GRAPHICAL DISPLAY OF FIELD VALUES EXTRACTED FROM MACHINE DATA

US 20170140039A1
Filed: 01/31/2017
Published: 05/18/2017
Est. Priority Date: 09/07/2012
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a search query entered by a user in textual form into a query box;

creating a set of events by applying the search query across a data store of field-searchable events to find matching events, including raw data produced by one or more components in an information technology environment and reflecting activity within the information technology environment;

determining a set of fields that have each been defined for one or more events in the set of events, each field associated with an extraction rule for extracting a value from the raw data in each of the one or more events for which the field has been defined;

causing display of one or more graphical controls, each graphical control corresponding to a field in the determined set of fields, the graphical controls enabling the user to process the set of events using the corresponding one or more fields.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosure relates to certain system and method embodiments for generating reports from unstructured data. In one embodiment, a method can include identifying events matching criteria of an initial search query (each of the events including a portion of raw machine data that is associated with a time), identifying a set of fields, each field defined for one or more of the identified events, causing display of an interactive graphical user interface (GUI) that includes one or more interactive elements enabling a user to define a report for providing information relating to the matching events (each interactive element enabling processing or presentation of information in the matching events using one or more fields in the identified set of fields), receiving, via the GUI, a report definition indicating how to report information relating to the matching events, and generating, based on the report definition, a report including information relating to the matching events.

71 Citations

View as Search Results

20 Claims

1. A method comprising:
- receiving a search query entered by a user in textual form into a query box;
  
  creating a set of events by applying the search query across a data store of field-searchable events to find matching events, including raw data produced by one or more components in an information technology environment and reflecting activity within the information technology environment;
  
  determining a set of fields that have each been defined for one or more events in the set of events, each field associated with an extraction rule for extracting a value from the raw data in each of the one or more events for which the field has been defined;
  
  causing display of one or more graphical controls, each graphical control corresponding to a field in the determined set of fields, the graphical controls enabling the user to process the set of events using the corresponding one or more fields.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, further comprising:
    - causing display of a graphical control for selecting the one or more fields from the set of fields, to be used in the report definition.
  - 3. The method of claim 1, further comprising:
    - calculating a relevance score for each field in the set of fields based on a calculated number of events in the set of events that contain raw data that includes that field;
      
      causing display of a graphical control for selecting the one or more fields from the set of fields, wherein a field name associated with each of the one or more fields is selected to be displayed by the graphical control based on the calculated relevance score.
  - 4. The method of claim 1, further comprising:
    - calculating a relevance score for each field in the set of fields based on a calculated number of different values for that field found in raw data contained in the set of events;
      
      causing display of a graphical control for selecting the one or more fields from the set of fields, wherein a field name associated with each of the one or more fields is selected to be displayed by the graphical control based on the calculated relevance score.
  - 5. The method of claim 1, further comprising:
    - calculating a relevance score for each field in the set of fields based on a calculated number of unique values for that field found in raw data contained in the set of events;
      
      causing display of a graphical control for selecting the one or more fields from the set of fields, wherein a field name associated with each of the one or more fields is selected to be displayed by the graphical control based on the calculated relevance score.
  - 6. The method of claim 1, wherein the one or more graphical controls includes one or more filter criteria for filtering the set of events.
  - 7. The method of claim 1, wherein a graphical control of the one or more graphical controls includes one or more filter criteria for filtering the set of events by applying the filter criteria to the field.
  - 8. The method of claim 1, wherein the one or more graphical controls includes criteria for generating one or more aggregate values for the one or more events.
  - 9. The method of claim 1, wherein the one or more graphical controls includes criteria for generating one or more aggregate values for a field in the set of fields.
  - 10. The method of claim 1, wherein a graphical control of the one or more graphical controls indicates a graphical visualization.
  - 11. The method of claim 1, wherein a graphical control of the one or more graphical controls indicates a graphical visualization, and wherein the set of fields are used to map data from the set of events to the graphical visualization.
  - 12. The method of claim 1, further comprising:
    - causing display of a text box for entering at least a portion of at least one criterion for at least one field from the set of fields;
      
      receiving the at least one criterion for the at least one field;
      
      causing the set of events to be filtered based on the received at least one criterion for the at least one field.
  - 13. The method of claim 1, further comprising:
    - generating a data model based on the set of fields and the initial search query.
  - 14. The method of claim 1, further comprising:
    - generating a data model based on the set of fields; and
      
      modifying a search defining events to which a data model is applicable based on the set of fields.
  - 15. The method of claim 1, wherein each event in the data store of field-searchable events is assigned a time stamp.
  - 16. The method of claim 1, wherein the each of the fields in the set of fields is included in a late-binding schema.
  - 17. The method of claim 1, further comprising:
    - generating a data model based on the set of fields and the initial search query;
      
      saving the data model; and
      
      applying the data model to a second set of events different than the set of events.
  - 18. The method of claim 1, wherein the set of fields are pre-defined fields.
  - 19. The method of claim 1, wherein the set of fields are discovered as the set of events are created.

20. One or more non-transitory computer readable storage media storing instructions which, when executed by one or more computing devices, cause:
- receiving a search query entered by a user in textual form into a query box;
  
  creating a set of events by applying the search query across a data store of field-searchable events to find matching events, including raw data produced by one or more components in an information technology environment and reflecting activity within the information technology environment;
  
  determining a set of fields that have each been defined for one or more events in the set of events, each field associated with an extraction rule for extracting a value from the raw data in each of the one or more events for which the field has been defined;
  
  causing display of one or more graphical controls, each graphical control corresponding to a field in the determined set of fields, the graphical controls enabling the user to process the set of events using the corresponding one or more fields.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Splunk Inc.
Original Assignee
Splunk Inc.
Inventors
Neels, Alice Emily, Fishel, Simon, Robichaud, Marc Vincent, Lamas, Divanny, Vasan, Sundar

Granted Patent

US 10,331,720 B2
Time in Patent Office

Days
Field of Search
US Class Current
CPC Class Codes

G06F 16/24575   using context

G06F 16/2477   Temporal data queries

G06F 16/248   Presentation of query results

G06F 16/26   Visual data mining; Browsin...

G06F 16/334   Query execution G06F16/335 ...

G06F 16/335   Filtering based on addition...

G06F 16/338   Presentation of query results

G06F 16/345   Summarisation for human users

G06F 16/9024   Graphs; Linked lists G06F16...

G06F 16/9535   Search customisation based ...

G06F 3/0482   Interaction with lists of s...

G06F 3/04842   Selection of displayed obje...

G06F 3/04847   Interaction techniques to c...

G06F 40/166   Editing, e.g. inserting or ...

G06T 11/206   Drawing of charts or graphs

G06T 2200/24   involving graphical user in...

GRAPHICAL DISPLAY OF FIELD VALUES EXTRACTED FROM MACHINE DATA

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

71 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

GRAPHICAL DISPLAY OF FIELD VALUES EXTRACTED FROM MACHINE DATA

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

71 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links