公开(公告)号：US20170139887A1

公开(公告)日：2017-05-18

申请号：US15417430

申请日：2017-01-27

Applicant: Splunk, Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F17/24 ,  G06F3/0484 ,  G06F17/30

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US20160321369A1

公开(公告)日：2016-11-03

申请号：US15143579

申请日：2016-04-30

Applicant: Splunk Inc.

Inventor： Alice Neels ,  Sundar Vasan ,  Simon Fishel ,  Marc Robichaud ,  Divanny Lamas

IPC: G06F17/30

CPC classification number: G06F16/338 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F16/24575 ,  G06F16/2477 ,  G06F16/248 ,  G06F16/26 ,  G06F16/334 ,  G06F16/335 ,  G06F16/345 ,  G06F16/9024 ,  G06F16/9535 ,  G06F17/24 ,  G06T11/206 ,  G06T2200/24

Abstract: The disclosure relates to certain system and method embodiments for generating reports from unstructured data. In one embodiment, a method can include identifying events matching criteria of an initial search query (each of the events including a portion of raw machine data that is associated with a time), identifying a set of fields, each field defined for one or more of the identified events, causing display of an interactive graphical user interface (GUI) that includes one or more interactive elements enabling a user to define a report for providing information relating to the matching events (each interactive element enabling processing or presentation of information in the matching events using one or more fields in the identified set of fields), receiving, via the GUI, a report definition indicating how to report information relating to the matching events, and generating, based on the report definition, a report including information relating to the matching events.

Abstract translation: 本公开涉及用于从非结构化数据生成报告的某些系统和方法实施例。 在一个实施例中，一种方法可以包括识别匹配初始搜索查询的标准的事件（每个事件包括与时间相关联的原始机器数据的一部分），标识一组字段，每个字段被定义为一个或多个 识别的事件，导致显示包括一个或多个交互元件的交互式图形用户界面（GUI），使得用户能够定义用于提供与匹配事件有关的信息的报告（每个交互元件能够处理或呈现在 通过GUI接收指示如何报告与匹配事件有关的信息的报告定义，以及基于报告定义生成包括与所述事件相关的信息的报告的报告 匹配事件。

公开(公告)号：US20150149879A1

公开(公告)日：2015-05-28

申请号：US14610668

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  Catherine Anne Hanson ,  David Carasso

IPC: G06F17/24

CPC classification number: G06F17/243 ,  G06F17/30551

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

Abstract translation: 所公开的技术涉及制定和提炼在查询时使用具有后期绑定模式的原始数据的字段提取规则。 字段提取规则识别原始数据的部分，以及它们的数据类型和层次关系。 这些提取规则是针对未组织成尚未通过标准提取或转换方法处理的关系结构的非常大的数据集执行的。 通过使用示例事件，关注主要和次要示例事件有助于制定跨多个数据格式的单个提取规则，或者针对不同格式的多个规则。 选择工具标记示例事件以指示提取规则的正例，并确定负面示例以避免错误的值选择。 提取规则可以保存以供查询时间使用，并且可以被并入事件数据的集合和子集的数据模型中。

公开(公告)号：US20150142847A1

公开(公告)日：2015-05-21

申请号：US14611232

申请日：2015-01-31

Applicant: Splunk Inc.

Inventor： Alice Emily NEELS ,  Archana Sulochana GANAPATHI ,  Marc Robichaud ,  Stephen Phillip SORKIN ,  Steve Yu ZHANG

IPC: G06F17/30 ,  G06F17/24

CPC classification number: G06F17/30395 ,  G06F3/0482 ,  G06F17/248 ,  G06F17/30283 ,  G06F17/30424 ,  G06F17/30528 ,  G06F17/30554 ,  G06F17/30867

Abstract: Embodiments include generating data models that may give semantic meaning for unstructured or structured data that may include data generated and/or received by search engines, including a time series engine. A method includes generating a data model for data stored in a repository. Generating the data model includes generating an initial query string, executing the initial query string on the data, generating an initial result set based on the initial query string being executed on the data, determining one or more candidate fields from one or results of the initial result set, generating a candidate data model based on the one or more candidate fields, iteratively modifying the candidate data model until the candidate data model models the data, and using the candidate data model as the data model.

Abstract translation: 实施例包括生成可以给非结构化或结构化数据赋予语义意义的数据模型，其可以包括由搜索引擎（包括时间序列引擎）生成和/或接收的数据。 一种方法包括为存储在存储库中的数据生成数据模型。 生成数据模型包括生成初始查询字符串，对数据执行初始查询字符串，基于对数据执行的初始查询字符串生成初始结果集，从一个或多个初始查询字符串的结果确定一个或多个候选字段 生成基于一个或多个候选字段的候选数据模型，迭代地修改候选数据模型，直到候选数据模型对数据建模，并使用候选数据模型作为数据模型。

公开(公告)号：US11972203B1

公开(公告)日：2024-04-30

申请号：US18306863

申请日：2023-04-25

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F3/048 ,  G06F16/2458 ,  G06F40/174

CPC classification number: G06F40/174 ,  G06F16/2477

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US11755634B2

公开(公告)日：2023-09-12

申请号：US16849873

申请日：2020-04-15

Applicant: SPLUNK INC.

Inventor： Alice Neels ,  Sundar Vasan ,  Simon Fishel ,  Marc Robichaud ,  Divanny Lamas

IPC: G06F16/33 ,  G06F16/338 ,  G06F16/26 ,  G06F16/248 ,  G06F16/335 ,  G06F16/34 ,  G06F16/2458 ,  G06F16/901 ,  G06F16/9535 ,  G06F16/2457 ,  G06F40/166 ,  G06F3/0482 ,  G06T11/20 ,  G06F3/04842 ,  G06F3/04847

CPC classification number: G06F16/338 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F16/248 ,  G06F16/2477 ,  G06F16/24575 ,  G06F16/26 ,  G06F16/334 ,  G06F16/335 ,  G06F16/345 ,  G06F16/9024 ,  G06F16/9535 ,  G06F40/166 ,  G06T11/206 ,  G06T2200/24

Abstract: The disclosure relates to certain system and method embodiments for generating reports from unstructured data. In one embodiment, a method can include identifying events matching criteria of an initial search query (each of the events including a portion of raw machine data that is associated with a time), identifying a set of fields, each field defined for one or more of the identified events, causing display of an interactive graphical user interface (GUI) that includes one or more interactive elements enabling a user to define a report for providing information relating to the matching events (each interactive element enabling processing or presentation of information in the matching events using one or more fields in the identified set of fields), receiving, via the GUI, a report definition indicating how to report information relating to the matching events, and generating, based on the report definition, a report including information relating to the matching events.

公开(公告)号：US10430505B2

公开(公告)日：2019-10-01

申请号：US15417430

申请日：2017-01-27

Applicant: Splunk, Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F3/048 ,  G06F17/24 ,  G06F7/24 ,  G06F3/0484 ,  G06F16/248 ,  G06F16/904 ,  G06F16/2458

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US20180267947A1

公开(公告)日：2018-09-20

申请号：US15694654

申请日：2017-09-01

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  Catherine Anne Hanson ,  David Carasso

IPC: G06F17/24 ,  G06F17/30

CPC classification number: G06F17/243 ,  G06F16/2477

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US09753909B2

公开(公告)日：2017-09-05

申请号：US14610668

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  Catherine Anne Hanson ,  David Carasso

IPC: G06F3/048 ,  G06F17/24 ,  G06F17/30

CPC classification number: G06F17/243 ,  G06F17/30551

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US09594814B2

公开(公告)日：2017-03-14

申请号：US14611089

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F3/048 ,  G06F17/30 ,  G06F7/24 ,  G06F3/0484

CPC classification number: G06F17/24 ,  G06F3/04842 ,  G06F7/24 ,  G06F17/241 ,  G06F17/245 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/30994

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

Abstract translation: 所公开的技术涉及制定和提炼在查询时使用具有后期绑定模式的原始数据的字段提取规则。 字段提取规则识别原始数据的部分，以及它们的数据类型和层次关系。 这些提取规则是针对未组织成尚未通过标准提取或转换方法处理的关系结构的非常大的数据集执行的。 通过使用示例事件，关注主要和次要示例事件有助于制定跨多个数据格式的单个提取规则，或者针对不同格式的多个规则。 选择工具标记示例事件以指示提取规则的正例，并确定负面示例以避免错误的值选择。 提取规则可以保存以供查询时间使用，并且可以被并入事件数据的集合和子集的数据模型中。