Source differentiation of machine data
First Claim
Patent Images
1. A computer-implemented method, comprising:
- analyzing one or more punctuation characters that appear in a portion of a set of machine data;
mapping the one or more punctuation characters to a frequency of occurrence in the portion of the set of machine data;
creating a sample signature using the frequency of occurrence of the one or more punctuation characters;
determining a source of the set of machine data based on a comparison of the sample signature with signatures in a set of signatures from known sources;
segmenting the machine data into a plurality of events using a set of rules corresponding to the determined source thereby allowing application of time-based search phrases across the segmented machine data in the plurality of events;
wherein the method is performed by one or more computing devices.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.
115 Citations
19 Claims
-
1. A computer-implemented method, comprising:
-
analyzing one or more punctuation characters that appear in a portion of a set of machine data; mapping the one or more punctuation characters to a frequency of occurrence in the portion of the set of machine data; creating a sample signature using the frequency of occurrence of the one or more punctuation characters; determining a source of the set of machine data based on a comparison of the sample signature with signatures in a set of signatures from known sources; segmenting the machine data into a plurality of events using a set of rules corresponding to the determined source thereby allowing application of time-based search phrases across the segmented machine data in the plurality of events; wherein the method is performed by one or more computing devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
-
-
12. One or more non-transitory computer-readable storage media, storing one or more sequences of instructions, which when executed by one or more processors cause performance of:
-
analyzing one or more punctuation characters that appear in a portion of a set of machine data; mapping the one or more punctuation characters to a frequency of occurrence in the portion of the set of machine data; creating a sample signature using the frequency of occurrence of the one or more punctuation characters; determining a source of the set of machine data based on a comparison of the sample signature with signatures in a set of signatures from known sources; segmenting the machine data into a plurality of events using a set of rules corresponding to the determined source thereby allowing application of time-based search phrases across the segmented machine data in the plurality of events. - View Dependent Claims (13, 14, 15)
-
-
16. An apparatus, comprising:
-
a signature creation device, implemented at least partially in hardware, that analyzes one or more punctuation characters that appear in a portion of a set of machine data; wherein the signature creation device maps the one or more punctuation characters to a frequency of occurrence in the portion of the set of machine data; wherein the signature creation device creates a sample signature using the frequency of occurrence of the one or more punctuation characters; a signature comparison device, implemented at least partially in hardware, that determines a source of the set of machine data based on a comparison of the sample signature with signatures in a set of signatures from known sources; an event creation device, implemented at least partially in hardware, that segments the machine data into a plurality of events using a set of rules corresponding to the determined source thereby allowing application of time-based search phrases across the segmented machine data in the plurality of events. - View Dependent Claims (17, 18, 19)
-
Specification