Advanced field extractor
First Claim
1. A computer-implemented method, comprising:
- generating a graphical interface on a computing device, wherein the graphical interface displays;
a plurality of event records, wherein one or more locations within an event record includes time information; and
a timestamp selection tool, wherein the timestamp selection tool is configured to select the one or more locations within the event record by dragging the timestamp selection tool over locations having time information to indicate fields of the time information;
receiving input corresponding to a selection of the one or more locations split across the event record, wherein the selection is made using the timestamp selection tool and each of the one or more locations correspond to a field that defines a location of a category of time information across multiple event records;
associating the one or more selected locations with timestamp information;
storing the association between the one or more selected locations and the timestamp information, wherein the stored association is used in an extraction rule;
using the extraction rule to extract the time information from the one or more selected locations split across the event record and to extract time information from the multiple event records; and
creating a timestamp for the event record and for each of the multiple event records using the corresponding time information extracted using the extraction rule.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments are directed towards a graphical user interface identify locations within event records with splittable timestamp information. A display of event records is provided using any of a variety of formats. A splittable timestamp selector allows a user to select one or more locations within event records as having time related information that may be split across the one or more locations, including, information based on date, time of day, day of the week, or other time information. Any of a plurality of mechanisms is used to associate the selected locations with the split timestamp information, including tags, labels, or header information within the event records. In other embodiments, a separate table, list, index, or the like may be generated that associates the selected locations with the split timestamp information. The split timestamp information may be used within extraction rules for selecting subsets or the event records.
-
Citations
25 Claims
-
1. A computer-implemented method, comprising:
-
generating a graphical interface on a computing device, wherein the graphical interface displays; a plurality of event records, wherein one or more locations within an event record includes time information; and a timestamp selection tool, wherein the timestamp selection tool is configured to select the one or more locations within the event record by dragging the timestamp selection tool over locations having time information to indicate fields of the time information; receiving input corresponding to a selection of the one or more locations split across the event record, wherein the selection is made using the timestamp selection tool and each of the one or more locations correspond to a field that defines a location of a category of time information across multiple event records; associating the one or more selected locations with timestamp information; storing the association between the one or more selected locations and the timestamp information, wherein the stored association is used in an extraction rule; using the extraction rule to extract the time information from the one or more selected locations split across the event record and to extract time information from the multiple event records; and creating a timestamp for the event record and for each of the multiple event records using the corresponding time information extracted using the extraction rule. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for managing resources, comprising:
-
at least one network device, comprising; a processor, and a non-transitory computer-readable storage medium containing instructions configured to cause the processor to perform operations including; generating a graphical interface, wherein the graphical interface displays; a plurality of event records, wherein one or more locations within an event record includes time information; and a timestamp selection tool, wherein the timestamp selection tool is configured to select the one or more locations within the event record by dragging the timestamp selection tool over locations having time information to indicate fields of the time information; receiving input corresponding to a selection of the one or more locations split across the event record, wherein the selection is made using the timestamp selection tool and each of the one or more locations correspond to a field that defines a location of a category of time information across multiple event records; associating the one or more selected locations with timestamp information; storing the association between the one or more selected locations and the timestamp information, herein the stored association is used in an extraction rule; using the extraction rule to extract the time information from the one or more selected locations within the event record and to extract time information from the multiple event records; and creating a timestamp for the event record and for each of the multiple event records using the corresponding time information extracted using the extraction rule. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A computer-program product, tangibly embodied in a non-transitory machine-readable medium, including instructions configured to cause a data processing apparatus to:
-
generate a graphical interface, wherein the graphical interface displays; a plurality of event records, wherein one or more locations within an event record includes time information; and a timestamp selection tool, wherein the timestamp selection tool is configured to select the one or more locations within the event record by dragging the timestamp selection tool over locations having time information to indicate fields of the time information; receive input corresponding to a selection of the one or more locations split across the event record, wherein the selection is made using the timestamp selection tool and each of the one or more locations correspond to a field that defines a location of a category of time information across multiple event records; associate the one or more selected locations with timestamp information; store the association between the one or more selected locations and the timestamp information, herein the stored association is used in an extraction rule; using the extraction rule to extract the time information from the one or more selected locations split across the event record and to extract time information from the multiple event records; and create a timestamp for the event record and for each of the multiple event records using the corresponding time information extracted using the extraction rule. - View Dependent Claims (19, 20, 21, 22, 23, 24, 25)
-
Specification