公开(公告)号：US20200034414A1

公开(公告)日：2020-01-30

申请号：US16589445

申请日：2019-10-01

Applicant: SPLUNK INC.

Inventor： Jesse MILLER ,  Micah James DELFINO ,  Marc ROBICHAUD ,  David CARASSO

IPC: G06F17/24 ,  G06F16/2458

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US20210174009A1

公开(公告)日：2021-06-10

申请号：US17169254

申请日：2021-02-05

Applicant: SPLUNK Inc.

Inventor： Jesse MILLER ,  Micah James DELFINO ,  Marc ROBICHAUD ,  David CARASSO

IPC: G06F40/174 ,  G06F16/2458

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US20200242139A1

公开(公告)日：2020-07-30

申请号：US16849873

申请日：2020-04-15

Applicant: SPLUNK INC.

Inventor： Alice NEELS ,  Sundar VASAN ,  Simon FISHEL ,  Marc ROBICHAUD ,  Divanny LAMAS

IPC: G06F16/338 ,  G06T11/20 ,  G06F16/2457 ,  G06F16/901 ,  G06F40/166 ,  G06F16/335 ,  G06F16/26 ,  G06F16/9535 ,  G06F16/34 ,  G06F16/33 ,  G06F3/0484 ,  G06F16/248 ,  G06F3/0482 ,  G06F16/2458

Abstract: The disclosure relates to certain system and method embodiments for generating reports from unstructured data. In one embodiment, a method can include identifying events matching criteria of an initial search query (each of the events including a portion of raw machine data that is associated with a time), identifying a set of fields, each field defined for one or more of the identified events, causing display of an interactive graphical user interface (GUI) that includes one or more interactive elements enabling a user to define a report for providing information relating to the matching events (each interactive element enabling processing or presentation of information in the matching events using one or more fields in the identified set of fields), receiving, via the GUI, a report definition indicating how to report information relating to the matching events, and generating, based on the report definition, a report including information relating to the matching events.