公开(公告)号：US20200034414A1

公开(公告)日：2020-01-30

申请号：US16589445

申请日：2019-10-01

Applicant: SPLUNK INC.

Inventor： Jesse MILLER ,  Micah James DELFINO ,  Marc ROBICHAUD ,  David CARASSO

IPC: G06F17/24 ,  G06F16/2458

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US20210174009A1

公开(公告)日：2021-06-10

申请号：US17169254

申请日：2021-02-05

Applicant: SPLUNK Inc.

Inventor： Jesse MILLER ,  Micah James DELFINO ,  Marc ROBICHAUD ,  David CARASSO

IPC: G06F40/174 ,  G06F16/2458

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US20160225271A1

公开(公告)日：2016-08-04

申请号：US14815923

申请日：2015-07-31

Applicant: SPLUNK INC.

Inventor： Marc V. ROBICHAUD ,  Jesse MILLER ,  Cory BURKE ,  Alexander JAMES ,  Jeffrey Thomas LLOYD

IPC: G09B5/02 ,  G09B19/00

CPC classification number: G06F17/245 ,  G06F3/0484 ,  G06F17/30 ,  G06F17/30365 ,  G06F17/30374 ,  G06F17/30392 ,  G06F17/30466 ,  G06F17/30507 ,  G06F17/30551 ,  G06F17/30572 ,  G06F17/30634 ,  G06F17/30663 ,  G06F21/6227 ,  G06Q10/10

Abstract: A method includes causing display of events that correspond to search results of a search query in a table. The table includes rows representing events comprising data items of event attributes, columns forming cells with the row, the columns representing respective event attributes, and interactive regions corresponding to one or more data items of the displayed data items. The method also includes in response to the user selecting a designated interactive region, causing display of a list of options, each displayed option corresponding to an interface template for composing query commands, and based on the user selecting an option in the displayed list of options, causing one or more commands to be added to the search query, the one or more commands composed based on the one or more data items that corresponds to the designated interactive region according to instructions of the interface template of the selected option.

Abstract translation: 一种方法包括使与表中的搜索查询的搜索结果相对应的事件的显示。 该表包括表示包括事件属性的数据项的事件的行，形成具有该行的单元的列，表示各自的事件属性的列以及与所显示的数据项的一个或多个数据项对应的交互区域。 该方法还包括响应于用户选择指定的交互区域，导致选项列表的显示，每个显示的选项对应于用于构成查询命令的界面模板，并且基于用户选择所显示的选项列表中的选项 根据所选选项的接口模板的指令，使一个或多个命令被添加到搜索查询中，所述一个或多个命令基于与所指定的交互区域对应的一个或多个数据项组成。