Aggregation and Display of Search Results from Multi-Criteria Search Queries on Event Data

US 20160140128A1
Filed: 01/27/2016
Published: 05/19/2016
Est. Priority Date: 10/05/2006
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

receiving a search query that includes a time criterion and a second criterion for selection of events;

generating result sets in response to the search query, the sets including events that match the time criterion and the second criterion;

merging the result sets into a set of search results;

sorting the set of search results according to time;

causing display of aggregated display lines summarizing the set of search results according to time windows.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.

42 Citations

View as Search Results

20 Claims

1. A method, comprising:
- receiving a search query that includes a time criterion and a second criterion for selection of events;
  
  generating result sets in response to the search query, the sets including events that match the time criterion and the second criterion;
  
  merging the result sets into a set of search results;
  
  sorting the set of search results according to time;
  
  causing display of aggregated display lines summarizing the set of search results according to time windows.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11)
- - 2. The method of claim 1, wherein the second criterion is a keyword.
  - 3. The method of claim 1, wherein one or more events in the set of search results is assigned a keyword relevance ranking.
  - 4. The method of claim 1, further comprising:
    - receiving a duration of the time windows from a user.
  - 5. The method of claim 1, further comprising:
    - displaying an interactive paging of the set of search results.
  - 6. The method of claim 1, further comprising:
    - transforming received raw data into a plurality of time stamped events, wherein each event in the plurality of time-stamped events includes a portion of the received raw data;
      
      wherein the included events are among the plurality of time stamped events.
  - 7. The method of claim 1, further comprising:
    - transforming received raw data into a plurality of time stamped events, wherein each event in the plurality of time-stamped events includes a portion of the received raw data;
      
      wherein the received raw data includes machine data;
      
      wherein the included events are among the plurality of time stamped events.
  - 8. The method of claim 1, further comprising:
    - transforming received raw data into a plurality of time stamped events, wherein each event in the plurality of time-stamped events includes a portion of the received raw data;
      
      wherein the received raw data includes unstructured data;
      
      wherein the included events are among the plurality of time stamped events.
  - 9. The method of claim 1, further comprising:
    - transforming received raw data into a plurality of time stamped events, wherein each event in the plurality of time-stamped events includes a portion of the received raw data;
      
      indexing the plurality of time stamped events;
      
      wherein the included events are among the plurality of time stamped events.
  - 10. The method of claim 1, further comprising:
    - transforming received raw data into a plurality of time stamped events, wherein each event in the plurality of time-stamped events includes a portion of the received raw data;
      
      wherein the received raw data includes machine data;
      
      indexing the plurality of time stamped events;
      
      wherein the included events are among the plurality of time stamped events.
  - 11. The method of claim 1, further comprising:
    - transforming received raw data into a plurality of time stamped events, wherein each event in the plurality of time-stamped events includes a portion of the received raw data;
      
      wherein the received raw data includes unstructured data;
      
      indexing the plurality of time stamped events;
      
      wherein the included events are among the plurality of time stamped events.

12. An apparatus, comprising:
- a search query receiver, implemented at least partially in hardware, that receives a search query that includes a time criterion and a second criterion for selection of events;
  
  a search result generator, implemented at least partially in hardware, that generates result sets in response to the search query, the sets including events that match the time criterion and the second criterion;
  
  a search result merger, implemented at least partially in hardware, that merges the result sets into a set of search results;
  
  a search result sorter, implemented at least partially in hardware, that sorts the set of search results according to time;
  
  a display formatter, implemented at least partially in hardware, that causes display of aggregated display lines summarizing the set of search results according to time windows.
- View Dependent Claims (13, 14, 15, 16)
- - 13. The apparatus of claim 12, wherein the second criterion is a keyword.
  - 14. The apparatus of claim 12, wherein one or more events in the set of search results is assigned a keyword relevance ranking.
  - 15. The apparatus of claim 12, further comprising:
    - a user input receiver, implemented at least partially in hardware, that receives a duration of the time windows from a user.
  - 16. The apparatus of claim 12, further comprising:
    - an event creator, implemented at least partially in hardware, that transforms received raw data into a plurality of time stamped events, wherein each event in the plurality of time-stamped events includes a portion of the received raw data;
      
      wherein the included events are among the plurality of time stamped events.

17. One or more non-transitory computer-readable storage media, storing one or more sequences of instructions, which when executed by one or more processors cause performance of:
- receiving a search query that includes a time criterion and a second criterion for selection of events;
  
  generating result sets in response to the search query, the sets including events that match the time criterion and the second criterion;
  
  merging the result sets into a set of search results;
  
  sorting the set of search results according to time;
  
  causing display of aggregated display lines summarizing the set of search results according to time windows.
- View Dependent Claims (18, 19, 20)
- - 18. The one or more non-transitory computer-readable storage media of claim 17, wherein the second criterion is a keyword.
  - 19. The one or more non-transitory computer-readable storage media of claim 17, further comprising:
    - receiving a duration of the time windows from a user.
  - 20. The one or more non-transitory computer-readable storage media of claim 17, wherein the one or more sequences of instructions, which when executed by the one or more processors cause further performance of:
    - transforming received raw data into a plurality of time stamped events, wherein each event in the plurality of time-stamped events includes a portion of the received raw data;
      
      wherein the included events are among the plurality of time stamped events.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Splunk Inc.
Original Assignee
Splunk Inc.
Inventors
Swan, Erik M., Carasso, R. David, Das, Robin Kumar, Greene, Rory, Hall, Bradley, Mealy, Nicholas Christian, Murphy, Brian Philip, Sorkin, Stephen Phillip, Stechert, Andre David, Baum, Michael Joseph

Granted Patent

US 9,922,066 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/2228   Indexing structures

G06F 16/2272   Management thereof

G06F 16/2291   User-Defined Types; Storage...

G06F 16/2322   using timestamps

G06F 16/24568   Data stream processing; Con...

G06F 16/24575   using context

G06F 16/24578   using ranking

G06F 16/2477   Temporal data queries

G06F 16/248   Presentation of query results

G06F 16/951   Indexing; Web crawling tech...

Aggregation and Display of Search Results from Multi-Criteria Search Queries on Event Data

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

42 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Aggregation and Display of Search Results from Multi-Criteria Search Queries on Event Data

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

42 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links