How data is represented in DataPrime
In DataPrime, data is organized using four keypath prefixes: $l (user-defined labels), $m (metadata), $p (parameter metadata) and $d (actual event data). Each prefix creates a namespace within the JSON structure, which separates these different data types and contexts unless explicitly merged by the user.
$l / $labels: User-managed labels
These labels or tags are user-defined and can be used to classify or group events. Below is a breakdown of the fields available in the $l namespace:
| Field | Description | Type |
|---|---|---|
applicationname | The name of the application generating the event | string |
subsystemname | The specific subsystem of the application | string |
category | The event’s category, such as type or function | string |
classname | The name of the class where the event occurred | string |
computername | The name of the machine or host | string |
methodname | The method or function related to the event | string |
threadid | The ID of the thread that triggered the event | number |
ipaddress | The IP address from where the event originated | string |
$m / $metadata: System metadata
This section holds automatically generated metadata that describes the event context. Below are the fields within the $m namespace:
| Field | Description | Possible Values | Type |
|---|---|---|---|
timestamp | The time the event was recorded | - | timestamp |
severity | The event’s severity level | Debug, Verbose, Info, Warning, Error, Critical | string |
priorityclass | Indicates the event's importance | high, medium, low | string |
logid | A unique identifier for the log | - | string |
$p: Query parameters
$p enables users to incorporate parameters in their queries within Custom Dashboards and Explore. This feature externalizes variables as if they were written directly in a query, enhancing flexibility for filtering, calculations, and visualizations by allowing user-defined inputs and contextual data handling.
Explore
In Explore, users can perform time calculations in their DataPrime query with $p.timeRange.*. The $p prefix holds the start and end of the current timerange, allowing users to use the time commands to create queries that are relative to, but not constrained by, the query timerange.
| Field | Description | Possible Values | Type |
|---|---|---|---|
timeRange.startTIme | The start of the time range | - | timestamp |
timeRange.endTime | The end of the time range | - | timestamp |
Custom Dashboards
Once a variable is created in Custom Dashboards, the variable values chosen by the user are reflected as query parameters in a DataPrime query using $p.<variable_name>.
Find out more in the Parameters tutorial.
$d / $data: User data (actual event content)
This section contains the actual data provided by the user, representing the main content of the event.
Note
Since this is the default namespace, you can keep queries concise by omitting the prefix. Throughout this Reference, example queries exclude explicit references to $d for simplicity.
- Purpose: Holds the raw data that makes up the event content.
- Behavior: As the default namespace,
$dis optional in queries. - Example Use Case: User logs or spans
Nested field access
Nested keys may be accessed using dot notation (e.g., k8s.container.name) or map notation (e.g., $d['my_key.with-special-chars']) for fields containing special characters.
Examples:
- Dot Notation:
user.name(to access thenamefield insideuser) - Map Notation:
$d['my-special.log-key'](for fields with special characters in their keys)
DataPrime query structure 
Light
light
dark
User Guides
DataPrime
Integrations
OpenTelemetry
Developer Portal