1 files changed, 2247 insertions, 0 deletions

diff --git a/testSchemaFiles/public_schema_info.json b/testSchemaFiles/public_schema_info.json
new file mode 100644
index 0000000..e61506a
--- /dev/null
+++ b/testSchemaFiles/public_schema_info.json
@@ -0,0 +1,2247 @@
+{

+  "functions": {

+    "aggregation": [

+      {

+        "name": "COUNT",

+        "label": "COUNT",

+        "function": "count(expr)"

+      },

+      {

+        "name": "COUNT_DISTINCT",

+        "label": "COUNT_DISTINCT",

+        "function": "count(distinct expr)"

+      },

+      {

+        "name": "AVG",

+        "label": "AVG",

+        "function": "avg(expr)"

+      },

+      {

+        "name": "SUM",

+        "label": "SUM",

+        "function": "sum(expr)"

+      },

+      {

+        "name": "MAX",

+        "label": "MAX",

+        "function": "max(expr)"

+      },

+      {

+        "name": "MIN",

+        "label": "MIN",

+        "function": "min(expr)"

+      }

+    ],

+    "operator": [

+      {

+        "name": "=",

+        "label": "=",

+        "function": "expr = value"

+      },

+      {

+        "name": "!=",

+        "label": "!=",

+        "function": "expr != value"

+      },

+      {

+        "name": ">",

+        "label": ">",

+        "function": "expr > value"

+      },

+      {

+        "name": "<",

+        "label": "<",

+        "function": "expr < value"

+      },

+      {

+        "name": ">=",

+        "label": ">=",

+        "function": "expr >= value"

+      },

+      {

+        "name": "<=",

+        "label": "<=",

+        "function": "expr <= value"

+      },

+      {

+        "name": "has",

+        "label": "HAS",

+        "function": "has(expr, value)"

+      },

+      {

+        "name": "in",

+        "label": "IN",

+        "function": "expr in (values)"

+      },

+      {

+        "name": "not in",

+        "label": "NOT IN",

+        "function": "expr not in (values)"

+      },

+      {

+        "name": "like",

+        "label": "LIKE",

+        "function": "expr like value"

+      },

+      {

+        "name": "not like",

+        "label": "NOT LIKE",

+        "function": "expr not like value"

+      },

+      {

+        "name": "notEmpty",

+        "label": "NOT EMPTY",

+        "function": "notEmpty(expr)"

+      },

+      {

+        "name": "empty",

+        "label": "EMPTY",

+        "function": "empty(expr)"

+      }

+    ]

+  },

+  "schema_query": {

+    "references": {

+      "aggregation": [

+        {

+          "type": "int",

+          "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN"

+        },

+        {

+          "type": "long",

+          "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN"

+        },

+        {

+          "type": "float",

+          "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN"

+        },

+        {

+          "type": "double",

+          "functions": "COUNT,COUNT_DISTINCT,AVG,SUM,MAX,MIN"

+        },

+        {

+          "type": "string",

+          "functions": "COUNT,COUNT_DISTINCT"

+        },

+        {

+          "type": "date",

+          "functions": "COUNT,COUNT_DISTINCT,MAX,MIN"

+        },

+        {

+          "type": "timestamp",

+          "functions": "COUNT,COUNT_DISTINCT,MAX,MIN"

+        }

+      ],

+      "operator": [

+        {

+          "type": "int",

+          "functions": "=,!=,>,<,>=,<=,in,not in"

+        },

+        {

+          "type": "long",

+          "functions": "=,!=,>,<,>=,<=,in,not in"

+        },

+        {

+          "type": "float",

+          "functions": "=,!=,>,<,>=,<="

+        },

+        {

+          "type": "double",

+          "functions": "=,!=,>,<,>=,<="

+        },

+        {

+          "type": "string",

+          "functions": "=,!=,in,not in,like,not like,notEmpty,empty"

+        },

+        {

+          "type": "date",

+          "functions": "=,!=,>,<,>=,<="

+        },

+        {

+          "type": "timestamp",

+          "functions": "=,!=,>,<,>=,<="

+        },

+        {

+          "type": "array",

+          "functions": "has"

+        }

+      ]

+    }

+  },

+  "schema_type": {

+    "BASE": {

+      "columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_imei",

+        "common_imsi",

+        "common_phone_number",

+        "common_client_ip",

+        "common_client_port",

+        "common_internal_ip",

+        "common_l4_protocol",

+        "common_address_type",

+        "common_server_ip",

+        "common_server_port",

+        "common_external_ip",

+        "common_action",

+        "common_direction",

+        "common_entrance_id",

+        "common_sled_ip",

+        "common_client_location",

+        "common_client_asn",

+        "common_server_location",

+        "common_server_asn",

+        "common_sessions",

+        "common_c2s_pkt_num",

+        "common_s2c_pkt_num",

+        "common_c2s_byte_num",

+        "common_s2c_byte_num",

+        "common_c2s_pkt_diff",

+        "common_s2c_pkt_diff",

+        "common_c2s_byte_diff",

+        "common_s2c_byte_diff",

+        "common_service",

+        "common_schema_type",

+        "common_user_tags",

+        "common_sub_action",

+        "common_user_region",

+        "common_device_id",

+        "common_egress_link_id",

+        "common_ingress_link_id",

+        "common_isp",

+        "common_device_tag",

+        "common_data_center",

+        "common_device_group",

+        "common_app_behavior",

+        "common_encapsulation",

+        "common_app_label",

+        "common_tunnels",

+        "common_protocol_label",

+        "common_app_id",

+        "common_userdefine_app_name",

+        "common_app_identify_info",

+        "common_app_surrogate_id",

+        "common_service_category",

+        "common_l7_protocol",

+        "common_start_time",

+        "common_end_time",

+        "common_establish_latency_ms",

+        "common_con_duration_ms",

+        "common_stream_dir",

+        "common_address_list",

+        "common_has_dup_traffic",

+        "common_stream_error",

+        "common_stream_trace_id",

+        "common_link_info_c2s",

+        "common_link_info_s2c",

+        "common_packet_capture_file",

+        "common_c2s_ipfrag_num",

+        "common_s2c_ipfrag_num",

+        "common_c2s_tcp_lostlen",

+        "common_s2c_tcp_lostlen",

+        "common_c2s_tcp_unorder_num",

+        "common_s2c_tcp_unorder_num",

+        "common_c2s_pkt_retrans",

+        "common_s2c_pkt_retrans",

+        "common_c2s_byte_retrans",

+        "common_s2c_byte_retrans",

+        "common_tcp_client_isn",

+        "common_tcp_server_isn",

+        "common_first_ttl",

+        "common_processing_time",

+        "common_ingestion_time",

+        "common_mirrored_pkts",

+        "common_mirrored_bytes"

+      ],

+      "default_columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_client_ip",

+        "common_server_ip",

+        "common_server_port"

+      ]

+    },

+    "HTTP": {

+      "columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_imei",

+        "common_imsi",

+        "common_phone_number",

+        "common_client_ip",

+        "common_client_port",

+        "common_internal_ip",

+        "common_l4_protocol",

+        "common_address_type",

+        "common_server_ip",

+        "common_server_port",

+        "common_external_ip",

+        "common_action",

+        "common_direction",

+        "common_entrance_id",

+        "common_sled_ip",

+        "common_client_location",

+        "common_client_asn",

+        "common_server_location",

+        "common_server_asn",

+        "common_sessions",

+        "common_c2s_pkt_num",

+        "common_s2c_pkt_num",

+        "common_c2s_byte_num",

+        "common_s2c_byte_num",

+        "common_c2s_pkt_diff",

+        "common_s2c_pkt_diff",

+        "common_c2s_byte_diff",

+        "common_s2c_byte_diff",

+        "common_service",

+        "common_schema_type",

+        "common_user_tags",

+        "common_sub_action",

+        "common_user_region",

+        "common_device_id",

+        "common_egress_link_id",

+        "common_ingress_link_id",

+        "common_isp",

+        "common_device_tag",

+        "common_data_center",

+        "common_device_group",

+        "common_app_behavior",

+        "common_encapsulation",

+        "common_app_label",

+        "common_tunnels",

+        "common_protocol_label",

+        "common_app_id",

+        "common_userdefine_app_name",

+        "common_app_identify_info",

+        "common_app_surrogate_id",

+        "common_service_category",

+        "common_l7_protocol",

+        "common_start_time",

+        "common_end_time",

+        "common_establish_latency_ms",

+        "common_con_duration_ms",

+        "common_stream_dir",

+        "common_address_list",

+        "common_has_dup_traffic",

+        "common_stream_error",

+        "common_stream_trace_id",

+        "common_link_info_c2s",

+        "common_link_info_s2c",

+        "common_packet_capture_file",

+        "common_c2s_ipfrag_num",

+        "common_s2c_ipfrag_num",

+        "common_c2s_tcp_lostlen",

+        "common_s2c_tcp_lostlen",

+        "common_c2s_tcp_unorder_num",

+        "common_s2c_tcp_unorder_num",

+        "common_c2s_pkt_retrans",

+        "common_s2c_pkt_retrans",

+        "common_c2s_byte_retrans",

+        "common_s2c_byte_retrans",

+        "common_tcp_client_isn",

+        "common_tcp_server_isn",

+        "common_first_ttl",

+        "common_processing_time",

+        "common_ingestion_time",

+        "common_mirrored_pkts",

+        "common_mirrored_bytes",

+        "http_url",

+        "http_host",

+        "http_domain",

+        "http_request_line",

+        "http_response_line",

+        "http_request_header",

+        "http_response_header",

+        "http_request_content",

+        "http_request_content_length",

+        "http_request_content_type",

+        "http_response_content",

+        "http_response_content_length",

+        "http_response_content_type",

+        "http_request_body",

+        "http_response_body",

+        "http_request_body_key",

+        "http_response_body_key",

+        "http_proxy_flag",

+        "http_sequence",

+        "http_snapshot",

+        "http_cookie",

+        "http_referer",

+        "http_user_agent",

+        "http_content_length",

+        "http_content_type",

+        "http_set_cookie",

+        "http_version",

+        "http_response_latency_ms",

+        "http_session_duration_ms",

+        "http_action_file_size"

+      ],

+      "default_columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_client_ip",

+        "http_url",

+        "common_server_port",

+        "common_sub_action"

+      ]

+    },

+    "MAIL": {

+      "columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_imei",

+        "common_imsi",

+        "common_phone_number",

+        "common_client_ip",

+        "common_client_port",

+        "common_internal_ip",

+        "common_l4_protocol",

+        "common_address_type",

+        "common_server_ip",

+        "common_server_port",

+        "common_external_ip",

+        "common_action",

+        "common_direction",

+        "common_entrance_id",

+        "common_sled_ip",

+        "common_client_location",

+        "common_client_asn",

+        "common_server_location",

+        "common_server_asn",

+        "common_sessions",

+        "common_c2s_pkt_num",

+        "common_s2c_pkt_num",

+        "common_c2s_byte_num",

+        "common_s2c_byte_num",

+        "common_c2s_pkt_diff",

+        "common_s2c_pkt_diff",

+        "common_c2s_byte_diff",

+        "common_s2c_byte_diff",

+        "common_service",

+        "common_schema_type",

+        "common_user_tags",

+        "common_sub_action",

+        "common_user_region",

+        "common_device_id",

+        "common_egress_link_id",

+        "common_ingress_link_id",

+        "common_isp",

+        "common_device_tag",

+        "common_data_center",

+        "common_device_group",

+        "common_app_behavior",

+        "common_encapsulation",

+        "common_app_label",

+        "common_tunnels",

+        "common_protocol_label",

+        "common_app_id",

+        "common_userdefine_app_name",

+        "common_app_identify_info",

+        "common_app_surrogate_id",

+        "common_l7_protocol",

+        "common_service_category",

+        "common_start_time",

+        "common_end_time",

+        "common_establish_latency_ms",

+        "common_con_duration_ms",

+        "common_stream_dir",

+        "common_address_list",

+        "common_has_dup_traffic",

+        "common_stream_error",

+        "common_stream_trace_id",

+        "common_link_info_c2s",

+        "common_link_info_s2c",

+        "common_packet_capture_file",

+        "common_c2s_ipfrag_num",

+        "common_s2c_ipfrag_num",

+        "common_c2s_tcp_lostlen",

+        "common_s2c_tcp_lostlen",

+        "common_c2s_tcp_unorder_num",

+        "common_s2c_tcp_unorder_num",

+        "common_c2s_pkt_retrans",

+        "common_s2c_pkt_retrans",

+        "common_c2s_byte_retrans",

+        "common_s2c_byte_retrans",

+        "common_tcp_client_isn",

+        "common_tcp_server_isn",

+        "common_first_ttl",

+        "common_processing_time",

+        "common_ingestion_time",

+        "common_mirrored_pkts",

+        "common_mirrored_bytes",

+        "mail_protocol_type",

+        "mail_account",

+        "mail_from_cmd",

+        "mail_to_cmd",

+        "mail_from",

+        "mail_to",

+        "mail_cc",

+        "mail_bcc",

+        "mail_subject",

+        "mail_subject_charset",

+        "mail_content",

+        "mail_content_charset",

+        "mail_attachment_name",

+        "mail_attachment_name_charset",

+        "mail_attachment_content",

+        "mail_eml_file",

+        "mail_snapshot"

+      ],

+      "default_columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_client_ip",

+        "mail_from",

+        "mail_to",

+        "mail_subject"

+      ]

+    },

+    "DNS": {

+      "columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_imei",

+        "common_imsi",

+        "common_phone_number",

+        "common_client_ip",

+        "common_client_port",

+        "common_internal_ip",

+        "common_l4_protocol",

+        "common_address_type",

+        "common_server_ip",

+        "common_server_port",

+        "common_external_ip",

+        "common_action",

+        "common_direction",

+        "common_entrance_id",

+        "common_sled_ip",

+        "common_client_location",

+        "common_client_asn",

+        "common_server_location",

+        "common_server_asn",

+        "common_sessions",

+        "common_c2s_pkt_num",

+        "common_s2c_pkt_num",

+        "common_c2s_byte_num",

+        "common_s2c_byte_num",

+        "common_c2s_pkt_diff",

+        "common_s2c_pkt_diff",

+        "common_c2s_byte_diff",

+        "common_s2c_byte_diff",

+        "common_service",

+        "common_schema_type",

+        "common_user_tags",

+        "common_sub_action",

+        "common_user_region",

+        "common_device_id",

+        "common_egress_link_id",

+        "common_ingress_link_id",

+        "common_isp",

+        "common_device_tag",

+        "common_data_center",

+        "common_device_group",

+        "common_app_behavior",

+        "common_encapsulation",

+        "common_app_label",

+        "common_tunnels",

+        "common_protocol_label",

+        "common_app_id",

+        "common_userdefine_app_name",

+        "common_app_identify_info",

+        "common_app_surrogate_id",

+        "common_l7_protocol",

+        "common_service_category",

+        "common_start_time",

+        "common_end_time",

+        "common_establish_latency_ms",

+        "common_con_duration_ms",

+        "common_stream_dir",

+        "common_address_list",

+        "common_has_dup_traffic",

+        "common_stream_error",

+        "common_stream_trace_id",

+        "common_link_info_c2s",

+        "common_link_info_s2c",

+        "common_packet_capture_file",

+        "common_c2s_ipfrag_num",

+        "common_s2c_ipfrag_num",

+        "common_c2s_tcp_lostlen",

+        "common_s2c_tcp_lostlen",

+        "common_c2s_tcp_unorder_num",

+        "common_s2c_tcp_unorder_num",

+        "common_c2s_pkt_retrans",

+        "common_s2c_pkt_retrans",

+        "common_c2s_byte_retrans",

+        "common_s2c_byte_retrans",

+        "common_tcp_client_isn",

+        "common_tcp_server_isn",

+        "common_first_ttl",

+        "common_processing_time",

+        "common_ingestion_time",

+        "common_mirrored_pkts",

+        "common_mirrored_bytes",

+        "dns_message_id",

+        "dns_qr",

+        "dns_opcode",

+        "dns_aa",

+        "dns_tc",

+        "dns_rd",

+        "dns_ra",

+        "dns_rcode",

+        "dns_qdcount",

+        "dns_ancount",

+        "dns_nscount",

+        "dns_arcount",

+        "dns_qname",

+        "dns_qtype",

+        "dns_qclass",

+        "dns_cname",

+        "dns_sub",

+        "dns_rr",

+        "dns_response_latency_ms"

+      ],

+      "default_columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_client_ip",

+        "dns_qr",

+        "dns_qname",

+        "dns_qtype"

+      ]

+    },

+    "SSL": {

+      "columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_imei",

+        "common_imsi",

+        "common_phone_number",

+        "common_client_ip",

+        "common_client_port",

+        "common_internal_ip",

+        "common_l4_protocol",

+        "common_address_type",

+        "common_server_ip",

+        "common_server_port",

+        "common_external_ip",

+        "common_action",

+        "common_direction",

+        "common_entrance_id",

+        "common_sled_ip",

+        "common_client_location",

+        "common_client_asn",

+        "common_server_location",

+        "common_server_asn",

+        "common_sessions",

+        "common_c2s_pkt_num",

+        "common_s2c_pkt_num",

+        "common_c2s_byte_num",

+        "common_s2c_byte_num",

+        "common_c2s_pkt_diff",

+        "common_s2c_pkt_diff",

+        "common_c2s_byte_diff",

+        "common_s2c_byte_diff",

+        "common_service",

+        "common_schema_type",

+        "common_user_tags",

+        "common_sub_action",

+        "common_user_region",

+        "common_device_id",

+        "common_egress_link_id",

+        "common_ingress_link_id",

+        "common_isp",

+        "common_device_tag",

+        "common_data_center",

+        "common_device_group",

+        "common_app_behavior",

+        "common_encapsulation",

+        "common_app_label",

+        "common_tunnels",

+        "common_protocol_label",

+        "common_app_id",

+        "common_userdefine_app_name",

+        "common_app_identify_info",

+        "common_app_surrogate_id",

+        "common_l7_protocol",

+        "common_service_category",

+        "common_start_time",

+        "common_end_time",

+        "common_establish_latency_ms",

+        "common_con_duration_ms",

+        "common_stream_dir",

+        "common_address_list",

+        "common_has_dup_traffic",

+        "common_stream_error",

+        "common_stream_trace_id",

+        "common_link_info_c2s",

+        "common_link_info_s2c",

+        "common_packet_capture_file",

+        "common_c2s_ipfrag_num",

+        "common_s2c_ipfrag_num",

+        "common_c2s_tcp_lostlen",

+        "common_s2c_tcp_lostlen",

+        "common_c2s_tcp_unorder_num",

+        "common_s2c_tcp_unorder_num",

+        "common_c2s_pkt_retrans",

+        "common_s2c_pkt_retrans",

+        "common_c2s_byte_retrans",

+        "common_s2c_byte_retrans",

+        "common_tcp_client_isn",

+        "common_tcp_server_isn",

+        "common_first_ttl",

+        "common_processing_time",

+        "common_ingestion_time",

+        "common_mirrored_pkts",

+        "common_mirrored_bytes",

+        "ssl_sni",

+        "ssl_san",

+        "ssl_cn",

+        "ssl_pinningst",

+        "ssl_intercept_state",

+        "ssl_passthrough_reason",

+        "ssl_server_side_latency",

+        "ssl_client_side_latency",

+        "ssl_server_side_version",

+        "ssl_client_side_version",

+        "ssl_cert_verify",

+        "ssl_error",

+        "ssl_con_latency_ms",

+        "ssl_ja3_fingerprint",

+        "ssl_ja3_hash",

+        "ssl_cert_issuer",

+        "ssl_cert_subject"

+      ],

+      "default_columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_client_ip",

+        "ssl_sni",

+        "common_server_ip",

+        "common_server_port"

+      ]

+    },

+    "QUIC": {

+      "columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_imei",

+        "common_imsi",

+        "common_phone_number",

+        "common_client_ip",

+        "common_client_port",

+        "common_internal_ip",

+        "common_l4_protocol",

+        "common_address_type",

+        "common_server_ip",

+        "common_server_port",

+        "common_external_ip",

+        "common_action",

+        "common_direction",

+        "common_entrance_id",

+        "common_sled_ip",

+        "common_client_location",

+        "common_client_asn",

+        "common_server_location",

+        "common_server_asn",

+        "common_sessions",

+        "common_c2s_pkt_num",

+        "common_s2c_pkt_num",

+        "common_c2s_byte_num",

+        "common_s2c_byte_num",

+        "common_c2s_pkt_diff",

+        "common_s2c_pkt_diff",

+        "common_c2s_byte_diff",

+        "common_s2c_byte_diff",

+        "common_service",

+        "common_schema_type",

+        "common_user_tags",

+        "common_sub_action",

+        "common_user_region",

+        "common_device_id",

+        "common_egress_link_id",

+        "common_ingress_link_id",

+        "common_isp",

+        "common_device_tag",

+        "common_data_center",

+        "common_device_group",

+        "common_app_behavior",

+        "common_encapsulation",

+        "common_app_label",

+        "common_tunnels",

+        "common_protocol_label",

+        "common_app_id",

+        "common_userdefine_app_name",

+        "common_app_identify_info",

+        "common_app_surrogate_id",

+        "common_l7_protocol",

+        "common_service_category",

+        "common_start_time",

+        "common_end_time",

+        "common_establish_latency_ms",

+        "common_con_duration_ms",

+        "common_stream_dir",

+        "common_address_list",

+        "common_has_dup_traffic",

+        "common_stream_error",

+        "common_stream_trace_id",

+        "common_link_info_c2s",

+        "common_link_info_s2c",

+        "common_packet_capture_file",

+        "common_c2s_ipfrag_num",

+        "common_s2c_ipfrag_num",

+        "common_c2s_tcp_lostlen",

+        "common_s2c_tcp_lostlen",

+        "common_c2s_tcp_unorder_num",

+        "common_s2c_tcp_unorder_num",

+        "common_c2s_pkt_retrans",

+        "common_s2c_pkt_retrans",

+        "common_c2s_byte_retrans",

+        "common_s2c_byte_retrans",

+        "common_tcp_client_isn",

+        "common_tcp_server_isn",

+        "common_first_ttl",

+        "common_processing_time",

+        "common_ingestion_time",

+        "common_mirrored_pkts",

+        "common_mirrored_bytes",

+        "quic_version",

+        "quic_sni",

+        "quic_user_agent"

+      ],

+      "default_columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_client_ip",

+        "quic_sni",

+        "common_server_ip",

+        "common_server_port"

+      ]

+    },

+    "FTP": {

+      "columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_imei",

+        "common_imsi",

+        "common_phone_number",

+        "common_client_ip",

+        "common_client_port",

+        "common_internal_ip",

+        "common_l4_protocol",

+        "common_address_type",

+        "common_server_ip",

+        "common_server_port",

+        "common_external_ip",

+        "common_action",

+        "common_direction",

+        "common_entrance_id",

+        "common_sled_ip",

+        "common_client_location",

+        "common_client_asn",

+        "common_server_location",

+        "common_server_asn",

+        "common_sessions",

+        "common_c2s_pkt_num",

+        "common_s2c_pkt_num",

+        "common_c2s_byte_num",

+        "common_s2c_byte_num",

+        "common_c2s_pkt_diff",

+        "common_s2c_pkt_diff",

+        "common_c2s_byte_diff",

+        "common_s2c_byte_diff",

+        "common_service",

+        "common_schema_type",

+        "common_user_tags",

+        "common_sub_action",

+        "common_user_region",

+        "common_device_id",

+        "common_egress_link_id",

+        "common_ingress_link_id",

+        "common_isp",

+        "common_device_tag",

+        "common_data_center",

+        "common_device_group",

+        "common_app_behavior",

+        "common_encapsulation",

+        "common_app_label",

+        "common_tunnels",

+        "common_protocol_label",

+        "common_app_id",

+        "common_userdefine_app_name",

+        "common_app_identify_info",

+        "common_app_surrogate_id",

+        "common_l7_protocol",

+        "common_service_category",

+        "common_start_time",

+        "common_end_time",

+        "common_establish_latency_ms",

+        "common_con_duration_ms",

+        "common_stream_dir",

+        "common_address_list",

+        "common_has_dup_traffic",

+        "common_stream_error",

+        "common_stream_trace_id",

+        "common_link_info_c2s",

+        "common_link_info_s2c",

+        "common_packet_capture_file",

+        "common_c2s_ipfrag_num",

+        "common_s2c_ipfrag_num",

+        "common_c2s_tcp_lostlen",

+        "common_s2c_tcp_lostlen",

+        "common_c2s_tcp_unorder_num",

+        "common_s2c_tcp_unorder_num",

+        "common_c2s_pkt_retrans",

+        "common_s2c_pkt_retrans",

+        "common_c2s_byte_retrans",

+        "common_s2c_byte_retrans",

+        "common_tcp_client_isn",

+        "common_tcp_server_isn",

+        "common_first_ttl",

+        "common_processing_time",

+        "common_ingestion_time",

+        "common_mirrored_pkts",

+        "common_mirrored_bytes",

+        "ftp_account",

+        "ftp_url",

+        "ftp_content",

+        "ftp_link_type"

+      ],

+      "default_columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_client_ip",

+        "ftp_url",

+        "common_server_ip",

+        "common_server_port"

+      ]

+    },

+    "BGP": {

+      "columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_imei",

+        "common_imsi",

+        "common_phone_number",

+        "common_client_ip",

+        "common_client_port",

+        "common_internal_ip",

+        "common_l4_protocol",

+        "common_address_type",

+        "common_server_ip",

+        "common_server_port",

+        "common_external_ip",

+        "common_action",

+        "common_direction",

+        "common_entrance_id",

+        "common_sled_ip",

+        "common_client_location",

+        "common_client_asn",

+        "common_server_location",

+        "common_server_asn",

+        "common_sessions",

+        "common_c2s_pkt_num",

+        "common_s2c_pkt_num",

+        "common_c2s_byte_num",

+        "common_s2c_byte_num",

+        "common_c2s_pkt_diff",

+        "common_s2c_pkt_diff",

+        "common_c2s_byte_diff",

+        "common_s2c_byte_diff",

+        "common_service",

+        "common_schema_type",

+        "common_user_tags",

+        "common_sub_action",

+        "common_user_region",

+        "common_device_id",

+        "common_egress_link_id",

+        "common_ingress_link_id",

+        "common_isp",

+        "common_device_tag",

+        "common_data_center",

+        "common_device_group",

+        "common_app_behavior",

+        "common_encapsulation",

+        "common_app_label",

+        "common_tunnels",

+        "common_protocol_label",

+        "common_app_id",

+        "common_userdefine_app_name",

+        "common_app_identify_info",

+        "common_app_surrogate_id",

+        "common_l7_protocol",

+        "common_service_category",

+        "common_start_time",

+        "common_end_time",

+        "common_establish_latency_ms",

+        "common_con_duration_ms",

+        "common_stream_dir",

+        "common_address_list",

+        "common_has_dup_traffic",

+        "common_stream_error",

+        "common_stream_trace_id",

+        "common_link_info_c2s",

+        "common_link_info_s2c",

+        "common_packet_capture_file",

+        "common_c2s_ipfrag_num",

+        "common_s2c_ipfrag_num",

+        "common_c2s_tcp_lostlen",

+        "common_s2c_tcp_lostlen",

+        "common_c2s_tcp_unorder_num",

+        "common_s2c_tcp_unorder_num",

+        "common_c2s_pkt_retrans",

+        "common_s2c_pkt_retrans",

+        "common_c2s_byte_retrans",

+        "common_s2c_byte_retrans",

+        "common_tcp_client_isn",

+        "common_tcp_server_isn",

+        "common_first_ttl",

+        "common_processing_time",

+        "common_ingestion_time",

+        "common_mirrored_pkts",

+        "common_mirrored_bytes",

+        "bgp_type",

+        "bgp_as_num",

+        "bgp_route"

+      ],

+      "default_columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_client_ip",

+        "bgp_type",

+        "bgp_as_num",

+        "common_server_ip",

+        "common_server_port"

+      ]

+    },

+    "SIP": {

+      "columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_imei",

+        "common_imsi",

+        "common_phone_number",

+        "common_client_ip",

+        "common_client_port",

+        "common_internal_ip",

+        "common_l4_protocol",

+        "common_address_type",

+        "common_server_ip",

+        "common_server_port",

+        "common_external_ip",

+        "common_action",

+        "common_direction",

+        "common_entrance_id",

+        "common_sled_ip",

+        "common_client_location",

+        "common_client_asn",

+        "common_server_location",

+        "common_server_asn",

+        "common_sessions",

+        "common_c2s_pkt_num",

+        "common_s2c_pkt_num",

+        "common_c2s_byte_num",

+        "common_s2c_byte_num",

+        "common_c2s_pkt_diff",

+        "common_s2c_pkt_diff",

+        "common_c2s_byte_diff",

+        "common_s2c_byte_diff",

+        "common_service",

+        "common_schema_type",

+        "common_user_tags",

+        "common_sub_action",

+        "common_user_region",

+        "common_device_id",

+        "common_egress_link_id",

+        "common_ingress_link_id",

+        "common_isp",

+        "common_device_tag",

+        "common_data_center",

+        "common_device_group",

+        "common_app_behavior",

+        "common_encapsulation",

+        "common_app_label",

+        "common_tunnels",

+        "common_protocol_label",

+        "common_app_id",

+        "common_userdefine_app_name",

+        "common_app_identify_info",

+        "common_app_surrogate_id",

+        "common_l7_protocol",

+        "common_service_category",

+        "common_start_time",

+        "common_end_time",

+        "common_establish_latency_ms",

+        "common_con_duration_ms",

+        "common_stream_dir",

+        "common_address_list",

+        "common_has_dup_traffic",

+        "common_stream_error",

+        "common_stream_trace_id",

+        "common_link_info_c2s",

+        "common_link_info_s2c",

+        "common_packet_capture_file",

+        "common_c2s_ipfrag_num",

+        "common_s2c_ipfrag_num",

+        "common_c2s_tcp_lostlen",

+        "common_s2c_tcp_lostlen",

+        "common_c2s_tcp_unorder_num",

+        "common_s2c_tcp_unorder_num",

+        "common_c2s_pkt_retrans",

+        "common_s2c_pkt_retrans",

+        "common_c2s_byte_retrans",

+        "common_s2c_byte_retrans",

+        "common_tcp_client_isn",

+        "common_tcp_server_isn",

+        "common_first_ttl",

+        "common_processing_time",

+        "common_ingestion_time",

+        "common_mirrored_pkts",

+        "common_mirrored_bytes",

+        "sip_call_id",

+        "sip_originator_description",

+        "sip_responder_description",

+        "sip_user_agent",

+        "sip_server",

+        "sip_originator_sdp_connect_ip",

+        "sip_originator_sdp_media_port",

+        "sip_originator_sdp_media_type",

+        "sip_originator_sdp_content",

+        "sip_responder_sdp_connect_ip",

+        "sip_responder_sdp_media_port",

+        "sip_responder_sdp_media_type",

+        "sip_responder_sdp_content",

+        "sip_duration_s",

+        "sip_bye"

+      ],

+      "default_columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_subscriber_id",

+        "common_client_ip",

+        "sip_originator_description",

+        "sip_responder_description",

+        "sip_call_id",

+        "common_server_ip",

+        "common_server_port"

+      ]

+    },

+    "RTP": {

+      "columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_imei",

+        "common_imsi",

+        "common_phone_number",

+        "common_client_ip",

+        "common_client_port",

+        "common_internal_ip",

+        "common_l4_protocol",

+        "common_address_type",

+        "common_server_ip",

+        "common_server_port",

+        "common_external_ip",

+        "common_action",

+        "common_direction",

+        "common_entrance_id",

+        "common_sled_ip",

+        "common_client_location",

+        "common_client_asn",

+        "common_server_location",

+        "common_server_asn",

+        "common_sessions",

+        "common_c2s_pkt_num",

+        "common_s2c_pkt_num",

+        "common_c2s_byte_num",

+        "common_s2c_byte_num",

+        "common_c2s_pkt_diff",

+        "common_s2c_pkt_diff",

+        "common_c2s_byte_diff",

+        "common_s2c_byte_diff",

+        "common_service",

+        "common_schema_type",

+        "common_user_tags",

+        "common_sub_action",

+        "common_user_region",

+        "common_device_id",

+        "common_egress_link_id",

+        "common_ingress_link_id",

+        "common_isp",

+        "common_device_tag",

+        "common_data_center",

+        "common_device_group",

+        "common_app_behavior",

+        "common_encapsulation",

+        "common_app_label",

+        "common_tunnels",

+        "common_protocol_label",

+        "common_app_id",

+        "common_userdefine_app_name",

+        "common_app_identify_info",

+        "common_app_surrogate_id",

+        "common_l7_protocol",

+        "common_service_category",

+        "common_start_time",

+        "common_end_time",

+        "common_establish_latency_ms",

+        "common_con_duration_ms",

+        "common_stream_dir",

+        "common_address_list",

+        "common_has_dup_traffic",

+        "common_stream_error",

+        "common_stream_trace_id",

+        "common_link_info_c2s",

+        "common_link_info_s2c",

+        "common_packet_capture_file",

+        "common_c2s_ipfrag_num",

+        "common_s2c_ipfrag_num",

+        "common_c2s_tcp_lostlen",

+        "common_s2c_tcp_lostlen",

+        "common_c2s_tcp_unorder_num",

+        "common_s2c_tcp_unorder_num",

+        "common_c2s_pkt_retrans",

+        "common_s2c_pkt_retrans",

+        "common_c2s_byte_retrans",

+        "common_s2c_byte_retrans",

+        "common_tcp_client_isn",

+        "common_tcp_server_isn",

+        "common_first_ttl",

+        "common_processing_time",

+        "common_ingestion_time",

+        "common_mirrored_pkts",

+        "common_mirrored_bytes",

+        "rtp_payload_type_c2s",

+        "rtp_payload_type_s2c",

+        "rtp_pcap_path",

+        "rtp_originator_dir"

+      ],

+      "default_columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_subscriber_id",

+        "common_client_ip",

+        "common_server_ip",

+        "common_server_port",

+        "rtp_pcap_path",

+        "rtp_originator_dir"

+      ]

+    },

+    "APP": {

+      "columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_imei",

+        "common_imsi",

+        "common_phone_number",

+        "common_client_ip",

+        "common_client_port",

+        "common_internal_ip",

+        "common_l4_protocol",

+        "common_address_type",

+        "common_server_ip",

+        "common_server_port",

+        "common_external_ip",

+        "common_action",

+        "common_direction",

+        "common_entrance_id",

+        "common_sled_ip",

+        "common_client_location",

+        "common_client_asn",

+        "common_server_location",

+        "common_server_asn",

+        "common_sessions",

+        "common_c2s_pkt_num",

+        "common_s2c_pkt_num",

+        "common_c2s_byte_num",

+        "common_s2c_byte_num",

+        "common_c2s_pkt_diff",

+        "common_s2c_pkt_diff",

+        "common_c2s_byte_diff",

+        "common_s2c_byte_diff",

+        "common_service",

+        "common_schema_type",

+        "common_user_tags",

+        "common_sub_action",

+        "common_user_region",

+        "common_device_id",

+        "common_egress_link_id",

+        "common_ingress_link_id",

+        "common_isp",

+        "common_device_tag",

+        "common_data_center",

+        "common_device_group",

+        "common_app_behavior",

+        "common_encapsulation",

+        "common_app_label",

+        "common_tunnels",

+        "common_protocol_label",

+        "common_app_id",

+        "common_userdefine_app_name",

+        "common_app_identify_info",

+        "common_app_surrogate_id",

+        "common_l7_protocol",

+        "common_service_category",

+        "common_start_time",

+        "common_end_time",

+        "common_establish_latency_ms",

+        "common_con_duration_ms",

+        "common_stream_dir",

+        "common_address_list",

+        "common_has_dup_traffic",

+        "common_stream_error",

+        "common_stream_trace_id",

+        "common_link_info_c2s",

+        "common_link_info_s2c",

+        "common_packet_capture_file",

+        "common_c2s_ipfrag_num",

+        "common_s2c_ipfrag_num",

+        "common_c2s_tcp_lostlen",

+        "common_s2c_tcp_lostlen",

+        "common_c2s_tcp_unorder_num",

+        "common_s2c_tcp_unorder_num",

+        "common_c2s_pkt_retrans",

+        "common_s2c_pkt_retrans",

+        "common_c2s_byte_retrans",

+        "common_s2c_byte_retrans",

+        "common_tcp_client_isn",

+        "common_tcp_server_isn",

+        "common_first_ttl",

+        "common_processing_time",

+        "common_ingestion_time",

+        "common_mirrored_pkts",

+        "common_mirrored_bytes",

+        "app_extra_info"

+      ],

+      "default_columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_client_ip",

+        "common_app_id",

+        "common_app_label",

+        "app_extra_info",

+        "common_server_ip",

+        "common_server_port"

+      ]

+    },

+    "DoH": {

+      "columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_imei",

+        "common_imsi",

+        "common_phone_number",

+        "common_client_ip",

+        "common_client_port",

+        "common_internal_ip",

+        "common_l4_protocol",

+        "common_address_type",

+        "common_server_ip",

+        "common_server_port",

+        "common_external_ip",

+        "common_action",

+        "common_direction",

+        "common_entrance_id",

+        "common_sled_ip",

+        "common_client_location",

+        "common_client_asn",

+        "common_server_location",

+        "common_server_asn",

+        "common_sessions",

+        "common_c2s_pkt_num",

+        "common_s2c_pkt_num",

+        "common_c2s_byte_num",

+        "common_s2c_byte_num",

+        "common_c2s_pkt_diff",

+        "common_s2c_pkt_diff",

+        "common_c2s_byte_diff",

+        "common_s2c_byte_diff",

+        "common_service",

+        "common_schema_type",

+        "common_user_tags",

+        "common_sub_action",

+        "common_user_region",

+        "common_device_id",

+        "common_egress_link_id",

+        "common_ingress_link_id",

+        "common_isp",

+        "common_device_tag",

+        "common_data_center",

+        "common_device_group",

+        "common_app_behavior",

+        "common_encapsulation",

+        "common_app_label",

+        "common_tunnels",

+        "common_protocol_label",

+        "common_app_id",

+        "common_userdefine_app_name",

+        "common_app_identify_info",

+        "common_app_surrogate_id",

+        "common_l7_protocol",

+        "common_service_category",

+        "common_start_time",

+        "common_end_time",

+        "common_establish_latency_ms",

+        "common_con_duration_ms",

+        "common_stream_dir",

+        "common_address_list",

+        "common_has_dup_traffic",

+        "common_stream_error",

+        "common_stream_trace_id",

+        "common_link_info_c2s",

+        "common_link_info_s2c",

+        "common_packet_capture_file",

+        "common_c2s_ipfrag_num",

+        "common_s2c_ipfrag_num",

+        "common_c2s_tcp_lostlen",

+        "common_s2c_tcp_lostlen",

+        "common_c2s_tcp_unorder_num",

+        "common_s2c_tcp_unorder_num",

+        "common_c2s_pkt_retrans",

+        "common_s2c_pkt_retrans",

+        "common_c2s_byte_retrans",

+        "common_s2c_byte_retrans",

+        "common_tcp_client_isn",

+        "common_tcp_server_isn",

+        "common_first_ttl",

+        "common_processing_time",

+        "common_ingestion_time",

+        "common_mirrored_pkts",

+        "common_mirrored_bytes",

+        "doh_url",

+        "doh_host",

+        "doh_request_line",

+        "doh_response_line",

+        "doh_cookie",

+        "doh_referer",

+        "doh_user_agent",

+        "doh_content_length",

+        "doh_content_type",

+        "doh_set_cookie",

+        "doh_version",

+        "doh_message_id",

+        "doh_qr",

+        "doh_opcode",

+        "doh_aa",

+        "doh_tc",

+        "doh_rd",

+        "doh_ra",

+        "doh_rcode",

+        "doh_qdcount",

+        "doh_ancount",

+        "doh_nscount",

+        "doh_arcount",

+        "doh_qname",

+        "doh_qtype",

+        "doh_qclass",

+        "doh_cname",

+        "doh_sub",

+        "doh_rr"

+      ],

+      "default_columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_client_ip",

+        "doh_url",

+        "doh_qname",

+        "common_server_port"

+      ]

+    },

+    "VoIP": {

+      "columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_imei",

+        "common_imsi",

+        "common_phone_number",

+        "common_client_ip",

+        "common_client_port",

+        "common_internal_ip",

+        "common_l4_protocol",

+        "common_address_type",

+        "common_server_ip",

+        "common_server_port",

+        "common_external_ip",

+        "common_action",

+        "common_direction",

+        "common_entrance_id",

+        "common_sled_ip",

+        "common_client_location",

+        "common_client_asn",

+        "common_server_location",

+        "common_server_asn",

+        "common_sessions",

+        "common_c2s_pkt_num",

+        "common_s2c_pkt_num",

+        "common_c2s_byte_num",

+        "common_s2c_byte_num",

+        "common_c2s_pkt_diff",

+        "common_s2c_pkt_diff",

+        "common_c2s_byte_diff",

+        "common_s2c_byte_diff",

+        "common_service",

+        "common_schema_type",

+        "common_user_tags",

+        "common_sub_action",

+        "common_user_region",

+        "common_device_id",

+        "common_egress_link_id",

+        "common_ingress_link_id",

+        "common_isp",

+        "common_device_tag",

+        "common_data_center",

+        "common_device_group",

+        "common_app_behavior",

+        "common_encapsulation",

+        "common_app_label",

+        "common_tunnels",

+        "common_protocol_label",

+        "common_app_id",

+        "common_userdefine_app_name",

+        "common_app_identify_info",

+        "common_app_surrogate_id",

+        "common_l7_protocol",

+        "common_service_category",

+        "common_start_time",

+        "common_end_time",

+        "common_establish_latency_ms",

+        "common_con_duration_ms",

+        "common_stream_dir",

+        "common_address_list",

+        "common_has_dup_traffic",

+        "common_stream_error",

+        "common_stream_trace_id",

+        "common_link_info_c2s",

+        "common_link_info_s2c",

+        "common_packet_capture_file",

+        "common_c2s_ipfrag_num",

+        "common_s2c_ipfrag_num",

+        "common_c2s_tcp_lostlen",

+        "common_s2c_tcp_lostlen",

+        "common_c2s_tcp_unorder_num",

+        "common_s2c_tcp_unorder_num",

+        "common_c2s_pkt_retrans",

+        "common_s2c_pkt_retrans",

+        "common_c2s_byte_retrans",

+        "common_s2c_byte_retrans",

+        "common_tcp_client_isn",

+        "common_tcp_server_isn",

+        "common_first_ttl",

+        "common_processing_time",

+        "common_ingestion_time",

+        "common_mirrored_pkts",

+        "common_mirrored_bytes",

+        "sip_call_id",

+        "sip_originator_description",

+        "sip_responder_description",

+        "sip_user_agent",

+        "sip_server",

+        "sip_originator_sdp_connect_ip",

+        "sip_originator_sdp_media_port",

+        "sip_originator_sdp_media_type",

+        "sip_originator_sdp_content",

+        "sip_responder_sdp_connect_ip",

+        "sip_responder_sdp_media_port",

+        "sip_responder_sdp_media_type",

+        "sip_responder_sdp_content",

+        "sip_duration_s",

+        "sip_bye",

+        "rtp_payload_type_c2s",

+        "rtp_payload_type_s2c",

+        "rtp_pcap_path",

+        "rtp_originator_dir"

+      ],

+      "default_columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_subscriber_id",

+        "common_client_ip",

+        "sip_originator_description",

+        "sip_responder_description",

+        "sip_call_id",

+        "common_server_ip",

+        "common_server_port",

+        "rtp_pcap_path",

+        "rtp_originator_dir"

+      ]

+    },

+    "SSH": {

+      "columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_imei",

+        "common_imsi",

+        "common_phone_number",

+        "common_client_ip",

+        "common_client_port",

+        "common_internal_ip",

+        "common_l4_protocol",

+        "common_address_type",

+        "common_server_ip",

+        "common_server_port",

+        "common_external_ip",

+        "common_action",

+        "common_direction",

+        "common_entrance_id",

+        "common_sled_ip",

+        "common_client_location",

+        "common_client_asn",

+        "common_server_location",

+        "common_server_asn",

+        "common_sessions",

+        "common_c2s_pkt_num",

+        "common_s2c_pkt_num",

+        "common_c2s_byte_num",

+        "common_s2c_byte_num",

+        "common_c2s_pkt_diff",

+        "common_s2c_pkt_diff",

+        "common_c2s_byte_diff",

+        "common_s2c_byte_diff",

+        "common_service",

+        "common_schema_type",

+        "common_user_tags",

+        "common_sub_action",

+        "common_user_region",

+        "common_device_id",

+        "common_egress_link_id",

+        "common_ingress_link_id",

+        "common_isp",

+        "common_device_tag",

+        "common_data_center",

+        "common_device_group",

+        "common_app_behavior",

+        "common_encapsulation",

+        "common_app_label",

+        "common_tunnels",

+        "common_protocol_label",

+        "common_app_id",

+        "common_userdefine_app_name",

+        "common_app_identify_info",

+        "common_app_surrogate_id",

+        "common_l7_protocol",

+        "common_service_category",

+        "common_start_time",

+        "common_end_time",

+        "common_establish_latency_ms",

+        "common_con_duration_ms",

+        "common_stream_dir",

+        "common_address_list",

+        "common_has_dup_traffic",

+        "common_stream_error",

+        "common_stream_trace_id",

+        "common_link_info_c2s",

+        "common_link_info_s2c",

+        "common_packet_capture_file",

+        "common_c2s_ipfrag_num",

+        "common_s2c_ipfrag_num",

+        "common_c2s_tcp_lostlen",

+        "common_s2c_tcp_lostlen",

+        "common_c2s_tcp_unorder_num",

+        "common_s2c_tcp_unorder_num",

+        "common_c2s_pkt_retrans",

+        "common_s2c_pkt_retrans",

+        "common_c2s_byte_retrans",

+        "common_s2c_byte_retrans",

+        "common_tcp_client_isn",

+        "common_tcp_server_isn",

+        "common_first_ttl",

+        "common_processing_time",

+        "common_ingestion_time",

+        "common_mirrored_pkts",

+        "common_mirrored_bytes",

+        "ssh_version",

+        "ssh_auth_success",

+        "ssh_client_version",

+        "ssh_server_version",

+        "ssh_cipher_alg",

+        "ssh_mac_alg",

+        "ssh_compression_alg",

+        "ssh_kex_alg",

+        "ssh_host_key_alg",

+        "ssh_host_key",

+        "ssh_hassh"

+      ],

+      "default_columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_client_ip",

+        "common_server_ip",

+        "common_server_port",

+        "ssh_auth_success"

+      ]

+    },

+    "RADIUS": {

+      "columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_imei",

+        "common_imsi",

+        "common_phone_number",

+        "common_client_ip",

+        "common_client_port",

+        "common_internal_ip",

+        "common_l4_protocol",

+        "common_address_type",

+        "common_server_ip",

+        "common_server_port",

+        "common_external_ip",

+        "common_action",

+        "common_direction",

+        "common_entrance_id",

+        "common_sled_ip",

+        "common_client_location",

+        "common_client_asn",

+        "common_server_location",

+        "common_server_asn",

+        "common_sessions",

+        "common_c2s_pkt_num",

+        "common_s2c_pkt_num",

+        "common_c2s_byte_num",

+        "common_s2c_byte_num",

+        "common_c2s_pkt_diff",

+        "common_s2c_pkt_diff",

+        "common_c2s_byte_diff",

+        "common_s2c_byte_diff",

+        "common_service",

+        "common_schema_type",

+        "common_user_tags",

+        "common_sub_action",

+        "common_user_region",

+        "common_device_id",

+        "common_egress_link_id",

+        "common_ingress_link_id",

+        "common_isp",

+        "common_device_tag",

+        "common_data_center",

+        "common_device_group",

+        "common_app_behavior",

+        "common_encapsulation",

+        "common_app_label",

+        "common_tunnels",

+        "common_protocol_label",

+        "common_app_id",

+        "common_userdefine_app_name",

+        "common_app_identify_info",

+        "common_app_surrogate_id",

+        "common_l7_protocol",

+        "common_service_category",

+        "common_start_time",

+        "common_end_time",

+        "common_establish_latency_ms",

+        "common_con_duration_ms",

+        "common_stream_dir",

+        "common_address_list",

+        "common_has_dup_traffic",

+        "common_stream_error",

+        "common_stream_trace_id",

+        "common_link_info_c2s",

+        "common_link_info_s2c",

+        "common_packet_capture_file",

+        "common_c2s_ipfrag_num",

+        "common_s2c_ipfrag_num",

+        "common_c2s_tcp_lostlen",

+        "common_s2c_tcp_lostlen",

+        "common_c2s_tcp_unorder_num",

+        "common_s2c_tcp_unorder_num",

+        "common_c2s_pkt_retrans",

+        "common_s2c_pkt_retrans",

+        "common_c2s_byte_retrans",

+        "common_s2c_byte_retrans",

+        "common_tcp_client_isn",

+        "common_tcp_server_isn",

+        "common_first_ttl",

+        "common_processing_time",

+        "common_ingestion_time",

+        "common_mirrored_pkts",

+        "common_mirrored_bytes",

+        "radius_packet_type",

+        "radius_nas_ip",

+        "radius_framed_ip",

+        "radius_account",

+        "radius_session_timeout",

+        "radius_idle_timeout",

+        "radius_acct_status_type",

+        "radius_acct_terminate_cause",

+        "radius_event_timestamp",

+        "radius_nas_port",

+        "radius_service_type",

+        "radius_framed_protocol",

+        "radius_callback_number",

+        "radius_callback_id",

+        "radius_termination_action",

+        "radius_called_station_id",

+        "radius_calling_station_id",

+        "radius_acct_delay_time",

+        "radius_acct_session_id",

+        "radius_acct_multi_session_id",

+        "radius_acct_input_octets",

+        "radius_acct_output_octets",

+        "radius_acct_input_packets",

+        "radius_acct_output_packets",

+        "radius_acct_session_time",

+        "radius_acct_link_count",

+        "radius_acct_interim_interval",

+        "radius_acct_authentic"

+      ],

+      "default_columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_subscriber_id",

+        "radius_nas_ip",

+        "radius_framed_ip",

+        "radius_acct_status_type"

+      ]

+    },

+    "Stratum": {

+      "columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_imei",

+        "common_imsi",

+        "common_phone_number",

+        "common_client_ip",

+        "common_client_port",

+        "common_internal_ip",

+        "common_l4_protocol",

+        "common_address_type",

+        "common_server_ip",

+        "common_server_port",

+        "common_external_ip",

+        "common_action",

+        "common_direction",

+        "common_entrance_id",

+        "common_sled_ip",

+        "common_client_location",

+        "common_client_asn",

+        "common_server_location",

+        "common_server_asn",

+        "common_sessions",

+        "common_c2s_pkt_num",

+        "common_s2c_pkt_num",

+        "common_c2s_byte_num",

+        "common_s2c_byte_num",

+        "common_c2s_pkt_diff",

+        "common_s2c_pkt_diff",

+        "common_c2s_byte_diff",

+        "common_s2c_byte_diff",

+        "common_service",

+        "common_schema_type",

+        "common_user_tags",

+        "common_sub_action",

+        "common_user_region",

+        "common_device_id",

+        "common_egress_link_id",

+        "common_ingress_link_id",

+        "common_isp",

+        "common_device_tag",

+        "common_data_center",

+        "common_device_group",

+        "common_app_behavior",

+        "common_encapsulation",

+        "common_app_label",

+        "common_tunnels",

+        "common_protocol_label",

+        "common_app_id",

+        "common_userdefine_app_name",

+        "common_app_identify_info",

+        "common_app_surrogate_id",

+        "common_l7_protocol",

+        "common_service_category",

+        "common_start_time",

+        "common_end_time",

+        "common_establish_latency_ms",

+        "common_con_duration_ms",

+        "common_stream_dir",

+        "common_address_list",

+        "common_has_dup_traffic",

+        "common_stream_error",

+        "common_stream_trace_id",

+        "common_link_info_c2s",

+        "common_link_info_s2c",

+        "common_packet_capture_file",

+        "common_c2s_ipfrag_num",

+        "common_s2c_ipfrag_num",

+        "common_c2s_tcp_lostlen",

+        "common_s2c_tcp_lostlen",

+        "common_c2s_tcp_unorder_num",

+        "common_s2c_tcp_unorder_num",

+        "common_c2s_pkt_retrans",

+        "common_s2c_pkt_retrans",

+        "common_c2s_byte_retrans",

+        "common_s2c_byte_retrans",

+        "common_tcp_client_isn",

+        "common_tcp_server_isn",

+        "common_first_ttl",

+        "common_processing_time",

+        "common_ingestion_time",

+        "common_mirrored_pkts",

+        "common_mirrored_bytes",

+        "stratum_cryptocurrency",

+        "stratum_mining_pools",

+        "stratum_mining_program"

+      ],

+      "default_columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_subscriber_id",

+        "stratum_cryptocurrency",

+        "stratum_mining_pools",

+        "stratum_mining_program"

+      ]

+    },

+    "RDP": {

+      "columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_policy_id",

+        "common_subscriber_id",

+        "common_imei",

+        "common_imsi",

+        "common_phone_number",

+        "common_client_ip",

+        "common_client_port",

+        "common_internal_ip",

+        "common_l4_protocol",

+        "common_address_type",

+        "common_server_ip",

+        "common_server_port",

+        "common_external_ip",

+        "common_action",

+        "common_direction",

+        "common_entrance_id",

+        "common_sled_ip",

+        "common_client_location",

+        "common_client_asn",

+        "common_server_location",

+        "common_server_asn",

+        "common_sessions",

+        "common_c2s_pkt_num",

+        "common_s2c_pkt_num",

+        "common_c2s_byte_num",

+        "common_s2c_byte_num",

+        "common_c2s_pkt_diff",

+        "common_s2c_pkt_diff",

+        "common_c2s_byte_diff",

+        "common_s2c_byte_diff",

+        "common_service",

+        "common_schema_type",

+        "common_user_tags",

+        "common_sub_action",

+        "common_user_region",

+        "common_device_id",

+        "common_egress_link_id",

+        "common_ingress_link_id",

+        "common_isp",

+        "common_device_tag",

+        "common_data_center",

+        "common_device_group",

+        "common_app_behavior",

+        "common_encapsulation",

+        "common_app_label",

+        "common_tunnels",

+        "common_protocol_label",

+        "common_app_id",

+        "common_userdefine_app_name",

+        "common_app_identify_info",

+        "common_app_surrogate_id",

+        "common_l7_protocol",

+        "common_service_category",

+        "common_start_time",

+        "common_end_time",

+        "common_establish_latency_ms",

+        "common_con_duration_ms",

+        "common_stream_dir",

+        "common_address_list",

+        "common_has_dup_traffic",

+        "common_stream_error",

+        "common_stream_trace_id",

+        "common_link_info_c2s",

+        "common_link_info_s2c",

+        "common_packet_capture_file",

+        "common_c2s_ipfrag_num",

+        "common_s2c_ipfrag_num",

+        "common_c2s_tcp_lostlen",

+        "common_s2c_tcp_lostlen",

+        "common_c2s_tcp_unorder_num",

+        "common_s2c_tcp_unorder_num",

+        "common_c2s_pkt_retrans",

+        "common_s2c_pkt_retrans",

+        "common_c2s_byte_retrans",

+        "common_s2c_byte_retrans",

+        "common_tcp_client_isn",

+        "common_tcp_server_isn",

+        "common_first_ttl",

+        "common_processing_time",

+        "common_ingestion_time",

+        "common_mirrored_pkts",

+        "common_mirrored_bytes",

+        "rdp_cookie",

+        "rdp_security_protocol",

+        "rdp_client_channels",

+        "rdp_keyboard_layout",

+        "rdp_client_version",

+        "rdp_client_name",

+        "rdp_client_product_id",

+        "rdp_desktop_width",

+        "rdp_desktop_height",

+        "rdp_requested_color_depth",

+        "rdp_certificate_type",

+        "rdp_certificate_count",

+        "rdp_certificate_permanent",

+        "rdp_encryption_level",

+        "rdp_encryption_method"

+      ],

+      "default_columns": [

+        "common_recv_time",

+        "common_log_id",

+        "common_subscriber_id",

+        "rdp_client_version",

+        "rdp_client_name"

+      ]

+    }

+  },

+  "tunnel_type": {

+    "GTP": [

+      {

+        "name": "gtp_sgw_ip",

+        "label": "S-GW IP",

+        "type": "string"

+      },

+      {

+        "name": "gtp_pgw_ip",

+        "label": "P-GW IP",

+        "type": "string"

+      },

+      {

+        "name": "gtp_sgw_port",

+        "label": "S-GW Port",

+        "type": "int"

+      },

+      {

+        "name": "gtp_pgw_port",

+        "label": "P-GW Port",

+        "type": "int"

+      },

+      {

+        "name": "gtp_uplink_teid",

+        "label": "Uplink TEID",

+        "type": "long"

+      },

+      {

+        "name": "gtp_downlink_teid",

+        "label": "Downlink TEID",

+        "type": "long"

+      }

+    ],

+    "MPLS": [

+      {

+        "name": "mpls_c2s_direction_label",

+        "label": "Multiprotocol Label (c2s)",

+        "type": {

+          "type": "array",

+          "items": "int"

+        }

+      },

+      {

+        "name": "mpls_s2c_direction_label",

+        "label": "Multiprotocol Label (s2c)",

+        "type": {

+          "type": "array",

+          "items": "int"

+        }

+      }

+    ],

+    "VLAN": [

+      {

+        "name": "vlan_c2s_direction_id",

+        "label": "VLAN Direction (c2s)",

+        "type": {

+          "type": "array",

+          "items": "int"

+        }

+      },

+      {

+        "name": "vlan_s2c_direction_id",

+        "label": "VLAN Direction (s2c)",

+        "type": {

+          "type": "array",

+          "items": "int"

+        }

+      }

+    ],

+    "ETHERNET": [

+      {

+        "name": "source_mac",

+        "label": "Source MAC",

+        "type": "string"

+      },

+      {

+        "name": "destination_mac",

+        "label": "Destination MAC",

+        "type": "string"

+      }

+    ],

+    "MULTIPATH_ETHERNET": [

+      {

+        "name": "c2s_source_mac",

+        "label": "Source MAC (c2s)",

+        "type": "string"

+      },

+      {

+        "name": "c2s_destination_mac",

+        "label": "Destination MAC (c2s)",

+        "type": "string"

+      },

+      {

+        "name": "s2c_source_mac",

+        "label": "Source MAC (s2c)",

+        "type": "string"

+      },

+      {

+        "name": "s2c_destination_mac",

+        "label": "Destination MAC (s2c)",

+        "type": "string"

+      }

+    ],

+    "L2TP": [

+      {

+        "name": "l2tp_version",

+        "label": "Version",

+        "type": "string"

+      },

+      {

+        "name": "l2tp_lac2lns_tunnel_id",

+        "label": "LAC2LNS Tunnel ID",

+        "type": "int"

+      },

+      {

+        "name": "l2tp_lns2lac_tunnel_id",

+        "label": "LNS2LAC Tunnel ID",

+        "type": "int"

+      },

+      {

+        "name": "l2tp_lac2lns_session_id",

+        "label": "LAC2LNS Session ID",

+        "type": "int"

+      },

+      {

+        "name": "l2tp_lns2lac_session_id",

+        "label": "LNS2LAC Session ID",

+        "type": "int"

+      },

+      {

+        "name": "l2tp_access_concentrator_ip",

+        "label": "Access Concentrator IP",

+        "type": "string"

+      },

+      {

+        "name": "l2tp_access_concentrator_port",

+        "label": "Access Concentrator Port",

+        "type": "int"

+      },

+      {

+        "name": "l2tp_network_server_ip",

+        "label": "Network Server IP",

+        "type": "string"

+      },

+      {

+        "name": "l2tp_network_server_port",

+        "label": "Network Server Port",

+        "type": "int"

+      }

+    ],

+    "PPTP": [

+      {

+        "name": "pptp_uplink_tunnel_id",

+        "label": "UpLink Tunnel ID",

+        "type": "int"

+      },

+      {

+        "name": "pptp_downlink_tunnel_id",

+        "label": "Down Tunnel ID",

+        "type": "int"

+      }

+    ]

+  },

+  "fields": {

+    "common_encapsulation": {

+      "data": [

+        {

+          "code": "0",

+          "value": "Ethernet"

+        },

+        {

+          "code": "8",

+          "value": "PPP"

+        },

+        {

+          "code": "12",

+          "value": "CiscoHDLC"

+        }

+      ]

+    },

+    "common_has_dup_traffic": {

+      "data": [

+        {

+          "code": "0",

+          "value": "No"

+        },

+        {

+          "code": "1",

+          "value": "Yes"

+        }

+      ]

+    }

+  }

+}
\ No newline at end of file