StreamAlert supports the following datatypes:
JSON:
{"type": "json"}CSV:
csv,data,exampleKey-Value:
type=kv data=exampleSyslog:
Jun 15 00:00:40 host1.mydomain.io application[pid] syslog message.And gzipped JSON, CSV, Syslog or Key-Value (only when ingested from S3)