Data model selection and application based on data sources
US-2019095062-A1 · Mar 28, 2019 · US
Graphical controls for selecting criteria based on fields present in event data
US10977286B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10977286-B2 |
| Application number | US-201816034289-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 12, 2018 |
| Priority date | Sep 7, 2012 |
| Publication date | Apr 13, 2021 |
| Grant date | Apr 13, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The disclosure relates to certain system and method embodiments for generating reports from unstructured data. In one embodiment, a method can include identifying events matching criteria of an initial search query (each of the events including a portion of raw machine data that is associated with a time), identifying a set of fields, each field defined for one or more of the identified events, causing display of an interactive graphical user interface (GUI) that includes one or more interactive elements enabling a user to define a report for providing information relating to the matching events (each interactive element enabling processing or presentation of information in the matching events using one or more fields in the identified set of fields), receiving, via the GUI, a report definition indicating how to report information relating to the matching events, and generating, based on the report definition, a report including information relating to the matching events.
First claim
Opening claim text (preview).
What is claimed is: 1. A computer-implemented method, comprising: receiving an initial search query that is executed on a set of unstructured raw machine data that reflects activity in an information technology environment; identifying, from the set of unstructured raw machine, a first subset of unstructured raw machine data that is responsive to the initial search query; identifying a set of fields included in the first subset of unstructured raw machine data; causing display of a first graphical control for selecting a first criterion from a first set of criteria, wherein: the first set of criteria corresponds to a first field present in the set of fields, and the first field represents a first characteristic of activity in the information technology environment represented in the first subset of unstructured raw machine data; causing display of a second graphical control for selecting a second criterion from a second set of criteria, wherein: the second set of criteria is different than the first set of criteria and corresponds to a second field present in the set of fields, and the second field represents a second characteristic of activity in the information technology environment represented in the first subset of unstructured raw machine data; receiving, via at least one of the first graphical control or the second graphical control, a selection of at least one of the first criterion or the second criterion; in response, extracting, based on one or more extraction rules associated with at least one of the first field or the second field, a second subset of unstructured raw machine data from at least one of: a plurality of occurrences of the first field in the first subset of unstructured raw machine data, or a plurality of occurrences of the second field in the first subset of unstructured raw machine data; and causing display of a report associated with the second subset of unstructured raw machine data, wherein the report is generated based on the selected at least one of the first criterion or the second criterion. 2. The method of claim 1 , wherein the first set of criteria comprises one or more aggregate functions. 3. The method of claim 1 , wherein: the first set of criteria comprises one or more aggregate functions, and the set of unstructured raw machine data comprises a set of field values, and further comprising determining one or more field values by applying the one or more aggregate functions to the set of field values. 4. The method of claim 1 , wherein the first set of criteria comprises one or more filter functions. 5. The method of claim 1 , wherein the first set of criteria comprises at least one of a time filter, a match filter, or a limit filter. 6. The method of claim 1 , wherein: the report comprises a graphical visualization, and the first set of criteria comprises one or more attributes of the graphical visualization. 7. The method of claim 1 , wherein: the report comprises a graphical visualization that includes at least one of a table, a column chart, a bar chart, a scatter chart, an area chart, a line chart, a pie chart, a radial gauge, a marker gauge, or a filler gauge, and the first set of criteria comprises one or more attributes of the graphical visualization. 8. The method of claim 1 , wherein: the report comprises a graphical visualization, and the first set of criteria comprises one or more attributes associated with one or more axes of the graphical visualization. 9. The method of claim 1 , wherein: the report comprises a graphical visualization, the first criterion comprises a first attribute of the graphical visualization, the first attribute corresponding to the first field and being associated with a first axis of the graphical visualization, and the second criterion comprises a second attribute of the graphical visualization, the second attribute corresponding to the second field and being associated with a second axis of the graphical visualization. 10. The method of claim 1 , wherein the first graphical control comprises at least one of a menu or a drop-down list. 11. The method of claim 1 , wherein: the set of fields is included in a set of events, wherein each event in the set of events includes a portion of the set of unstructured raw machine data, and each event is associated with a timestamp extracted from the set of unstructured raw machine data associated with that event. 12. The method of claim 1 , further comprising: identifying a second set of fields included in second set of unstructured raw machine data that reflects activity in an information technology environment; causing display of a third graphical control for selecting a third criterion from a third set of criteria, wherein: the third set of criteria is different than the first set of criteria and the second set of criteria, and the third set of criteria corresponds to a third field present in the second set of fields; receiving, via the third graphical control, a selection of the third criterion; extracting, based on at least one extraction rule associated with the third field, second data from a plurality of occurrences of the third field in the second set of unstructured raw machine data; and causing display of a second report associated with the second data, wherein the second report is generated based on the third criterion. 13. The method of claim 1 , wherein the one or more extraction rules are used to identify a pattern in the first subset of unstructured raw machine data that indicates occurrences of the first field in the first subset of unstructured raw machine data. 14. A system, comprising: one or more memories storing instructions; and one or more processors coupled to the one or more memories, wherein, when executed by the one or more processors, the instructions configure the one or more processors to: receive an initial search query that is executed on a set of unstructured raw machine data that reflects activity in an information technology environment; identifying, from the set of unstructured raw machine data a first subset of unstructured raw machine data that is responsive to the initial search query identify a set of fields included in the first subset of unstructured raw machine data; cause display of a first graphical control for selecting a first criterion from a first set of criteria, wherein: the first set of criteria corresponds to a first field present in the set of fields, and the first field represents a first characteristic of activity in the information technology environment represented in the first subset of unstructured raw machine data; cause display of a second graphical control for selecting a second criterion from a second set of criteria, wherein: the second set of criteria is different than the first set of criteria and corresponds to a second field present in the set of fields, and the second field represents a second characteristic of activity in the information technology environment represented in the first subset of unstructured raw machine data; receive, via at least one of the first graphical control or the second graphical control, a selection of at least one of the first criterion or the second criterion; in response, extract, based on one or more extraction rules associated with at least one of the first field or the second field, a second subset of unstructured raw machine data from at least one of: a plurality of occurrences of the first field in the first subset of unstructured raw machine data, or a plurality of occurrences of the second field in the first subset of unstructured raw mach
Assignees
Inventors
Classifications
Drawing of charts or graphs · CPC title
- G06F16/2477Primary
Temporal data queries · CPC title
Presentation of query results · CPC title
Filtering based on additional data, e.g. user or group profiles (filtering in web context G06F16/9535, G06F16/9536) · CPC title
Query execution (filtering based on additional data G06F16/335) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10977286B2 cover?
- The disclosure relates to certain system and method embodiments for generating reports from unstructured data. In one embodiment, a method can include identifying events matching criteria of an initial search query (each of the events including a portion of raw machine data that is associated with a time), identifying a set of fields, each field defined for one or more of the identified events,…
- Who is the assignee on this patent?
- Splunk Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F16/2477. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Apr 13 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).