DataPrime explained
Overview
DataPrime is Coralogix's piped syntax language, acting as an interface to the Coralogix engine. It provides users with a simple yet powerful way to describe event transformations and aggregations. DataPrime’s balance between simplicity and power comes from a small set of commands that transform event structure while providing full expression support similar to programming languages, in order to transform and manipulate the actual data.
Example query
Consider the following query, which chains multiple operations together, with the output of one operation becoming the input for the next. Each command can be used to progressively transform and refine the results of a query.
source logs
| filter cloud_availability_zone != null
| groupby cloud_availability_zone as cloud_az
aggregate distinct_count(host_name)
The query filters logs where there is a cloud_availability_zone field with a non-null value. It then groups by the availability zone, and counts up the number of unique hosts there are per availability zone. In short, this query provides a count of servers per availability zone.
For each query, DataPrime offers inherent type inferences, pre-execution query validation, automatic conversions, and smart autocompletion. It handles dynamic, semi-structured data easily, while allowing meaningful analytics.