Skip to content

Agents output format

The agents output mode (-o agents) produces token-optimized JSON designed for AI agent consumption. It reduces token usage through key renaming, metadata stripping, and large-result spilling.

All agents output is TOON-encoded via toon_format::encode_default() for compact serialization.

Key transformations

For DataPrime results (logs and spans), the following keys are renamed:
Original keyAgents keyDescription
metadata$mLog metadata (severity, timestamp, etc.)
labels$lApplication labels (applicationname, subsystemname, serviceName, etc.)
userData$dUser data / log body

The aliases $m, $l, and $d are also valid in DataPrime query syntax itself — for example, cx logs 'filter $m.severity == ERROR' works regardless of output mode.

Metadata stripping

The following metadata fields are removed from $m:

  • branchid
  • priorityclass
  • processingOutputTimestampMicros
  • processingOutputTimestampNanos
  • timestampMicros

Metrics output

For cx metrics query, agents output includes only the metric definition (labels) and sample value — timestamps are omitted.

Result spilling

When a non-aggregated DataPrime result set in agents mode exceeds max_dataprime_direct_output_size (default 102400 bytes, or 100 KiB), the full results are written to a temp file instead of stdout.

What gets printed to stdout:

<N> results written to /tmp/cx_results_<hash>.json

What gets written to the file: the full JSON array of transformed results.

Config keys

KeyDefaultDescription
max_dataprime_direct_output_size102400 (100 KiB)Byte threshold for spilling. Set to -1 to disable
temp_dir"/tmp/"Directory for spilled files

File naming

Spilled files follow the pattern cx_results_<hash>.json, where <hash> is an 8-character hex string derived from the file contents.

Cleanup

Spilled files older than 30 minutes can be removed with:

cx cleanup

This deletes all cx_results* files in temp_dir that are older than 30 minutes.

AI agent integration

AI agents consuming cx output should:

  1. Use -o agents for all queries.
  2. Check whether the output is a file-path reference (spilled result) and read the file if so.
  3. Use cx cleanup periodically to remove stale result files.
  4. Reference fields using $d, $l, and $m notation in follow-up DataPrime queries.
Need help? Contact Support.
What's new? Find out here.
LLM? Read llms.txt.
Previous Time syntax
Next Coralogix CLI (legacy)