Understanding types

Goal

By the end of this guide you should be able to identify the data types used in DataPrime and understand how to work with them effectively in queries, including type conversions and casting.

Why it matters

Every field in your logs, traces, or enriched data in DataPrime has a type. Whether it's a number, a timestamp, or a string of text, understanding types is critical for writing accurate queries, performing aggregations, and avoiding unexpected null results. If your logic doesn’t match the type, your query might look right—but silently fail.

Supported types in DataPrime

Here’s a breakdown of the main types you’ll encounter and use:
Type Description JSON Representation
string UTF-8 encoded character sequences "hello world"
number Integer or float. Max is 2^53 123, 45.67
bool Boolean value (true/false) true
timestamp Nanosecond-precision point in time 1609459200000000000
interval Time duration (3h30m, 5s) "3h30m" (or number in nanoseconds)
regexp Regular expression used in filtering and matching "/[a-z]+/"
null Absence of a value null
array Collection of primitive values of a single type ["a", "b", "c"]

Intervals can be string or numeric (in nanoseconds), depending on context.

What happens if types mismatch?

Types will raise an error prior to execution if there is a mismatch.

For example this query will show the error message below:

filter timestamp > '10'

operator cannot be applied to types timestamp and string, expected comparable types (one of [number or bool or string or interval or timestamp or regexp])

When values are cast in an incompatible way, many functions and operations return null silently.

Type-specific usage rules

Strings: Use for free-text searches and ~, contains(), etc.
Numbers: Required for mathematical operations and aggregations like avg, sum.
Timestamps: Combine with interval types for time math (e.g., now() - timestamp > 5m)
Intervals: Use with time functions like diffTime, addTime.
Arrays: Ensure consistent item types. Use functions like arrayContains, arrayLength.
Booleans: Filter conditions and flags.
Null: Any null used in a boolean condition is treated as false.

Gotchas to watch for

Type mismatches often fail silently (especially in filters).
Some fields may appear numeric but are strings (e.g., status: "200").
Intervals passed as strings must follow strict formatting (1d2h3s is valid, 3s1d is not).
In tokenized mode (for long strings), some functions like contains() may not behave as expected.

Previous Data access mechanisms

Next Understanding logs

Type	Description	JSON Representation
string	UTF-8 encoded character sequences	`"hello world"`
number	Integer or float. Max is `2^53`	`123`, `45.67`
bool	Boolean value (`true`/`false`)	`true`
timestamp	Nanosecond-precision point in time	`1609459200000000000`
interval	Time duration (`3h30m`, `5s`)	`"3h30m"` (or number in nanoseconds)
regexp	Regular expression used in filtering and matching	`"/[a-z]+/"`
null	Absence of a value	`null`
array	Collection of primitive values of a single type	`["a", "b", "c"]`