mail_attachment_name String,
+	mail_attachment_name_charset String,
+	mail_attachment_content String,
+	mail_eml_file String,
+	mail_snapshot String,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_pinningst Nullable(Int64),
+	ssl_intercept_state Nullable(Int64),
+	ssl_server_side_latency Int64,
+	ssl_client_side_latency Int64,
+	ssl_server_side_version String,
+	ssl_client_side_version String,
+	ssl_cert_verify Nullable(Int64),
+	ssl_error String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	ssl_cert_issuer String,
+	ssl_cert_subject String,
+	quic_version String,
+	quic_sni String,
+	quic_user_agent String,
+	ftp_account String,
+	ftp_url String,
+	ftp_content String,
+	ftp_link_type String,
+	bgp_type Int64,
+	bgp_as_num String,
+	bgp_route String,
+	voip_calling_account String,
+	voip_called_account String,
+	voip_calling_number String,
+	voip_called_number String,
+	streaming_media_url String,
+	streaming_media_protocol String,
+	app_extra_info String,
+	sip_call_id String,
+	sip_originator_description String,
+	sip_responder_description String,
+	sip_user_agent String,
+	sip_server String,
+	sip_originator_sdp_connect_ip String,
+	sip_originator_sdp_media_port Int64,
+	sip_originator_sdp_media_type String,
+	sip_originator_sdp_content String,
+	sip_responder_sdp_connect_ip String,
+	sip_responder_sdp_media_port Int64,
+	sip_responder_sdp_media_type String,
+	sip_responder_sdp_content String,
+	sip_duration Int64,
+	sip_bye String,
+	rtp_payload_type_c2s Nullable(Int64),
+	rtp_payload_type_s2c Nullable(Int64),
+	rtp_pcap_path String,
+	rtp_originator_dir Int64
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,connection_record_log_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.proxy_event_log ON CLUSTER ck_cluster (
+	common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_content String,
+	http_response_content String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	doh_url String,
+	doh_host String,
+	doh_request_line String,
+	doh_response_line String,
+	doh_cookie String,
+	doh_referer String,
+	doh_user_agent String,
+	doh_content_length String,
+	doh_content_type String,
+	doh_set_cookie String,
+	doh_version String,
+	doh_message_id Int64,
+	doh_qr Int64,
+	doh_opcode Int64,
+	doh_aa Int64,
+	doh_tc Int64,
+	doh_rd Int64,
+	doh_ra Int64,
+	doh_rcode Int64,
+	doh_qdcount Int64,
+	doh_ancount Int64,
+	doh_nscount Int64,
+	doh_arcount Int64,
+	doh_qname String,
+	doh_qtype Int64,
+	doh_qclass Int64,
+	doh_cname String,
+	doh_sub Int64,
+	doh_rr String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,proxy_event_log_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.security_event_log ON CLUSTER ck_cluster (
+	common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_content String,
+	http_response_content String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	mail_protocol_type String,
+	mail_account String,
+	mail_to_cmd String,
+	mail_from_cmd String,
+	mail_from String,
+	mail_to String,
+	mail_cc String,
+	mail_bcc String,
+	mail_subject String,
+	mail_subject_charset String,
+	mail_content String,
+	mail_content_charset String,
+	mail_attachment_name String,
+	mail_attachment_name_charset String,
+	mail_attachment_content String,
+	mail_eml_file String,
+	mail_snapshot String,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_pinningst Nullable(Int64),
+	ssl_intercept_state Nullable(Int64),
+	ssl_server_side_latency Int64,
+	ssl_client_side_latency Int64,
+	ssl_server_side_version String,
+	ssl_client_side_version String,
+	ssl_cert_verify Nullable(Int64),
+	ssl_error String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	ssl_cert_issuer String,
+	ssl_cert_subject String,
+	quic_version String,
+	quic_sni String,
+	quic_user_agent String,
+	ftp_account String,
+	ftp_url String,
+	ftp_content String,
+	ftp_link_type String,
+	bgp_type Int64,
+	bgp_as_num String,
+	bgp_route String,
+	voip_calling_account String,
+	voip_called_account String,
+	voip_calling_number String,
+	voip_called_number String,
+	streaming_media_url String,
+	streaming_media_protocol String,
+	app_extra_info String,
+	sip_call_id String,
+	sip_originator_description String,
+	sip_responder_description String,
+	sip_user_agent String,
+	sip_server String,
+	sip_originator_sdp_connect_ip String,
+	sip_originator_sdp_media_port Int64,
+	sip_originator_sdp_media_type String,
+	sip_originator_sdp_content String,
+	sip_responder_sdp_connect_ip String,
+	sip_responder_sdp_media_port Int64,
+	sip_responder_sdp_media_type String,
+	sip_responder_sdp_content String,
+	sip_duration Int64,
+	sip_bye String,
+	rtp_payload_type_c2s Nullable(Int64),
+	rtp_payload_type_s2c Nullable(Int64),
+	rtp_pcap_path String,
+	rtp_originator_dir Int64
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,security_event_log_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.sys_packet_capture_log ON CLUSTER ck_cluster (
+	common_recv_time Int64,
+	common_log_id UInt64,
+	common_stream_trace_id UInt64,
+	common_direction Nullable(Int64),
+	common_stream_dir Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_con_duration_ms Int64,
+	common_establish_latency_ms Int64,
+	common_processing_time Int64,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_data_center String,
+	common_sled_ip String,
+	common_action Int64,
+	common_sub_action String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_user_region String,
+	common_client_ip String,
+	common_internal_ip String,
+	common_client_port Int64,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_imei String,
+	common_imsi String,
+	common_phone_number String,
+	common_server_ip String,
+	common_external_ip String,
+	common_server_port Int64,
+	common_server_location String,
+	common_server_asn String,
+	common_app_id String,
+	common_app_label String,
+	common_app_surrogate_id String,
+	common_l7_protocol String,
+	common_protocol_label String,
+	common_service_category Array(Int64),
+	common_service Int64,
+	common_l4_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_pkt_diff Int64,
+	common_s2c_pkt_diff Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_c2s_byte_diff Int64,
+	common_s2c_byte_diff Int64,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_c2s_pkt_retrans Int64,
+	common_s2c_pkt_retrans Int64,
+	common_c2s_byte_retrans Int64,
+	common_s2c_byte_retrans Int64,
+	common_first_ttl Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_address_type Int64,
+	common_schema_type String,
+	common_device_tag String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	nic_name String,
+	origin_source_mac String,
+	origin_dest_mac String,
+	packet_url String,
+	pcap_storage_task_id Int64,
+	pcap_storage_duration Int64
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,sys_packet_capture_log_local,rand());
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.radius_onff_log ON CLUSTER ck_cluster(
+	event_timestamp Int64,
+	account String,
+	framed_ip String,
+	acct_status_type Int64,
+	acct_session_id String,
+	acct_session_time Int64
+)
+ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,radius_onff_log_local,rand());
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_common_client_ip ON CLUSTER ck_cluster(
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,connection_record_log_common_client_ip_local,rand());
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_common_server_ip ON CLUSTER ck_cluster(
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,connection_record_log_common_server_ip_local,rand());
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_common_subscriber_id ON CLUSTER ck_cluster (
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,connection_record_log_common_subscriber_id_local,rand());
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_http_domain ON CLUSTER ck_cluster(
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,connection_record_log_http_domain_local,rand());
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_common_client_ip ON CLUSTER ck_query(
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,connection_record_log_common_client_ip_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_common_server_ip ON CLUSTER ck_query(
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,connection_record_log_common_server_ip_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_common_subscriber_id ON CLUSTER ck_query (
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,connection_record_log_common_subscriber_id_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.connection_record_log_http_domain ON CLUSTER ck_query(
+	common_log_id UInt64,
+	common_recv_time Int64,
+	common_policy_id Int64,
+	common_action Int64,
+	common_server_ip String,
+	common_client_ip String,
+	common_sled_ip String,
+	common_entrance_id Int64,
+	common_subscriber_id String,
+	common_stream_trace_id UInt64,
+	http_domain String,
+	ssl_sni  String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,connection_record_log_http_domain_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.active_defence_event_log_local on cluster ck_cluster(
+common_log_id UInt64,
+common_recv_time Int64,
+common_entrance_id Int64,
+common_device_id String,
+common_link_id Int64,
+common_policy_id Int64,
+common_user_region String,
+ad_method String,
+ad_protocol String,
+common_address_type Int64,
+ad_target_ip String,
+ad_target_port String,
+ad_cc_target_url String,
+ad_target_ip_location String,
+ad_target_ip_asn String,
+ad_claimed_src_ip_profile_id Int64,
+ad_reflector_profile_id Int64,
+ad_sent_pkt_num Int64,
+ad_sent_byte_num Int64,
+ad_cc_initiate_connection_num Int64,
+ad_cc_established_connection_num Int64,
+ad_cc_rejected_connection_num Int64,
+ad_generate_time Int64
+)
+ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) ORDER BY (common_log_id,common_policy_id,common_recv_time);
+
+create table IF NOT EXISTS tsg_galaxy_v3.active_defence_event_log on cluster ck_query(
+common_log_id UInt64,
+common_recv_time Int64,
+common_entrance_id Int64,
+common_device_id String,
+common_link_id Int64,
+common_policy_id Int64,
+common_user_region String,
+ad_method String,
+ad_protocol String,
+common_address_type Int64,
+ad_target_ip String,
+ad_target_port String,
+ad_cc_target_url String,
+ad_target_ip_location String,
+ad_target_ip_asn String,
+ad_claimed_src_ip_profile_id Int64,
+ad_reflector_profile_id Int64,
+ad_sent_pkt_num Int64,
+ad_sent_byte_num Int64,
+ad_cc_initiate_connection_num Int64,
+ad_cc_established_connection_num Int64,
+ad_cc_rejected_connection_num Int64,
+ad_generate_time Int64
+)
+ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,active_defence_event_log_local,rand());
+
+create table IF NOT EXISTS tsg_galaxy_v3.active_defence_event_log on cluster ck_cluster(
+common_log_id UInt64,
+common_recv_time Int64,
+common_entrance_id Int64,
+common_device_id String,
+common_link_id Int64,
+common_policy_id Int64,
+common_user_region String,
+ad_method String,
+ad_protocol String,
+common_address_type Int64,
+ad_target_ip String,
+ad_target_port String,
+ad_cc_target_url String,
+ad_target_ip_location String,
+ad_target_ip_asn String,
+ad_claimed_src_ip_profile_id Int64,
+ad_reflector_profile_id Int64,
+ad_sent_pkt_num Int64,
+ad_sent_byte_num Int64,
+ad_cc_initiate_connection_num Int64,
+ad_cc_established_connection_num Int64,
+ad_cc_rejected_connection_num Int64,
+ad_generate_time Int64
+)
+ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,active_defence_event_log_local,rand());
+
+
+ CREATE TABLE IF NOT EXISTS `system`.tables_cluster ON CLUSTER ck_query as `system`.tables  ENGINE =Distributed(ck_all,`system`,tables,rand());
+ CREATE TABLE IF NOT EXISTS `system`.disks_cluster ON CLUSTER ck_query as `system`.disks  ENGINE =Distributed(ck_all,`system`,disks,rand());
+ CREATE TABLE IF NOT EXISTS `system`.parts_cluster ON CLUSTER ck_query as `system`.parts  ENGINE =Distributed(ck_all,`system`,parts,rand());
+ CREATE TABLE IF NOT EXISTS `system`.query_log_cluster ON CLUSTER ck_query as `system`.query_log  ENGINE =Distributed(ck_all,`system`,query_log,rand());
+ CREATE TABLE IF NOT EXISTS `system`.columns_cluster ON cluster ck_query AS `system`.columns ENGINE=Distributed(ck_all,`system`,columns,rand());
+ 
+
diff --git a/TSG-21.06/clickhouse/createAllTables/dll.sql b/TSG-21.06/clickhouse/createAllTables/dll.sql
new file mode 100644
index 0000000..db34b5a
--- /dev/null
+++ b/TSG-21.06/clickhouse/createAllTables/dll.sql
@@ -0,0 +1,200 @@
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.active_defence_event_log_local on cluster ck_cluster(
+common_log_id UInt64,
+common_recv_time Int64,
+common_entrance_id Int64,
+common_device_id String,
+common_link_id Int64,
+common_policy_id Int64,
+common_user_region String,
+ad_method String,
+ad_protocol String,
+common_address_type Int64,
+ad_target_ip String,
+ad_target_port String,
+ad_cc_target_url String,
+ad_target_ip_location String,
+ad_target_ip_asn String,
+ad_claimed_src_ip_profile_id Int64,
+ad_reflector_profile_id Int64,
+ad_sent_pkt_num Int64,
+ad_sent_byte_num Int64,
+ad_cc_initiate_connection_num Int64,
+ad_cc_established_connection_num Int64,
+ad_cc_rejected_connection_num Int64,
+ad_generate_time Int64
+)
+ENGINE = MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time)) ORDER BY (common_log_id,common_policy_id,common_recv_time);
+
+create table IF NOT EXISTS tsg_galaxy_v3.active_defence_event_log on cluster ck_query(
+common_log_id UInt64,
+common_recv_time Int64,
+common_entrance_id Int64,
+common_device_id String,
+common_link_id Int64,
+common_policy_id Int64,
+common_user_region String,
+ad_method String,
+ad_protocol String,
+common_address_type Int64,
+ad_target_ip String,
+ad_target_port String,
+ad_cc_target_url String,
+ad_target_ip_location String,
+ad_target_ip_asn String,
+ad_claimed_src_ip_profile_id Int64,
+ad_reflector_profile_id Int64,
+ad_sent_pkt_num Int64,
+ad_sent_byte_num Int64,
+ad_cc_initiate_connection_num Int64,
+ad_cc_established_connection_num Int64,
+ad_cc_rejected_connection_num Int64,
+ad_generate_time Int64
+)
+ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,active_defence_event_log_local,rand());
+
+create table IF NOT EXISTS tsg_galaxy_v3.active_defence_event_log on cluster ck_cluster(
+common_log_id UInt64,
+common_recv_time Int64,
+common_entrance_id Int64,
+common_device_id String,
+common_link_id Int64,
+common_policy_id Int64,
+common_user_region String,
+ad_method String,
+ad_protocol String,
+common_address_type Int64,
+ad_target_ip String,
+ad_target_port String,
+ad_cc_target_url String,
+ad_target_ip_location String,
+ad_target_ip_asn String,
+ad_claimed_src_ip_profile_id Int64,
+ad_reflector_profile_id Int64,
+ad_sent_pkt_num Int64,
+ad_sent_byte_num Int64,
+ad_cc_initiate_connection_num Int64,
+ad_cc_established_connection_num Int64,
+ad_cc_rejected_connection_num Int64,
+ad_generate_time Int64
+)
+ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,active_defence_event_log_local,rand());
+
+
+
+CREATE DICTIONARY IF NOT EXISTS cdn on cluster ck_cluster (
+cdn_id UInt64,
+ domain String,
+ cname String) PRIMARY KEY cdn_id SOURCE(MYSQL(PORT 3306 USER 'root' PASSWORD 'bifang!@#' REPLICA (HOST '192.168.44.71' PRIORITY 1) DB 'tsg-bifang' TABLE 'tsg_cdn_domain_info')) LIFETIME(MIN 300 MAX 400) LAYOUT(FLAT());
+
+ create table IF NOT EXISTS tsg_galaxy_v3.cdn_dic on cluster ck_cluster (`cdn_id` UInt64,
+ `domain` String,
+ `cname` String) Engine = Dictionary(cdn);
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.security_website_domain_info_local  on cluster ck_cluster(
+	stat_time Int64,
+	policy_id Int64,
+	domain String,
+	ip_list AggregateFunction(groupUniqArray,String),
+	cdn_list AggregateFunction(groupUniqArray,String),
+	protocol_type_list AggregateFunction(groupUniqArray,String),
+	port_list  AggregateFunction(groupUniqArray,Int64)
+) ENGINE = AggregatingMergeTree PARTITION BY toYYYYMMDD(toDate(stat_time)) ORDER BY (policy_id,domain,stat_time) SETTINGS index_granularity = 8192;
+
+
+
+CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_v3.security_website_domain_info_local_view  on cluster ck_cluster TO tsg_galaxy_v3.security_website_domain_info_local (
+stat_time UInt32,
+policy_id Int64,
+domain String,
+ip_list AggregateFunction(groupUniqArray,
+ String),
+ cdn_list AggregateFunction(groupUniqArray,
+ String),
+ protocol_type_list AggregateFunction(groupUniqArray,
+ String),
+ port_list AggregateFunction(groupUniqArray,
+ Int64)) AS SELECT toUnixTimestamp(toStartOfDay(toDate(common_recv_time))) AS stat_time,
+ common_policy_id AS policy_id,
+ http_domain AS domain,
+ groupUniqArrayState(common_server_ip) AS ip_list,
+ groupUniqArrayState(cc.domain) AS cdn_list,
+ groupUniqArrayState(common_schema_type) AS protocol_type_list,
+ groupUniqArrayState(common_server_port) AS port_list FROM (SELECT common_recv_time,
+ common_policy_id,
+ http_domain,
+ common_server_ip,
+ arrayJoin(splitByChar(';',
+ replaceAll(ssl_san,
+ '*',
+ ''))) AS san,
+ common_schema_type,
+ common_server_port FROM tsg_galaxy_v3.security_event_log_local) AS sell INNER JOIN tsg_galaxy_v3.cdn_dic AS cc ON sell.san = cc.domain GROUP BY toStartOfDay(toDate(common_recv_time)),
+ common_policy_id,
+ http_domain;
+ 
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.security_ip_info_local  on cluster ck_cluster (
+	stat_time Int64,
+	policy_id Int64,
+	ip String,
+	domain_list AggregateFunction(groupUniqArray,String),
+	port_list  AggregateFunction(groupUniqArray,Int64)
+) ENGINE = AggregatingMergeTree PARTITION BY toYYYYMMDD(toDate(stat_time)) ORDER BY (policy_id,ip,stat_time) SETTINGS index_granularity = 8192;
+
+
+CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_v3.security_ip_info_local_view  on cluster ck_cluster TO tsg_galaxy_v3.security_ip_info_local AS
+SELECT
+	toUnixTimestamp(toStartOfDay(toDate(common_recv_time))) as stat_time,
+	common_policy_id as policy_id,
+	common_server_ip as ip,
+	groupUniqArrayState(http_domain) as domain_list ,
+	groupUniqArrayState(common_server_port) as port_list
+FROM
+	tsg_galaxy_v3.security_event_log_local
+group BY
+	toStartOfDay(toDate(common_recv_time)),
+	common_policy_id,
+	common_server_ip;
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.proxy_ip_info_local  on cluster ck_cluster(
+	stat_time Int64,
+	policy_id Int64,
+	ip_list AggregateFunction(groupUniqArray,String)
+) ENGINE = AggregatingMergeTree PARTITION BY toYYYYMMDD(toDate(stat_time)) ORDER BY (policy_id,stat_time) SETTINGS index_granularity = 8192;
+
+
+CREATE MATERIALIZED VIEW IF NOT EXISTS tsg_galaxy_v3.proxy_ip_info_local_view on cluster ck_cluster TO tsg_galaxy_v3.proxy_ip_info_local   (
+ stat_time UInt32,
+ policy_id Int64,
+ ip_list AggregateFunction(groupUniqArray,
+ String)) AS SELECT toUnixTimestamp(toStartOfMinute(toDateTime(common_recv_time))) AS stat_time,
+ common_policy_id AS policy_id,
+ groupUniqArrayState(common_client_ip) AS ip_list FROM tsg_galaxy_v3.proxy_event_log_local GROUP BY toStartOfMinute(toDateTime(common_recv_time)),
+ common_policy_id;
+
+create table IF NOT EXISTS tsg_galaxy_v3.security_website_domain_info on cluster ck_query 
+(
+	stat_time Int64,
+	policy_id Int64,
+	domain String,
+	ip_list AggregateFunction(groupUniqArray,String),
+	cdn_list AggregateFunction(groupUniqArray,String),
+	protocol_type_list AggregateFunction(groupUniqArray,String),
+	port_list  AggregateFunction(groupUniqArray,Int64)
+)
+ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,security_website_domain_info_local,rand());
+
+create table IF NOT EXISTS tsg_galaxy_v3.security_ip_info on cluster ck_query (
+stat_time Int64,
+	policy_id Int64,
+	ip String,
+	domain_list AggregateFunction(groupUniqArray,String),
+	port_list  AggregateFunction(groupUniqArray,Int64)
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,security_ip_info_local,rand());
+
+create table IF NOT EXISTS tsg_galaxy_v3.proxy_ip_info on cluster ck_query (
+stat_time Int64,
+	policy_id Int64,
+	ip_list AggregateFunction(groupUniqArray,String)
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,proxy_ip_info_local,rand());
+
diff --git a/TSG-21.08/clickhouse/active_defence_event_log.sql b/TSG-21.08/clickhouse/active_defence_event_log.sql
new file mode 100644
index 0000000..c53e3c4
--- /dev/null
+++ b/TSG-21.08/clickhouse/active_defence_event_log.sql
@@ -0,0 +1,9 @@
+--------https://jira.geedge.net/browse/TSG-7197
+ALTER TABLE tsg_galaxy_v3.active_defence_event_log_local ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+ALTER TABLE tsg_galaxy_v3.active_defence_event_log ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+
+ALTER TABLE tsg_galaxy_v3.active_defence_event_log_local ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
+ALTER TABLE tsg_galaxy_v3.active_defence_event_log ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
+
+ALTER TABLE tsg_galaxy_v3.active_defence_event_log ON CLUSTER ck_query ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+ALTER TABLE tsg_galaxy_v3.active_defence_event_log ON CLUSTER ck_query ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
diff --git a/TSG-21.08/clickhouse/connection_record_log.sql b/TSG-21.08/clickhouse/connection_record_log.sql
new file mode 100644
index 0000000..c2ebe23
--- /dev/null
+++ b/TSG-21.08/clickhouse/connection_record_log.sql
@@ -0,0 +1,9 @@
+--------https://jira.geedge.net/browse/TSG-7197
+ALTER TABLE tsg_galaxy_v3.connection_record_log_local ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+ALTER TABLE tsg_galaxy_v3.connection_record_log ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+
+ALTER TABLE tsg_galaxy_v3.connection_record_log_local ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
+ALTER TABLE tsg_galaxy_v3.connection_record_log ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
+
+ALTER TABLE tsg_galaxy_v3.connection_record_log ON CLUSTER ck_query ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+ALTER TABLE tsg_galaxy_v3.connection_record_log ON CLUSTER ck_query ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
\ No newline at end of file
diff --git a/TSG-21.08/clickhouse/gtpc_record_log.sql b/TSG-21.08/clickhouse/gtpc_record_log.sql
new file mode 100644
index 0000000..b593d78
--- /dev/null
+++ b/TSG-21.08/clickhouse/gtpc_record_log.sql
@@ -0,0 +1,9 @@
+--------https://jira.geedge.net/browse/TSG-7197
+ALTER TABLE tsg_galaxy_v3.gtpc_record_log_local ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+ALTER TABLE tsg_galaxy_v3.gtpc_record_log ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+
+ALTER TABLE tsg_galaxy_v3.gtpc_record_log_local ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
+ALTER TABLE tsg_galaxy_v3.gtpc_record_log ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
+
+ALTER TABLE tsg_galaxy_v3.gtpc_record_log ON CLUSTER ck_query ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+ALTER TABLE tsg_galaxy_v3.gtpc_record_log ON CLUSTER ck_query ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
\ No newline at end of file
diff --git a/TSG-21.08/clickhouse/live_session_record_log.sql b/TSG-21.08/clickhouse/live_session_record_log.sql
new file mode 100644
index 0000000..333ecf9
--- /dev/null
+++ b/TSG-21.08/clickhouse/live_session_record_log.sql
@@ -0,0 +1,9 @@
+--------https://jira.geedge.net/browse/TSG-7197
+ALTER TABLE tsg_galaxy_v3.live_session_record_log_local ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+ALTER TABLE tsg_galaxy_v3.live_session_record_log ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+
+ALTER TABLE tsg_galaxy_v3.live_session_record_log_local ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
+ALTER TABLE tsg_galaxy_v3.live_session_record_log ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
+
+ALTER TABLE tsg_galaxy_v3.live_session_record_log ON CLUSTER ck_query ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+ALTER TABLE tsg_galaxy_v3.live_session_record_log ON CLUSTER ck_query ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
\ No newline at end of file
diff --git a/TSG-21.08/clickhouse/proxy_event_log.sql b/TSG-21.08/clickhouse/proxy_event_log.sql
new file mode 100644
index 0000000..f699e99
--- /dev/null
+++ b/TSG-21.08/clickhouse/proxy_event_log.sql
@@ -0,0 +1,9 @@
+--------https://jira.geedge.net/browse/TSG-7197
+ALTER TABLE tsg_galaxy_v3.proxy_event_log_local ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+ALTER TABLE tsg_galaxy_v3.proxy_event_log ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+
+ALTER TABLE tsg_galaxy_v3.proxy_event_log_local ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
+ALTER TABLE tsg_galaxy_v3.proxy_event_log ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
+
+ALTER TABLE tsg_galaxy_v3.proxy_event_log ON CLUSTER ck_query ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+ALTER TABLE tsg_galaxy_v3.proxy_event_log ON CLUSTER ck_query ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
diff --git a/TSG-21.08/clickhouse/radius_record_log.sql b/TSG-21.08/clickhouse/radius_record_log.sql
new file mode 100644
index 0000000..ef01e4f
--- /dev/null
+++ b/TSG-21.08/clickhouse/radius_record_log.sql
@@ -0,0 +1,9 @@
+--------https://jira.geedge.net/browse/TSG-7197
+ALTER TABLE tsg_galaxy_v3.radius_record_log_local ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+ALTER TABLE tsg_galaxy_v3.radius_record_log ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+
+ALTER TABLE tsg_galaxy_v3.radius_record_log_local ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
+ALTER TABLE tsg_galaxy_v3.radius_record_log ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
+
+ALTER TABLE tsg_galaxy_v3.radius_record_log ON CLUSTER ck_query ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+ALTER TABLE tsg_galaxy_v3.radius_record_log ON CLUSTER ck_query ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
diff --git a/TSG-21.08/clickhouse/security_event_log.sql b/TSG-21.08/clickhouse/security_event_log.sql
new file mode 100644
index 0000000..3831f65
--- /dev/null
+++ b/TSG-21.08/clickhouse/security_event_log.sql
@@ -0,0 +1,9 @@
+--------https://jira.geedge.net/browse/TSG-7197
+ALTER TABLE tsg_galaxy_v3.security_event_log_local ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+ALTER TABLE tsg_galaxy_v3.security_event_log ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+
+ALTER TABLE tsg_galaxy_v3.security_event_log_local ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
+ALTER TABLE tsg_galaxy_v3.security_event_log ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
+
+ALTER TABLE tsg_galaxy_v3.security_event_log ON CLUSTER ck_query ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+ALTER TABLE tsg_galaxy_v3.security_event_log ON CLUSTER ck_query ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
diff --git a/TSG-21.08/clickhouse/sys_packet_capture_log.sql b/TSG-21.08/clickhouse/sys_packet_capture_log.sql
new file mode 100644
index 0000000..f00c448
--- /dev/null
+++ b/TSG-21.08/clickhouse/sys_packet_capture_log.sql
@@ -0,0 +1,9 @@
+--------https://jira.geedge.net/browse/TSG-7197
+ALTER TABLE tsg_galaxy_v3.sys_packet_capture_log_local ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+ALTER TABLE tsg_galaxy_v3.sys_packet_capture_log ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+
+ALTER TABLE tsg_galaxy_v3.sys_packet_capture_log_local ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
+ALTER TABLE tsg_galaxy_v3.sys_packet_capture_log ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
+
+ALTER TABLE tsg_galaxy_v3.sys_packet_capture_log ON CLUSTER ck_query ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+ALTER TABLE tsg_galaxy_v3.sys_packet_capture_log ON CLUSTER ck_query ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
diff --git a/TSG-21.08/clickhouse/transaction_record_log.sql b/TSG-21.08/clickhouse/transaction_record_log.sql
new file mode 100644
index 0000000..2f34b7a
--- /dev/null
+++ b/TSG-21.08/clickhouse/transaction_record_log.sql
@@ -0,0 +1,9 @@
+--------https://jira.geedge.net/browse/TSG-7197
+ALTER TABLE tsg_galaxy_v3.transaction_record_log_local ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+ALTER TABLE tsg_galaxy_v3.transaction_record_log ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+
+ALTER TABLE tsg_galaxy_v3.transaction_record_log_local ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
+ALTER TABLE tsg_galaxy_v3.transaction_record_log ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
+
+ALTER TABLE tsg_galaxy_v3.transaction_record_log ON CLUSTER ck_query ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+ALTER TABLE tsg_galaxy_v3.transaction_record_log ON CLUSTER ck_query ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
diff --git a/TSG-21.08/clickhouse/voip_record_log.sql b/TSG-21.08/clickhouse/voip_record_log.sql
new file mode 100644
index 0000000..55a57ed
--- /dev/null
+++ b/TSG-21.08/clickhouse/voip_record_log.sql
@@ -0,0 +1,9 @@
+--------https://jira.geedge.net/browse/TSG-7197
+ALTER TABLE tsg_galaxy_v3.voip_record_log_local ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+ALTER TABLE tsg_galaxy_v3.voip_record_log ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+
+ALTER TABLE tsg_galaxy_v3.voip_record_log_local ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
+ALTER TABLE tsg_galaxy_v3.voip_record_log ON CLUSTER ck_cluster ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
+
+ALTER TABLE tsg_galaxy_v3.voip_record_log ON CLUSTER ck_query ADD COLUMN IF NOT EXISTS common_mirrored_pkts Int64 after common_tcp_server_isn;
+ALTER TABLE tsg_galaxy_v3.voip_record_log ON CLUSTER ck_query ADD COLUMN IF NOT EXISTS common_mirrored_bytes Int64 after common_mirrored_pkts;
diff --git a/updata-record.zip b/updata-record.zip
new file mode 100644
index 0000000000000000000000000000000000000000..ca860a06f6661f9197a8bf7d6f15e7ea7907dda8
GIT binary patch
literal 9429
zcmbVR2RN1e`#-WNBqC&G69>mAJA~}L<JdCJ$+1VWGm{k=3CRxGo3hH@k@ebHNr<BV
zbM))&2=Dt|e=d&4^*qn#{(kQ7=U!hGd2|dC5b`VacD35!AOHJ>2YhO%%UtE*<^=O|
zsr-GPiQeLo`$&)6XKHJ0YGVa+LYV*k2o4DO2xW^%#R72a7Yq=H^R!1yVfOasrjFJy
zdm{&PQ<#I9kuA)U6LHtJIa*QvwK!4Wy6+EYg!@LC>jp_8j!(R7v~Rij<rngc&df@g
z&HFnyr9Y`GS}sDBt6#12c7x@5&D5=;TItbOlkX0Vbz2RU3$)P@-FerDL-($FV<nXh
zs@Cywo!)@_OYUts+GH&*aCXRh1n%wyvzKn;1NUnT2nI#ktE73XVyWakD{2Hew@jsp
zTf3+T^t{vVDJQ06EY*K1zEcJgr#G3=r2cZSMzP}gb!Od~IWKG_yc{;WQ|^e>RC|dK
zac#KkD?dkAOGK)cwcj_!Z<Q2LF}@KnTgwRa4%^XORZ9W3$*#;g&@YyMQr6^A53T~J
z;z0+2SWctN(h+X@Cs|RocunF&{vM4kBWjeC%`I$CkX+qsSQ8xHB;u;9sKi)b4G%D;
zlVxZ$sfN}kK$B><Ok|UtrhKv)q762x%{x7r6obPs?p)`7&L~A^>&xNxcH^zeVC;De
zd#Y9F1<d!H7~c33jmmu(DhrjII*eJBsm5*Lkxy3c2=B$Z<YK;`wpyjr7BOE5U9MQ8
z<PYoPvVuRTNd6k2%bD5Gz54KR34<NvPBV!Z-r(~DG1ujRsTav-Kdzx2UB5*Obb1k3
zHx?!c1U_y3w${$(MhJ5R;-pQ}c<T)qxoOtHGPSO%HLf{hcmbnt%kU=x$t@*EY}J@w
zHP_T?o)^a9bXul%xW)8CU=pl5NGiWrJeC6r#tL`%$Ttmln_dwoXT3=&%(K+cz3A(c
z87N(PXY$<_tkN-Qx<JqO!VPKJT049(E-J!tcEi2|W2-usgRygQONn`W`a74}jSxo8
zZ>$dnHmv3d1~#8<z7qa%(MVvN3n!90*HO#8vhF%|DfN%9?xTpvR6ofVDQ$|}P8cn?
zG5wwe&t)w4u^6{7@(Z`-qgQ8cVROySiRG;-^0ap;3-K>wSTcPW8=^eQ+7+5aa0S2?
z_@8zS+yUn5W@PScZtwWF#G;DungF(38eJ+>$;g_USx4~#Mr0Fx^&ik-aoa%@L)|>m
zX)A)CH&0ImKK)iFL;$6*6z`>IodO&={C!PV=&4~oZn&-aTs%LXEFPu7Y<EQk_*vqp
z9KPz!?LxYWk>`=NbfOH`Iwj(ZA*8v_?YeL9G$w1b><zjO#JbpIY`yNifm`4)TExW}
zl16BIYmp2>Yg74@AyyyQG|JExA&SB-ob-fwnQZUM4w?^DW3_c=D&^QmSO4YiJ*_%m
z_2R(l*-qOt4p1{|C&V$;DC7Hz6E&~<PC_G`med@V%<j;}2YRQD73U|)=IX!7EtwP*
z!no`Ujv+uKCQN!fT<}kLDn4&3NmIfmCx=-}*>{ypHZ(^Q<65*15uN;lEAZFCUety7
z&@{~_S6t;hK>`GuUKou8-%TSeSi!o(#dIO2+T2RygEcW${AF808$%8d_0M}yjj&mS
zaPf>AY>K6;uAxyP!{Q>uz4i&Z$d1_UT<sV=9@Yn`%$$MGH?f_{_`t2o;Rzbk=to(Q
zD2>~n16KbY2)68}v4Ai)b#kzF{Bs*b7u|XTL|Pzt#QzK)x9KrV=pR#!oLdH$`;U!<
zN6Wz{C$exZ`jXWe7Y(j;{pb`>P=maucrshoChieBB)Ca@x29$>0n3_?{^1I#VWCQF
zAsheJ7~v>g<umPzvcrSuc{wHsqZ{|I-<#eR;8Ph{_iIftw+((2R(y^arlfp8v@2Zr
zMjHKvWXt93{wp_`t@ju!^PbT3(Vges;Mj5Zaw4!08vN=xD%T_4_>5P1#bR$4yT<K)
z{i}*W0>fpOtRmAaO+A=c;lxW8*W`~}D<6#?R4UbtrAf<_QGIBPxcx_*F-agRtp`{#
z2KEfsscg9+jNnjH8*@h^Qz+cg$-(@$aJcaS;RLue{(z@*a)yMemy+TYJ>thKCz3qd
zSCTEK*HK?i;Oj>_a4~3XZDMC_<BU`qiEN?tc|rDUvygESyT|y;SMx7%`KKoh7I6Er
zT}5Lqlyuv!`3rL{r$~t$N8Qu^^37d3A6LR&)-G8rgU8PcvPd&)9eUdZ=}I>emu6*F
z^3S(CBv=jP<?CrhpYa2GrZdNT-Uaz^cXa>tHeVZI{8(wGRF85MG91F@d@)Bx$-8ib
zxm)=%#rW(WJLjDms{&F#2LHr`qXX0)0X;EKNBvJk5`T-x`lpC^6p<pDVcT7OCD}uV
zqp$=nciZ&Xbd4huqI)wmifD+*mQ|guJ-_8?K^{unZdOIaA-5^Vl6+(8b&Gu3ix5s<
z4NZ!6<Df=rexJuHp78Q1st+s?_Z?HpKdLz-KO*tJnfWAf(DloeZ7n%_te`T<Ecd+%
z%Np}Bn4{Q(dO=X=rNm(U_&F0iS9@5E*2}zbrhNaVbdAdndw$KFZudU+q%zSQ6%kwF
zqqZ7=3dlbNQfHVo{J#ehJAebzzd4WuIB5Mo;UWA^`2!BI&2n|>a+tZnhDYn@Tv~ID
z2?J(d0&55D*@o@@udHO+Od9Goa#K>%Xe&L+J7}&#@Q1gP-q04Z6q=Q0@RLR17MKSP
z*eT3tPvk!uP?T9#hV!Yl6jj8{)Ij~fyS`YV4_tU(4lEB+eSQ98BTCDk0+TKCt6UCU
z=l8}$>$4v}^{X*$?fhMU0HvSy(J~LU92EGwwgZ7)>K?rhwHy@SI<XwQ3Y3F42yF|#
z0p!{Mxt$wDb4MOQZZROco0(gf+nbvIk*=a8l$*dLt?Nwpf?NjB$0Youl%o}2nb`-%
zzR_2&lF5%z8nb^}?!w08j}N8n$tW+YpZvB{+vr|<ea9Z=^+S<j9{0_S)EB+Gyz2M#
zzQ`R2l1JFzT(Fe5k%k*NB^unID}kxLVk5oG{_rldO$KI{Dk4KC-B}~{OfgAIJLE@Y
zD_KnL+v^Y_rD98R%l0p<0bkM59t$#G`{Yo`!KbOlmBq2<KINrhr4^LUm&iMq-!f4t
zL2hr{A7=YZmAqto64ZB#m0#WUyp2Fj9R@#)TKB14Tj}fwf65j7GS!usi~*1M1I@wg
zaiz5Pev9iQYXi35R%QB@<Ngx(y-gVaCjA%o{cX@dpaQ@{sD<?rCQmP{V~vnBHcu*k
zC-54;9`VD=QpT~8owpc~^|ZO=k`P;vY!~!-^|B-}<3_h$y!>{_MDnD_PKlkDuyV`n
z-rLQT1o~AHTDfOe8(euAjrd&eIu3vQQdK*XUPtqgiDhl_>lHJ{5cQ_^F+8sBQ4Kt_
z0WfRf88%JdN(EK&R3EYMA!$b+R<07XfWYWaXy<NtyVIm@T%{0+NEf`JVWF$rnV@4F
zXHXqdOOmRE9mQsJt3u!98|f-x&{K#Xc%nBz!)Hj}jf5mA`chDI5jc5MU21+#xy<H*
z4iBDI3q(OXvAbQ8>5j3zUh%^bpqf_G@>tWpIc6=;IRDXT^+Kt$zS4P4NEXJt0*J{i
z0<#??eKXe3d&zeHE=>x}*>|KXFlb>z4)2e5p#?THVw2Zw9u#XWs97~6;h_5#z%!Gv
z^><xdHA6kN^_>z2MpjD={jZ|sbVVvU@`uKyI%exk#xq44Jj)4Nxv+Hkx7+9ew{dz>
zU#9`whJ}5!xIf~ylZyKoZspg=Y{PKyIviYbN&LAlD+Em%5BH8*aHm6ZF1J&Xu~5K)
zhgvFe;r-}1z0b4JlRFd1B3}(24h_xsZKn8VN=E3wsn|*;479nhYK5yWhqaK+%v=%c
zdd)g};6&ximjq{9T7Ht(75HH&%*rg5^Ff|q2Cl+ix@D}E@=a!@9CvUsmqZl$T%8|_
zJEBiZ#>`zR%;8{{&QOu356NBQ=|1;yt4n&cGiznRO55Qck*BJB-}fMThwv8L06Oc8
z3`8*VqvG^U_0-VqC_6hJ_QoFWFz<N>+U3|p6@vRT7FA(=5{p%vwe>HIma4X$>ovT1
z5eJl)&u&o+wxn{x=}3t6hNXIm>0VWBee3L>FEr}%K>rx=rF=-}Of5=grv*sfT{Ca7
z1xW4#w1L_|93lCiI*3?hKpo^Q$RI<#1ro}-?|wsEl1Je6&A;+l$KT~Sj@wqVPEOd#
zrZF5myNqa8S{+;15%n5%7Oi8>=XIJB>{f`fKTFiyLz<c#pkPEQ2!#(Xo!j%9Nq<JE
zWWho;QE?$dGt3lF2L+j>VHaKlUW`e01F;p`m5zS$U22NT%~ZB@b_KTrh%6*!m(Xgq
zdeehY5!O3<m%<+{%{nS(Fe#YSqPMj6gFJzQ7r5y23;!{vk&+d-@Il7M-RTIPH^l~U
z{QEUYh~g<Y4{4Rly^ywI12Z83Utd))<b}B?`VDrPgb{Sd{usr9gMhx2SEAnaYERbO
zgdEGL*SuOOAQq%^20mfN?HI;U<~orWDyio0cOFmVG+KCyk;jXSPSQg`Wy*M*TzlKe
z-@g-RlAGthReJ_P&_i&lT7vHwd)N?;_3*iR*AEKFKYU*~7BIq-x_9%vlof9_NSF0V
zd_Pu<h*oke)3XT_&n@dLs<B}wL?EM@6yQ13-uH;-PU>P}4VC@CB!TOS-wA66Lc{TQ
zvb7P37P!8bI5rBFrp_+k3bm8iSvT)sta|e>&MPu965h9SZQX5*U-YRZ;IdUgE{!OQ
zGepciv#H6IBrv=ra0Se9FMoUYeZ#p{brJ&maqd30MqKEuS3qd41(WnH8YVnEK{j&z
z*)t*hp}AgS84hg<1`5S}8OWFM_kKZ4E>_<mxJ@8wdPU6Eu+NN{8{xGbHUti(E{{Hk
z<Kzza*3Dw2_mc5-6S|PlJxU$WB6quHYSuMn(&Y5QDYz}oz)YV~QsN32GSg;&Wmf8$
z{s9E<4^xa$x?$O^z4}6I$=1?CC#NbUAt}7pzPoK+PqmY@jr?K^I+JeTH90g)y}12*
z%hvm^Qo6Cxi)HpE7q8y$m>-9^ta^OipVxUe!xNS;g$KT3fc{WRP?HZ!x6)ZwB$V>A
zjNvQKk<|>tjeP!`u0TauerZfuX-om`8FKKppytJG+)WgRVE|Hl8&`P&8PBMJc*b^G
zLO;3jicwa6O?xOZ><D)qkDd-`WvBd1IlInL#t9rhmj~%3XOh>(#<JxHLV5C{;D2>*
zdQjh<=>1kvUdFco{YneL6$H%?u@p|<5KzWy%Bi6aXSR%f?Z=WEbtxz99f!mayd#*Q
zo3cg}7XnS=)j_v|ye^*3YU_n0J|07N49H#y!wmmR_ikvWG=F`&s(V0GbxGbWsl+OK
zlDHfBg~nu}Hy&PI>;&=bXGrZ;?uj(AM2IcUNpDGCsK7FH?qgZcV8F+f$u6GhH<gOp
zXRNM0JLKz&p!HUme={GOtU~Yr=Df|G?LECo=ee&x`FZtQlO$qye*VMNWDd7jTT5|X
z9X!nVlB-%7SQ>icLI<;VsuvTtjAcbt#MnVH8DziH20K8rU#kSd3ZU5)&;@E|cSIMb
zbat`bfHbI@*O?9oMLt4jQtj21e@SD=aZV_Y9dpe0^W?jDdB<R}TdfS!QcK@zhKI{G
zH-xQ|v)NnSETSAu@3RCJfL1xo_Hr6<{i>B<Jv3A_=f>eYlGC4Bl4<izs4gf?+%iaV
zBJDBYF*IQjxB3;xjQ6n(p>Gk-CDJxJyv46fCQo`;xrZ`6?590Tq!`UW8qZtQ#8FkI
z=H4z5XSb-q#rUCXn3^<bW`kJ*kcJdp93Tx!w`&V#jnigqj_cn^9+~sCJKJJlrW;eY
z`}B59<@K31-M>5Y0-Aq-*@IU!0j)p7Z#X;DXdBHd%HJuhJIJq1dqsx_E#B<XMFuny
zD_z|K6Px|s>#IZYd07WTK3ED&@9w$vmh)_E<`*+HXkLA#!2;y@bG~tcs?N*0%)`ZI
zenMaLt!FYJW4hIQ`feIDWQkR_SfsS1@&QnWps6DI9FHR96qnx)V+9;m6Pc!T1#p-i
zpbOOI@~Fd3Z!Q6G`28;f?PLWtO7N12Op8nU8e_@V@EN)V#i|uvRj;d6Fig80<CLiA
z{_*L;j<DCa2+`Jb?(jOtapr<7b=rB%>%`&JDqEp91>|8eGwsc@U)w^9jj<A3E@K)y
zO5m|A+Q?{GMyx@sS=f7tZc_HMF{E+Q216-2`?pxNh?(^4RD8tb*Pu_NHmk{-C~>Hp
zAo4zgnws+T6&$$TFY^Xd^fkuoO7_~b3OCD5HM@7}AGFAAOOoRU=)u0w*$1TJ`!GL)
z%m69>-9c361eJEuv~w>NIZQBBGsJ*k>iZ`%Rf`{ItiyK?Htz*|*lr{|W0^QLHFW*M
zW6ewD6q*t8oR4}k>7ul7vQ=wWVM9ZqLULX(gCR5T+#nwV*l)g>0ltkINUf2HqX7`e
zseJ!K1N$FD!ZYs8Wg4|e?A^lyh~(Y>PbB=VUPFUXIMP`bM-#rWP-p>ouCkA|*L7Yj
z_0f9Qx(K9JI=a=G2<t(noLa}cLLNA@Ab;?-Lu8_)H7QajMz3>TZ+wl;S_txJB9d3h
z>65wLbxjv8n1DAfBqnX9`#pn#vhj&3I5g9|X79chE03xlVxc|lkaFF%8Y4PIvKmss
zF$^1;{4FotLBT(CGIC&I_pRvB0AY){;&!<xIeaj?VNQB-w5_|mJ1#9gxA=cLv4^Lv
z43{YsV(R({?dZFu&&RJ;cm?92#mcl7h*nG3MCPbK9%P<lvdJlCR^+Kg89XooeshXS
z@%q<#_@r(-rV*L&ffDU7s=<-jL$D{3HolP<rl>t}$I!ay>f(V%LX}jl6%+voM81A<
zr*=3(bU3}VwDQY7b3t$`=oVHA#xhrlJNFdX?y8k=WjqxPrrh~XmGcJ7=ZgcOH!<7{
zXSO?RNM9CV<v0chn6SwALJ}4d9jcl%AT7Q(r#Y%+`Z*FNpR?3S^hzd?T}#W!iFxDu
zj&y!b(>q}S>x=sW{dlI-SwsnYCGFYztmnELlIP>GOv{>B?EGo*(U^-$0C7mgjWdpo
z66+~7{;Y>7V<;aZ>)}0QJ-qj`9^OON!;(Mi;d4Mee4i8A&S<PQtP_Q&V(+xDllY=@
zx-e-6Yk+16mhXb$4v>s?MhtY?2@eC1sF7bpKR-~;d+<QChyOzZk%MHF+uCx~hS6-e
zCOu~E4Wl*b6~94VqrUt2sSxVBQ7brp)S&<>OvMrml!f>W(>Wc}dKBiQlcZlTNOSdp
zpWjDTD6@xC+h0_CX<_?Ad}x@u<}3GMv@_Ia=1;;udMtyA9|6Rj6Y)>z<4}>cOn)My
zGiV(m`$XQoU8#ji@XwVWJrFs9eC8D7e`sz{EierEX#vM`lS2!{<F*V>vf$|90;&aX
zfGOFDYd@h#M@2R*`iX2}WqOFbFNAd>>qiIssK`wiry!qLZK7faj{L;t3$Z`M#t%6e
z`{+0w6}t@>U!Az>lS?pE@L;B&+a1mXI|QfuaWeSP=`<?%Hr8q2r<N0_24p1uG=Lz_
z?a%;aMeGxqKROadHQ)@+DF&RLUr`MxY5HjZ1D*S!0T;jDJ#o_=9mJv<a1Qqr15QX3
zsK~!UO%9&_A#ztY+8;{?-g|5S`U@EuEeV10;+NwExKQ8iqxO>NIS|I!!9$19(#{bb
zoB>>;M$6+vQ`C109C<fN7(<1zZRrtwfdXUN^d}4s==h-Z7Ys65-Z>5CpT@4JCaekg
zH6u-M6eVDr0zP-R5ZuV?-z&ud9iLF5noxp|$|A~2|5L!8&}ghe;!PzJ9^!ivVf?`~
z4(Rx(4He(!+$s3~60q+Yx>g{OwWS#kkq>4uk0BqQKcOP`5S)Vi9|LxN%-u4i1>=^?
zhZa~?Vjr{M_#6e*f)HRE|K7nU-2Y3!j!B}uoe3Ztm0UYSHZH_JhJ1V=fQl?cd<ycv
z25e_-k;lkY%kqmHVwWzSJ%)X}OGd>`yKoBjzXxn$^82rm;CkAshv4kB1joRScYLVe
z>cHX1iIgM$Q^5X&ZP17`V9rhb&;ZXZ!ea&;Z-Gz^czy8{1O8jUmMtu<LmJ?}YJO+{
z9y#$b1CH17s0MhDpJKqj1nj*cwHhSygIViC<lO5d|3k(Ek{}2~27FHf@oef6^6LKp
Djfh*4

literal 0
HcmV?d00001