PantherFlow Data Types
These data types are supported in PantherFlow query statements
PantherFlow is in open beta starting with Panther version 1.110, and is available to all customers. Please share any bug reports and feature requests with your Panther support team.
Integer
Integers are allowed. For example:
1
-2
Double
Doubles are allowed. For example:
1.01
-6.6
String
Strings enclosed in either single or double quotation marks are allowed. For example:
'foo'
"foo"
Unicode characters can be embedded directly in strings. For example:
'Panther is my favorite animal
🐱'
Quotation marks of different types are unescaped. For example:
'foo and "bar"'
→foo and "bar"
"foo and 'bar'"
→foo and 'bar'
Quotation marks of the same type are escaped with a backslash character. For example:
'foo and \'bar\''
→foo and 'bar'
"foo and \"bar\""
→foo and "bar"
Backslash characters must be escaped. For example:
"foo\\bar"
→foo\bar
Other escapes are also supported:
\'
'
\"
"
\\
\
\b
Backspace character
\f
Formfeed character
\n
Newline character
\r
Carriage return character
\t
Tab character
\ooo
Octal
\377
\xhh
Hex
\xF0\x9F\x98\x8E
\uhhhh
Unicode
\u5b89
Boolean
Typical boolean values are allowed:true
and false
.
Date
Dates must be formatted as YYYY-MM-DD
. The time.parse_date()
function can be used to convert a string to a date. For example:
time.parse_date('2023-06-01')
Timestamp
Timestamps must be indicated using the time.parse_timestamp()
function, which converts a string to a timestamp. For example:
time.parse_timestamp('2023-06-01 13:14:15.00Z')
Timestamps can be compared to one another. For example, the following expression evaluates to true if the current date and time is after 2023-06-01
:
now() > 2023-06-01
Timespan
Timespans must be composed of a number and a unit. The time.parse_timespan()
function converts a string in this format to a timespan. For example:
time.parse_timespan('1d')
1d
1.5s
Several units are supported:
microsecond
microseconds
ms
millisecond
s
second
m
minute
h
hour
d
day
Timespans can be used arithmetically with timestamps. For example:
time.now() - 1d
This expression evaluates to a timestamp that is one day ago
p_event_time > time.ago(1d)
This expression evaluates to true if
p_event_time
is more recent than one day ago
Object
Objects can be expressed with curly brackets {'key': value}
or by passing values to the object()
function. Keys must be strings, while values can be any type (including scalars, arrays, and objects).
For example:
{'key1': 'foo', 'key2': 1}
object('key1', 'foo', 'key2', 1)
Object fields can be accessed using dot notation or square brackets. For example:
obj.key1
obj['key1']
The value of a key that is not in an object is null
:
obj['missing key'] == null
Setting a key to null removes it from the object:
obj['delete me'] = null
Array
Arrays can be expressed with square brackets [A, B]
, or by passing the values to the array()
function. Elements in an array can be of any type (including scalars, arrays, and objects), and a single array can contain values of different types. For example:
['apple', 'orange', 'banana']
array('apple', 12, 'orange')
['one', 1, {'flavor': 'chocolate', 'texture': 'melted'}]
Elements in an array can be accessed with square brackets:
arr[1]
Arrays can be checked for elements with in
and not in
. For example:
'foo' in myarray
'foo' not in myarray
Table
Table names are not case sensitive. This means, for example, tableName
is the same as Tablename
.
Column
Column names are case sensitive. This means, for example, columnName
is different from ColumnName
.
Null
Null is referred to with null
.
Last updated