# PantherFlow Data Types

{% hint style="info" %}
PantherFlow is in open beta starting with Panther version 1.110, and is available to all customers. Please share any bug reports and feature requests with your Panther support team.
{% endhint %}

## Integer

Integers are allowed. For example:

* `1`
* `-2`

## Double

Doubles are allowed. For example:

* `1.01`
* `-6.6`

## String

Strings enclosed in either single or double quotation marks are allowed. For example:

* `'foo'`
* `"foo"`

Unicode characters can be embedded directly in strings. For example:

* `'Panther is my favorite animal` :cat:`'`

Quotation marks of different types are unescaped. For example:

* `'foo and "bar"'` → `foo and "bar"`
* `"foo and 'bar'"` → `foo and 'bar'`

Quotation marks of the same type are escaped with a backslash character. For example:

* `'foo and \'bar\''` → `foo and 'bar'`
* `"foo and \"bar\""` → `foo and "bar"`

Backslash characters must be escaped. For example:

* `"foo\\bar"` → `foo\bar`

Other escapes are also supported:

<table><thead><tr><th width="134">Escape</th><th width="228">Description</th><th>Example</th></tr></thead><tbody><tr><td><code>\'</code></td><td><code>'</code></td><td></td></tr><tr><td><code>\"</code></td><td><code>"</code></td><td></td></tr><tr><td><code>\\</code></td><td><code>\</code></td><td></td></tr><tr><td><code>\b</code></td><td>Backspace character</td><td></td></tr><tr><td><code>\f</code></td><td>Formfeed character</td><td></td></tr><tr><td><code>\n</code></td><td>Newline character</td><td></td></tr><tr><td><code>\r</code></td><td>Carriage return character</td><td></td></tr><tr><td><code>\t</code></td><td>Tab character</td><td></td></tr><tr><td><code>\ooo</code></td><td>Octal</td><td><code>\377</code></td></tr><tr><td><code>\xhh</code></td><td>Hex</td><td><code>\xF0\x9F\x98\x8E</code></td></tr><tr><td><code>\uhhhh</code></td><td>Unicode</td><td><code>\u5b89</code></td></tr></tbody></table>

## Boolean

Typical boolean values are allowed:`true` and `false`.

## Timestamp

Timestamps must be indicated using the [`time.parse_timestamp()`](https://docs.panther.com/pantherflow/pages/Mz0eDn0w5rGDFC4wqoGp#time.parse_timestamp) function, which converts strings to timestamps. For example:

* `time.parse_timestamp('2023-06-01 13:14:15.00Z')`

Timestamps can be compared to one another. For example, the following expression evaluates to true if the current date and time is after `2024-12-11 09:46:22.00Z`:

* `time.now() > time.parse_timestamp('2024-12-11 10:42:32.00Z')`

## Timespan

Timespans must be composed of a number and a unit. The [`time.parse_timespan()`](https://docs.panther.com/pantherflow/pages/Mz0eDn0w5rGDFC4wqoGp#time.parse_timespan) function converts a string in this format to a timespan. For example:

* `time.parse_timespan('1d')`
* `1d`
* `1.5s`

Several units are supported:

<table><thead><tr><th width="181.5">Unit</th><th>Length of time</th></tr></thead><tbody><tr><td><code>microsecond</code></td><td>microseconds</td></tr><tr><td><code>ms</code></td><td>millisecond</td></tr><tr><td><code>s</code></td><td>second</td></tr><tr><td><code>m</code></td><td>minute</td></tr><tr><td><code>h</code></td><td>hour</td></tr><tr><td><code>d</code></td><td>day</td></tr></tbody></table>

Timespans can be used arithmetically with timestamps. For example:

* `time.now() - 1d`
  * This expression evaluates to a timestamp that is one day ago
* `p_event_time > time.ago(1d)`
  * This expression evaluates to true if `p_event_time` is more recent than one day ago

## Object

Objects can be expressed with curly brackets `{'key': value}` or by passing values to the [`object()`](/pantherflow/functions.md#object) function. Keys must be strings, while values can be any type (including scalars, arrays, and objects).

For example:

* `{'key1': 'foo', 'key2': 1}`
* `object('key1', 'foo', 'key2', 1)`

Object fields can be accessed using dot notation or square brackets. For example:

* `obj.key1`
* `obj['key1']`

The value of a key that is not in an object is `null`:

* `obj['missing key'] == null`

Setting a key to null removes it from the object:

* `obj['delete me'] = null`

## Array

Arrays can be expressed with square brackets `[A, B]`, or by passing the values to the [`array()`](/pantherflow/functions.md#array) function. Elements in an array can be of any type (including scalars, arrays, and objects), and a single array can contain values of different types. For example:

* `['apple', 'orange', 'banana']`
* `array('apple', 12, 'orange')`
* `['one', 1, {'flavor': 'chocolate', 'texture': 'melted'}]`

Elements in an array can be accessed with square brackets:

* `arr[1]`

Arrays can be checked for elements with `in` and `not in`. For example:

* `'foo' in myarray`
* `'foo' not in myarray`

## Table

Table names are not case sensitive. This means, for example, `tableName` is the same as `Tablename`.

## Column

Column names are case sensitive. This means, for example, `columnName` is different from `ColumnName`.

## Null

Null is referred to with `null`.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.panther.com/pantherflow/data-types.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.