Event limited field picker

US 9,740,755 B2
Filed: 01/29/2016
Issued: 08/22/2017
Est. Priority Date: 09/30/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method comprising:

receiving a search query on events, each event comprising a time stamp and a portion of machine data that reflects activity in an information technology environment of at least one computing system;

causing display of a set of the events that are responsive to the search query, the set of the events comprising fields, each field of the fields being defined by an extraction rule that is applied to the portion of machine data; and

based on receiving a user selection of a graphical interface control associated with a particular event of the set of the events, causing display of an event limited field picker including a list of field identifiers of the fields corresponding to the particular event with corresponding field values, wherein at least one field identifier in the list of field identifiers is user selectable to toggle between causing field values of a corresponding field to be displayed for events of the set of events and causing the field values of the corresponding field to be removed from display for the events.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An event limited field picker for a search user interface is described. In one or more implementations, a service may operate to collect and store data as events each of which includes a portion of the data correlated with a point in time. Clients may use a search user interface perform searches by input of search criteria. Responsive to receiving search criteria, the service may operate to apply a late binding schema to extract events that match the search criteria and provide search results for display via the search user interface. The search user interface exposes an event limited field picker operable to make selections of fields with respect to individual events in a view of the search results. In response to receiving an indication of a fields selected via the picker, visibility of selected fields may be updated to control which field and values are included in different views.

102 Citations

View as Search Results

30 Claims

1. A computer-implemented method comprising:
- receiving a search query on events, each event comprising a time stamp and a portion of machine data that reflects activity in an information technology environment of at least one computing system;
  
  causing display of a set of the events that are responsive to the search query, the set of the events comprising fields, each field of the fields being defined by an extraction rule that is applied to the portion of machine data; and
  
  based on receiving a user selection of a graphical interface control associated with a particular event of the set of the events, causing display of an event limited field picker including a list of field identifiers of the fields corresponding to the particular event with corresponding field values, wherein at least one field identifier in the list of field identifiers is user selectable to toggle between causing field values of a corresponding field to be displayed for events of the set of events and causing the field values of the corresponding field to be removed from display for the events.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The computer-implemented method of claim 1, wherein at least one field value extracted from the particular event is displayed in association with a corresponding field identifier of the list of field identifiers.
  - 3. The computer-implemented method of claim 1, wherein the list of field identifiers comprise field names displayed in a list of field name-value pairs of the particular event.
  - 4. The computer-implemented method of claim 1, wherein at least some of the field identifiers in the list of field identifiers comprise a field name extracted from a portion of machine data of an event.
  - 5. The computer-implemented method of claim 1, wherein the causing the field values of a corresponding field to be displayed is for each event in the set of the events.
  - 6. The computer-implemented method of claim 1, wherein the causing the field values of a corresponding field to be displayed is in a column of a table displaying the set of events.
  - 7. The computer-implemented method of claim 1, wherein the causing the field values of a corresponding field to be removed from display is for each event in the set of events.
  - 8. The computer-implemented method of claim 1, wherein the causing the field values of a corresponding field to be displayed for events of the set of events and the causing the field values of the corresponding field to be removed from display for the events are each responsive to user interaction with a control associated with the corresponding field.
  - 9. The computer-implemented method of claim 1, wherein the display of the set of the events is in a table format that displays for each event, field values of selected fields of the event, and the display of the event limited field picker is within the table format.
  - 10. The computer-implemented method of claim 1, wherein the display of the set of the events is in a list format that displays, for each event, field values of selected fields of the event proximate to the portion of machine data of the event, and the display of the event limited field picker is within the table format.
  - 11. The computer-implemented method of claim 1, wherein the graphical interface control is an event limited field picker toggle displayed in the display of the set of events in a row with the particular event.
  - 12. The computer-implemented method of claim 1, wherein the portion of machine data comprises at least one of semi-structured and unstructured data.
  - 13. The computer-implemented method of claim 1, wherein the event limited field picker displays the list of field identifiers in a column, each row of the column corresponding to a respective field of the fields corresponding to the particular event.
  - 14. The computer-implemented method of claim 1, wherein the event limited field picker allows visibility of fields to be set for the events returned responsive to the search query without requerying the events to obtain updated search results.
  - 15. The computer-implemented method of claim 1, wherein a representation of field data including field values for a plurality of the fields corresponding to the particular event are displayed in a row of a table during the display of the event limited field picker.
  - 16. The computer-implemented method of claim 1, wherein the event limited field picker visually indicates which of the fields are set as visible for the display of the set of events and which of the fields are set as hidden for the display of the set of events.
  - 17. The computer-implemented method of claim 1, wherein the event limited field picker only displays field identifiers for fields when the particular event has at least one corresponding field value.

18. One or more computer-readable storage media comprising instructions that are stored thereon that, responsive to execution by one or more processors, cause the one or more processors to perform operations comprising:
- receiving a search query on events, each event comprising a time stamp and a portion of machine data that reflects activity in an information technology environment of at least one computing system;
  
  causing display of a set of the events that are responsive to the search query, the set of the events comprising fields, each field of the fields being defined by an extraction rule that is applied to the portion of machine data; and
  
  based on receiving a user selection of a graphical interface control associated with a particular event of the set of the events, causing display of an event limited field picker including a list of field identifiers of the fields corresponding to the particular event with corresponding field values, wherein at least one field identifier in the list of field identifiers is user selectable to toggle between causing field values of a corresponding field to be displayed for events of the set of events and causing the field values of the corresponding field to be removed from display for the events.
- View Dependent Claims (19, 20, 21, 22, 23, 24)
- - 19. The one or more computer-readable storage media of claim 18, wherein at least one field value extracted from the particular event is displayed in association with a corresponding field identifier of the list of field identifiers.
  - 20. The one or more computer-readable storage media of claim 18, wherein the list of field identifiers comprise field names displayed in a list of field name-value pairs of the particular event.
  - 21. The one or more computer-readable storage media of claim 18, wherein at least some of the field identifiers in the list of field identifiers comprise a field name extracted from a portion of machine data of an event.
  - 22. The one or more computer-readable storage media of claim 18, wherein the causing the field values of a corresponding field to be displayed is for each event in the set of the events.
  - 23. The one or more computer-readable storage media of claim 18, wherein the causing the field values of a corresponding field to be displayed is in a column of a table displaying the set of events.
  - 24. The one or more computer-readable storage media of claim 18, wherein the causing the field values of a corresponding field to be removed from display is for each event in the set of events.

25. A computer-implemented system comprising:
- one or more processors; and
  
  one or more computer-readable storage media comprising instructions that are stored thereon that, responsive to execution by the one or more processors, cause the one or more processors to perform operations comprising;
  
  receiving a search query on events, each event comprising a time stamp and a portion of machine data that reflects activity in an information technology environment of at least one computing system;
  
  causing display of a set of the events that are responsive to the search query, the set of the events comprising fields, each field of the fields being defined by an extraction rule that is applied to the portion of machine data; and
  
  based on receiving a user selection of a graphical interface control associated with a particular event of the set of the events, causing display of an event limited field picker including a list of field identifiers of the fields corresponding to the particular event with corresponding field values, wherein at least one field identifier in the list of field identifiers is user selectable to toggle between causing field values of a corresponding field to be displayed for events of the set of events and causing the field values of the corresponding field to be removed from display for the events.
- View Dependent Claims (26, 27, 28, 29, 30)
- - 26. The system of claim 25, wherein at least one field value extracted from the particular event is displayed in association with a corresponding field identifier of the list of field identifiers.
  - 27. The system of claim 25, wherein the list of field identifiers comprise field names displayed in a list of field name-value pairs of the particular event.
  - 28. The system of claim 25, wherein at least some of the field identifiers in the list of field identifiers comprise a field name extracted from a portion of machine data of an event.
  - 29. The system of claim 25, wherein the causing the field values of a corresponding field to be displayed is for each event in the set of the events.
  - 30. The system of claim 25, wherein the causing the field values of a corresponding field to be displayed is in a column of a table displaying of the set of events.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Splunk Inc.
Original Assignee
Splunk Inc.
Inventors
Lamas, Divanny I., Robichaud, Marc Vincent, Yestrau, Carl Sterling
Primary Examiner(s)
ALAM, SHAHID AL

Application Number

US15/011,294
Publication Number

US 20160147849A1
Time in Patent Office

571 Days
Field of Search

707722, 707738, 717771
US Class Current
CPC Class Codes

G06F 16/2393   Updating materialised views

G06F 16/2455   Query execution

G06F 16/2477   Temporal data queries

G06F 16/25   Integrating or interfacing ...

G06F 16/26   Visual data mining; Browsin...

G06F 16/9038   Presentation of query results

G06F 3/04817   using icons graphical or vi...

G06F 3/0482   Interaction with lists of s...

G06F 3/04842   Selection of displayed obje...

Event limited field picker

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

102 Citations

30 Claims

Specification

Use Cases

Quick Links

Others

Event limited field picker

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

102 Citations

30 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others