diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md
index 73bc6b2..4ff7504 100644
--- a/CONTRIBUTING.md
+++ b/CONTRIBUTING.md
@@ -63,6 +63,7 @@ Use [start-docs-host.sh](dev-tools/start-docs-host.sh) to deploy a local http se
 ```bash
 cd ./dev-tools && ./start-docs-host.sh
 ```
+
 Access `http://localhost:8080` for docs.
 
 ## Typing
@@ -72,3 +73,11 @@ Access `http://localhost:8080` for docs.
 ```
 pytype ./duetector
 ```
+
+
+## Contributing a new tracer/filter/collector
+
+1. Create a new file in `duetector/tracer`, `duetector/filter` or `duetector/collector` directory, with the name `{name}.py`
+2. Implement the new tracer/filter/collector
+3. Add the new tracer/filter/collector to `registers` list in `duetector/tracer/register.py`, `duetector/filter/register.py` or `duetector/collector/register.py`
+4. Test the new tracer/filter/collector
diff --git a/docs/design/README.md b/docs/design/README.md
index 12ecf22..927a357 100644
--- a/docs/design/README.md
+++ b/docs/design/README.md
@@ -6,6 +6,7 @@ Key Components and Features:
 
 - [ ] **HTTP / RPC Server**: PIP Server, providing API for PDP to get data usage information.
 - [ ] **Analyzer**: Analyze data usage information and generate data usage behavior.
+  - [ ] **DBAnalyzer**: Analyze data usage information from database.
 - [X] **CLI**: CLI for administrator to manage duetector.
 - [X] **BccMonitor**: Monitor data usage behavior in kernel space. Use BCC to implement.
 - [X] **ShMonitor**: A general monitor for custom command. Polling the output of command.
@@ -32,5 +33,5 @@ Current data flow implementation:
 
 The following are not yet realized and may be subject to change.
 
-- [ ] **Collector** will get data from **Collector**.
-- [ ] **HTTP / RPC Server** will get data from **Collector**.
+- [ ] **Analyzer**'s data stracture and API.
+- [ ] **Query Service** will get data from **Analyzer**.
diff --git a/docs/design/image/architecture.png b/docs/design/image/architecture.png
index 1882824..40510aa 100644
Binary files a/docs/design/image/architecture.png and b/docs/design/image/architecture.png differ
diff --git a/docs/design/image/dataflow.png b/docs/design/image/dataflow.png
index 96a8091..326a25b 100644
Binary files a/docs/design/image/dataflow.png and b/docs/design/image/dataflow.png differ
diff --git a/docs/design/src/architecture.drawio b/docs/design/src/architecture.drawio
index 4f24ed2..09ccc2a 100644
--- a/docs/design/src/architecture.drawio
+++ b/docs/design/src/architecture.drawio
@@ -1,83 +1,169 @@
 <mxfile host="65bd71144e">
     <diagram id="71-AI3Yj6Bn5oummquvE" name="第 1 页">
-        <mxGraphModel dx="575" dy="1417" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="827" pageHeight="1169" math="0" shadow="0">
+        <mxGraphModel dx="822" dy="723" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="827" pageHeight="1169" math="0" shadow="0">
             <root>
                 <mxCell id="0"/>
                 <mxCell id="1" parent="0"/>
+                <mxCell id="78" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="50" y="170" width="660" height="90" as="geometry"/>
+                </mxCell>
+                <mxCell id="66" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="50" y="270" width="660" height="170" as="geometry"/>
+                </mxCell>
+                <mxCell id="63" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="550" y="450" width="158" height="330" as="geometry"/>
+                </mxCell>
+                <mxCell id="62" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="50" y="450" width="480" height="330" as="geometry"/>
+                </mxCell>
                 <mxCell id="54" value="" style="edgeStyle=none;html=1;" parent="1" source="52" target="14" edge="1">
                     <mxGeometry relative="1" as="geometry"/>
                 </mxCell>
                 <mxCell id="31" value="" style="rounded=0;whiteSpace=wrap;html=1;dashed=1;" parent="1" vertex="1">
-                    <mxGeometry x="285" y="470" width="100" height="310" as="geometry"/>
+                    <mxGeometry x="175" y="460" width="100" height="310" as="geometry"/>
                 </mxCell>
-                <mxCell id="14" value="HTTP / RPC Service" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;dashed=1;" parent="1" vertex="1">
-                    <mxGeometry x="280" y="230" width="420" height="60" as="geometry"/>
+                <mxCell id="14" value="Query Service" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;dashed=1;" parent="1" vertex="1">
+                    <mxGeometry x="557" y="190" width="126" height="60" as="geometry"/>
                 </mxCell>
                 <mxCell id="18" value="BccMonitor" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#fff2cc;strokeColor=#d6b656;" parent="1" vertex="1">
-                    <mxGeometry x="280" y="310" width="170" height="60" as="geometry"/>
+                    <mxGeometry x="174" y="285" width="170" height="60" as="geometry"/>
                 </mxCell>
                 <mxCell id="20" value="TracerManager" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#ffe6cc;strokeColor=#d79b00;" parent="1" vertex="1">
-                    <mxGeometry x="280" y="390" width="110" height="60" as="geometry"/>
+                    <mxGeometry x="174" y="365" width="110" height="60" as="geometry"/>
                 </mxCell>
                 <mxCell id="25" value="ShMonitor" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#fff2cc;strokeColor=#d6b656;" parent="1" vertex="1">
-                    <mxGeometry x="460" y="310" width="170" height="60" as="geometry"/>
+                    <mxGeometry x="354" y="285" width="170" height="60" as="geometry"/>
                 </mxCell>
                 <mxCell id="26" value="FilterManager" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#ffe6cc;strokeColor=#d79b00;" parent="1" vertex="1">
-                    <mxGeometry x="400" y="390" width="110" height="60" as="geometry"/>
+                    <mxGeometry x="294" y="365" width="110" height="60" as="geometry"/>
                 </mxCell>
                 <mxCell id="27" value="CollectorManager" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#ffe6cc;strokeColor=#d79b00;" parent="1" vertex="1">
-                    <mxGeometry x="520" y="390" width="110" height="60" as="geometry"/>
+                    <mxGeometry x="414" y="365" width="110" height="60" as="geometry"/>
                 </mxCell>
                 <mxCell id="28" value="OpenTracer" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#e1d5e7;strokeColor=#9673a6;" parent="1" vertex="1">
-                    <mxGeometry x="290" y="480" width="90" height="60" as="geometry"/>
+                    <mxGeometry x="180" y="470" width="90" height="60" as="geometry"/>
                 </mxCell>
                 <mxCell id="37" value="" style="rounded=0;whiteSpace=wrap;html=1;dashed=1;" parent="1" vertex="1">
-                    <mxGeometry x="405" y="470" width="100" height="310" as="geometry"/>
+                    <mxGeometry x="295" y="460" width="100" height="310" as="geometry"/>
                 </mxCell>
                 <mxCell id="38" value="DefaultFilter" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#e1d5e7;strokeColor=#9673a6;" parent="1" vertex="1">
-                    <mxGeometry x="410" y="480" width="90" height="60" as="geometry"/>
+                    <mxGeometry x="300" y="470" width="90" height="60" as="geometry"/>
                 </mxCell>
                 <mxCell id="39" value="GlobFilter" style="rounded=0;whiteSpace=wrap;html=1;dashed=1;fillColor=#e1d5e7;strokeColor=#9673a6;" parent="1" vertex="1">
-                    <mxGeometry x="410" y="560" width="90" height="60" as="geometry"/>
+                    <mxGeometry x="300" y="550" width="90" height="60" as="geometry"/>
                 </mxCell>
                 <mxCell id="40" value="RegFilter" style="rounded=0;whiteSpace=wrap;html=1;dashed=1;fillColor=#e1d5e7;strokeColor=#9673a6;" parent="1" vertex="1">
-                    <mxGeometry x="410" y="640" width="90" height="60" as="geometry"/>
+                    <mxGeometry x="300" y="630" width="90" height="60" as="geometry"/>
                 </mxCell>
                 <mxCell id="41" value="ExecTracer" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#e1d5e7;strokeColor=#9673a6;" parent="1" vertex="1">
-                    <mxGeometry x="290" y="560" width="90" height="60" as="geometry"/>
+                    <mxGeometry x="180" y="550" width="90" height="60" as="geometry"/>
                 </mxCell>
                 <mxCell id="43" value="" style="endArrow=none;dashed=1;html=1;dashPattern=1 3;strokeWidth=2;entryX=0.45;entryY=0.613;entryDx=0;entryDy=0;entryPerimeter=0;exitX=0.45;exitY=0.871;exitDx=0;exitDy=0;exitPerimeter=0;" parent="1" source="31" target="31" edge="1">
                     <mxGeometry width="50" height="50" relative="1" as="geometry">
-                        <mxPoint x="380" y="510" as="sourcePoint"/>
-                        <mxPoint x="430" y="460" as="targetPoint"/>
+                        <mxPoint x="270" y="500" as="sourcePoint"/>
+                        <mxPoint x="320" y="450" as="targetPoint"/>
                     </mxGeometry>
                 </mxCell>
                 <mxCell id="44" value="" style="rounded=0;whiteSpace=wrap;html=1;dashed=1;" parent="1" vertex="1">
-                    <mxGeometry x="524" y="470" width="100" height="310" as="geometry"/>
+                    <mxGeometry x="414" y="460" width="100" height="310" as="geometry"/>
                 </mxCell>
                 <mxCell id="45" value="DBCollector" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#e1d5e7;strokeColor=#9673a6;" parent="1" vertex="1">
-                    <mxGeometry x="529" y="480" width="90" height="60" as="geometry"/>
+                    <mxGeometry x="419" y="470" width="90" height="60" as="geometry"/>
                 </mxCell>
                 <mxCell id="48" value="MongoCollector" style="rounded=0;whiteSpace=wrap;html=1;dashed=1;fillColor=#e1d5e7;strokeColor=#9673a6;" parent="1" vertex="1">
-                    <mxGeometry x="529" y="550" width="90" height="60" as="geometry"/>
+                    <mxGeometry x="420" y="550" width="90" height="60" as="geometry"/>
                 </mxCell>
                 <mxCell id="50" value="CLI" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" vertex="1">
-                    <mxGeometry x="140" y="310" width="120" height="60" as="geometry"/>
+                    <mxGeometry x="180" y="190" width="156" height="60" as="geometry"/>
                 </mxCell>
-                <mxCell id="53" value="" style="edgeStyle=none;html=1;" parent="1" source="51" target="50" edge="1">
+                <mxCell id="74" value="" style="edgeStyle=none;html=1;fontSize=18;exitX=1;exitY=1;exitDx=0;exitDy=0;exitPerimeter=0;entryX=0.5;entryY=0;entryDx=0;entryDy=0;" edge="1" parent="1" source="51" target="70">
                     <mxGeometry relative="1" as="geometry"/>
                 </mxCell>
-                <mxCell id="51" value="Admin" style="shape=umlActor;verticalLabelPosition=bottom;verticalAlign=top;html=1;outlineConnect=0;" parent="1" vertex="1">
-                    <mxGeometry x="40" y="310" width="30" height="60" as="geometry"/>
+                <mxCell id="75" style="edgeStyle=none;html=1;exitX=0;exitY=1;exitDx=0;exitDy=0;exitPerimeter=0;entryX=0.5;entryY=0;entryDx=0;entryDy=0;fontSize=18;" edge="1" parent="1" source="51" target="50">
+                    <mxGeometry relative="1" as="geometry"/>
                 </mxCell>
-                <mxCell id="52" value="PEP" style="shape=umlActor;verticalLabelPosition=bottom;verticalAlign=top;html=1;outlineConnect=0;" parent="1" vertex="1">
-                    <mxGeometry x="475" y="90" width="30" height="60" as="geometry"/>
+                <mxCell id="51" value="Admin" style="shape=umlActor;verticalLabelPosition=bottom;verticalAlign=top;html=1;outlineConnect=0;" parent="1" vertex="1">
+                    <mxGeometry x="333" y="80" width="30" height="60" as="geometry"/>
                 </mxCell>
                 <mxCell id="56" value="bcc" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#f5f5f5;strokeColor=#666666;fontColor=#333333;" parent="1" vertex="1">
-                    <mxGeometry x="285" y="340" width="45" height="25" as="geometry"/>
+                    <mxGeometry x="179" y="315" width="45" height="25" as="geometry"/>
+                </mxCell>
+                <mxCell id="58" value="Analyzer" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" vertex="1">
+                    <mxGeometry x="556" y="285" width="130" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="59" value="SQL Utilities" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#f5f5f5;fontColor=#333333;strokeColor=#666666;" vertex="1" parent="1">
+                    <mxGeometry x="569" y="460" width="120" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="60" value="Log Utilities" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#f5f5f5;fontColor=#333333;strokeColor=#666666;" vertex="1" parent="1">
+                    <mxGeometry x="569" y="540" width="120" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="61" value="... Utilities" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#f5f5f5;fontColor=#333333;strokeColor=#666666;dashed=1;" vertex="1" parent="1">
+                    <mxGeometry x="569" y="620" width="120" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="67" value="DB" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;" vertex="1" parent="1">
+                    <mxGeometry x="556" y="365" width="60" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="68" value="..." style="rounded=0;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;dashed=1;" vertex="1" parent="1">
+                    <mxGeometry x="628" y="365" width="60" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="70" value="Control Service" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#dae8fc;strokeColor=#6c8ebf;dashed=1;" vertex="1" parent="1">
+                    <mxGeometry x="361" y="190" width="154" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="71" value="Pluggable Components" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;dashed=1;fontStyle=1;fontSize=18;" vertex="1" parent="1">
+                    <mxGeometry x="80" y="590" width="60" height="30" as="geometry"/>
+                </mxCell>
+                <mxCell id="72" value="Utilities" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;dashed=1;fontStyle=1;fontSize=18;" vertex="1" parent="1">
+                    <mxGeometry x="599" y="730" width="60" height="30" as="geometry"/>
+                </mxCell>
+                <mxCell id="76" value="" style="edgeStyle=none;html=1;fontSize=18;" edge="1" parent="1" source="52" target="14">
+                    <mxGeometry relative="1" as="geometry"/>
+                </mxCell>
+                <mxCell id="52" value="" style="shape=umlActor;verticalLabelPosition=bottom;verticalAlign=top;html=1;outlineConnect=0;" parent="1" vertex="1">
+                    <mxGeometry x="605" y="70" width="30" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="77" value="&lt;span style=&quot;color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: center; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(251, 251, 251); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;&quot;&gt;PEP&lt;/span&gt;" style="text;whiteSpace=wrap;html=1;fontSize=18;" vertex="1" parent="1">
+                    <mxGeometry x="639" y="110" width="60" height="50" as="geometry"/>
+                </mxCell>
+                <mxCell id="80" value="Interface" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;dashed=1;fontStyle=1;fontSize=18;" vertex="1" parent="1">
+                    <mxGeometry x="80" y="200" width="60" height="30" as="geometry"/>
+                </mxCell>
+                <mxCell id="81" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                    <mxGeometry x="50" y="790" width="660" height="100" as="geometry"/>
+                </mxCell>
+                <mxCell id="69" value="tracking data" style="shape=cylinder3;whiteSpace=wrap;html=1;boundedLbl=1;backgroundOutline=1;size=15;" vertex="1" parent="1">
+                    <mxGeometry x="344" y="800" width="60" height="80" as="geometry"/>
+                </mxCell>
+                <mxCell id="82" value="Infrastructure" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;dashed=1;fontStyle=1;fontSize=18;" vertex="1" parent="1">
+                    <mxGeometry x="80" y="825" width="60" height="30" as="geometry"/>
+                </mxCell>
+                <mxCell id="83" value="" style="endArrow=none;dashed=1;html=1;dashPattern=1 3;strokeWidth=2;fontSize=18;entryX=0.742;entryY=0;entryDx=0;entryDy=0;exitX=0.745;exitY=0.998;exitDx=0;exitDy=0;entryPerimeter=0;exitPerimeter=0;" edge="1" parent="1" source="66" target="66">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="370" y="400" as="sourcePoint"/>
+                        <mxPoint x="420" y="350" as="targetPoint"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="84" value="" style="shape=flexArrow;endArrow=classic;html=1;fontSize=18;exitX=0.182;exitY=0.235;exitDx=0;exitDy=0;exitPerimeter=0;entryX=0.182;entryY=0.3;entryDx=0;entryDy=0;entryPerimeter=0;fillColor=#f5f5f5;strokeColor=#666666;" edge="1" parent="1" source="66" target="81">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="170" y="320" as="sourcePoint"/>
+                        <mxPoint x="170.01799100449762" y="395" as="targetPoint"/>
+                        <Array as="points"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="73" value="Application" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;dashed=1;fontStyle=1;fontSize=18;" vertex="1" parent="1">
+                    <mxGeometry x="80" y="340" width="60" height="30" as="geometry"/>
+                </mxCell>
+                <mxCell id="85" value="" style="shape=flexArrow;endArrow=classic;html=1;fontSize=18;entryX=0.985;entryY=0.235;entryDx=0;entryDy=0;entryPerimeter=0;exitX=0.985;exitY=0.2;exitDx=0;exitDy=0;exitPerimeter=0;fillColor=#d5e8d4;strokeColor=#82b366;" edge="1" parent="1" source="81" target="66">
+                    <mxGeometry width="50" height="50" relative="1" as="geometry">
+                        <mxPoint x="159.68000000000006" y="319.95000000000005" as="sourcePoint"/>
+                        <mxPoint x="159.68000000000006" y="420.0799999999999" as="targetPoint"/>
+                        <Array as="points"/>
+                    </mxGeometry>
+                </mxCell>
+                <mxCell id="87" value="&lt;span style=&quot;color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: center; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(251, 251, 251); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;&quot;&gt;Collect data&lt;/span&gt;" style="text;whiteSpace=wrap;html=1;fontSize=12;fontStyle=2" vertex="1" parent="1">
+                    <mxGeometry x="175" y="800" width="70" height="30" as="geometry"/>
                 </mxCell>
-                <mxCell id="58" value="Analyzer" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;dashed=1;" parent="1" vertex="1">
-                    <mxGeometry x="640" y="310" width="60" height="140" as="geometry"/>
+                <mxCell id="88" value="&lt;span style=&quot;color: rgb(0, 0, 0); font-family: Helvetica; font-size: 12px; font-variant-ligatures: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: 2; text-align: center; text-indent: 0px; text-transform: none; widows: 2; word-spacing: 0px; -webkit-text-stroke-width: 0px; background-color: rgb(251, 251, 251); text-decoration-thickness: initial; text-decoration-style: initial; text-decoration-color: initial; float: none; display: inline !important;&quot;&gt;Restructured data&lt;/span&gt;" style="text;whiteSpace=wrap;html=1;fontSize=12;fontStyle=2" vertex="1" parent="1">
+                    <mxGeometry x="710" y="300" width="100" height="30" as="geometry"/>
                 </mxCell>
             </root>
         </mxGraphModel>
diff --git a/docs/design/src/dataflow.drawio b/docs/design/src/dataflow.drawio
index 5ac4266..410780c 100644
--- a/docs/design/src/dataflow.drawio
+++ b/docs/design/src/dataflow.drawio
@@ -1,37 +1,37 @@
 <mxfile host="65bd71144e">
     <diagram id="71-AI3Yj6Bn5oummquvE" name="第 1 页">
-        <mxGraphModel dx="475" dy="492" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="827" pageHeight="1169" math="0" shadow="0">
+        <mxGraphModel dx="986" dy="867" grid="1" gridSize="10" guides="1" tooltips="1" connect="1" arrows="1" fold="1" page="1" pageScale="1" pageWidth="827" pageHeight="1169" math="0" shadow="0">
             <root>
                 <mxCell id="0"/>
                 <mxCell id="1" parent="0"/>
-                <mxCell id="94" value="" style="endArrow=none;dashed=1;html=1;dashPattern=1 3;strokeWidth=2;rounded=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" edge="1" parent="1" target="68">
+                <mxCell id="94" value="" style="endArrow=none;dashed=1;html=1;dashPattern=1 3;strokeWidth=2;rounded=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" parent="1" target="68" edge="1">
                     <mxGeometry width="50" height="50" relative="1" as="geometry">
                         <mxPoint x="350" y="490" as="sourcePoint"/>
                         <mxPoint x="480" y="380" as="targetPoint"/>
                     </mxGeometry>
                 </mxCell>
-                <mxCell id="56" value="" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#f5f5f5;fontColor=#333333;strokeColor=#666666;" vertex="1" parent="1">
+                <mxCell id="56" value="" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#f5f5f5;fontColor=#333333;strokeColor=#666666;" parent="1" vertex="1">
                     <mxGeometry x="160" y="160" width="20" height="210" as="geometry"/>
                 </mxCell>
-                <mxCell id="65" value="&lt;span style=&quot;color: rgb(51, 51, 51);&quot;&gt;Host(eg. bcc.BPF)&lt;/span&gt;" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1">
+                <mxCell id="65" value="&lt;span style=&quot;color: rgb(51, 51, 51);&quot;&gt;Host(eg. bcc.BPF)&lt;/span&gt;" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
                     <mxGeometry x="100" y="130" width="140" height="30" as="geometry"/>
                 </mxCell>
-                <mxCell id="68" value="&lt;span style=&quot;color: rgb(51, 51, 51);&quot;&gt;Tracer&lt;/span&gt;" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1">
+                <mxCell id="68" value="&lt;span style=&quot;color: rgb(51, 51, 51);&quot;&gt;Tracer&lt;/span&gt;" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
                     <mxGeometry x="280" y="130" width="140" height="30" as="geometry"/>
                 </mxCell>
-                <mxCell id="69" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                <mxCell id="69" value="" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
                     <mxGeometry x="340" y="160" width="20" height="50" as="geometry"/>
                 </mxCell>
-                <mxCell id="70" value="Add callback" style="endArrow=classic;html=1;" edge="1" parent="1">
+                <mxCell id="70" value="Add callback" style="endArrow=classic;html=1;" parent="1" edge="1">
                     <mxGeometry width="50" height="50" relative="1" as="geometry">
                         <mxPoint x="340" y="169" as="sourcePoint"/>
                         <mxPoint x="180" y="169" as="targetPoint"/>
                     </mxGeometry>
                 </mxCell>
-                <mxCell id="72" value="" style="aspect=fixed;html=1;points=[];align=center;image;fontSize=12;image=img/lib/azure2/general/Code.svg;labelBackgroundColor=#ffffff;" vertex="1" parent="1">
+                <mxCell id="72" value="" style="aspect=fixed;html=1;points=[];align=center;image;fontSize=12;image=img/lib/azure2/general/Code.svg;labelBackgroundColor=#ffffff;" parent="1" vertex="1">
                     <mxGeometry x="282.69" y="185" width="24.62" height="20" as="geometry"/>
                 </mxCell>
-                <mxCell id="74" value="buffer data" style="endArrow=none;html=1;exitX=1.2;exitY=0.546;exitDx=0;exitDy=0;exitPerimeter=0;rounded=0;startArrow=classic;startFill=1;endFill=0;" edge="1" parent="1" source="56">
+                <mxCell id="74" value="buffer data" style="endArrow=none;html=1;exitX=1.2;exitY=0.546;exitDx=0;exitDy=0;exitPerimeter=0;rounded=0;startArrow=classic;startFill=1;endFill=0;" parent="1" source="56" edge="1">
                     <mxGeometry width="50" height="50" relative="1" as="geometry">
                         <mxPoint x="341.83999999999986" y="210" as="sourcePoint"/>
                         <mxPoint x="210" y="210" as="targetPoint"/>
@@ -42,19 +42,19 @@
                         </Array>
                     </mxGeometry>
                 </mxCell>
-                <mxCell id="85" value="filter(&lt;i&gt;data_t&lt;/i&gt;)" style="edgeStyle=none;rounded=0;html=1;exitX=1;exitY=0.75;exitDx=0;exitDy=0;entryX=0.05;entryY=0.645;entryDx=0;entryDy=0;entryPerimeter=0;startArrow=none;startFill=0;endArrow=classic;endFill=1;fillColor=#d5e8d4;strokeColor=#82b366;" edge="1" parent="1" source="76" target="84">
+                <mxCell id="85" value="filter(&lt;i&gt;data_t&lt;/i&gt;)" style="edgeStyle=none;rounded=0;html=1;exitX=1;exitY=0.75;exitDx=0;exitDy=0;entryX=0.05;entryY=0.645;entryDx=0;entryDy=0;entryPerimeter=0;startArrow=none;startFill=0;endArrow=classic;endFill=1;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" source="76" target="84" edge="1">
                     <mxGeometry relative="1" as="geometry"/>
                 </mxCell>
-                <mxCell id="76" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                <mxCell id="76" value="" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
                     <mxGeometry x="340" y="320" width="20" height="90" as="geometry"/>
                 </mxCell>
-                <mxCell id="75" value="Callback" style="endArrow=none;html=1;startArrow=classic;startFill=1;endFill=0;fillColor=#dae8fc;strokeColor=#6c8ebf;" edge="1" parent="1">
+                <mxCell id="75" value="Callback" style="endArrow=none;html=1;startArrow=classic;startFill=1;endFill=0;fillColor=#dae8fc;strokeColor=#6c8ebf;" parent="1" edge="1">
                     <mxGeometry width="50" height="50" relative="1" as="geometry">
                         <mxPoint x="340" y="333" as="sourcePoint"/>
                         <mxPoint x="180" y="333" as="targetPoint"/>
                     </mxGeometry>
                 </mxCell>
-                <mxCell id="77" value="Prepare data" style="endArrow=none;html=1;entryX=0;entryY=0.25;entryDx=0;entryDy=0;exitX=0;exitY=0.75;exitDx=0;exitDy=0;rounded=0;startArrow=classic;startFill=1;endFill=0;fillColor=#d5e8d4;strokeColor=#82b366;" edge="1" parent="1" source="76" target="76">
+                <mxCell id="77" value="Prepare data" style="endArrow=none;html=1;entryX=0;entryY=0.25;entryDx=0;entryDy=0;exitX=0;exitY=0.75;exitDx=0;exitDy=0;rounded=0;startArrow=classic;startFill=1;endFill=0;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" source="76" target="76" edge="1">
                     <mxGeometry width="50" height="50" relative="1" as="geometry">
                         <mxPoint x="222.78" y="444.73" as="sourcePoint"/>
                         <mxPoint x="224.16" y="380.05000000000007" as="targetPoint"/>
@@ -64,43 +64,43 @@
                         </Array>
                     </mxGeometry>
                 </mxCell>
-                <mxCell id="78" value="&lt;span style=&quot;color: rgb(51, 51, 51);&quot;&gt;Filter&lt;/span&gt;" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1">
+                <mxCell id="78" value="&lt;span style=&quot;color: rgb(51, 51, 51);&quot;&gt;Filter&lt;/span&gt;" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
                     <mxGeometry x="424" y="130" width="140" height="30" as="geometry"/>
                 </mxCell>
-                <mxCell id="79" value="&lt;span style=&quot;color: rgb(51, 51, 51);&quot;&gt;Collector&lt;/span&gt;" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" vertex="1" parent="1">
+                <mxCell id="79" value="&lt;span style=&quot;color: rgb(51, 51, 51);&quot;&gt;Collector&lt;/span&gt;" style="text;html=1;strokeColor=none;fillColor=none;align=center;verticalAlign=middle;whiteSpace=wrap;rounded=0;" parent="1" vertex="1">
                     <mxGeometry x="580" y="130" width="140" height="30" as="geometry"/>
                 </mxCell>
-                <mxCell id="80" value="" style="html=1;verticalLabelPosition=bottom;align=center;labelBackgroundColor=#ffffff;verticalAlign=top;strokeWidth=2;strokeColor=#0080F0;shadow=0;dashed=0;shape=mxgraph.ios7.icons.data;" vertex="1" parent="1">
+                <mxCell id="80" value="" style="html=1;verticalLabelPosition=bottom;align=center;labelBackgroundColor=#ffffff;verticalAlign=top;strokeWidth=2;strokeColor=#0080F0;shadow=0;dashed=0;shape=mxgraph.ios7.icons.data;" parent="1" vertex="1">
                     <mxGeometry x="250" y="290.9" width="24" height="29.099999999999998" as="geometry"/>
                 </mxCell>
-                <mxCell id="81" value="raw data" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;fontStyle=2" vertex="1" parent="1">
+                <mxCell id="81" value="raw data" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;fontStyle=2" parent="1" vertex="1">
                     <mxGeometry x="270" y="290" width="70" height="30" as="geometry"/>
                 </mxCell>
-                <mxCell id="82" value="" style="html=1;verticalLabelPosition=bottom;align=center;labelBackgroundColor=#ffffff;verticalAlign=top;strokeWidth=2;strokeColor=#82b366;shadow=0;dashed=0;shape=mxgraph.ios7.icons.data;fillColor=#d5e8d4;" vertex="1" parent="1">
+                <mxCell id="82" value="" style="html=1;verticalLabelPosition=bottom;align=center;labelBackgroundColor=#ffffff;verticalAlign=top;strokeWidth=2;strokeColor=#82b366;shadow=0;dashed=0;shape=mxgraph.ios7.icons.data;fillColor=#d5e8d4;" parent="1" vertex="1">
                     <mxGeometry x="424" y="410" width="24" height="29.099999999999998" as="geometry"/>
                 </mxCell>
-                <mxCell id="83" value="data_t" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;fontStyle=2" vertex="1" parent="1">
+                <mxCell id="83" value="data_t" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;fontStyle=2" parent="1" vertex="1">
                     <mxGeometry x="406" y="439.1" width="60" height="30" as="geometry"/>
                 </mxCell>
-                <mxCell id="84" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                <mxCell id="84" value="" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
                     <mxGeometry x="474" y="329.1" width="20" height="90" as="geometry"/>
                 </mxCell>
-                <mxCell id="86" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                <mxCell id="86" value="" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
                     <mxGeometry x="484" y="339.1" width="20" height="90" as="geometry"/>
                 </mxCell>
-                <mxCell id="87" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                <mxCell id="87" value="" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
                     <mxGeometry x="494" y="349.1" width="20" height="90" as="geometry"/>
                 </mxCell>
-                <mxCell id="101" style="edgeStyle=none;rounded=0;html=1;exitX=1;exitY=0.75;exitDx=0;exitDy=0;entryX=0;entryY=0.75;entryDx=0;entryDy=0;startArrow=none;startFill=0;endArrow=classic;endFill=1;fillColor=#d5e8d4;strokeColor=#82b366;" edge="1" parent="1" source="88" target="97">
+                <mxCell id="101" style="edgeStyle=none;rounded=0;html=1;exitX=1;exitY=0.75;exitDx=0;exitDy=0;entryX=0;entryY=0.75;entryDx=0;entryDy=0;startArrow=none;startFill=0;endArrow=classic;endFill=1;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" source="88" target="97" edge="1">
                     <mxGeometry relative="1" as="geometry"/>
                 </mxCell>
-                <mxCell id="106" style="edgeStyle=none;rounded=0;html=1;exitX=1;exitY=0.75;exitDx=0;exitDy=0;entryX=0;entryY=0.75;entryDx=0;entryDy=0;startArrow=none;startFill=0;endArrow=classic;endFill=1;fillColor=#d5e8d4;strokeColor=#82b366;" edge="1" parent="1" source="88" target="100">
+                <mxCell id="106" style="edgeStyle=none;rounded=0;html=1;exitX=1;exitY=0.75;exitDx=0;exitDy=0;entryX=0;entryY=0.75;entryDx=0;entryDy=0;startArrow=none;startFill=0;endArrow=classic;endFill=1;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" source="88" target="100" edge="1">
                     <mxGeometry relative="1" as="geometry"/>
                 </mxCell>
-                <mxCell id="88" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                <mxCell id="88" value="" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
                     <mxGeometry x="504" y="359.1" width="20" height="90" as="geometry"/>
                 </mxCell>
-                <mxCell id="89" style="edgeStyle=none;rounded=0;html=1;exitX=0;exitY=0.75;exitDx=0;exitDy=0;entryX=0;entryY=0.75;entryDx=0;entryDy=0;startArrow=none;startFill=0;endArrow=classic;endFill=1;fillColor=#d5e8d4;strokeColor=#82b366;" edge="1" parent="1" source="84" target="86">
+                <mxCell id="89" style="edgeStyle=none;rounded=0;html=1;exitX=0;exitY=0.75;exitDx=0;exitDy=0;entryX=0;entryY=0.75;entryDx=0;entryDy=0;startArrow=none;startFill=0;endArrow=classic;endFill=1;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" source="84" target="86" edge="1">
                     <mxGeometry relative="1" as="geometry">
                         <mxPoint x="368.9999999999999" y="429.45" as="sourcePoint"/>
                         <mxPoint x="484.0000000000001" y="429.09999999999985" as="targetPoint"/>
@@ -110,7 +110,7 @@
                         </Array>
                     </mxGeometry>
                 </mxCell>
-                <mxCell id="90" style="edgeStyle=none;rounded=0;html=1;exitX=0;exitY=0.75;exitDx=0;exitDy=0;entryX=0;entryY=0.75;entryDx=0;entryDy=0;startArrow=none;startFill=0;endArrow=classic;endFill=1;fillColor=#d5e8d4;strokeColor=#82b366;" edge="1" parent="1">
+                <mxCell id="90" style="edgeStyle=none;rounded=0;html=1;exitX=0;exitY=0.75;exitDx=0;exitDy=0;entryX=0;entryY=0.75;entryDx=0;entryDy=0;startArrow=none;startFill=0;endArrow=classic;endFill=1;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" edge="1">
                     <mxGeometry relative="1" as="geometry">
                         <mxPoint x="484.0000000000001" y="406.5999999999999" as="sourcePoint"/>
                         <mxPoint x="494.0000000000001" y="416.5999999999999" as="targetPoint"/>
@@ -120,7 +120,7 @@
                         </Array>
                     </mxGeometry>
                 </mxCell>
-                <mxCell id="91" style="edgeStyle=none;rounded=0;html=1;exitX=0;exitY=0.75;exitDx=0;exitDy=0;entryX=0;entryY=0.75;entryDx=0;entryDy=0;startArrow=none;startFill=0;endArrow=classic;endFill=1;fillColor=#d5e8d4;strokeColor=#82b366;" edge="1" parent="1">
+                <mxCell id="91" style="edgeStyle=none;rounded=0;html=1;exitX=0;exitY=0.75;exitDx=0;exitDy=0;entryX=0;entryY=0.75;entryDx=0;entryDy=0;startArrow=none;startFill=0;endArrow=classic;endFill=1;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" edge="1">
                     <mxGeometry relative="1" as="geometry">
                         <mxPoint x="494.0000000000001" y="416.5999999999999" as="sourcePoint"/>
                         <mxPoint x="504.0000000000001" y="426.5999999999999" as="targetPoint"/>
@@ -130,51 +130,63 @@
                         </Array>
                     </mxGeometry>
                 </mxCell>
-                <mxCell id="93" value="code" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;fontStyle=2" vertex="1" parent="1">
+                <mxCell id="93" value="code" style="text;html=1;align=center;verticalAlign=middle;resizable=0;points=[];autosize=1;strokeColor=none;fillColor=none;fontStyle=2" parent="1" vertex="1">
                     <mxGeometry x="270" y="165" width="50" height="30" as="geometry"/>
                 </mxCell>
-                <mxCell id="95" value="" style="endArrow=none;dashed=1;html=1;dashPattern=1 3;strokeWidth=2;rounded=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" edge="1" parent="1">
+                <mxCell id="95" value="" style="endArrow=none;dashed=1;html=1;dashPattern=1 3;strokeWidth=2;rounded=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" parent="1" edge="1">
                     <mxGeometry width="50" height="50" relative="1" as="geometry">
                         <mxPoint x="493" y="490" as="sourcePoint"/>
                         <mxPoint x="493.16999999999996" y="159.1" as="targetPoint"/>
                     </mxGeometry>
                 </mxCell>
-                <mxCell id="96" value="" style="endArrow=none;dashed=1;html=1;dashPattern=1 3;strokeWidth=2;rounded=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" edge="1" parent="1">
+                <mxCell id="96" value="" style="endArrow=none;dashed=1;html=1;dashPattern=1 3;strokeWidth=2;rounded=0;entryX=0.5;entryY=1;entryDx=0;entryDy=0;" parent="1" edge="1">
                     <mxGeometry width="50" height="50" relative="1" as="geometry">
                         <mxPoint x="650" y="490" as="sourcePoint"/>
                         <mxPoint x="649.5799999999999" y="159.1" as="targetPoint"/>
                     </mxGeometry>
                 </mxCell>
-                <mxCell id="97" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                <mxCell id="97" value="" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
                     <mxGeometry x="640" y="370" width="20" height="90" as="geometry"/>
                 </mxCell>
-                <mxCell id="98" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                <mxCell id="98" value="" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
                     <mxGeometry x="650" y="380" width="20" height="90" as="geometry"/>
                 </mxCell>
-                <mxCell id="99" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                <mxCell id="99" value="" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
                     <mxGeometry x="660" y="390" width="20" height="90" as="geometry"/>
                 </mxCell>
-                <mxCell id="108" value="Tracking" style="edgeStyle=none;rounded=0;html=1;exitX=1;exitY=0.5;exitDx=0;exitDy=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;entryPerimeter=0;startArrow=none;startFill=0;endArrow=classic;endFill=1;fillColor=#fff2cc;strokeColor=#d6b656;" edge="1" parent="1" source="100" target="107">
+                <mxCell id="108" value="Tracking" style="edgeStyle=none;rounded=0;html=1;exitX=1;exitY=0.5;exitDx=0;exitDy=0;entryX=0;entryY=0.5;entryDx=0;entryDy=0;entryPerimeter=0;startArrow=none;startFill=0;endArrow=classic;endFill=1;fillColor=#fff2cc;strokeColor=#d6b656;" parent="1" source="100" target="107" edge="1">
                     <mxGeometry relative="1" as="geometry"/>
                 </mxCell>
-                <mxCell id="100" value="" style="rounded=0;whiteSpace=wrap;html=1;" vertex="1" parent="1">
+                <mxCell id="100" value="" style="rounded=0;whiteSpace=wrap;html=1;" parent="1" vertex="1">
                     <mxGeometry x="670" y="400" width="20" height="90" as="geometry"/>
                 </mxCell>
-                <mxCell id="102" style="edgeStyle=none;rounded=0;html=1;exitX=1;exitY=0.75;exitDx=0;exitDy=0;entryX=0;entryY=0.75;entryDx=0;entryDy=0;startArrow=none;startFill=0;endArrow=classic;endFill=1;fillColor=#d5e8d4;strokeColor=#82b366;" edge="1" parent="1" source="88" target="98">
+                <mxCell id="102" style="edgeStyle=none;rounded=0;html=1;exitX=1;exitY=0.75;exitDx=0;exitDy=0;entryX=0;entryY=0.75;entryDx=0;entryDy=0;startArrow=none;startFill=0;endArrow=classic;endFill=1;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" source="88" target="98" edge="1">
                     <mxGeometry relative="1" as="geometry"/>
                 </mxCell>
-                <mxCell id="105" value="emit" style="edgeStyle=none;rounded=0;html=1;exitX=1;exitY=0.75;exitDx=0;exitDy=0;entryX=0;entryY=0.75;entryDx=0;entryDy=0;startArrow=none;startFill=0;endArrow=classic;endFill=1;fillColor=#d5e8d4;strokeColor=#82b366;" edge="1" parent="1" source="88" target="99">
+                <mxCell id="105" value="emit" style="edgeStyle=none;rounded=0;html=1;exitX=1;exitY=0.75;exitDx=0;exitDy=0;entryX=0;entryY=0.75;entryDx=0;entryDy=0;startArrow=none;startFill=0;endArrow=classic;endFill=1;fillColor=#d5e8d4;strokeColor=#82b366;" parent="1" source="88" target="99" edge="1">
                     <mxGeometry relative="1" as="geometry"/>
                 </mxCell>
-                <mxCell id="107" value="" style="shape=cylinder3;whiteSpace=wrap;html=1;boundedLbl=1;backgroundOutline=1;size=15;labelBackgroundColor=#ffffff;" vertex="1" parent="1">
+                <mxCell id="113" value="" style="edgeStyle=none;html=1;" edge="1" parent="1" source="107" target="112">
+                    <mxGeometry relative="1" as="geometry"/>
+                </mxCell>
+                <mxCell id="107" value="" style="shape=cylinder3;whiteSpace=wrap;html=1;boundedLbl=1;backgroundOutline=1;size=15;labelBackgroundColor=#ffffff;" parent="1" vertex="1">
                     <mxGeometry x="760" y="405" width="60" height="80" as="geometry"/>
                 </mxCell>
-                <mxCell id="111" value="Poll" style="endArrow=classic;html=1;rounded=0;" edge="1" parent="1">
+                <mxCell id="111" value="Poll" style="endArrow=classic;html=1;rounded=0;" parent="1" edge="1">
                     <mxGeometry width="50" height="50" relative="1" as="geometry">
                         <mxPoint x="70" y="270" as="sourcePoint"/>
                         <mxPoint x="150" y="330" as="targetPoint"/>
                     </mxGeometry>
                 </mxCell>
+                <mxCell id="115" value="Restructured data" style="edgeStyle=none;html=1;" edge="1" parent="1" source="112" target="114">
+                    <mxGeometry relative="1" as="geometry"/>
+                </mxCell>
+                <mxCell id="112" value="Analyzer" style="rounded=0;whiteSpace=wrap;html=1;fillColor=#d5e8d4;strokeColor=#82b366;" vertex="1" parent="1">
+                    <mxGeometry x="870" y="415" width="120" height="60" as="geometry"/>
+                </mxCell>
+                <mxCell id="114" value="Query Service" style="whiteSpace=wrap;html=1;rounded=0;fillColor=#dae8fc;strokeColor=#6c8ebf;dashed=1;" vertex="1" parent="1">
+                    <mxGeometry x="870" y="125" width="120" height="60" as="geometry"/>
+                </mxCell>
             </root>
         </mxGraphModel>
     </diagram>
diff --git a/docs/source/analyzer/db.rst b/docs/source/analyzer/db.rst
new file mode 100644
index 0000000..8d2cffd
--- /dev/null
+++ b/docs/source/analyzer/db.rst
@@ -0,0 +1,10 @@
+DBAnalyzer
+===============================
+
+``DBAnalyzer``
+
+.. automodule:: duetector.analyzer.db
+   :members:
+   :undoc-members:
+   :private-members:
+   :show-inheritance:
diff --git a/docs/source/analyzer/index.rst b/docs/source/analyzer/index.rst
new file mode 100644
index 0000000..ae2bcff
--- /dev/null
+++ b/docs/source/analyzer/index.rst
@@ -0,0 +1,25 @@
+Analyzer
+=========================================
+
+
+.. autoclass:: duetector.analyzer.base.Analyzer
+   :members:
+   :undoc-members:
+   :show-inheritance:
+
+
+Avaliable Analyzer
+-----------------------------------------------
+
+.. toctree::
+   :maxdepth: 2
+
+   DB Analyzer <db>
+
+Data Models
+-----------------------------------------------
+
+.. toctree::
+   :maxdepth: 2
+
+   Data Models <models>
diff --git a/docs/source/analyzer/models.rst b/docs/source/analyzer/models.rst
new file mode 100644
index 0000000..59d394d
--- /dev/null
+++ b/docs/source/analyzer/models.rst
@@ -0,0 +1,7 @@
+Data Models
+===============================
+
+.. automodule:: duetector.analyzer.models
+   :members:
+   :undoc-members:
+   :show-inheritance:
diff --git a/docs/source/collectors/index.rst b/docs/source/collectors/index.rst
index 718d445..b7f4ba6 100644
--- a/docs/source/collectors/index.rst
+++ b/docs/source/collectors/index.rst
@@ -18,9 +18,19 @@ and store them in a somewhere.
    :show-inheritance:
 
 
+Avaliable Collector
+---------------------------------------------------------
+
 .. toctree::
    :maxdepth: 2
-   :caption: Avaliable Collector and Data Models
 
    DB Collectors <db>
+
+
+Data Models
+---------------------------------------------------------
+
+.. toctree::
+   :maxdepth: 2
+
    Data Models <models>
diff --git a/docs/source/collectors/models.rst b/docs/source/collectors/models.rst
index 251938e..dbb757c 100644
--- a/docs/source/collectors/models.rst
+++ b/docs/source/collectors/models.rst
@@ -1,7 +1,7 @@
 Models for collectors
 ====================================
 
-.. autoclass:: duetector.collectors.models.Tracking
+.. automodule:: duetector.collectors.models
    :members:
    :undoc-members:
    :show-inheritance:
diff --git a/docs/source/conf.py b/docs/source/conf.py
index 587145c..0846cba 100644
--- a/docs/source/conf.py
+++ b/docs/source/conf.py
@@ -37,6 +37,7 @@
     "sphinx.ext.viewcode",
     "sphinx.ext.autosectionlabel",
     "sphinx_click",
+    "sphinxcontrib.autodoc_pydantic",
 ]
 
 # Add any paths that contain templates here, relative to this directory.
diff --git a/docs/source/filters/base.rst b/docs/source/filters/base.rst
deleted file mode 100644
index 77a9c34..0000000
--- a/docs/source/filters/base.rst
+++ /dev/null
@@ -1,10 +0,0 @@
-BaseFilter
-==================
-
-Base class for all filters.
-
-
-.. autoclass:: duetector.filters.base.Filter
-   :members:
-   :undoc-members:
-   :private-members:
diff --git a/docs/source/filters/index.rst b/docs/source/filters/index.rst
index 5361bac..249463f 100644
--- a/docs/source/filters/index.rst
+++ b/docs/source/filters/index.rst
@@ -3,9 +3,16 @@ Filter
 
 ``Filter`` will filter the data based on the given criteria.
 
+.. autoclass:: duetector.filters.base.Filter
+   :members:
+   :undoc-members:
+   :private-members:
+
+
+Avaliable Filter
+------------------------------------------------------
+
 .. toctree::
    :maxdepth: 2
-   :caption: Avaliable Filter
 
-   Base Filter <base>
    Pattern Filter <pattern>
diff --git a/docs/source/index.rst b/docs/source/index.rst
index 6b1106e..4381a54 100644
--- a/docs/source/index.rst
+++ b/docs/source/index.rst
@@ -15,6 +15,7 @@ Reference
 
    CLI <cli/index>
 
+   Analyzer <analyzer/index>
    Monitors <monitors/index>
    Managers <managers/index>
 
@@ -22,11 +23,7 @@ Reference
    Filters <filters/index>
    Collectors <collectors/index>
 
-   Exceptions <exceptions>
-
-   Database utilities <db>
-   Config utilities <config>
-   Tools utilities <tools/index>
+   Utilities <utilities>
 
 
 Indices and tables
diff --git a/docs/source/managers/index.rst b/docs/source/managers/index.rst
index 7ae567d..7defda4 100644
--- a/docs/source/managers/index.rst
+++ b/docs/source/managers/index.rst
@@ -10,9 +10,12 @@ Managers provides a way to get instances of both built-in implementations and ex
    :inherited-members:
    :show-inheritance:
 
+
+Avaliable Manager
+-------------------------------------------
+
 .. toctree::
-   :maxdepth: 1
-   :caption: Avaliable Manager
+   :maxdepth: 2
 
    Collector Manager <collector>
    Filter Manager <filter>
diff --git a/docs/source/monitors/index.rst b/docs/source/monitors/index.rst
index f9e51bb..b46da89 100644
--- a/docs/source/monitors/index.rst
+++ b/docs/source/monitors/index.rst
@@ -14,9 +14,11 @@ entry point for the polling, filtering and collecting of the data.
    :show-inheritance:
 
 
+Avaliable Monitor
+-------------------------------------------
+
 .. toctree::
-   :maxdepth: 1
-   :caption: Avaliable Monitor
+   :maxdepth: 2
 
    Bcc Monitor <bcc>
    Shell Monitor <sh>
diff --git a/docs/source/tracers/index.rst b/docs/source/tracers/index.rst
index 36e9245..15e5ad5 100644
--- a/docs/source/tracers/index.rst
+++ b/docs/source/tracers/index.rst
@@ -1,5 +1,13 @@
 Tracer
-=========================================
+=====================================
+
+``Tracer`` will be capturing information in some way.
+:doc:`Collector </collectors/index>` will convert ``Tracer``'s  ``data_t`` to :doc:`Tracking </collectors/models>`.
+
+.. note::
+   Some filed of ``data_t`` will be converted to other more readable filed,
+   if you want to fit this feature, you should refer to :doc:`Tracking.normalize_field </collectors/models>`.
+
 
 .. automodule:: duetector.tracers
    :members:
@@ -7,9 +15,11 @@ Tracer
    :inherited-members:
 
 
+Avaliable Tracer
+--------------------------------------
+
 .. toctree::
-   :maxdepth: 1
-   :caption: Avaliable Tracer
+   :maxdepth: 2
 
    CloneTracer <clone>
    OpenTracer <openat2>
diff --git a/docs/source/utilities.rst b/docs/source/utilities.rst
new file mode 100644
index 0000000..fad7411
--- /dev/null
+++ b/docs/source/utilities.rst
@@ -0,0 +1,12 @@
+Utilities
+===============================
+
+.. toctree::
+   :maxdepth: 2
+   :caption: Utilities Documentation:
+
+   Exceptions <exceptions>
+
+   Database utilities <db>
+   Config utilities <config>
+   Tools utilities <tools/index>
diff --git a/duetector/analyzer/__init__.py b/duetector/analyzer/__init__.py
new file mode 100644
index 0000000..e69de29
diff --git a/duetector/analyzer/base.py b/duetector/analyzer/base.py
new file mode 100644
index 0000000..2e8416d
--- /dev/null
+++ b/duetector/analyzer/base.py
@@ -0,0 +1,69 @@
+from datetime import datetime
+from typing import List, Optional
+
+from duetector.analyzer.models import AnalyzerBrief, Tracking
+from duetector.config import Configuable
+
+
+class Analyzer(Configuable):
+    """
+    A base class for all analyzers.
+    """
+
+    default_config = {}
+    """
+    Default config for ``Analyzer``.
+    """
+
+    config_scope = "analyzer"
+    """
+    Config scope for this analyzer.
+
+    Subclasses cloud override this.
+    """
+
+    def get_all_tracers(self) -> List[str]:
+        """
+        Get all tracers from storage.
+
+        Returns:
+            List[str]: List of tracer's name.
+        """
+        raise NotImplementedError
+
+    def get_all_collector_ids(self) -> List[str]:
+        """
+        Get all collector id from storage.
+
+        Returns:
+            List[str]: List of collector id.
+        """
+        raise NotImplementedError
+
+    def query(
+        self,
+        tracer: Optional[str] = None,
+        collector_id: Optional[str] = None,
+        start_datetime: Optional[datetime] = None,
+        end_datetime: Optional[datetime] = None,
+        start: int = 0,
+        limit: int = 20,
+    ) -> List[Tracking]:
+        """
+        Query tracking data from storage.
+        """
+        raise NotImplementedError
+
+    def brief(
+        self,
+        start_datetime: Optional[datetime] = None,
+        end_datetime: Optional[datetime] = None,
+    ) -> AnalyzerBrief:
+        """
+        Get brief of analyzer.
+        """
+        raise NotImplementedError
+
+    def analyze(self):
+        # TODO: Not design yet.
+        pass
diff --git a/duetector/analyzer/db.py b/duetector/analyzer/db.py
new file mode 100644
index 0000000..ebc750c
--- /dev/null
+++ b/duetector/analyzer/db.py
@@ -0,0 +1,283 @@
+from datetime import datetime
+from typing import Any, Dict, List, Optional
+
+from sqlalchemy import func, select
+
+from duetector.analyzer.base import Analyzer
+from duetector.analyzer.models import AnalyzerBrief, Brief, Tracking
+from duetector.db import SessionManager
+
+
+class DBAnalyzer(Analyzer):
+    """
+    A analyzer using database.
+
+    As a top model, it will init a ``SessionManager`` and pass it to submodels.
+
+    Config scope is ``db_analyzer``.
+
+    Example:
+
+        .. code-block:: python
+
+            from duetector.analyzer.db import DBAnalyzer
+            from duetector.analyzer.models import Tracking as AT
+            from duetector.collectors.models import Tracking as CT
+
+
+            collector_id = "db_analyzer_tests_collector"
+            c_tracking = CT(
+                tracer="t",
+            )
+            db_analyzer = DBAnalyzer()
+            m = db_analyzer.sm.get_tracking_model(c_tracking.tracer, collector_id)
+            with db_analyzer.sm.begin() as session:
+                session.add(m(**c_tracking.model_dump(exclude=["tracer"])))
+                session.commit()
+
+            a_tracking = AT(
+                tracer=c_tracking.tracer,
+            )
+            assert a_tracking in db_analyzer.query()
+            assert a_tracking in db_analyzer.query(tracer=a_tracking.tracer)
+            assert a_tracking in db_analyzer.query(collector_id=collector_id)
+            assert a_tracking in db_analyzer.query(
+                    tracer=a_tracking.tracer, collector_id=collector_id
+            )
+            assert not db_analyzer.query(tracer="not-exist")
+            assert not db_analyzer.query(collector_id="not-exist")
+
+    Note:
+        Currently, it will **NOT** be configured by ``DBcollector``'s config,
+        as we design it to be a standalone model.
+    """
+
+    default_config = {
+        **Analyzer.default_config,
+        "db": {
+            **SessionManager.default_config,
+            "engine": {
+                "url": "sqlite:///duetector-dbcollector.sqlite3",
+            },
+        },
+    }
+    """
+    Default config for ``DBAnalyzer``.
+    """
+
+    config_scope = "db_analyzer"
+    """
+    Config scope for this analyzer.
+    """
+
+    def __init__(self, config: Optional[Dict[str, Any]] = None, *args, **kwargs):
+        super().__init__(config, *args, **kwargs)
+        # Init as a submodel
+        self.sm: SessionManager = SessionManager(self.config._config_dict)
+
+    def query(
+        self,
+        tracers: Optional[List[str]] = None,
+        collector_ids: Optional[List[str]] = None,
+        start_datetime: Optional[datetime] = None,
+        end_datetime: Optional[datetime] = None,
+        start: int = 0,
+        limit: int = 0,
+        columns: Optional[List[str]] = None,
+        where: Optional[Dict[str, Any]] = None,
+        distinct: bool = False,
+        order_by_asc: Optional[List[str]] = None,
+        order_by_desc: Optional[List[str]] = None,
+    ) -> List[Tracking]:
+        """
+        Query all tracking records from database.
+
+        Args:
+            tracers (Optional[List[str]], optional): Tracer's name. Defaults to None, all tracers will be queried.
+            collector_ids (Optional[List[str]], optional): Collector id. Defaults to None, all collector id will be queried.
+            start_datetime (Optional[datetime], optional): Start time. Defaults to None.
+            end_datetime (Optional[datetime], optional): End time. Defaults to None.
+            start (int, optional): Start index. Defaults to 0.
+            limit (int, optional): Limit of records. Defaults to 20. ``0`` means no limit.
+            columns (Optional[List[str]], optional): Columns to query. Defaults to None, all columns will be queried.
+            where (Optional[Dict[str, Any]], optional): Where clause. Defaults to None.
+            distinct (bool, optional): Distinct. Defaults to False.
+            order_by_asc (Optional[List[str]], optional): Order by asc. Defaults to None.
+            order_by_desc (Optional[List[str]], optional): Order by desc. Defaults to None.
+        Returns:
+            List[duetector.analyzer.models.Tracking]: List of tracking records.
+
+        """
+
+        tables = self.sm.inspect_all_tables()
+        if tracers:
+            tables = [t for t in tables if self.sm.table_name_to_tracer(t) in tracers]
+        if collector_ids:
+            tables = [t for t in tables if self.sm.table_name_to_collector_id(t) in collector_ids]
+
+        r = []
+        for t in tables:
+            tracer = self.sm.table_name_to_tracer(t)
+            collector_id = self.sm.table_name_to_collector_id(t)
+            m = self.sm.get_tracking_model(tracer, collector_id)
+
+            columns = columns or m.inspect_fields().keys()
+            statm = select(*[getattr(m, k) for k in columns]).offset(start)
+            if start_datetime:
+                statm = statm.where(m.dt >= start_datetime)
+            if end_datetime:
+                statm = statm.where(m.dt <= end_datetime)
+            if limit:
+                statm = statm.limit(limit)
+            if where:
+                statm = statm.where(*[getattr(m, k) == v for k, v in where.items()])
+            if distinct:
+                statm = statm.distinct()
+            if order_by_asc:
+                statm = statm.order_by(*[getattr(m, k).asc() for k in order_by_asc])
+            if order_by_desc:
+                statm = statm.order_by(*[getattr(m, k).desc() for k in order_by_desc])
+
+            with self.sm.begin() as session:
+                r.extend(
+                    [
+                        self._convert_row_to_tracking(columns, r, tracer)
+                        for r in session.execute(statm).fetchall()
+                    ]
+                )
+
+        return r
+
+    def get_all_tracers(self) -> List[str]:
+        """
+        Get all tracers from database.
+
+        Returns:
+            List[str]: List of tracer's name.
+        """
+        return self.sm.inspect_all_tracers()
+
+    def get_all_collector_ids(self) -> List[str]:
+        """
+        Get all collector id from database.
+
+        Returns:
+            List[str]: List of collector id.
+        """
+        return self.sm.inspect_all_collector_ids()
+
+    def _table_brief(
+        self,
+        table_name: str,
+        start_datetime: Optional[datetime] = None,
+        end_datetime: Optional[datetime] = None,
+        inspect: bool = True,
+        distinct: bool = False,
+    ) -> Brief:
+        """
+        Get a brief of a table.
+
+        Args:
+            table_name (str): Table's name.
+
+        Returns:
+            Brief: A brief of this table.
+        """
+        tracer = self.sm.table_name_to_tracer(table_name)
+        collector_id = self.sm.table_name_to_collector_id(table_name)
+
+        m = self.sm.get_tracking_model(tracer, collector_id)
+
+        if not inspect:
+            return Brief(tracer=tracer, collector_id=collector_id, fields=m.inspect_fields())
+        columns = m.inspect_fields().keys()
+        statm = select(*[getattr(m, k) for k in columns])
+        if distinct:
+            statm = statm.distinct()
+        if start_datetime:
+            statm = statm.where(m.dt >= start_datetime)
+        if end_datetime:
+            statm = statm.where(m.dt <= end_datetime)
+
+        start_statm = statm.order_by(m.dt.asc())
+        end_statm = statm.order_by(m.dt.desc())
+        count_statm = select(func.count()).select_from(statm.subquery())
+        with self.sm.begin() as session:
+            start_tracking = self._convert_row_to_tracking(
+                columns, session.execute(start_statm).first(), tracer
+            )
+            end_tracking = self._convert_row_to_tracking(
+                columns, session.execute(end_statm).first(), tracer
+            )
+
+            return Brief(
+                tracer=tracer,
+                collector_id=collector_id,
+                start=start_tracking.dt,
+                end=end_tracking.dt,
+                count=session.execute(count_statm).scalar(),
+                fields=m.inspect_fields(),
+            )
+
+    def _convert_row_to_tracking(self, columns: List[str], row: Any, tracer: str) -> Tracking:
+        """
+        Convert a row to a tracking record.
+
+        Args:
+            columns (List[str]): Columns.
+            row (Any): Row.
+            tracer (str): Tracer's name.
+
+        Returns:
+            duetector.analyzer.models.Tracking: A tracking record.
+        """
+        if not row:
+            return Tracking(tracer=tracer)
+
+        return Tracking(tracer=tracer, **{k: v for k, v in zip(columns, row)})
+
+    def brief(
+        self,
+        tracers: Optional[List[str]] = None,
+        collector_ids: Optional[List[str]] = None,
+        start_datetime: Optional[datetime] = None,
+        end_datetime: Optional[datetime] = None,
+        with_details: bool = True,
+        distinct: bool = False,
+    ) -> AnalyzerBrief:
+        """
+        Get a brief of this analyzer.
+
+        Args:
+            tracers (Optional[List[str]], optional):
+                Tracers. Defaults to None, all tracers will be queried.
+                If a specific tracer is not found, it will be ignored.
+            collector_ids (Optional[List[str]], optional):
+                Collector ids. Defaults to None, all collector ids will be queried.
+                If a specific collector id is not found, it will be ignored.
+            start_datetime (Optional[datetime], optional): Start time. Defaults to None.
+            end_datetime (Optional[datetime], optional): End time. Defaults to None.
+            with_details (bool, optional): With details. Defaults to True.
+            distinct (bool, optional): Distinct. Defaults to False.
+
+        Returns:
+            AnalyzerBrief: A brief of this analyzer.
+        """
+        tables = self.sm.inspect_all_tables()
+        if tracers:
+            tables = [t for t in tables if self.sm.table_name_to_tracer(t) in tracers]
+        if collector_ids:
+            tables = [t for t in tables if self.sm.table_name_to_collector_id(t) in collector_ids]
+
+        briefs = [
+            self._table_brief(
+                t, start_datetime, end_datetime, inspect=with_details, distinct=distinct
+            )
+            for t in tables
+        ]
+
+        return AnalyzerBrief(
+            tracers=[brief.tracer for brief in briefs],
+            collector_ids=[brief.collector_id for brief in briefs],
+            briefs=briefs,
+        )
diff --git a/duetector/analyzer/models.py b/duetector/analyzer/models.py
new file mode 100644
index 0000000..d55da4a
--- /dev/null
+++ b/duetector/analyzer/models.py
@@ -0,0 +1,86 @@
+from __future__ import annotations
+
+from datetime import datetime
+from typing import Any, Dict, List, Optional
+
+import pydantic
+
+
+class Tracking(pydantic.BaseModel):
+    """
+    Tracking model for analyzer.
+
+    Currently, this is a copy of ``duetector.collectors.models.Tracking``.
+    And as an ACL(anti-corruption layer), we will not use ``duetector.collectors.models.Tracking`` directly.
+    """
+
+    tracer: str
+    """
+    Tracer's name
+    """
+
+    pid: Optional[int] = None
+    """
+    Process ID
+    """
+    uid: Optional[int] = None
+    """
+    User ID
+    """
+    gid: Optional[int] = None
+    """
+    Group ID of user
+    """
+    comm: Optional[str] = "Unknown"
+    """
+    Command name
+    """
+    cwd: Optional[str] = None
+    """
+    Current working directory of process
+    """
+    fname: Optional[str] = None
+    """
+    File name which is being accessed
+    """
+
+    dt: Optional[datetime] = None
+    """
+    datetime of event
+    """
+
+    extended: Dict[str, Any] = {}
+    """
+    Extended fields, will be stored in ``extended`` field as a dict
+    """
+
+
+class Brief(pydantic.BaseModel):
+    """
+    Brief of a tracking set, mostly a table.
+    """
+
+    tracer: str
+    collector_id: str
+    start: Optional[datetime] = None
+    end: Optional[datetime] = None
+    count: Optional[int] = None
+    fields: Dict[str, Any] = {}
+
+
+class AnalyzerBrief(pydantic.BaseModel):
+    """
+    Brief of analyzer.
+    """
+
+    tracers: List[str]
+    """
+    List of tracers
+    """
+
+    collector_ids: List[str]
+    """
+    List of collector ids
+    """
+
+    briefs: List[Brief]
diff --git a/duetector/collectors/__init__.py b/duetector/collectors/__init__.py
index 14b1a86..1fb7d9d 100644
--- a/duetector/collectors/__init__.py
+++ b/duetector/collectors/__init__.py
@@ -1,9 +1,3 @@
 from .base import Collector
 
 __all__ = ["Collector"]
-
-
-# Expose for plugin system
-from . import base, db
-
-registers = [base, db]
diff --git a/duetector/collectors/base.py b/duetector/collectors/base.py
index 3242179..7d8ff5f 100644
--- a/duetector/collectors/base.py
+++ b/duetector/collectors/base.py
@@ -132,8 +132,8 @@ def summary(self) -> Dict:
         return {
             tracer: {
                 "count": len(trackings),
-                "first": trackings[0].timestamp,
-                "last": trackings[-1].timestamp,
+                "first": trackings[0].dt,
+                "last": trackings[-1].dt,
                 "most_recent": trackings[-1].model_dump(),
             }
             for tracer, trackings in self._trackings.items()
diff --git a/duetector/collectors/db.py b/duetector/collectors/db.py
index 846a403..ccc1469 100644
--- a/duetector/collectors/db.py
+++ b/duetector/collectors/db.py
@@ -1,7 +1,7 @@
 import copy
 from typing import Any, Dict, Optional
 
-from sqlalchemy import select  # type: ignore
+from sqlalchemy import func, select  # type: ignore
 
 from duetector.collectors.base import Collector
 from duetector.collectors.models import Tracking
@@ -50,13 +50,13 @@ def summary(self) -> Dict:
         with self.sm.begin() as session:
             return {
                 tracer: {
-                    "count": len(session.execute(select(m)).fetchall()),
-                    "first at": session.execute(select(m)).first()[0].timestamp,
+                    "count": session.execute(select(func.count()).select_from(m)).scalar(),
+                    "first at": session.execute(select(m)).first()[0].dt,
                     "last": session.execute(select(m).order_by(m.id.desc()))  # type: ignore
                     .first()[0]
-                    .to_tracking(),
+                    .to_collector_tracking(),
                 }
-                for tracer, m in self.sm.get_all_model().items()
+                for tracer, m in self.sm.get_all_models().items()
             }
 
 
diff --git a/duetector/collectors/models.py b/duetector/collectors/models.py
index 169edb9..b4084fe 100644
--- a/duetector/collectors/models.py
+++ b/duetector/collectors/models.py
@@ -1,9 +1,12 @@
 from __future__ import annotations
 
+from datetime import datetime
 from typing import Any, Dict, NamedTuple, Optional
 
 import pydantic
 
+from duetector.utils import get_boot_time_duration_ns
+
 
 class Tracking(pydantic.BaseModel):
     """
@@ -43,9 +46,9 @@ class Tracking(pydantic.BaseModel):
     File name which is being accessed
     """
 
-    timestamp: Optional[int] = None
+    dt: Optional[datetime] = None
     """
-    Timestamp of event, ns since boot
+    datetime of event
     """
 
     extended: Dict[str, Any] = {}
@@ -53,6 +56,16 @@ class Tracking(pydantic.BaseModel):
     Extended fields, will be stored in ``extended`` field as a dict
     """
 
+    @classmethod
+    def normalize_field(cls, field, data):
+        """
+        Normalize field name and data
+        """
+        if field == "timestamp":
+            field = "dt"
+            data = get_boot_time_duration_ns(data)
+        return field, data
+
     @staticmethod
     def from_namedtuple(tracer, data: NamedTuple) -> Tracking:  # type: ignore
         """
@@ -71,10 +84,11 @@ def from_namedtuple(tracer, data: NamedTuple) -> Tracking:  # type: ignore
             "extended": {},
         }
         for field in data._fields:  # type: ignore
-            if field in Tracking.model_fields:
-                args[field] = getattr(data, field)
+            k, v = Tracking.normalize_field(field, getattr(data, field))
+            if k in Tracking.model_fields:
+                args[k] = v
             else:
-                args["extended"][field] = getattr(data, field)
+                args["extended"][k] = v
 
         if not args.get("cwd"):
             # Try get cwd from /proc/<pid>/cwd
@@ -86,3 +100,7 @@ def from_namedtuple(tracer, data: NamedTuple) -> Tracking:  # type: ignore
                 pass
 
         return Tracking(**args)
+
+
+if __name__ == "__main__":
+    Tracking(tracer="test", dt=datetime.now())
diff --git a/duetector/collectors/register.py b/duetector/collectors/register.py
new file mode 100644
index 0000000..ac07b16
--- /dev/null
+++ b/duetector/collectors/register.py
@@ -0,0 +1,4 @@
+# Expose for plugin system
+from . import base, db
+
+registers = [base, db]
diff --git a/duetector/db.py b/duetector/db.py
index 457a698..ebcf18e 100644
--- a/duetector/db.py
+++ b/duetector/db.py
@@ -1,6 +1,7 @@
 from contextlib import contextmanager
+from datetime import datetime
 from threading import Lock
-from typing import Any, Dict, Generator, Optional
+from typing import Any, Dict, Generator, List, Optional
 
 import sqlalchemy  # type: ignore
 from sqlalchemy.orm import (  # type: ignore
@@ -12,7 +13,8 @@
 )
 from sqlalchemy.types import JSON  # type: ignore
 
-from duetector.collectors.models import Tracking
+from duetector.analyzer.models import Tracking as AT
+from duetector.collectors.models import Tracking as CT
 from duetector.config import Configuable
 
 
@@ -29,7 +31,7 @@ class TrackingMixin:
     pid: Mapped[Optional[int]]
     uid: Mapped[Optional[int]]
     gid: Mapped[Optional[int]]
-    timestamp: Mapped[Optional[int]]
+    dt: Mapped[Optional[datetime]]
 
     comm: Mapped[Optional[str]]
     cwd: Mapped[Optional[str]]
@@ -38,7 +40,32 @@ class TrackingMixin:
     extended: Mapped[Dict[str, Any]] = mapped_column(type_=JSON, default={})
 
     def __repr__(self):
-        return f"<Tracking [{self.pid} {self.comm}] {self.timestamp}>"
+        return f"<Tracking [{self.pid} {self.comm}] {self.dt}>"
+
+
+class TrackingInterface:
+    """
+    A interface for tracking.
+    """
+
+    def to_collector_tracking(self) -> CT:
+        """
+        Convert to collector's tracking model.
+        """
+        raise NotImplementedError
+
+    def to_analyzer_tracking(self) -> AT:
+        """
+        Convert to analyzer's tracking model.
+        """
+        raise NotImplementedError
+
+    @classmethod
+    def inspect_fields(cls) -> Dict[str, Any]:
+        """
+        Inspect fields of this model.
+        """
+        raise NotImplementedError
 
 
 class SessionManager(Configuable):
@@ -54,9 +81,21 @@ class SessionManager(Configuable):
     .. code-block:: python
 
         from duetector.db import SessionManager
+        from duetector.collectors.models import Tracking
         sessionmanager = SessionManager()
+        t = Tracking(
+            tracer="t",
+        )
+        m = sessionmanager.get_tracking_model(t.tracer, "id")
+
         with sessionmanager.begin() as session:
-            session.add(...)
+            session.add(m(**t.model_dump(exclude=["tracer"])))
+            session.commit()
+
+        assert sessionmanager.inspect_all_tables() == [
+            sessionmanager.get_table_names("t", "id")
+        ]
+        assert sessionmanager.inspect_all_tables("not-exist") == []
 
 
     """
@@ -149,7 +188,18 @@ def begin(self) -> Generator[Session, None, None]:
         with self.sessionmaker.begin() as session:
             yield session
 
-    def get_tracking_model(self, tracer: str = "unknown", collector_id: str = "") -> type:
+    def get_table_names(self, tracer: str = "unknown", collector_id: str = "") -> str:
+        return f"{self.table_prefix}:{tracer}@{collector_id}"
+
+    def table_name_to_tracer(self, table_name: str) -> str:
+        return table_name.split(":")[1].split("@")[0]
+
+    def table_name_to_collector_id(self, table_name: str) -> str:
+        return table_name.split(":")[1].split("@")[1]
+
+    def get_tracking_model(
+        self, tracer: str = "unknown", collector_id: str = ""
+    ) -> TrackingInterface:
         """
         Get a sqlalchemy model for tracking, each tracer will create a table in database.
 
@@ -168,22 +218,41 @@ def get_tracking_model(self, tracer: str = "unknown", collector_id: str = "") ->
             class Base(DeclarativeBase):
                 pass
 
-            class TrackingModel(Base, TrackingMixin):
-                __tablename__ = f"{self.table_prefix}:{tracer}@{collector_id}"
+            class TrackingModel(Base, TrackingMixin, TrackingInterface):
+                __tablename__ = self.get_table_names(tracer, collector_id)
 
-                def to_tracking(self) -> Tracking:
-                    return Tracking(
+                def to_collector_tracking(self) -> CT:
+                    return CT(
                         tracer=tracer,
                         pid=self.pid,
                         uid=self.uid,
                         gid=self.gid,
-                        timestamp=self.timestamp,
+                        dt=self.dt,
                         comm=self.comm,
                         cwd=self.cwd,
                         fname=self.fname,
                         extended=self.extended,
                     )
 
+                def to_analyzer_tracking(self) -> AT:
+                    return AT(
+                        tracer=tracer,
+                        pid=self.pid,
+                        uid=self.uid,
+                        gid=self.gid,
+                        dt=self.dt,
+                        comm=self.comm,
+                        cwd=self.cwd,
+                        fname=self.fname,
+                        extended=self.extended,
+                    )
+
+                @classmethod
+                def inspect_fields(cls) -> Dict[str, Any]:
+                    return {
+                        c.name: c.type.python_type for c in cls.__table__.columns if c.name != "id"
+                    }
+
             try:
                 self._tracking_models[tracer] = self._init_tracking_model(TrackingModel)
             except Exception as e:
@@ -191,9 +260,31 @@ def to_tracking(self) -> Tracking:
                 raise
             return self._tracking_models[tracer]
 
-    def get_all_model(self) -> Dict[str, type]:
+    def get_all_models(self) -> Dict[str, type]:
         return self._tracking_models
 
+    def inspect_all_tables(
+        self, tracer: Optional[str] = None, collector_id: Optional[str] = None
+    ) -> str:
+        def _filter(t):
+            if tracer and self.table_name_to_tracer(t) != tracer:
+                return False
+            if collector_id and self.table_name_to_collector_id(t) != collector_id:
+                return False
+            return True
+
+        return [
+            t
+            for t in sqlalchemy.inspect(self.engine).get_table_names()
+            if t.startswith(self.table_prefix) and _filter(t)
+        ]
+
+    def inspect_all_tracers(self) -> List[str]:
+        return list(set(self.table_name_to_tracer(t) for t in self.inspect_all_tables()))
+
+    def inspect_all_collector_ids(self) -> List[str]:
+        return list(set(self.table_name_to_collector_id(t) for t in self.inspect_all_tables()))
+
     def _init_tracking_model(self, tracking_model: type) -> type:
         if not sqlalchemy.inspect(self.engine).has_table(tracking_model.__tablename__):
             tracking_model.__table__.create(self.engine)
@@ -201,4 +292,17 @@ def _init_tracking_model(self, tracking_model: type) -> type:
 
 
 if __name__ == "__main__":
-    print(SessionManager())
+    from duetector.collectors.models import Tracking
+
+    sessionmanager = SessionManager()
+    t = Tracking(
+        tracer="t",
+    )
+    m = sessionmanager.get_tracking_model(t.tracer, "id")
+
+    with sessionmanager.begin() as session:
+        session.add(m(**t.model_dump(exclude=["tracer"])))
+        session.commit()
+
+    assert sessionmanager.inspect_all_tables() == [sessionmanager.get_table_names("t", "id")]
+    assert sessionmanager.inspect_all_tables("not-exist") == []
diff --git a/duetector/filters/__init__.py b/duetector/filters/__init__.py
index 1cc0953..5fb10ae 100644
--- a/duetector/filters/__init__.py
+++ b/duetector/filters/__init__.py
@@ -1,9 +1,3 @@
 from .base import Filter
 
 __all__ = ["Filter"]
-
-
-# Expose for plugin system
-from . import pattern
-
-registers = [pattern]
diff --git a/duetector/filters/base.py b/duetector/filters/base.py
index 7915a7e..fa8d78c 100644
--- a/duetector/filters/base.py
+++ b/duetector/filters/base.py
@@ -14,22 +14,23 @@ class Filter(Configuable):
     subclass should override ``filter`` method.
 
     User should call Filter() directly to filter data,
+
     Example:
 
-    .. code-block:: python
+        .. code-block:: python
 
-            from duetector.filters import Filter
-            from duetector.collectors.models import Tracking
+                from duetector.filters import Filter
+                from duetector.collectors.models import Tracking
 
-            class MyFilter(Filter):
-                def filter(self, data: Tracking) -> Optional[Tracking]:
-                    if data.fname == "/etc/passwd":
-                        return None
-                    return data
+                class MyFilter(Filter):
+                    def filter(self, data: Tracking) -> Optional[Tracking]:
+                        if data.fname == "/etc/passwd":
+                            return None
+                        return data
 
-            f = MyFilter()
-            f(Tracking(fname="/etc/passwd"))  # None
-            f(Tracking(fname="/etc/shadow"))  # Tracking(fname="/etc/shadow")
+                f = MyFilter()
+                f(Tracking(fname="/etc/passwd"))  # None
+                f(Tracking(fname="/etc/shadow"))  # Tracking(fname="/etc/shadow")
     """
 
     default_config = {
diff --git a/duetector/filters/register.py b/duetector/filters/register.py
new file mode 100644
index 0000000..41f34ed
--- /dev/null
+++ b/duetector/filters/register.py
@@ -0,0 +1,4 @@
+# Expose for plugin system
+from . import pattern
+
+registers = [pattern]
diff --git a/duetector/managers/collector.py b/duetector/managers/collector.py
index 0c40c4d..5ad7bf3 100644
--- a/duetector/managers/collector.py
+++ b/duetector/managers/collector.py
@@ -3,7 +3,7 @@
 
 import pluggy
 
-import duetector.collectors
+import duetector.collectors.register
 from duetector.collectors.base import Collector
 from duetector.extension.collector import project_name
 from duetector.log import logger
@@ -42,7 +42,7 @@ def __init__(self, config: Optional[Dict[str, Any]] = None, *args, **kwargs):
         self.pm = pluggy.PluginManager(PROJECT_NAME)
         self.pm.add_hookspecs(sys.modules[__name__])
         self.pm.load_setuptools_entrypoints(PROJECT_NAME)
-        self.register(duetector.collectors)
+        self.register(duetector.collectors.register)
 
     def init(self, ignore_disabled=True) -> List[Collector]:
         """
diff --git a/duetector/managers/filter.py b/duetector/managers/filter.py
index 16f541b..d9a8bd3 100644
--- a/duetector/managers/filter.py
+++ b/duetector/managers/filter.py
@@ -3,7 +3,7 @@
 
 import pluggy
 
-import duetector.filters
+import duetector.filters.register
 from duetector.extension.filter import project_name
 from duetector.filters.base import Filter
 from duetector.log import logger
@@ -40,7 +40,7 @@ def __init__(self, config: Optional[Dict[str, Any]] = None, *args, **kwargs):
         self.pm = pluggy.PluginManager(PROJECT_NAME)
         self.pm.add_hookspecs(sys.modules[__name__])
         self.pm.load_setuptools_entrypoints(PROJECT_NAME)
-        self.register(duetector.filters)
+        self.register(duetector.filters.register)
 
     def init(self, ignore_disabled=True) -> List[Filter]:
         """
diff --git a/duetector/managers/tracer.py b/duetector/managers/tracer.py
index e7ce10b..0afedf6 100644
--- a/duetector/managers/tracer.py
+++ b/duetector/managers/tracer.py
@@ -3,7 +3,7 @@
 
 import pluggy
 
-import duetector.tracers
+import duetector.tracers.register
 from duetector.extension.tracer import project_name
 from duetector.log import logger
 from duetector.managers import Manager
@@ -40,7 +40,7 @@ def __init__(self, config: Optional[Dict[str, Any]] = None, *args, **kwargs):
         self.pm = pluggy.PluginManager(PROJECT_NAME)
         self.pm.add_hookspecs(sys.modules[__name__])
         self.pm.load_setuptools_entrypoints(PROJECT_NAME)
-        self.register(duetector.tracers)
+        self.register(duetector.tracers.register)
 
     def init(self, tracer_type=Tracer, ignore_disabled=True) -> List[Tracer]:
         """
diff --git a/duetector/monitors/sh_monitor.py b/duetector/monitors/sh_monitor.py
index b999992..b9044c1 100644
--- a/duetector/monitors/sh_monitor.py
+++ b/duetector/monitors/sh_monitor.py
@@ -84,7 +84,7 @@ class ShMonitor(Monitor):
     default_config = {
         **Monitor.default_config,
         "auto_init": True,
-        "timeout": 30,
+        "timeout": 5,
     }
     """
     Default config for this monitor.
diff --git a/duetector/static/config.toml b/duetector/static/config.toml
index 540bd46..c5ea18d 100644
--- a/duetector/static/config.toml
+++ b/duetector/static/config.toml
@@ -91,10 +91,16 @@ interval_ms = 500
 [monitor.sh]
 disabled = false
 auto_init = true
-timeout = 30
+timeout = 5
 
 [monitor.sh.backend_args]
 max_workers = 10
 
 [monitor.sh.poller]
 interval_ms = 500
+
+[db_analyzer.db]
+table_prefix = "duetector_tracking"
+
+[db_analyzer.db.engine]
+url = "sqlite:///duetector-dbcollector.sqlite3"
diff --git a/duetector/tools/config_generator.py b/duetector/tools/config_generator.py
index 92e8416..7b6703d 100644
--- a/duetector/tools/config_generator.py
+++ b/duetector/tools/config_generator.py
@@ -4,6 +4,7 @@
 
 import tomli_w
 
+from duetector.analyzer.db import DBAnalyzer
 from duetector.config import ConfigLoader
 from duetector.log import logger
 from duetector.managers import CollectorManager, FilterManager, TracerManager
@@ -56,6 +57,11 @@ class ConfigGenerator:
     All monitors to inspect.
     """
 
+    analyzer = [DBAnalyzer]
+    """
+    All analyzers to inspect.
+    """
+
     def __init__(
         self,
         load: bool = True,
@@ -79,6 +85,8 @@ def __init__(
         for m in self.monitors:
             _recursive_load(m.config_scope, self.dynamic_config, m.default_config)
 
+        for a in self.analyzer:
+            _recursive_load(a.config_scope, self.dynamic_config, a.default_config)
         # This will generate default config file if not exists
         if load:
             self.loaded_config = ConfigLoader(path, load_env, dump_when_load=False).load_config()
diff --git a/duetector/tracers/__init__.py b/duetector/tracers/__init__.py
index 6a3ee06..5d8875f 100644
--- a/duetector/tracers/__init__.py
+++ b/duetector/tracers/__init__.py
@@ -1,8 +1,3 @@
 from .base import BccTracer, ShellTracer, Tracer
 
 __all__ = ["Tracer", "BccTracer", "ShellTracer"]
-
-# Expose for plugin system
-from . import clone, openat2, tcpconnect, uname
-
-registers = [openat2, uname, tcpconnect, clone]
diff --git a/duetector/tracers/register.py b/duetector/tracers/register.py
new file mode 100644
index 0000000..df08838
--- /dev/null
+++ b/duetector/tracers/register.py
@@ -0,0 +1,4 @@
+# Expose for plugin system
+from . import clone, openat2, tcpconnect, uname
+
+registers = [openat2, uname, tcpconnect, clone]
diff --git a/duetector/tracers/tcpconnect.py b/duetector/tracers/tcpconnect.py
index c199e16..69e9915 100644
--- a/duetector/tracers/tcpconnect.py
+++ b/duetector/tracers/tcpconnect.py
@@ -27,7 +27,10 @@ class TcpconnectTracer(BccTracer):
     def poll_args(self):
         return {"timeout": int(self.config.poll_timeout)}
 
-    data_t = namedtuple("TcpTracking", ["pid", "uid", "gid", "comm", "saddr", "daddr", "dport"])
+    data_t = namedtuple(
+        "TcpTracking",
+        ["pid", "uid", "gid", "comm", "saddr", "daddr", "dport", "timestamp"],
+    )
 
     prog = """
     #include <uapi/linux/ptrace.h>
@@ -45,6 +48,8 @@ def poll_args(self):
         u32 pid;
         u32 uid;
         u32 gid;
+
+        u64 timestamp;
         char comm[TASK_COMM_LEN];
     };
     int do_trace(struct pt_regs *ctx, struct sock *sk)
@@ -88,6 +93,7 @@ def poll_args(self):
         event.pid = pid;
         event.uid = bpf_get_current_uid_gid();
         event.gid = bpf_get_current_uid_gid() >> 32;
+        event.timestamp = bpf_ktime_get_ns();
         bpf_get_current_comm(&event.comm, sizeof(event.comm));
 	    // output
 	    buffer.ringbuf_output(&event, sizeof(event), 0);
@@ -102,7 +108,8 @@ def poll_args(self):
     def _convert_data(self, data) -> NamedTuple:
         data = super()._convert_data(data)
         return data._replace(
-            saddr=inet_ntoa(data.saddr).decode("utf-8"), daddr=inet_ntoa(data.daddr).decode("utf-8")
+            saddr=inet_ntoa(data.saddr).decode("utf-8"),
+            daddr=inet_ntoa(data.daddr).decode("utf-8"),
         )  # type: ignore
 
     def set_callback(self, host, callback: Callable[[NamedTuple], None]):
diff --git a/duetector/utils.py b/duetector/utils.py
index 8c18017..c67bfa2 100644
--- a/duetector/utils.py
+++ b/duetector/utils.py
@@ -1,3 +1,11 @@
+from datetime import datetime, timedelta
+
+try:
+    from functools import cache
+except ImportError:
+    from functools import lru_cache as cache
+
+
 class Singleton(type):
     _instances = {}
 
@@ -15,3 +23,22 @@ def inet_ntoa(addr) -> bytes:
             dq = dq + b"."
         addr = addr >> 8
     return dq
+
+
+@cache
+def get_boot_time() -> datetime:
+    with open("/proc/stat", "r") as f:
+        for line in f:
+            if line.startswith("btime"):
+                return datetime.fromtimestamp(int(line.split()[1]))
+    raise RuntimeError("Could not find btime in /proc/stat")
+
+
+def get_boot_time_duration_ns(ns) -> datetime:
+    ns = int(ns)
+    return get_boot_time() + timedelta(microseconds=ns / 1000)
+
+
+if __name__ == "__main__":
+    print(get_boot_time())
+    print(get_boot_time_duration_ns("13205215231927"))
diff --git a/pyproject.toml b/pyproject.toml
index 54edec7..135da34 100644
--- a/pyproject.toml
+++ b/pyproject.toml
@@ -27,7 +27,7 @@ classifiers = [
 ]
 [project.optional-dependencies]
 test = ["pytest", "pytest-cov", "pytype"]
-docs = ["Sphinx<=7.2.4", "sphinx-rtd-theme", "sphinx-click"]
+docs = ["Sphinx<=7.2.4", "sphinx-rtd-theme", "sphinx-click", "autodoc_pydantic"]
 
 [project.scripts]
 duectl = "duetector.cli.main:cli"
diff --git a/tests/config.toml b/tests/config.toml
index 5a42e6a..7b3dc63 100644
--- a/tests/config.toml
+++ b/tests/config.toml
@@ -20,7 +20,7 @@ re_exclude_fname = [
     "/run",
     "/usr/lib",
     "/etc/ld.so.cache",
-    "/re/*"
+    "/re/*",
 ]
 re_exclude_comm = []
 exclude_pid = []
@@ -61,8 +61,13 @@ maxlen = 1024
 disabled = false
 auto_init = true
 
-
 [monitor.sh]
 disabled = false
 auto_init = true
 timeout = 5
+
+[db_analyzer.db]
+table_prefix = "duetector_tracking"
+
+[db_analyzer.db.engine]
+url = "sqlite:///:memory:"
diff --git a/tests/test_bcc_monitor.py b/tests/test_bcc_monitor.py
index e7c2922..81d779f 100644
--- a/tests/test_bcc_monitor.py
+++ b/tests/test_bcc_monitor.py
@@ -4,11 +4,13 @@
 import pytest
 
 from duetector.collectors.models import Tracking
-from duetector.config import Configuable
 from duetector.managers import CollectorManager, FilterManager, TracerManager
 from duetector.monitors.bcc_monitor import BccMonitor, Monitor
 from duetector.tracers.base import BccTracer, Tracer
-from duetector.tracers.dummy import DummyBPF, DummyTracer
+from duetector.utils import get_boot_time_duration_ns
+
+timestamp = 13205215231927
+datetime = get_boot_time_duration_ns(timestamp)
 
 
 class MockTracer(Tracer):
@@ -24,7 +26,7 @@ def get_dummy_data(cls):
             gid=9999,
             comm="dummy",
             fname="dummy.file",
-            timestamp=13205215231927,
+            timestamp=timestamp,
             custom="dummy-xargs",
         )
 
@@ -118,7 +120,7 @@ def test_bcc_monitor(bcc_monitor: MockMonitor):
         comm="dummy",
         cwd=None,
         fname="dummy.file",
-        timestamp=13205215231927,
+        dt=datetime,
         extended={"custom": "dummy-xargs"},
     )
 
diff --git a/tests/test_collector.py b/tests/test_collector.py
index 9b0424f..0006a36 100644
--- a/tests/test_collector.py
+++ b/tests/test_collector.py
@@ -5,6 +5,10 @@
 from duetector.collectors.db import DBCollector
 from duetector.collectors.models import Tracking
 from duetector.managers import CollectorManager
+from duetector.utils import get_boot_time_duration_ns
+
+timestamp = 13205215231927
+datetime = get_boot_time_duration_ns(timestamp)
 
 
 @pytest.fixture
@@ -27,7 +31,7 @@ def data_t():
         gid=9999,
         comm="dummy",
         fname="dummy.file",
-        timestamp=13205215231927,
+        timestamp=timestamp,
         custom="dummy-xargs",
     )
 
@@ -38,7 +42,7 @@ def test_dbcollector(dbcollector: DBCollector, data_t):
     assert dbcollector.summary() == {
         "dummy": {
             "count": 1,
-            "first at": 13205215231927,
+            "first at": datetime,
             "last": Tracking(
                 tracer="dummy",
                 pid=9999,
@@ -47,7 +51,7 @@ def test_dbcollector(dbcollector: DBCollector, data_t):
                 comm="dummy",
                 cwd=None,
                 fname="dummy.file",
-                timestamp=13205215231927,
+                dt=datetime,
                 extended={"custom": "dummy-xargs"},
             ),
         }
diff --git a/tests/test_db_analyzer.py b/tests/test_db_analyzer.py
new file mode 100644
index 0000000..1595687
--- /dev/null
+++ b/tests/test_db_analyzer.py
@@ -0,0 +1,109 @@
+from datetime import datetime, timedelta
+
+import pytest
+
+from duetector.analyzer.db import DBAnalyzer
+from duetector.analyzer.models import Tracking as AT
+from duetector.collectors.models import Tracking as CT
+
+now = datetime.now()
+
+tracking_kwargs = dict(
+    tracer="db_analyzer_tests",
+    pid=9999,
+    uid=9999,
+    gid=9999,
+    comm="dummy",
+    cwd=None,
+    fname="dummy.file",
+    dt=datetime.now(),
+    extended={"custom": "dummy-xargs"},
+)
+
+
+@pytest.fixture
+def tracer_name():
+    return "db_analyzer_tests"
+
+
+@pytest.fixture
+def collector_id():
+    return "db_analyzer_tests_collector"
+
+
+@pytest.fixture
+def c_tracking():
+    yield CT(**tracking_kwargs)
+
+
+@pytest.fixture
+def a_tracking():
+    yield AT(**tracking_kwargs)
+
+
+@pytest.fixture
+def db_analyzer(full_config, c_tracking, collector_id):
+    db_analyzer = DBAnalyzer(full_config)
+    sessionmanager = db_analyzer.sm
+
+    m = sessionmanager.get_tracking_model(c_tracking.tracer, collector_id)
+
+    with sessionmanager.begin() as session:
+        session.add(m(**c_tracking.model_dump(exclude=["tracer"])))
+        session.add(m(**c_tracking.model_dump(exclude=["tracer"])))
+        session.commit()
+
+    assert sessionmanager.inspect_all_tables() == [
+        sessionmanager.get_table_names(c_tracking.tracer, collector_id)
+    ]
+    assert sessionmanager.inspect_all_tables("not-exist") == []
+    yield db_analyzer
+
+
+def test_query(db_analyzer: DBAnalyzer, a_tracking, collector_id):
+    assert a_tracking in db_analyzer.query()
+    assert a_tracking in db_analyzer.query(tracers=[a_tracking.tracer])
+    assert a_tracking in db_analyzer.query(collector_ids=[collector_id])
+    assert a_tracking in db_analyzer.query(
+        tracers=[a_tracking.tracer], collector_ids=[collector_id]
+    )
+    assert a_tracking in db_analyzer.query(start_datetime=now - timedelta(days=1))
+    assert a_tracking in db_analyzer.query(end_datetime=now + timedelta(days=1))
+    assert a_tracking in db_analyzer.query(order_by_asc=["pid"])
+    assert a_tracking in db_analyzer.query(order_by_desc=["pid"])
+
+    assert len(db_analyzer.query()) == 2
+    assert len(db_analyzer.query(distinct=True)) == 1
+
+    assert AT(
+        tracer=a_tracking.tracer,
+        pid=a_tracking.pid,
+        fname=a_tracking.fname,
+    ) in db_analyzer.query(columns=["pid", "fname"])
+
+    assert not db_analyzer.query(tracers=["not-exist"])
+    assert not db_analyzer.query(collector_ids=["not-exist"])
+    assert not db_analyzer.query(start_datetime=now + timedelta(days=1))
+    assert not db_analyzer.query(end_datetime=now - timedelta(days=1))
+    assert not db_analyzer.query(start=100)
+    assert not db_analyzer.query(where={"pid": 1})
+
+
+def test_brief(db_analyzer: DBAnalyzer, a_tracking, collector_id):
+    assert db_analyzer.brief()
+    assert db_analyzer.brief(tracers=[a_tracking.tracer])
+    assert db_analyzer.brief(collector_ids=[collector_id])
+    assert db_analyzer.brief(tracers=[a_tracking.tracer], collector_ids=[collector_id])
+    assert db_analyzer.brief(start_datetime=now - timedelta(days=1))
+    assert db_analyzer.brief(end_datetime=now + timedelta(days=1))
+    assert db_analyzer.brief(with_details=False)
+    assert db_analyzer.brief(distinct=True)
+
+    assert not db_analyzer.brief(tracers=["not-exist"]).tracers
+    assert not db_analyzer.brief(collector_ids=["not-exist"]).collector_ids
+    assert not db_analyzer.brief(start_datetime=now + timedelta(days=1)).briefs[0].count
+    assert not db_analyzer.brief(end_datetime=now - timedelta(days=1)).briefs[0].count
+
+
+if __name__ == "__main__":
+    pytest.main(["-vv", "-s", __file__])