Automatic event group actions
US-10209956-B2 · Feb 19, 2019 · US
Graphical user interface for parsing events using a designated field delimiter
US11604763B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11604763-B2 |
| Application number | US-202217589799-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jan 31, 2022 |
| Priority date | Jan 30, 2015 |
| Publication date | Mar 14, 2023 |
| Grant date | Mar 14, 2023 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A graphical user interface allows a customer to specify delimiters and/or patterns that occur in event data and indicate the presence of a particular field. The graphical user interface applies a customer's delimiter specifications directly to event data and displays the resulting event data in real time. Delimiter specifications may be saved as configuration settings and systems in a distributed setting may use the delimiter specifications to extract field values as the systems process raw data into event data. Extracted field values may be used to accelerate search queries that a system receives.
First claim
Opening claim text (preview).
What is claimed is: 1. A method comprising: obtaining one or more events; causing display of a graphical user interface that displays an input element for designating a field delimiter character, wherein the field delimiter character, when present within an event, indicates a boundary within the event of a field for which to identify a field value; in response to input, to the input element, designating the field delimiter character, parsing at least one of the one or more events to identify one or more field values using the designated field delimiter character preceding or subsequent to the one or more field values thereby indicating boundaries of fields for which to identify the one or more field values; and causing display of the one or more field values identified in the at least one of the one or more events as the parsing using the designated field delimiter character occurs. 2. The method of claim 1 , wherein the one or more events are obtained as a stream of network data. 3. The method of claim 1 , wherein the graphical user interface displays a set of field delimiter character options that may be designated as the field delimiter character. 4. The method of claim 1 , wherein the one or more events are obtained from a data source, and wherein the input associates the field delimiter character with data obtained from the data source such that additional events from the data source are parsed using the designated field delimiter character. 5. The method of claim 1 , wherein causing display of the one or more field values identified in the at least one of the one or more events comprises displaying the one or more field values and corresponding field names for each of the one or more field values. 6. The method of claim 1 further comprising receiving input of a field name corresponding to the one or more field values. 7. The method of claim 1 , wherein obtaining one or more events comprises: obtaining raw machine data from a data source; and organizing the raw machine data into the one or more events. 8. The method of claim 1 , wherein obtaining one or more events comprises: obtaining raw machine data from a data source; and organizing the raw machine data into the one or more events based on configuration data indicating event boundaries for data obtained from the data source. 9. The method of claim 1 , wherein obtaining one or more events comprises: obtaining raw machine data from a data source; and organizing the raw machine data into the one or more events based on detection of an event boundary delimiter within the raw machine data. 10. The method of claim 1 , wherein obtaining one or more events comprises: obtaining raw machine data from a data source; and organizing the raw machine data into the one or more events based on detection of an event boundary within the raw machine data that satisfies an expression-based rule for event boundaries. 11. The method of claim 1 , wherein obtaining one or more events comprises: obtaining raw machine data from a data source; and organizing the raw machine data into the one or more events; adding to the one or more events metadata describing the one or more events. 12. The method of claim 1 , wherein obtaining one or more events comprises: obtaining raw machine data from a data source; and organizing the raw machine data into the one or more events; adding to the one or more events metadata describing the one or more events, wherein the metadata includes an identifier of the data source. 13. The method of claim 1 , wherein obtaining one or more events comprises: obtaining raw machine data from a data source; and organizing the raw machine data into the one or more events; adding to the one or more events metadata describing the one or more events, wherein the metadata includes time at which the one or more events were obtained. 14. The method of claim 1 , wherein obtaining one or more events comprises: obtaining raw machine data from a data source; and organizing the raw machine data into the one or more events; adding to the one or more events metadata describing the one or more events, wherein the metadata includes timestamp extracted from the one or more events. 15. A system comprising: a data store storing computer-executable instructions; and a processor configured to execute the computer-executable instructions, wherein execution of the computer-executable instructions causes the system to: obtain one or more events; cause display of a graphical user interface that displays an input element for designating a field delimiter character, wherein the field delimiter character, when present within an event, indicates a boundary within the event of a field for which to identify a field value; in response to input, to the input element, designating the field delimiter character, parse at least one of the one or more events to identify one or more field values using the designated field delimiter character preceding or subsequent to the one or more field values thereby indicating boundaries of fields for which to identify the one or more field values; and cause display of the one or more field values identified in the at least one of the one or more events as the parsing using the designated field delimiter character occurs. 16. The system of claim 15 , wherein the field delimiter character is one of a single character or a pattern of characters. 17. The system of claim 15 , wherein the one or more events are obtained from a data source, and wherein execution of the computer-executable instructions further causes the system to create an association of the field delimiter character with data obtained from the data source. 18. The system of claim 15 , wherein causing display of the one or more field values identified in the at least one of the one or more events comprises displaying the one or more field values and corresponding field names for each of the one or more field values. 19. The system of claim 15 , wherein to obtain the one or more events, execution of the computer-executable instructions causes the system to: obtain raw machine data from a data source; and organize the raw machine data into the one or more events based on configuration data indicating event boundaries for data obtained from the data source. 20. The system of claim 15 , wherein to obtain the one or more events, execution of the computer-executable instructions causes the system to: obtain raw machine data from a data source; and organize the raw machine data into the one or more events based on detection of an event boundary within the raw machine data that satisfies an expression-based rule for event boundaries. 21. The system of claim 15 , wherein to obtain the one or more events, execution of the computer-executable instructions causes the system to: obtain raw machine data from a data source; and organize the raw machine data into the one or more events; add to the one or more events metadata describing the one or more events. 22. One or more non-transitory computer-readable media comprising computer-executable instructions that, when executed by a computing system, causes the computing system to: obtain one or more events; cause display of a graphical user interface that displays an input element for designating a field delimiter character, wherein the field delimiter character, when present within an event, indicates a boundary within the event of a field for which to identify a field
Assignees
Inventors
Classifications
for systems · CPC title
Query formulation · CPC title
Visualisation of programs or trace data · CPC title
- G06F16/13Primary
File access structures, e.g. distributed indices (arrangements of input from, or output to, record carriers G06F3/06) · CPC title
Event-based monitoring · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11604763B2 cover?
- A graphical user interface allows a customer to specify delimiters and/or patterns that occur in event data and indicate the presence of a particular field. The graphical user interface applies a customer's delimiter specifications directly to event data and displays the resulting event data in real time. Delimiter specifications may be saved as configuration settings and systems in a distribut…
- Who is the assignee on this patent?
- Splunk Inc
- What technology area does this patent fall under?
- Primary CPC classification G06F16/13. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Tue Mar 14 2023 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).