CREATE TABLE systemd_scrape
(
	`hostname` String,
	`last_scrape` DateTime DEFAULT now(),
	`last_cursor` String
) ENGINE = ReplacingMergeTree(last_scrape)
ORDER BY hostname;

CREATE TABLE systemd
(
	`uuid` UUID DEFAULT generateUUIDv4(),
	`scraped_hostname` String DEFAULT '',
	`cursor` String DEFAULT '',

	`message` String DEFAULT '',
	`priority` Int8 DEFAULT -1,
	`code_file` String DEFAULT '',
	`code_line` String DEFAULT '',
	`code_func` String DEFAULT '',
	`errno` Int8 DEFAULT -1,
	`invocation_id` String DEFAULT '',
	`user_invocation_id` String DEFAULT '',
	`syslog_facility` Int8 DEFAULT -1,
	`syslog_identifier` LowCardinality(String) DEFAULT '',
	`syslog_pid` Int64 DEFAULT -1,
	`syslog_timestamp` DateTime('UTC'),
	`tid` Int64 DEFAULT -1,

	`pid` Int64 DEFAULT -1,
	`uid` Int64 DEFAULT -1,
	`gid` Int64 DEFAULT -1,
	`comm` LowCardinality(String) DEFAULT '',
	`exe` LowCardinality(String) DEFAULT '',
	`cmdline` LowCardinality(String) DEFAULT '',
	`audit_session` UInt32 DEFAULT -1,
	`audit_loginuid` Int64 DEFAULT -1,
	`systemd_cgroup` LowCardinality(String) DEFAULT '',
	`systemd_slice` LowCardinality(String) DEFAULT '',
	`systemd_unit` LowCardinality(String) DEFAULT '',
	`systemd_user_slice` LowCardinality(String) DEFAULT '',
	`systemd_user_unit` LowCardinality(String) DEFAULT '',
	`systemd_session` LowCardinality(String) DEFAULT '',
	`systemd_owner_uid` Int64 DEFAULT -1,
	`source_realtime_timestamp` DateTime64(6, 'UTC'),
	`boot_id` LowCardinality(String) DEFAULT '',
	`machine_id` LowCardinality(String) DEFAULT '',
	`systemd_invocation_id` LowCardinality(String) DEFAULT '',
	`hostname` LowCardinality(String) DEFAULT '',
	`transport` LowCardinality(String) DEFAULT '',
	`stream_id` LowCardinality(String) DEFAULT '',
	`line_break` LowCardinality(String) DEFAULT '',
	`namespace` LowCardinality(String) DEFAULT '',

	`kernel_device` LowCardinality(String) DEFAULT '',
	`kernel_subsystem` LowCardinality(String) DEFAULT '',
	`udev_sysname` LowCardinality(String) DEFAULT '',
	`udev_devnode` LowCardinality(String) DEFAULT '',
	`udev_devlink` LowCardinality(String) DEFAULT '',

	`realtime_timestamp` DateTime64(6, 'UTC'),
	`monotonic_timestamp` UInt64,

	`extra_data_json` String DEFAULT ''
) ENGINE = MergeTree()
ORDER BY (scraped_hostname, realtime_timestamp, cursor)
PARTITION BY toYYYYMM(realtime_timestamp)
TTL toDate(realtime_timestamp) + INTERVAL 90 DAY;