Determining and providing quantity of unique values existing for a field
First Claim
1. A method, comprising:
- receiving a query for searching a set of field searchable events stored in a data store, the set of field searchable events indicative of security or performance aspects of one or more information technology systems;
executing the query against the set of field searchable events to generate a subset of events;
identifying a field that exists in one or more events of the subset of events;
determining a number corresponding to how many unique values exist for the field among the subset of events;
causing concurrent display of (i) the number corresponding to how many unique values exist for the field and (ii) a field name by which the field can be referenced in queries, thereby improving the performance and efficiency of communicating information from complex search results to a user;
wherein the method is performed by one or more computing devices.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system, and processor-readable storage medium are directed towards generating a report derived from data, such as event data, stored on a plurality of distributed nodes. In one embodiment the analysis is generated using a “divide and conquer” algorithm, such that each distributed node analyzes locally stored event data while an aggregating node combines these analysis results to generate the report. In one embodiment, each distributed node also transmits a list of event data references associated with the analysis result to the aggregating node. The aggregating node may then generate a global ordered list of data references based on the list of event data references received from each distributed node. Subsequently, in response to a user selection of a range of global event data, the report may dynamically retrieve event data from one or more distributed nodes for display according to the global order.
-
Citations
30 Claims
-
1. A method, comprising:
-
receiving a query for searching a set of field searchable events stored in a data store, the set of field searchable events indicative of security or performance aspects of one or more information technology systems; executing the query against the set of field searchable events to generate a subset of events; identifying a field that exists in one or more events of the subset of events; determining a number corresponding to how many unique values exist for the field among the subset of events; causing concurrent display of (i) the number corresponding to how many unique values exist for the field and (ii) a field name by which the field can be referenced in queries, thereby improving the performance and efficiency of communicating information from complex search results to a user; wherein the method is performed by one or more computing devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. An apparatus, comprising:
-
a query receiver, implemented at least partially in hardware, that receives a query for searching a set of field searchable events stored in a data store, the set of field searchable events indicative of security or performance aspects of one or more information technology systems; a query executor, implemented at least partially in hardware, that executes the query against the set of field searchable events to generate a subset of events; a field identifier, implemented at least partially in hardware, that identifying a field that exists in one or more events of the subset of events; a subsystem, implemented at least partially in hardware, that determines a number corresponding to how many unique values exist for the field among the subset of events; a subsystem, implemented at least partially in hardware, that causes concurrent display of (i) the number corresponding to how many unique values exist for the field and (ii) a field name by which the field can be referenced in queries, thereby improving the performance and efficiency of communicating information from complex search results to a user. - View Dependent Claims (19, 20, 21, 22, 23)
-
-
24. One or more non-transitory computer-readable storage media, storing software instructions, which when executed by one or more processors cause performance of:
-
receiving a query for searching a set of field searchable events stored in a data store, the set of field searchable events indicative of security or performance aspects of one or more information technology systems; executing the query against the set of field searchable events to generate a subset of events; identifying a field that exists in one or more events of the subset of events; determining a number corresponding to how many unique values exist for the field among the subset of events; causing concurrent display of (i) the number corresponding to how many unique values exist for the field and (ii) a field name by which the field can be referenced in queries, thereby improving the performance and efficiency of communicating information from complex search results to a user. - View Dependent Claims (25, 26, 27, 28, 29, 30)
-
Specification