INTERFACE FOR MANAGING SPLITTABLE TIMESTAMPS ACROSS EVENT RECORDS
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments are directed towards a graphical user interface to identify locations within event records with splittable timestamp information. A display of event records is provided using any of a variety of formats. A splittable timestamp selector allows a user to select one or more locations within event records as having time related information that may be split across the one or more locations, including, information based on date, time of day, day of the week, or other time information. Any of a plurality of mechanisms is used to associate the selected locations with the split timestamp information, including tags, labels, or header information within the event records. In other embodiments, a separate table, list, index, or the like may be generated that associates the selected locations with the split timestamp information. The split timestamp information may be used within extraction rules for selecting subsets of the event records.
39 Citations
87 Claims
-
1-30. -30. (canceled)
-
31. A method, comprising:
-
receiving raw data; generating one or more events for a computing system, wherein each event includes a portion of the raw data; causing generation of a graphical interface on a computing device, wherein the graphical interface displays at least one of the events and a timestamp selection tool, and wherein a timestamp selection tool is a graphical interface tool that enables a user to graphically designate one or more sub-portions of raw data within an event to be extracted and used to generate a timestamp for the event; receiving input corresponding to a designation of the one or more sub-portions of raw data within the event, wherein the designation is made using the timestamp selection tool; dynamically generating and storing an extraction rule for determining a timestamp for the event from the designated one or more sub-portions of raw data in the event; for each of the one or more events, applying the extraction rule to the portion of raw data in the event to generate a timestamp for the event; storing each of the one or more events using the extracted timestamp for that event; wherein the method is performed by one or more computing devices. - View Dependent Claims (61, 62, 63, 64, 65, 66, 67, 68, 69)
-
-
32-39. -39. (canceled)
-
40. A system for managing resources, comprising:
at least one network device, comprising; a processor; and a non-transitory computer-readable storage medium containing instructions configured to cause the processor to perform operations including; receiving raw data; generating one or more events for a computing system, wherein each event includes a portion of the raw data; causing generation of a graphical interface on a computing device, wherein the graphical interface displays at least one of the events and a timestamp selection tool, and wherein a timestamp selection tool is a graphical interface tool that enables a user to graphically designate one or more sub-portions of raw data within an event to be extracted and used to generate a timestamp for the event; receiving input corresponding to a designation of the one or more sub-portions of raw data within the event, wherein the designation is made using the timestamp selection tool; dynamically generating and storing an extraction rule for determining a timestamp for the event from the designated one or more sub-portions of raw data in the event; for each of the one or more events, applying the extraction rule to the portion of raw data in the event to generate a timestamp for the event; storing each of the one or more events using the extracted timestamp for that event. - View Dependent Claims (70, 71, 72, 73, 74, 75, 76, 77, 78)
-
41-48. -48. (canceled)
-
49. A computer-program product, tangibly embodied in a non-transitory machine-readable medium, including instructions configured to cause a data processing apparatus to:
-
receive raw data; generate one or more events for a computing system, wherein each event includes a portion of the raw data; cause generation of a graphical interface on a computing device, wherein the graphical interface displays at least one of the events and a timestamp selection tool, and wherein a timestamp selection tool is a graphical interface tool that enables a user to graphically designate one or more sub-portions of raw data within an event to be extracted and used to generate a timestamp for the event; receive input corresponding to a designation of the one or more sub-portions of raw data within the event, wherein the designation is made using the timestamp selection tool; dynamically generate and store an extraction rule for determining a timestamp for the event from the designated one or more sub-portions of raw data in the event; for each of the one or more events, apply the extraction rule to the portion of raw data in the event to generate a timestamp for the event; store each of the one or more events using the extracted timestamp for that event. - View Dependent Claims (79, 80, 81, 82, 83, 84, 85, 86, 87)
-
-
50-60. -60. (canceled)
Specification