×

Data model for machine data for semantic search

  • US 8,788,526 B2
  • Filed: 10/26/2012
  • Issued: 07/22/2014
  • Est. Priority Date: 09/07/2012
  • Status: Active Grant
First Claim
Patent Images

1. A computer implemented method, comprising:

  • accessing time-stamped events in a data store on a computing device including one or more processors;

    maintaining a data model that is associated with a set of the time-stamped events, wherein the data model includes one or more sub-models, wherein each sub-model of the one or more sub-models is associated with a subset of events in the set of time-stamped events, wherein each sub-model of the one or more sub-models includes one or more fields, and wherein each field of a sub-model is associated with a field definition for how to extract a value for the field from one or more events in the subset of events associated with the sub-model;

    causing display of identifiers for the one or more sub-models;

    receiving a selection of one of the displayed identifiers, indicating a selection of a particular sub-model of the one or more sub-models;

    causing display of a graphical interface that includes an interactive element enabling a user to select or enter criteria for a particular field included in the selected particular sub-model;

    receiving, through the graphical interface, input corresponding to a selection or entry of particular criteria for the particular field;

    generating a search query in a search language designed for accessing the time-stamped events in the data store, wherein the search query is configured to (i) cause extraction of values for the particular field by applying an extraction rule or a regular expression included in the field definition for the particular field to a particular subset of events associated with the selected particular sub-model, and (ii) cause comparison of the extracted values for the particular field to the selected or entered particular criteria; and

    initiating execution of the search query.

View all claims
  • 1 Assignment
Timeline View
Assignment View
    ×
    ×