×

Query handling for field searchable raw machine data

  • US 10,402,384 B2
  • Filed: 01/31/2017
  • Issued: 09/03/2019
  • Est. Priority Date: 05/18/2012
  • Status: Active Grant
First Claim
Patent Images

1. A method for searching data, the method comprising:

  • providing an inverted index that comprises at least one record comprising at least one field name and a corresponding at least one field value extracted from time-stamped searchable events, the time-stamped searchable events comprising portions of raw machine data and stored in a field searchable datastore, wherein the at least one record further comprises a posting value that identifies a location in the field searchable datastore where an event associated with the at least one record is stored;

    receiving an incoming search query that references a field name, wherein the incoming search query comprises keywords and the field name;

    evaluating the incoming search query, wherein the evaluating comprises decomposing the search query to analyze it and determine respective portions of the search query addressable by the field searchable datastore and by the inverted index; and

    responsive to the evaluating, determining results for the incoming search query by executing the search query across the field searchable datastore or the inverted index or both, wherein the field name in the search query is used to perform a search of the inverted index, and wherein a search for the keywords is serviced using the field searchable datastore.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×