公开(公告)号：US20140236971A1

公开(公告)日：2014-08-21

申请号：US14266839

申请日：2014-05-01

Applicant: Splunk Inc.

Inventor： R. David Carasso ,  Micah James Delfino ,  Johnvey Hwang

IPC: G06F7/24

CPC classification number: G06F7/24 ,  G06F17/30551

Abstract: Embodiments are directed towards real time display of event records with an indication of previously provided extraction rules. A plurality of extraction rules may be provided to the system, such as automatically generated and/or user created extraction rules. These extraction rules may include regular expressions. A plurality of event records may be displayed to the user, such that text in a field defined by an extraction rule is emphasized in the display of the event record. The same emphasis may be provided for text in overlapping fields, or the emphasis may be somewhat different for different fields. The user interface may enable a user to select a portion of text of an event record, such as by rolling-over or clicking on an emphasized part of the event record. By selecting the portion of the event record, the interface may display each extraction rule associated with the selected portion.

Abstract translation: 实施例针对具有先前提供的提取规则的指示的事件记录的实时显示。 可以向系统提供多个提取规则，诸如自动生成和/或用户创建的提取规则。 这些提取规则可以包括正则表达式。 可以向用户显示多个事件记录，使得在事件记录的显示中强调由提取规则定义的字段中的文本。 对于重叠字段中的文本可以提供相同的重点，或者对于不同领域的重点可能有些不同。 用户界面可以使得用户能够选择事件记录的文本的一部分，例如通过滚动或点击事件记录的被强调部分。 通过选择事件记录的部分，界面可以显示与所选部分相关联的每个提取规则。

公开(公告)号：US12061638B1

公开(公告)日：2024-08-13

申请号：US17968691

申请日：2022-10-18

Applicant: Splunk Inc.

Inventor： R. David Carasso ,  Micah James Delfino ,  Johnvey Hwang

IPC: G06F7/00 ,  G06F3/0484 ,  G06F16/242 ,  G06F16/2458 ,  G06F16/34 ,  G06F40/166 ,  G06F40/174 ,  G06F40/40 ,  H04L67/10 ,  G06F3/04842

CPC classification number: G06F16/34 ,  G06F3/0484 ,  G06F16/242 ,  G06F16/2423 ,  G06F16/2477 ,  G06F40/166 ,  G06F40/174 ,  G06F40/40 ,  H04L67/10 ,  G06F3/04842

Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.

公开(公告)号：US11520816B2

公开(公告)日：2022-12-06

申请号：US17028722

申请日：2020-09-22

Applicant: SPLUNK INC.

Inventor： R. David Carasso ,  Micah James Delfino ,  Johnvey Hwang

IPC: G06F7/00 ,  G06F16/34 ,  G06F16/242 ,  G06F16/2458 ,  G06F40/40 ,  G06F40/166 ,  G06F40/174 ,  G06F3/0484 ,  H04L67/10 ,  G06F3/04842

Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.

公开(公告)号：US11514086B2

公开(公告)日：2022-11-29

申请号：US15582669

申请日：2017-04-29

Applicant: Splunk Inc.

Inventor： R. David Carasso ,  Micah James Delfino ,  Johnvey Hwang

IPC: G06F16/28 ,  G06F3/0484 ,  G06F3/0482 ,  G06F16/34 ,  G06F16/93 ,  G06F16/248 ,  G06F16/332 ,  G06F16/33 ,  G06F16/338 ,  G06F16/951 ,  G06Q10/06 ,  G06F40/166 ,  G06F40/169 ,  G06F40/174 ,  G06Q10/00 ,  G06F3/04842

Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.

公开(公告)号：US11210325B2

公开(公告)日：2021-12-28

申请号：US15582670

申请日：2017-04-29

Applicant: SPLUNK INC.

Inventor： R. David Carasso ,  Micah James Delfino ,  Johnvey Hwang

IPC: G06F7/00 ,  G06F16/34 ,  G06F16/242 ,  G06F40/166 ,  G06F16/2458 ,  H04L29/08 ,  G06F40/40 ,  G06F40/174 ,  G06F3/0484

Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.

公开(公告)号：US20200311160A1

公开(公告)日：2020-10-01

申请号：US16870233

申请日：2020-05-08

Applicant: Splunk Inc.

Inventor： Mitchell Neuman Blank, JR. ,  Leonid Budchenko ,  David Carasso ,  Micah James Delfino ,  Johnvey Hwang ,  Stephen Phillip Sorkin ,  Eric Timothy Woo

IPC: G06F16/9535 ,  G06F16/248 ,  G06F16/25 ,  G06F16/31 ,  G06F16/951 ,  G06F16/22 ,  G06F16/2458 ,  G06F16/2455 ,  G06F40/205 ,  G06F3/0484 ,  G06F3/0482 ,  G06F3/0485

Abstract: Embodiments are directed towards previewing results generated from indexing data raw data before the corresponding index data is added to an index store. Raw data may be received from a preview data source. After an initial set of configuration information may be established, the preview data may be submitted to an index processing pipeline. A previewing application may generate preview results based on the preview index data and the configuration information. The preview results may enable previewing how the data is being processed by the indexing application. If the preview results are not acceptable, the configuration information may be modified. The preview application enables modification of the configuration information until the generated preview results may be acceptable. If the configuration information is acceptable, the preview data may be processed and indexed in one or more index stores.

公开(公告)号：US20170300585A1

公开(公告)日：2017-10-19

申请号：US15642062

申请日：2017-07-05

Applicant: Splunk Inc.

Inventor： Mitchell Neuman Blank, JR. ,  Leonid Budchenko ,  David Carasso ,  Micah James Delfino ,  Johnvey Hwang ,  Stephen Phillip Sorkin ,  Eric Timothy Woo

IPC: G06F17/30 ,  G06F3/0482 ,  G06F17/27 ,  G06F3/0485 ,  G06F3/0484

CPC classification number: G06F16/9535 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/0485 ,  G06F16/2228 ,  G06F16/24564 ,  G06F16/2477 ,  G06F16/248 ,  G06F16/252 ,  G06F16/316 ,  G06F16/951 ,  G06F17/2705

Abstract: Embodiments are directed towards previewing results generated from indexing data raw data before the corresponding index data is added to an index store. Raw data may be received from a preview data source. After an initial set of configuration information may be established, the preview data may be submitted to an index processing pipeline. A previewing application may generate preview results based on the preview index data and the configuration information. The preview results may enable previewing how the data is being processed by the indexing application. If the preview results are not acceptable, the configuration information may be modified. The preview application enables modification of the configuration information until the generated preview results may be acceptable. If the configuration information is acceptable, the preview data may be processed and indexed in one or more index stores.

公开(公告)号：US20170270186A1

公开(公告)日：2017-09-21

申请号：US15582669

申请日：2017-04-29

Applicant: SPLUNK, Inc.

Inventor： R. David Carasso ,  Micah James Delfino ,  Johnvey Hwang

IPC: G06F17/30

CPC classification number: G06F16/287 ,  G06F3/0482 ,  G06F3/04842 ,  G06F16/248 ,  G06F16/332 ,  G06F16/334 ,  G06F16/338 ,  G06F16/34 ,  G06F16/93 ,  G06F16/951 ,  G06F17/24 ,  G06F17/241 ,  G06F17/243 ,  G06Q10/00 ,  G06Q10/0637 ,  Y04S10/54

Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.

公开(公告)号：US20150339377A1

公开(公告)日：2015-11-26

申请号：US14816038

申请日：2015-08-02

Applicant: Splunk Inc.

Inventor： R. David Carasso ,  Micah James Delfino ,  Johnvey Hwang

IPC: G06F17/30

CPC classification number: G06F17/30601 ,  G06F3/0482 ,  G06F3/04842 ,  G06F17/24 ,  G06F17/241 ,  G06F17/243 ,  G06F17/30011 ,  G06F17/30554 ,  G06F17/30637 ,  G06F17/30675 ,  G06F17/30696 ,  G06F17/30716 ,  G06F17/30864 ,  G06Q10/00 ,  G06Q10/0637

Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.

Abstract translation: 实施例涉及基于诸如正则表达式的至少一个提取规则来实时显示事件记录和提取的值。 可以使用用户界面来使用户能够自动生成提取规则和/或手动输入提取规则。 可以使用户手动编辑先前提供的提取规则，这可以导致更新的提取值的实时显示。 提取规则可以用于从多个记录中的每一个提取值，包括非结构化机器数据的事件记录。 可以针对每个唯一提取的值确定统计量，并且可以实时地向用户显示。 用户界面还可以使用户能够选择至少一个唯一的提取值来显示包括与所选择的值匹配的提取值的那些事件记录。

公开(公告)号：US20140208218A1

公开(公告)日：2014-07-24

申请号：US13748360

申请日：2013-01-23

Applicant: SPLUNK INC.

Inventor： R. David Carasso ,  Micah James Delfino ,  Johnvey Hwang

IPC: G06F3/0481

CPC classification number: G06F17/30601 ,  G06F3/0482 ,  G06F3/04842 ,  G06F17/24 ,  G06F17/241 ,  G06F17/243 ,  G06F17/30011 ,  G06F17/30554 ,  G06F17/30637 ,  G06F17/30675 ,  G06F17/30696 ,  G06F17/30716 ,  G06F17/30864 ,  G06Q10/00 ,  G06Q10/0637

Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.

Abstract translation: 实施例涉及基于诸如正则表达式的至少一个提取规则来实时显示事件记录和提取的值。 可以使用用户界面来使用户能够自动生成提取规则和/或手动输入提取规则。 可以使用户手动编辑先前提供的提取规则，这可以导致更新的提取值的实时显示。 提取规则可以用于从多个记录中的每一个提取值，包括非结构化机器数据的事件记录。 可以针对每个唯一提取的值确定统计量，并且可以实时地向用户显示。 用户界面还可以使用户能够选择至少一个唯一的提取值来显示包括与所选择的值匹配的提取值的那些事件记录。