diff --git a/TSG-21.05/Clickhouse/add_table.sql b/TSG-21.05/Clickhouse/add_table.sql
new file mode 100644
index 0000000..303680f
--- /dev/null
+++ b/TSG-21.05/Clickhouse/add_table.sql
@@ -0,0 +1,1153 @@
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.gtpc_record_log_local on cluster ck_cluster(
+	common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	gtp_version String,
+	gtp_apn String,
+	gtp_imei String,
+	gtp_imsi String,
+	gtp_phone_number String,
+	gtp_uplink_teid Int64,
+	gtp_downlink_teid Int64,
+	gtp_msg_type String,
+	gtp_end_user_ipv4 String,
+	gtp_end_user_ipv6 String
+)
+ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
+ORDER BY (common_log_id,common_data_center,common_recv_time);
+
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.gtpc_record_log on cluster ck_cluster(
+	common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	gtp_version String,
+	gtp_apn String,
+	gtp_imei String,
+	gtp_imsi String,
+	gtp_phone_number String,
+	gtp_uplink_teid Int64,
+	gtp_downlink_teid Int64,
+	gtp_msg_type String,
+	gtp_end_user_ipv4 String,
+	gtp_end_user_ipv6 String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,gtpc_record_log_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.gtpc_record_log on cluster ck_query(
+	common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	gtp_version String,
+	gtp_apn String,
+	gtp_imei String,
+	gtp_imsi String,
+	gtp_phone_number String,
+	gtp_uplink_teid Int64,
+	gtp_downlink_teid Int64,
+	gtp_msg_type String,
+	gtp_end_user_ipv4 String,
+	gtp_end_user_ipv6 String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,gtpc_record_log_local,rand());
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.live_session_record_log_local on cluster ck_cluster(
+	common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_content String,
+	http_response_content String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	mail_protocol_type String,
+	mail_account String,
+	mail_to_cmd String,
+	mail_from_cmd String,
+	mail_from String,
+	mail_to String,
+	mail_cc String,
+	mail_bcc String,
+	mail_subject String,
+	mail_subject_charset String,
+	mail_content String,
+	mail_content_charset String,
+	mail_attachment_name String,
+	mail_attachment_name_charset String,
+	mail_attachment_content String,
+	mail_eml_file String,
+	mail_snapshot String,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_pinningst Nullable(Int64),
+	ssl_intercept_state Nullable(Int64),
+	ssl_server_side_latency Int64,
+	ssl_client_side_latency Int64,
+	ssl_server_side_version String,
+	ssl_client_side_version String,
+	ssl_cert_verify Nullable(Int64),
+	ssl_error String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	ssl_cert_issuer String,
+	ssl_cert_subject String,
+	quic_version String,
+	quic_sni String,
+	quic_user_agent String,
+	ftp_account String,
+	ftp_url String,
+	ftp_content String,
+	bgp_type Int64,
+	bgp_as_num String,
+	bgp_route String,
+	voip_calling_account String,
+	voip_called_account String,
+	voip_calling_number String,
+	voip_called_number String,
+	streaming_media_url String,
+	streaming_media_protocol String,
+	app_extra_info String,
+	sip_call_id String,
+	sip_originator_description String,
+	sip_responder_description String,
+	sip_user_agent String,
+	sip_server String,
+	sip_originator_sdp_connect_ip String,
+	sip_originator_sdp_media_port Int64,
+	sip_originator_sdp_media_type String,
+	sip_originator_sdp_content String,
+	sip_responder_sdp_connect_ip String,
+	sip_responder_sdp_media_port Int64,
+	sip_responder_sdp_media_type String,
+	sip_responder_sdp_content String,
+	sip_duration Int64,
+	sip_bye String,
+	rtp_payload_type_c2s Nullable(Int64),
+	rtp_payload_type_s2c Nullable(Int64),
+	rtp_pcap_path String,
+	rtp_originator_dir Int64
+)
+ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
+ORDER BY (common_log_id,common_data_center,common_recv_time);
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.transaction_record_log_local on cluster ck_cluster(
+	common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_content String,
+	http_response_content String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	sip_call_id String,
+	sip_originator_description String,
+	sip_responder_description String,
+	sip_user_agent String,
+	sip_server String,
+	sip_originator_sdp_connect_ip String,
+	sip_originator_sdp_media_port Int64,
+	sip_originator_sdp_media_type String,
+	sip_originator_sdp_content String,
+	sip_responder_sdp_connect_ip String,
+	sip_responder_sdp_media_port Int64,
+	sip_responder_sdp_media_type String,
+	sip_responder_sdp_content String,
+	sip_duration Int64,
+	sip_bye String
+)
+ENGINE=MergeTree PARTITION BY toYYYYMMDD(toDate(common_recv_time))
+ORDER BY (common_stream_trace_id,common_data_center,common_recv_time);
+
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.live_session_record_log on cluster ck_query(
+	common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_content String,
+	http_response_content String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	mail_protocol_type String,
+	mail_account String,
+	mail_to_cmd String,
+	mail_from_cmd String,
+	mail_from String,
+	mail_to String,
+	mail_cc String,
+	mail_bcc String,
+	mail_subject String,
+	mail_subject_charset String,
+	mail_content String,
+	mail_content_charset String,
+	mail_attachment_name String,
+	mail_attachment_name_charset String,
+	mail_attachment_content String,
+	mail_eml_file String,
+	mail_snapshot String,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_pinningst Nullable(Int64),
+	ssl_intercept_state Nullable(Int64),
+	ssl_server_side_latency Int64,
+	ssl_client_side_latency Int64,
+	ssl_server_side_version String,
+	ssl_client_side_version String,
+	ssl_cert_verify Nullable(Int64),
+	ssl_error String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	ssl_cert_issuer String,
+	ssl_cert_subject String,
+	quic_version String,
+	quic_sni String,
+	quic_user_agent String,
+	ftp_account String,
+	ftp_url String,
+	ftp_content String,
+	bgp_type Int64,
+	bgp_as_num String,
+	bgp_route String,
+	voip_calling_account String,
+	voip_called_account String,
+	voip_calling_number String,
+	voip_called_number String,
+	streaming_media_url String,
+	streaming_media_protocol String,
+	app_extra_info String,
+	sip_call_id String,
+	sip_originator_description String,
+	sip_responder_description String,
+	sip_user_agent String,
+	sip_server String,
+	sip_originator_sdp_connect_ip String,
+	sip_originator_sdp_media_port Int64,
+	sip_originator_sdp_media_type String,
+	sip_originator_sdp_content String,
+	sip_responder_sdp_connect_ip String,
+	sip_responder_sdp_media_port Int64,
+	sip_responder_sdp_media_type String,
+	sip_responder_sdp_content String,
+	sip_duration Int64,
+	sip_bye String,
+	rtp_payload_type_c2s Nullable(Int64),
+	rtp_payload_type_s2c Nullable(Int64),
+	rtp_pcap_path String,
+	rtp_originator_dir Int64
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,live_session_record_log_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.live_session_record_log on cluster ck_cluster(
+	common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_content String,
+	http_response_content String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	mail_protocol_type String,
+	mail_account String,
+	mail_to_cmd String,
+	mail_from_cmd String,
+	mail_from String,
+	mail_to String,
+	mail_cc String,
+	mail_bcc String,
+	mail_subject String,
+	mail_subject_charset String,
+	mail_content String,
+	mail_content_charset String,
+	mail_attachment_name String,
+	mail_attachment_name_charset String,
+	mail_attachment_content String,
+	mail_eml_file String,
+	mail_snapshot String,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	ssl_version String,
+	ssl_sni String,
+	ssl_san String,
+	ssl_cn String,
+	ssl_pinningst Nullable(Int64),
+	ssl_intercept_state Nullable(Int64),
+	ssl_server_side_latency Int64,
+	ssl_client_side_latency Int64,
+	ssl_server_side_version String,
+	ssl_client_side_version String,
+	ssl_cert_verify Nullable(Int64),
+	ssl_error String,
+	ssl_con_latency_ms Int64,
+	ssl_ja3_fingerprint String,
+	ssl_ja3_hash String,
+	ssl_cert_issuer String,
+	ssl_cert_subject String,
+	quic_version String,
+	quic_sni String,
+	quic_user_agent String,
+	ftp_account String,
+	ftp_url String,
+	ftp_content String,
+	bgp_type Int64,
+	bgp_as_num String,
+	bgp_route String,
+	voip_calling_account String,
+	voip_called_account String,
+	voip_calling_number String,
+	voip_called_number String,
+	streaming_media_url String,
+	streaming_media_protocol String,
+	app_extra_info String,
+	sip_call_id String,
+	sip_originator_description String,
+	sip_responder_description String,
+	sip_user_agent String,
+	sip_server String,
+	sip_originator_sdp_connect_ip String,
+	sip_originator_sdp_media_port Int64,
+	sip_originator_sdp_media_type String,
+	sip_originator_sdp_content String,
+	sip_responder_sdp_connect_ip String,
+	sip_responder_sdp_media_port Int64,
+	sip_responder_sdp_media_type String,
+	sip_responder_sdp_content String,
+	sip_duration Int64,
+	sip_bye String,
+	rtp_payload_type_c2s Nullable(Int64),
+	rtp_payload_type_s2c Nullable(Int64),
+	rtp_pcap_path String,
+	rtp_originator_dir Int64
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,live_session_record_log_local,rand());
+
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.transaction_record_log on cluster ck_query(
+	common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_content String,
+	http_response_content String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	sip_call_id String,
+	sip_originator_description String,
+	sip_responder_description String,
+	sip_user_agent String,
+	sip_server String,
+	sip_originator_sdp_connect_ip String,
+	sip_originator_sdp_media_port Int64,
+	sip_originator_sdp_media_type String,
+	sip_originator_sdp_content String,
+	sip_responder_sdp_connect_ip String,
+	sip_responder_sdp_media_port Int64,
+	sip_responder_sdp_media_type String,
+	sip_responder_sdp_content String,
+	sip_duration Int64,
+	sip_bye String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,transaction_record_log_local,rand());
+
+CREATE TABLE IF NOT EXISTS tsg_galaxy_v3.transaction_record_log on cluster ck_cluster(
+	common_log_id UInt64,
+	common_service Int64,
+	common_recv_time Int64,
+	common_direction Nullable(Int64),
+	common_l4_protocol String,
+	common_address_type Int64,
+	common_schema_type String,
+	common_policy_id Int64,
+	common_user_tags String,
+	common_action Int64,
+	common_sub_action String,
+	common_user_region String,
+	common_client_ip String,
+	common_client_port Int64,
+	common_internal_ip String,
+	common_entrance_id Int64,
+	common_device_id String,
+	common_link_id Int64,
+	common_isp String,
+	common_device_tag String,
+	common_data_center String,
+	common_encapsulation Int64,
+	common_tunnels String,
+	common_sled_ip String,
+	common_client_location String,
+	common_client_asn String,
+	common_subscriber_id String,
+	common_server_ip String,
+	common_server_port Int64,
+	common_external_ip String,
+	common_server_location String,
+	common_server_asn String,
+	common_protocol_label String,
+	common_app_label String,
+	common_app_id Int64,
+	common_app_surrogate_id Int64,
+	common_l7_protocol String,
+	common_sessions Int64,
+	common_c2s_pkt_num Int64,
+	common_s2c_pkt_num Int64,
+	common_c2s_byte_num Int64,
+	common_s2c_byte_num Int64,
+	common_start_time Int64,
+	common_end_time Int64,
+	common_establish_latency_ms Int64,
+	common_con_duration_ms Int64,
+	common_stream_dir Int64,
+	common_address_list String,
+	common_has_dup_traffic Int64,
+	common_stream_error String,
+	common_stream_trace_id UInt64,
+	common_link_info_c2s String,
+	common_link_info_s2c String,
+	common_c2s_ipfrag_num Int64,
+	common_s2c_ipfrag_num Int64,
+	common_c2s_tcp_lostlen Int64,
+	common_s2c_tcp_lostlen Int64,
+	common_c2s_tcp_unorder_num Int64,
+	common_s2c_tcp_unorder_num Int64,
+	common_tcp_client_isn Int64,
+	common_tcp_server_isn Int64,
+	common_first_ttl Int64,
+	common_processing_time Int64,
+	http_url String,
+	http_host String,
+	http_domain String,
+	http_request_line String,
+	http_response_line String,
+	http_request_header String,
+	http_response_header String,
+	http_request_content String,
+	http_response_content String,
+	http_request_body String,
+	http_response_body String,
+	http_request_body_key String,
+	http_response_body_key String,
+	http_proxy_flag Int64,
+	http_sequence Int64,
+	http_snapshot String,
+	http_cookie String,
+	http_referer String,
+	http_user_agent String,
+	http_content_length String,
+	http_content_type String,
+	http_set_cookie String,
+	http_version String,
+	http_response_lantency_ms Int64,
+	http_session_duration_ms Int64,
+	http_action_file_size Int64,
+	dns_message_id Int64,
+	dns_qr Nullable(Int64),
+	dns_opcode Nullable(Int64),
+	dns_aa Int64,
+	dns_tc Int64,
+	dns_rd Int64,
+	dns_ra Int64,
+	dns_rcode Int64,
+	dns_qdcount Int64,
+	dns_ancount Int64,
+	dns_nscount Int64,
+	dns_arcount Int64,
+	dns_qname String,
+	dns_qtype Int64,
+	dns_qclass Int64,
+	dns_cname String,
+	dns_sub Int64,
+	dns_rr String,
+	sip_call_id String,
+	sip_originator_description String,
+	sip_responder_description String,
+	sip_user_agent String,
+	sip_server String,
+	sip_originator_sdp_connect_ip String,
+	sip_originator_sdp_media_port Int64,
+	sip_originator_sdp_media_type String,
+	sip_originator_sdp_content String,
+	sip_responder_sdp_connect_ip String,
+	sip_responder_sdp_media_port Int64,
+	sip_responder_sdp_media_type String,
+	sip_responder_sdp_content String,
+	sip_duration Int64,
+	sip_bye String
+) ENGINE =Distributed(ck_cluster,tsg_galaxy_v3,transaction_record_log_local,rand());
+