×

Generating and storing summarization tables for sets of searchable events

  • US 9,990,386 B2
  • Filed: 08/01/2015
  • Issued: 06/05/2018
  • Est. Priority Date: 01/31/2013
  • Status: Active Grant
First Claim
Patent Images

1. A method, comprising:

  • creating two or more sets of field searchable, time stamped event records from raw data stored in at least one data store, wherein each set of field searchable, time stamped event records among the two or more sets of field searchable, time stamped event records comprises field searchable, time stamped event records having time stamps that fall within a time range, the time range different than time ranges associated with other sets of field searchable, time stamped event records among the two or more sets of field searchable, time stamped event records, wherein each field searchable, time stamped event record in the two or more sets of field searchable, time stamped event records includes a portion of the raw data and is associated with a time stamp derived from the raw data, wherein the raw data reflects activity in an information technology environment;

    generating a summarization table for each set of field searchable, time stamped event records in the two or more sets of field searchable, time stamped event records that;

    identifies one or more field values, wherein a field value comprises a value that appears in an associated field in one or more field searchable, time stamped event records in the set of field searchable, time stamped event records; and

    for each field value, includes a posting value to the one or more field searchable, time stamped event records in the set of field searchable, time stamped event records that contain the field value for the associated field;

    storing the summarization table for each set of field searchable, time stamped event records among the two or more sets of time stamped field searchable event records;

    selecting a stored summarization table based on a received query that includes search criteria for evaluating field values for one or more fields;

    using the search criteria to evaluate field values for one or more fields in the selected summarization table to generate a query result; and

    wherein the query result reflects an aspect of activity in the information technology environment.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×