# NQL data types

The data type is an attribute of the value stored in a field. It dictates what type of data a field can store.

When applying conditions to the NQL query using a `where` clause, only values of the same data types can be compared which is reflected in the format of the value.

For example, in the following query:

* The first `where` clause compares values of the string data type. Consequently, the comparison value is enclosed in quotes to denote its string nature.
* The second `where` clause compares versions. Here, the comparison value is prefixed with 'v' and includes multiple points to represent a version number.
* The last `where` clause compares integers. In this case, the comparison value is expressed solely as a standalone number without any additional characters.

{% code overflow="wrap" lineNumbers="true" fullWidth="false" %}

```
devices during past 1d
| include execution.crashes during past 1d
| where application.name == "Microsoft 365: Teams"
| where binary.version == v1.7.0.1864
| compute number_of_crashes_ = number_of_crashes.sum()
| where number_of_crashes_ >= 3
```

{% endcode %}

The following data types are present in the NQL data model:

<table data-full-width="true"><thead><tr><th width="145">Data type</th><th width="137">Valid operators</th><th width="225">Definition</th><th>Value example</th></tr></thead><tbody><tr><td>string</td><td><p><code>==</code> or <code>=</code></p><p><code>!=</code></p><p><code>in</code></p><p><code>!in</code></p></td><td>a string of text characters</td><td><code>"abc"</code> or <code>'abc'</code></td></tr><tr><td>int</td><td><p><code>=</code></p><p><code>!=</code></p><p><code>&#x3C;</code></p><p><code>></code></p><p><code>&#x3C;=</code></p><p><code>>=</code></p><p><code>in</code></p><p><code>!in</code></p></td><td>a whole number</td><td><code>10</code></td></tr><tr><td>float</td><td><p><code>=</code></p><p><code>!=</code></p><p><code>&#x3C;</code></p><p><code>></code></p><p><code>&#x3C;=</code></p><p><code>>=</code></p></td><td>a floating point number</td><td><code>10.1</code></td></tr><tr><td>Boolean</td><td><p><code>=</code></p><p><code>!=</code></p></td><td>a true or false value</td><td><p><code>true</code></p><p><code>false</code></p></td></tr><tr><td>date time</td><td><p><code>=</code></p><p><code>!=</code></p><p><code>&#x3C;=</code></p><p><code>>=</code></p></td><td>a date with a time</td><td><code>2024-07-15 10:15:00</code></td></tr><tr><td>enumeration</td><td><p><code>=</code></p><p><code>!=</code></p></td><td><p>sets of named things</p><p>for example <code>red</code> <code>blue</code> <code>white</code></p></td><td><code>status == red</code></td></tr><tr><td>byte</td><td><p><code>&#x3C;</code></p><p><code>></code></p><p><code>&#x3C;=</code></p><p><code>>=</code></p></td><td><p>a number of bytes</p><p>(an int with a unit)</p></td><td><p><code>100B</code></p><p><code>200KB</code></p><p><code>3MB</code></p><p><code>12GB</code></p><p><code>2TB</code></p></td></tr><tr><td>duration</td><td><p><code>=</code></p><p><code>!=</code></p><p><code>&#x3C;</code></p><p><code>></code></p><p><code>&#x3C;=</code></p><p><code>>=</code></p></td><td><p>a duration in time</p><p>(an int with a unit)</p></td><td><p><code>5ms</code></p><p><code>10s</code></p><p><code>4min</code></p><p><code>3h</code></p><p><code>2d</code></p></td></tr><tr><td>IP address</td><td><p><code>=</code></p><p><code>!=</code></p></td><td><p>IPv4 or IPv6 addresses</p><p>with optional mask</p></td><td><p><code>123.123.0.0</code></p><p><code>123.123.0.0/24</code></p><p><code>f164:b28c:84a5:9dd3:ef21:8c9d:d3ef:218c</code></p><p><code>f164:b28c:84a5:9dd3::/32</code></p></td></tr><tr><td>version</td><td><p><code>&#x3C;</code></p><p><code>></code></p><p><code>&#x3C;=</code></p><p><code>>=</code></p><p><code>==</code></p><p><code>!=</code></p></td><td>a set of numbers separated by a <code>.</code></td><td><p><code>v12.212</code></p><p><code>v1.2.5.9</code></p><p><code>v13.5.10</code></p><p><code>v2022.6</code></p><p><code>v1.2.4125</code></p><p><code>v6.8.9.7.6.5.4.3</code></p></td></tr><tr><td>string array</td><td><p><code>contains</code></p><p><code>!contains</code></p></td><td><p>an array of strings</p><p>for example <code>['abc', 'def', 'xyz']</code></p></td><td><p><code>tags contains "abc"</code></p><p><code>tags !contains "*xyz"</code></p></td></tr></tbody></table>