公开(公告)号：US20210034650A1

公开(公告)日：2021-02-04

申请号：US17076534

申请日：2020-10-21

Applicant: SPLUNK Inc.

Inventor： MARC VINCENT ROBICHAUD

IPC: G06F16/31 ,  G06F3/0484

Abstract: First one or more values are extracted from a plurality of events using a first extraction rule. The extracted first one or more values are assigned to a first field of the plurality of events as a first set of field-data item pairs and a field label is assigned to the first field. Second one or more values and a field label corresponding to the second one or more values are extracted from the plurality of the events using a second extraction rule, where the extracted field label corresponds to the assigned field label of the first field. The extracted second one or more values are assigned to a second field of the plurality of events as a second set of field-data item pairs, thereby distinguishing the extracted second one or more values from the extracted first one or more values.

公开(公告)号：US20190095062A1

公开(公告)日：2019-03-28

申请号：US16204989

申请日：2018-11-29

Applicant: SPLUNK INC.

Inventor： ALICE EMILY NEELS ,  ARCHANA SULOCHANA GANAPATHI ,  MARC VINCENT ROBICHAUD ,  STEPHEN PHILLIP SORKIN ,  STEVE YU ZHANG

IPC: G06F3/0482 ,  G06F17/24

Abstract: Embodiments include generating data models that may give semantic meaning for unstructured or structured data that may include data generated and/or received by search engines, including a time series engine. A method includes generating a data model for data stored in a repository. Generating the data model includes generating an initial query string, executing the initial query string on the data, generating an initial result set based on the initial query string being executed on the data, determining one or more candidate fields from one or results of the initial result set, generating a candidate data model based on the one or more candidate fields, iteratively modifying the candidate data model until the candidate data model models the data, and using the candidate data model as the data model.

公开(公告)号：US20180232409A1

公开(公告)日：2018-08-16

申请号：US15956131

申请日：2018-04-18

Applicant: SPLUNK INC.

Inventor： MARC VINCENT ROBICHAUD ,  CORY EUGENE BURKE ,  JEFFREY THOMAS LLOYD

IPC: G06F17/30

CPC classification number: G06F16/221 ,  G06F16/24 ,  G06F16/2455

Abstract: A search interface is displayed in a table format that includes a plurality of columns, each column including data items of an event attribute, the data items being of a set of events, each column being selectable by a user, and a plurality of rows forming cells with the one or more columns, each cell comprising one or more of the data items of the event attribute of a corresponding column. Based on the user selecting one or more of the columns, a list of options is displayed corresponding to the selected one or more columns, and one or more commands are added to a search query that corresponds to the set of events. The one or more commands are based on at least an option that is selected from the list of options and the event attribute of each of the selected one or more columns.

公开(公告)号：US20180060418A1

公开(公告)日：2018-03-01

申请号：US15799949

申请日：2017-10-31

Applicant: SPLUNK, INC.

Inventor： MARC VINCENT ROBICHAUD

IPC: G06F17/30 ,  G06F3/0484

CPC classification number: G06F16/313 ,  G06F3/04842

Abstract: First one or more values are extracted from a plurality of events using a first extraction rule. The extracted first one or more values are assigned to a first field of the plurality of events as a first set of field-data item pairs and a field label is assigned to the first field. Second one or more values and a field label corresponding to the second one or more values are extracted from the plurality of the events using a second extraction rule, where the extracted field label corresponds to the assigned field label of the first field. The extracted second one or more values are assigned to a second field of the plurality of events as a second set of field-data item pairs, thereby distinguishing the extracted second one or more values from the extracted first one or more values.

公开(公告)号：US20160224614A1

公开(公告)日：2016-08-04

申请号：US14611023

申请日：2015-01-30

Applicant: SPLUNK INC.

Inventor： MARC VINCENT ROBICHAUD ,  Cory Eugene Burke ,  Jeffrey Thomas Lloyd

IPC: G06F17/30 ,  G06F3/0482

CPC classification number: G06F17/30392 ,  G06Q10/103

Abstract: A list of command entries is displayed in a search interface, each of the command entries representing one or more commands of a plurality of commands of a search query. The list of command entries are displayed in a sequence corresponding to the plurality of commands of the search query. Based on a user interaction with a designated command entry in the displayed list of command entries, the displayed list of command entries is modified with respect to the designated command. Furthermore, the search query is automatically modified with respect to the corresponding one or more commands represented by the designated command entry. The modification can include causing the designated command entry to be removed from or reordered in the displayed list of command entries and the automatic modification cam include causing the corresponding one or more commands to be removed from or reordered in the search query.

Abstract translation: 在搜索界面中显示命令条目的列表，每个命令条目表示搜索查询的多个命令的一个或多个命令。 以与搜索查询的多个命令对应的顺序显示命令条目的列表。 根据与显示的命令条目列表中的指定命令条目的用户交互，显示的命令条目列表相对于指定命令被修改。 此外，搜索查询相对于由指定的命令条目表示的对应的一个或多个命令被自动修改。 该修改可以包括使所指定的命令条目在显示的命令条目列表中被移除或重新排序，并且自动修改凸轮包括使相应的一个或多个命令从搜索查询中移除或重新排序。