If anyone else has the same question, this is the query that I used.
Note: Some additional field extractions may be necessary.
"SELECT TOP 100000
i.date_time as [date],
i.record_number as session_id,
i.source_server_ip_int as dvc,
i.source_ip_int as src,
i.destination_ip_int as dest,
i.full_url,
i.url,
i.port,
p.name as app,
pc.name as app_category,
i.bytes_sent as bytes_out,
i.bytes_received as bytes_in,
i.duration,
i.category as category_id,
CASE when c.parent_category=0 then c.name
ELSE c.child_name END as category,
u.user_login_info as [user],
i.hits,
d.description as action_description,
dp.name as ws_action
FROM (((((incoming i left join users u on i.user_id=u.user_id)
left join protocols p on i.protocol_id=p.id)
left join protocol_category pc on p.parent_id=pc.id)
left join category c on i.category=c.category)
left join disposition d on i.disposition_code=d.disposition_code)
left join disposition_parent dp on d.blocking=dp.disposition_parent_id"
... View more