×

Sampling of events to use for developing a field-extraction rule for a field to use in event searching

  • US 9,031,955 B2
  • Filed: 01/30/2014
  • Issued: 05/12/2015
  • Est. Priority Date: 01/22/2013
  • Status: Active Grant
First Claim
Patent Images

1. A computer-implemented method, comprising:

  • receiving machine data at a computing device;

    generating a plurality of events, wherein each event in the plurality of events includes a portion of the machine data;

    associating a time with each event in the plurality of events, the time for each event extracted from the machine data included in that event;

    storing the plurality of events in a data store such that they are searchable at least by their associated times;

    receiving from a user a selection of one or more event selection parameters;

    wherein each event selection parameter corresponds to a distinct process for identifying events for inclusion in a set;

    wherein the one or more event selection parameters selected by the user include at least one of diverse, outlier, random, earliest, and latest event selection processes;

    for each of the received one or more event selection parameters, identifying events for inclusion in the set using the corresponding distinct processes; and

    displaying one or more events in the set of events in a graphical user interface that enables development of a field-extraction rule that specifies how to extract, from the machine data included in each of the one or more events, a value for a field that is defined for each of the one or more events, wherein each of the one or more events is searchable using the field.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×