To create a record type, you must first define the format of the records you want to import. You can define the format manually or let the system derive it from a data file.
What you should know
CAUTION:
After the record type is created, you can only change how the fields are displayed. If you
missed a field or misconfigured a field attribute, you must delete the record type and start
over.
Procedure
To define the record format manually:
-
At the bottom of the Properties page, click Add an
item ().
The field definition dialog box opens with four suggested fields.
- Give a Name to the record type.
-
Adjust the number of fields as needed.
- Click to add a new field.
- Select a field and click to remove it.
You can have as many fields as required by your record type. -
For each data field, define the following attributes:
- Name
- Name used to identify the field in report filters and display format expressions. All field names are case-sensitive.
- Display as
- Name used to identify the field in the information bubble when ingested data is displayed on a map.
- Type
- The type attribute defines both how the data is stored in the ingestion database
and how it is read from a data file.
The following types are supported:
- String
- An alphanumeric string.
- 32 bit integer
- An integer in the range -2,147,483,648 to 2,147,483,647.
- 64 bit integer
- An integer in the range -9.223372x1018 to 9.223372x1018
- Floating point number
- A floating point number.
- Boolean
- A Boolean value expressed as 1 or 0, or a string containing one of the following: "True", "False", "true", "false", "T", or "F".
- Timestamp
- A string or number that can be parsed as either:
- A timestamp in one of any known formats understood by C#. See DateTime.TryParse Method.
- A number representing the number of ticks elapsed since midnight January 1, 0001 that can be converted to a timestamp. A tick is one-ten-millionth of a second. See DateTime.Ticks.Property.
- Security Center entity
- A GUID that represents the internal ID of a Security Center entity.
- Binary - Base64
- Binary data represented as text using the Base64 encoding scheme.
- Binary - file
- String containing the path to a file on disk.
- Extended string
- A long text. The difference between String and Extended string is their expected size.
- Function
- Fields that have a specific function in the record are indexed for faster access.
A given function can only be assigned to one field. The following functions are predefined:
- ID
- Designates a field as the primary key. Each value from that field must be unique within the record type. It is the only function that must be assigned to a field. All other functions are optional.
- Timestamp
- Designates a timestamp field for time correlation. There can be many timestamp fields in a record type, but only one can be assigned the Timestamp function.
- Latitude, Longitude
- These two functions must be assigned together. The Latitude and Longitude fields must correspond to a geographical location that can be used to position the data on a map and for geofencing.
- Location
- This function is equivalent to the Latitude and Longitude
functions. They are mutually exclusive. A field assigned to the
Location function must contain a string in the format
{"Latitude": n.nnnn, "Longitude": n.nnnn}
.
- Review all fields definitions and click Create.
To populate the field list from a data file:
-
Click Populate from file, select a data file, and click
Open.
The field list is automatically populated with the fields deduced from the data file.
-
Check the Type and Function of each field
and fix any mistakes.
CAUTION:The system can generate the field list quickly, but some data types might be recognized incorrectly. The Binary - file data type can be mistaken for a string, and a timestamp can be mistaken for an integer or a string. Pay attention to the functions; they are more error-prone from automatic field population.
-
Go through the Display as column and enter more user-friendly
display names.
By default, the display names are copied from the field names.
-
Review the list and add or delete fields as needed.
CAUTION:If you change the number of fields or their sequence, you might not be able to import data from the file you used to create the field list.
- When you are finished, click Create.
Results
Parent topic: Creating record types