DATA MODEL FOR MACHINE DATA FOR SEMANTIC SEARCH
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments are directed towards generating data models that may give semantic meaning for unstructured data or structured data that may include data generated and/or received by search engines, including a time series engine. Data models also may be generated to provide semantic meaning to structured data. A data model may be composed of a hierarchical data model objects analogous to an object-oriented programming class hierarchy. Users may employ a data modeling application to produce reports using search objects that may be part of, or associated with the data model. The data modeling application may employ the search object and the data model to generate a query string for searching a data repository to produce a result set. A data modeling application may map the result set data to data model objects that may be used to generate reports.
52 Citations
45 Claims
-
1-24. -24. (canceled)
-
25. A computer implemented method, comprising:
-
storing a set of events in a data store on a computing device including one or more processors, wherein the events include unstructured machine data; generating, by the computing device, a data model that models the set of events, wherein the data model defines a schema for the unstructured data in the set of events without modifying an organization of the unstructured data, wherein the data model includes one or more sub-models, and wherein each sub-model includes; criteria for identifying a subset of the set of events, and one or more field definitions, wherein each field definition defines a field that includes at most one value for each event in the subset of events, and wherein the at most one value for the field for each event in the subset is derived from data in each event; identifying a field included in the data model; displaying a graphical interface that includes an interactive element enabling a user to enter criteria for the identified field; receiving input corresponding to a selection of criteria for the identified field, wherein the input is received through the graphical interface; generating a search query based on the generated data model, wherein the search query is in a search language designed for accessing the events in the data store, and wherein the search query is configured to identify and return only events for which the identified field meets the selected criteria; and executing the search query to identify and return the events in the data store for which the identified field meets the selected criteria. - View Dependent Claims (26, 27, 28, 29, 30, 31)
-
-
32. A system, comprising:
-
a processor; and a non-transitory computer-readable storage medium containing instructions configured to cause the processor to perform operations including; storing a set of events in a data store on a computing device including one or more processors, wherein the events include unstructured machine data; generating a data model that models the set of events, wherein the data model defines a schema for the unstructured data in the set of events without modifying an organization of the unstructured data, wherein the data model includes one or more sub-models, and wherein each sub-model includes; criteria for identifying a subset of the set of events, and one or more field definitions, wherein each field definition defines a field that includes at most one value for each event in the subset of events, and wherein the at most one value for the field for each event in the subset is derived from data in each event; identifying a field included in the data model; displaying a graphical interface that includes an interactive element enabling a user to enter criteria for the identified field; receiving input corresponding to a selection of criteria for the identified field, wherein the input is received through the graphical interface; generating a search query based on the generated data model, wherein the search query is in a search language designed for accessing the events in the data store, and wherein the search query is configured to identify and return only events for which the identified field meets the selected criteria; and executing the search query to identify and return the events in the data store for which the identified field meets the selected criteria. - View Dependent Claims (33, 34, 35, 36, 37, 38)
-
-
39. A computer-program product, tangibly embodied in a non-transitory machine-readable medium, including instructions configured to cause a data processing apparatus to:
-
store a set of events in a data store on a computing device including one or more processors, wherein the events include unstructured machine data; generate a data model that models the set of events, wherein the data model defines a schema for the unstructured data in the set of events without modifying an organization of the unstructured data, wherein the data model includes one or more sub-models, and wherein each sub-model includes; criteria for identifying a subset of the set of events, and one or more field definitions, wherein each field definition defines a field that includes at most one value for each event in the subset of events, and wherein the at most one value for the field for each event in the subset is derived from data in each event; identifying a field included in the data model; display a graphical interface that includes an interactive element enabling a user to enter criteria for the identified field; receive input corresponding to a selection of criteria for the identified field, wherein the input is received through the graphical interface; generate a search query based on the generated data model, wherein the search query is in a search language designed for accessing the events in the data store, and wherein the search query is configured to identify and return only events for which the identified field meets the selected criteria; and execute the search query to identify and return the events in the data store for which the identified field meets the selected criteria. - View Dependent Claims (40, 41, 42, 43, 44, 45)
-
Specification