Proactive monitoring tree with severity state sorting
US-9185007-B2 · Nov 10, 2015 · US
Displaying event records with emphasized fields
US11119728B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11119728-B2 |
| Application number | US-202017028755-A |
| Country | US |
| Kind code | B2 |
| Filing date | Sep 22, 2020 |
| Priority date | Jan 23, 2013 |
| Publication date | Sep 14, 2021 |
| Grant date | Sep 14, 2021 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Embodiments are directed towards real time display of event records with an indication of previously provided extraction rules. A plurality of extraction rules may be provided to the system, such as automatically generated and/or user created extraction rules. These extraction rules may include regular expressions. A plurality of event records may be displayed to the user, such that text in a field defined by an extraction rule is emphasized in the display of the event record. The same emphasis may be provided for text in overlapping fields, or the emphasis may be somewhat different for different fields. The user interface may enable a user to select a portion of text of an event record, such as by rolling-over or clicking on an emphasized part of the event record. By selecting the portion of the event record, the interface may display each extraction rule associated with the selected portion.
First claim
Opening claim text (preview).
Having thus described the invention, what is claimed is: 1. A method, comprising: causing display of a set of event records; determining a plurality of extraction rules associated with a first event record of the set of event records; identifying, within the first event record, a first field value of a first field defined by a first extraction rule and a second field value of a second field defined by the second extraction rule; and automatically causing the first field value to be visually emphasized within the first event record in a first manner based on the identification of the first field value of the first field being defined by the first extraction rule and causing the second field value to be visually emphasized within the first event record in a second manner, different from the first manner, based on the identification of the second field value of the second field being defined by the second extraction rule, wherein at least one of the first manner or the second manner comprises use of color and/or format to visually emphasize the first field value and/or the second field value. 2. The method as recited in claim 1 , wherein the first event record comprises at least a portion of one or more lines of data within machine data. 3. The method as recited in claim 1 , wherein the first extraction rule comprises a regular expression. 4. The method as recited in claim 1 , wherein the plurality of extraction rules are user selected via a graphical user interface. 5. The method as recited in claim 1 further comprising: identifying, within the first event record, a third field value of a third field defined by a third extraction rule; determining that the second field and the third field overlap; and causing the third field value to be visually emphasized within the first event record in the second manner such that the second field value and the third field value are emphasized together as a super set field. 6. The method as recited in claim 1 further comprising: identifying, within the first event record, a third field value of a third field defined by a third extraction rule; determining that the second field and the third field overlap based on a start character location and an end character location of the second field and the third field within the first event record; and causing the third field value to be visually emphasized within the first event record in the second manner such that the second field value and the third field value are emphasized together as a super set field. 7. The method as recited in claim 1 further comprising: detecting a selection of the visually emphasized first field value; and causing display of an indication of the first extraction rule associated with the first field value. 8. The method as recited in claim 1 , further comprising automatically generating the first extraction rule based on a text value selected, via a graphical user interface, from an event record, wherein the extraction rule is generated using a pattern recognition algorithm. 9. The method as recited in claim 1 , wherein the first extraction rule is input, via a graphical user interface, into an editable input text box. 10. The method as recited in claim 1 further comprising causing display of an indication of the first extraction rule along with a name of the first extraction rule, the name representing a name of the first field defined by the first extraction rule. 11. A computerized system comprising: one or more processors; and computer storage memory having computer-executable instructions stored thereon which, when executed by the processor, implement a method comprising: causing display of a set of event records; determining a plurality of extraction rules associated with a first event record of the set of event records; identifying, within the first event record, a first field value of a first field defined by a first extraction rule and a second field value of a second field defined by the second extraction rule; and automatically causing the first field value to be visually emphasized within the first event record in a first manner based on the identification of the first field value of the first field being defined by the first extraction rule and causing the second field value to be visually emphasized within the first event record in a second manner, different from the first manner, based on the identification of the second field value of the second field being defined by the second extraction rule, wherein at least one of the first manner or the second manner comprises use of color and/or format to visually emphasize the first field value and/or the second field value. 12. The system of claim 11 , wherein the first manner comprises use of a first color to visually emphasize the first field value and the second manner comprises use of a second color to visually emphasize the second field value. 13. The system of claim 11 further comprising: identifying, within the first event record, a third field value of a third field defined by a third extraction rule; determining that the second field and the third field overlap; and causing the third field value to be visually emphasized within the first event record in the second manner such that the second field value and the third field value are emphasized together as a super set field. 14. The system of claim 11 further comprising: identifying, within the first event record, a third field value of a third field defined by a third extraction rule; determining that the second field and the third field overlap based on a start character location and an end character location of the second field and the third field within the first event record; and causing the third field value to be visually emphasized within the first event record in the second manner such that the second field value and the third field value are emphasized together as a super set field. 15. The system of claim 11 further comprising: detecting a selection of the visually emphasized first field value; and causing display of an indication of the first extraction rule associated with the first field value. 16. A non-transitory computer-readable medium storing one or more sequences of instructions, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform a method comprising: causing display of a set of event records; determining a plurality of extraction rules associated with a first event record of the set of event records; identifying, within the first event record, a first field value of a first field defined by a first extraction rule and a second field value of a second field defined by the second extraction rule; and automatically causing the first field value to be visually emphasized within the first event record in a first manner based on the identification of the first field value of the first field being defined by the first extraction rule and causing the second field value to be visually emphasized within the first event record in a second manner, different from the first manner, based on the identification of the second field value of the second field being defined by the second extraction rule, wherein at least one of the first manner or the second manner comprises use of color and/or format to visually emphasize the first field value and/or the second field value. 17. The non-transitory computer-readable medium of claim 16 , wherein the first manner comprises use of a first format to visually emphasize the first field va
Assignees
Inventors
Classifications
- G06F16/2477Primary
Temporal data queries · CPC title
- G06F7/24Primary
Sorting, i.e. extracting data from one or more carriers, rearranging the data in numerical or other ordered sequence, and rerecording the sorted data on the original carrier or on a different carrier or set of carriers {sorting methods in general}(G06F7/36 takes precedence) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11119728B2 cover?
- Embodiments are directed towards real time display of event records with an indication of previously provided extraction rules. A plurality of extraction rules may be provided to the system, such as automatically generated and/or user created extraction rules. These extraction rules may include regular expressions. A plurality of event records may be displayed to the user, such that text in a f…
- Who is the assignee on this patent?
- Splunk Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F16/2477. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Sep 14 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).