What is an enumerated value?

The Gravwell pipeline extracts data from entries into "enumerated values" for ease of manipulation.

The first module of a Gravwell search pipeline sees only raw entries, which consist of a timestamp, a tag, and a chunk of binary data. The data might be an entire network packet, or a JSON-encoded Reddit comment, or a single syslog entry. Each successive module in the pipeline has the opportunity to tack on enumerated values to the entry. An enumerated value is a single piece of data created and used within the pipeline. For instance, the "packet" module (https://dev.gravwell.io/docs/#!search/packet/packet.md) can extract pieces of information from raw network packets; each piece becomes a separate enumerated value. So saying "packet ipv4.SrcIP tcp.SrcPort" will create two enumerated values for each entry: one named "SrcIP" containing an IP address and one named "SrcPort" containing an integer port number. You can read more about enumerated values and searching in general in the search documentation (https://dev.gravwell.io/docs/#!search/search.md)