I agree with this.
I believe that we can carefully choose event fields and taxonomy so that it can be stored either in XML, one-line text or binary formats. Each format has its own advantages and drawbacks.
XML is an interesting syntax for people working on a new format, because everybody can easily understand the fields and quickly develop test implementations without having to create a new parser/encoder. Then when it's time for operational use, it may always be converted to simple text or binary to become more effective.
One useful thing is to keep the XML schema as straightforward as possible. For example each field should be easily extracted with a simple XPath expression such as "/event/action" or "/event/source/address".
|Free forum by Nabble||Edit this page|