What technology area does this patent fall under?

Primary CPC classification G06F16/34. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Dec 28 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Automatic rule modification

US11210325B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11210325-B2
Application number	US-201715582670-A
Country	US
Kind code	B2
Filing date	Apr 29, 2017
Priority date	Jan 23, 2013
Publication date	Dec 28, 2021
Grant date	Dec 28, 2021

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.

First claim

Opening claim text (preview).

What is claimed is: 1. A computer-implemented method, comprising: receiving raw machine data; generating, using one or more processors, a set of events, wherein each event in the set of events includes a portion of the raw machine data; associating a time with each event in the set of events, the time for each event extracted from the raw machine data included in that event; storing the set of events in a data store such that they are searchable at least by their associated times; causing display of an extraction rule, wherein the extraction rule specifies how to extract a value for a field from raw machine data included in an event; causing display of a subset of events of the set of events; visually emphasizing in the displayed subset of events a value for the field that would be extracted from each of the events in the subset of events by applying the extraction rule; receiving input indicating that the emphasized value in a given event in the subset of events should not be the value extracted for the field for the given event; based on the input indicating that the emphasized value should not be the value for the field for the given event, automatically modifying the extraction rule so that it would extract a different value as a value for the field for the given event when applied to the given event; and modifying the displayed given event to visually emphasize the different value for the field for the given event. 2. The method of claim 1 , wherein the extraction rule includes a regular expression. 3. The method of claim 1 , wherein the raw machine data includes log data. 4. The method of claim 1 , further comprising displaying the modified extraction rule. 5. The method of claim 1 , wherein the extraction rule is received from a user through manual keyboard input. 6. The method of claim 1 , wherein the extraction rule is automatically generated to extract as the value for the field for a displayed event text that a user has selected in the event. 7. The method of claim 1 , further comprising modifying a second event in the displayed subset of events to emphasize a value that would be extracted for the field for the second event by applying the modified extraction rule to the second event. 8. The method of claim 1 , further comprising: receiving a label for the field corresponding to the extraction rule; and using the label for the field to search for an event via the field. 9. The method of claim 1 , further comprising: identifying a set of unique field values that would be extracted for the field by applying the extraction rule to events in the set of events; and displaying one or more unique field values in the set of unique field values. 10. The method of claim 1 , further comprising: identifying a set of unique field values that would be extracted for the field by applying the extraction rule to events in the set of events; and displaying a statistic for one or more unique field values in the set of unique field values. 11. The method of claim 1 , further comprising: identifying a set of unique field values that would be extracted for the field by applying the extraction rule to events in the set of events; and displaying a statistic for one or more unique field values in the set of unique field values, wherein the statistic includes a count of events in which the unique field value appears as the value for the field or a percentage of events in which the unique field value appears as the value for the field. 12. The method of claim 1 , further comprising: identifying a set of unique field values that would be extracted for the field by applying the extraction rule to events in the set of events; receiving a selection of a unique field value in the set of unique field values; and displaying only events in the subset of events for which the extraction rule would extract the selected unique filed value when applied to the events. 13. A system comprising: at least one network device, comprising: a processor; and a non-transitory computer-readable storage medium containing instructions configured to cause the processor to perform operations including: receiving raw machine data; generating, using one or more processors, a set of events, wherein each event in the set of events includes a portion of the raw machine data; associating a time with each event in the set of events, the time for each event extracted from the raw machine data included in that event; storing the set of events in a data store such that they are searchable at least by their associated times; causing display of an extraction rule, wherein the extraction rule specifies how to extract a value for a field from raw machine data included in an event; causing display of a subset of events of the set of events; visually emphasizing in the displayed subset of events a value for the field that would be extracted from each of the events in the subset of events by applying the extraction rule; receiving input indicating that the emphasized value in a given event in the subset of events should not be the value extracted for the field for the given event; based on the input indicating that the emphasized value should not be the value for the field for the given event, automatically modifying the extraction rule so that it would extract a different value as a value for the field for the given event when applied to the given event; and modifying the displayed given event to visually emphasize the different value for the field for the given event. 14. The system of claim 13 , wherein the extraction rule includes a regular expression. 15. The system of claim 13 , wherein the raw machine data includes log data. 16. The system of claim 13 , further comprising displaying the modified extraction rule. 17. The system of claim 13 , wherein the extraction rule is received from a user through manual keyboard input. 18. The system of claim 13 , wherein the extraction rule is automatically generated to extract as the value for the field for a displayed event text that a user has selected in the event. 19. The system of claim 13 , further comprising modifying a second event in the displayed subset of events to emphasize a value that would be extracted for the field for the second event by applying the modified extraction rule to the second event. 20. The system of claim 13 , further comprising: receiving a label for the field corresponding to the extraction rule; and using the label for the field to search for an event via the field. 21. The system of claim 13 , further comprising: identifying a set of unique field values that would be extracted for the field by applying the extraction rule to events in the set of events; and displaying one or more unique field values in the set of unique field values. 22. The system of claim 13 , further comprising: identifying a set of unique field values that would be extracted for the field by applying the extraction rule to events in the set of events; and displaying a statistic for one or more unique field values in the set of unique field values. 23. The system of claim 13 , further comprising: identifying a set of unique field values that would be extracted for the field by applying the extraction rule to events in the set of events; and displaying a statistic for one or more unique field values in the set of unique field values, wherein the statistic includes a count of events in which the unique f

Assignees

Splunk Inc

Inventors

Classifications

G06F16/34Primary
Browsing; Visualisation therefor (browsing or visualisation for clustering or classification G06F16/358) · CPC title
G06F16/242Primary
Query formulation · CPC title
G06F16/2423
Interactive query statement specification based on a database schema · CPC title
H04L67/10
in which an application is distributed across nodes in the network (software deployment G06F8/60; multiprogramming arrangements G06F9/46) · CPC title
G06F3/04842
Selection of displayed objects or displayed text elements (G06F3/0482 takes precedence) · CPC title

Patent family

Related publications grouped by family.

View patent family 50288966

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11210325B2 cover?: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may resu…
Who is the assignee on this patent?: Splunk Inc
What technology area does this patent fall under?: Primary CPC classification G06F16/34. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Dec 28 2021 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).