The agent supports collecting a number of different types of data. These are known as "expect" types.

The currently supported expect types are:

• Numbers

  • INTEGER: 64bit signed integer

  • DECIMAL: limited to three decimal places

• Strings

  • KEYWORD: the value is stored *as is* with no analysis. This is perfect for fields that have just a few distinct values (also known as low cardinality), e.g. HIGH, MEDIUM, LOW. Can be used to build histograms.

  • LOG: the value is analysed, individual words or key terms (e.g. email addresses) are indexed and more advanced searches are enabled. Very well suited to free form text or log entries.

• Other

  • BOOL: will accept any version of "truthy" (1, yes, true, T) as truth. Anything else is false.

  • DATE: required input is ISO 8601 date/time format

  • CSV: This is a fairly detailed topic, and therefore it has it's own article

  • DISCARD: Sometimes you don't have a choice in the format being sent to the agent, however you do have a choice about what is sent to the cloud.

If the agent receives the wrong type of data, then an EXPECT_ERROR is raised.