Data types and formats
The agent supports collecting a number of different types of data. These are known as "expect" types.
The currently supported expect types are:
- Numbers
- INTEGER: 64bit signed integer
- DECIMAL: limited to three decimal places
- Strings
- KEYWORD: the value is stored *as is* with no analysis. This is perfect for fields that have just a few distinct values (also known as low cardinality), e.g. HIGH, MEDIUM, LOW. Can be used to build histograms.
- LOG: the value is analysed, individual words or key terms (e.g. email addresses) are indexed and more advanced searches are enabled. Very well suited to free form text or log entries.
- Other
- BOOL: will accept any version of "truthy" (1, yes, true, T) as truth. Anything else is false.
- DATE: required input is ISO 8601 date/time format
- CSV: This is a fairly detailed topic, and therefore it has it's own article
- DISCARD: Sometimes you don't have a choice in the format being sent to the agent, however you do have a choice about what is sent to the cloud.
If the agent receives the wrong type of data, then an EXPECT_ERROR is raised.
Last modified 2yr ago