×

Application of search policies to searches on event data stored in persistent data structures

  • US 10,262,018 B2
  • Filed: 11/01/2016
  • Issued: 04/16/2019
  • Est. Priority Date: 10/05/2006
  • Status: Active Grant
First Claim
Patent Images

1. A method, comprising:

  • receiving raw data from one or more sources in an information technology environment;

    creating a plurality of searchable events based on the raw data by segmenting the raw data into searchable events, each searchable event includes at least a portion of the segmented raw data;

    associating a time stamp with each event in the plurality of searchable events;

    indexing each time stamped event in the plurality of searchable events;

    creating two or more time-based persistent data structures for storing the plurality of searchable events that save the segmented raw data of each time stamped event in the plurality of searchable events and allow application of time-based search phrases across the segmented raw data in the plurality of searchable events, wherein each persistent data structure corresponds to a specific time interval, wherein events stored in a particular persistent data structure have associated time stamps that fall within a particular time interval corresponding to the particular persistent data structure;

    searching events in the two or more persistent data structures according to a time-based search phrase;

    parsing the time based search phrase into multiple sub-searches, wherein sub-searches of the time-based search phrase are applied sequentially to two or more particular persistent data structures of the two or more persistent data structures, wherein the two or more particular persistent data structures store events having time stamps that fall within a time interval specified by the time-based search phrase, wherein sub-searches are not applied to any subsequent particular persistent data structures upon obtaining a sufficient amount of search results from sub-searches applied to one or more previous particular persistent data structures of the two or more particular persistent data structures.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×