公开(公告)号：US20140208218A1

公开(公告)日：2014-07-24

申请号：US13748360

申请日：2013-01-23

Applicant: SPLUNK INC.

Inventor： R. David Carasso ,  Micah James Delfino ,  Johnvey Hwang

IPC: G06F3/0481

CPC classification number: G06F17/30601 ,  G06F3/0482 ,  G06F3/04842 ,  G06F17/24 ,  G06F17/241 ,  G06F17/243 ,  G06F17/30011 ,  G06F17/30554 ,  G06F17/30637 ,  G06F17/30675 ,  G06F17/30696 ,  G06F17/30716 ,  G06F17/30864 ,  G06Q10/00 ,  G06Q10/0637

Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.

Abstract translation: 实施例涉及基于诸如正则表达式的至少一个提取规则来实时显示事件记录和提取的值。 可以使用用户界面来使用户能够自动生成提取规则和/或手动输入提取规则。 可以使用户手动编辑先前提供的提取规则，这可以导致更新的提取值的实时显示。 提取规则可以用于从多个记录中的每一个提取值，包括非结构化机器数据的事件记录。 可以针对每个唯一提取的值确定统计量，并且可以实时地向用户显示。 用户界面还可以使用户能够选择至少一个唯一的提取值来显示包括与所选择的值匹配的提取值的那些事件记录。

公开(公告)号：US11972203B1

公开(公告)日：2024-04-30

申请号：US18306863

申请日：2023-04-25

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F3/048 ,  G06F16/2458 ,  G06F40/174

CPC classification number: G06F40/174 ,  G06F16/2477

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US11119728B2

公开(公告)日：2021-09-14

申请号：US17028755

申请日：2020-09-22

Applicant: SPLUNK INC.

Inventor： R. David Carasso ,  Micah James Delfino ,  Johnvey Hwang

IPC: G06F3/048 ,  G06F7/24 ,  G06F16/2458

Abstract: Embodiments are directed towards real time display of event records with an indication of previously provided extraction rules. A plurality of extraction rules may be provided to the system, such as automatically generated and/or user created extraction rules. These extraction rules may include regular expressions. A plurality of event records may be displayed to the user, such that text in a field defined by an extraction rule is emphasized in the display of the event record. The same emphasis may be provided for text in overlapping fields, or the emphasis may be somewhat different for different fields. The user interface may enable a user to select a portion of text of an event record, such as by rolling-over or clicking on an emphasized part of the event record. By selecting the portion of the event record, the interface may display each extraction rule associated with the selected portion.

公开(公告)号：US10802797B2

公开(公告)日：2020-10-13

申请号：US16003998

申请日：2018-06-08

Applicant: Splunk Inc.

Inventor： R. David Carasso ,  Micah James Delfino ,  Johnvey Hwang

IPC: G06F3/048 ,  G06F7/24 ,  G06F16/2458

Abstract: Embodiments are directed towards real time display of event records with an indication of previously provided extraction rules. A plurality of extraction rules may be provided to the system, such as automatically generated and/or user created extraction rules. These extraction rules may include regular expressions. A plurality of event records may be displayed to the user, such that text in a field defined by an extraction rule is emphasized in the display of the event record. The same emphasis may be provided for text in overlapping fields, or the emphasis may be somewhat different for different fields. The user interface may enable a user to select a portion of text of an event record, such as by rolling-over or clicking on an emphasized part of the event record. By selecting the portion of the event record, the interface may display each extraction rule associated with the selected portion.

公开(公告)号：US10585919B2

公开(公告)日：2020-03-10

申请号：US15582667

申请日：2017-04-29

Applicant: SPLUNK, Inc.

Inventor： R. David Carasso ,  Micah James Delfino ,  Johnvey Hwang

IPC: G06F16/28 ,  G06F3/0484 ,  G06F3/0482 ,  G06F16/34 ,  G06F16/93 ,  G06F16/248 ,  G06F16/332 ,  G06F16/33 ,  G06F16/338 ,  G06F16/951 ,  G06Q10/06 ,  G06Q10/00 ,  G06F17/24

Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.

公开(公告)号：US10430505B2

公开(公告)日：2019-10-01

申请号：US15417430

申请日：2017-01-27

Applicant: Splunk, Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F3/048 ,  G06F17/24 ,  G06F7/24 ,  G06F3/0484 ,  G06F16/248 ,  G06F16/904 ,  G06F16/2458

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US20190251086A1

公开(公告)日：2019-08-15

申请号：US16394754

申请日：2019-04-25

Applicant: SPLUNK INC.

Inventor： R. David Carasso ,  Micah James Delfino

IPC: G06F16/2458 ,  G06F17/27 ,  G06F16/901

CPC classification number: G06F16/2477 ,  G06F16/9014 ,  G06F17/277

Abstract: Embodiments are directed towards a graphical user interface identify locations within event records with splittable timestamp information. A display of event records is provided using any of a variety of formats. A splittable timestamp selector allows a user to select one or more locations within event records as having time related information that may be split across the one or more locations, including, information based on date, time of day, day of the week, or other time information. Any of a plurality of mechanisms is used to associate the selected locations with the split timestamp information, including tags, labels, or header information within the event records. In other embodiments, a separate table, list, index, or the like may be generated that associates the selected locations with the split timestamp information. The split timestamp information may be used within extraction rules for selecting subsets or the event records.

公开(公告)号：US20180267947A1

公开(公告)日：2018-09-20

申请号：US15694654

申请日：2017-09-01

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  Catherine Anne Hanson ,  David Carasso

IPC: G06F17/24 ,  G06F17/30

CPC classification number: G06F17/243 ,  G06F16/2477

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US20170270219A1

公开(公告)日：2017-09-21

申请号：US15582599

申请日：2017-04-28

Applicant: SPLUNK, Inc.

Inventor： R. David Carasso ,  Micah James Delfino

IPC: G06F17/30

CPC classification number: G06F17/30949

Abstract: Embodiments are directed towards a graphical user interface identify locations within event records with splittable timestamp information. A display of event records is provided using any of a variety of formats. A splittable timestamp selector allows a user to select one or more locations within event records as having time related information that may be split across the one or more locations, including, information based on date, time of day, day of the week, or other time information. Any of a plurality of mechanisms is used to associate the selected locations with the split timestamp information, including tags, labels, or header information within the event records. In other embodiments, a separate table, list, index, or the like may be generated that associates the selected locations with the split timestamp information. The split timestamp information may be used within extraction rules for selecting subsets or the event records.

公开(公告)号：US09753909B2

公开(公告)日：2017-09-05

申请号：US14610668

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  Catherine Anne Hanson ,  David Carasso

IPC: G06F3/048 ,  G06F17/24 ,  G06F17/30

CPC classification number: G06F17/243 ,  G06F17/30551

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.