Previewing raw data parsing

US 10,650,069 B2
Filed: 07/05/2017
Issued: 05/12/2020
Est. Priority Date: 08/17/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

accessing a portion of raw data from at least one data source;

causing display of one or more selectable parsing rules;

receiving a first user input, from a graphical user interface, selecting a parsing rule among the one or more selectable parsing rules, the parsing rule to be applied to the portion of raw data;

parsing the portion of raw data into one or more sets of parsed data using the parsing rule, each set of parsed data including raw data from the portion of raw data;

causing display of at least a portion of the one or more sets of parsed data;

receiving a second user input, from the graphical user interface, indicating a user preference to use a different parsing rule;

accessing a second parsing rule;

processing raw data from the at least one data source using the second parsing rule, to create searchable, time-stamped events, the processed raw data including the portion of raw data and additional raw data different from the portion of raw data; and

storing the searchable, time-stamped events in an index store, wherein the searchable, time-stamped events in the index store are used to service search queries received from a search engine;

wherein the method is performed by one or more computing devices.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed towards previewing results generated from indexing data raw data before the corresponding index data is added to an index store. Raw data may be received from a preview data source. After an initial set of configuration information may be established, the preview data may be submitted to an index processing pipeline. A previewing application may generate preview results based on the preview index data and the configuration information. The preview results may enable previewing how the data is being processed by the indexing application. If the preview results are not acceptable, the configuration information may be modified. The preview application enables modification of the configuration information until the generated preview results may be acceptable. If the configuration information is acceptable, the preview data may be processed and indexed in one or more index stores.

61 Citations

20 Claims

1. A method, comprising:
- accessing a portion of raw data from at least one data source;
  
  causing display of one or more selectable parsing rules;
  
  receiving a first user input, from a graphical user interface, selecting a parsing rule among the one or more selectable parsing rules, the parsing rule to be applied to the portion of raw data;
  
  parsing the portion of raw data into one or more sets of parsed data using the parsing rule, each set of parsed data including raw data from the portion of raw data;
  
  causing display of at least a portion of the one or more sets of parsed data;
  
  receiving a second user input, from the graphical user interface, indicating a user preference to use a different parsing rule;
  
  accessing a second parsing rule;
  
  processing raw data from the at least one data source using the second parsing rule, to create searchable, time-stamped events, the processed raw data including the portion of raw data and additional raw data different from the portion of raw data; and
  
  storing the searchable, time-stamped events in an index store, wherein the searchable, time-stamped events in the index store are used to service search queries received from a search engine;
  
  wherein the method is performed by one or more computing devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the parsing the portion of raw data further comprises:
    - causing display of the parsing rule.
  - 3. The method of claim 1, wherein the display of the at least a portion of the one or more sets of parsed data includes an indication of how at least some of the portion of raw data has been parsed.
  - 4. The method of claim 1, wherein one or more of the selectable parsing rules were created by a user based on existing parsing rules.
  - 5. The method of claim 1, further comprising:
    - prior to receiving the first user input, causing display of the portion of raw data.
  - 6. The method of claim 1, further comprising:
    - prior to receiving the first user input, causing display of the portion of raw data in a scrollable display.
  - 7. The method of claim 1, wherein the causing the display of at least the portion of the one or more sets of parsed data displays the at least a portion of the one or more sets of parsed data in a scrollable display.
  - 8. The method of claim 1, further comprising:
    - receiving a third user input, from the graphical user interface, selecting the second parsing rule.

9. One or more non-transitory storage media storing instructions which, when executed by one or more computing devices, cause operations comprising:
- accessing a portion of raw data from at least one data source;
  
  causing display of one or more selectable parsing rules;
  
  receiving a first user input, from a graphical user interface, selecting a parsing rule among the one or more selectable parsing rules, the parsing rule to be applied to the portion of raw data;
  
  parsing the portion of raw data into one or more sets of parsed data using the parsing rule, each set of parsed data including raw data from the portion of raw data;
  
  causing display of at least a portion of the one or more sets of parsed data;
  
  receiving a second user input, from the graphical user interface, indicating a user preference to use a different parsing rule;
  
  accessing a second parsing rule;
  
  processing raw data from the at least one data source using the second parsing rule, to create searchable, time-stamped events, the processed raw data including the portion of raw data and additional raw data different from the portion of raw data; and
  
  storing the searchable, time-stamped events in an index store, wherein the searchable, time-stamped events in the index store are used to service search queries received from a search engine.
- View Dependent Claims (10, 11, 12, 13, 14)
- - 10. The one or more non-transitory storage media of claim 9, wherein the parsing the portion of raw data further comprises causing display of the parsing rule.
  - 11. The one or more non-transitory storage media of claim 9, wherein the display of the at least a portion of the one or more sets of parsed data includes an indication of how at least some of the portion of raw data has been parsed.
  - 12. The one or more non-transitory storage media of claim 9, wherein one or more of the selectable parsing rules are user-created based on existing parsing rules.
  - 13. The one or more non-transitory storage media of claim 9, the operations further comprising prior to receiving the first user input received via the graphical user interface, causing display of the portion of raw data.
  - 14. The one or more non-transitory storage media of claim 9, the operations further comprising receiving a third user input, from the graphical user interface, selecting the second parsing rule.

15. An apparatus, comprising:
- a raw data selector, implemented at least partially in hardware, configured to access a portion of raw data from at least one data source;
  
  a display subsystem, implemented at least partially in hardware, configured to cause display of one or more selectable parsing rules;
  
  a user input receiver, implemented at least partially in hardware, configured to receive a first user input from a graphical user interface, selecting a parsing rule among the one or more selectable parsing rules, the parsing rule to be applied to the portion of raw data;
  
  a raw data parser, implemented at least partially in hardware, configured to parse the portion of raw data into one or more sets of parsed data using the parsing rule, each set of parsed data including raw data from the portion of raw data;
  
  wherein the display subsystem is configured to cause display of at least a portion of the one or more sets of parsed data;
  
  wherein the user input receiver is configured to receive a second user input, from the graphical user interface, indicating a user preference to use a different parsing rule;
  
  a parsing rule selector, implemented at least partially in hardware, configured to access a second parsing rule;
  
  wherein the raw data parser is configured to process, in response to receiving a second user input, raw data from the at least one data source using the second parsing rule, to create searchable, time-stamped events, the processed raw data including the portion of raw data and additional raw data different from the portion of raw data; and
  
  an event storage device, implemented at least partially in hardware, configured to store the searchable, time-stamped events in an index store, wherein the searchable, time-stamped events in the index store are usable to service search queries received from a search engine.
- View Dependent Claims (16, 17, 18, 19, 20)
- - 16. The apparatus of claim 15, wherein the display subsystem is further configured to cause display of the parsing rule.
  - 17. The apparatus of claim 15, wherein the display subsystem is further configured to cause display of the at least a portion of the one or more sets of parsed data and includes an indication of how at least some of the portion of raw data has been parsed.
  - 18. The apparatus of claim 15, wherein one or more of the selectable parsing rules are user-created based on existing parsing rules.
  - 19. The apparatus of claim 15, wherein the display subsystem is further configured to cause, prior to receiving the first user input received via the graphical user interface, display of the portion of raw data.
  - 20. The apparatus of claim 15, wherein the user input receiver is further configured to receive a third user input, from the graphical user interface, selecting the second parsing rule.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Splunk Inc.
Original Assignee
Splunk Inc.
Inventors
Blank, Jr., Mitchell Neuman, Budchenko, Leonid, Carasso, David, Delfino, Micah James, Hwang, Johnvey, Sorkin, Stephen Phillip, Woo, Eric Timothy
Primary Examiner(s)
Ly, Anh

Application Number

US15/642,062
Publication Number

US 20170300585A1
Time in Patent Office

1,042 Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/2228   Indexing structures

G06F 16/24564   Applying rules; Deductive q...

G06F 16/2477   Temporal data queries

G06F 16/248   Presentation of query results

G06F 16/252   between a Database Manageme...

G06F 16/316   Indexing structures

G06F 16/901   Indexing; Data structures t...

G06F 16/951   Indexing; Web crawling tech...

G06F 16/9535   Search customisation based ...

G06F 3/0482   Interaction with lists of s...

G06F 3/04842   Selection of displayed obje...

G06F 3/0485   Scrolling or panning

G06F 40/205   Parsing

G06V 10/245   by locating a pattern; Spec...

G06V 40/161   Detection; Localisation; No...

Previewing raw data parsing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

61 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Previewing raw data parsing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

61 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links