公开(公告)号：US10061807B2

公开(公告)日：2018-08-28

申请号：US15421236

申请日：2017-01-31

Applicant: SPLUNK INC.

Inventor： David Ryan Marquardt ,  Mitchell Blank ,  Stephen Sorkin

IPC: G06F17/30

CPC classification number: G06F16/2455 ,  G06F16/221 ,  G06F16/2272 ,  G06F16/2379 ,  G06F16/951

Abstract: Embodiments of the present disclosure provide a method for generating an inverted index in accordance with a user generated collection query. The method comprises providing a field searchable data store that comprises a plurality of event records, each event record comprising a time-stamped portion of raw machine data. The method further comprises receiving a collection query that references a field name. Further, responsive to the collection query, an inverted index is generated by: a) determining an extraction rule associated with the field name; b) extracting a field value corresponding to the field name from one or more event records in the field searchable data store using the extraction rule; and c) populating the inverted index responsive to each extracted field value, wherein each entry comprises the field name, the corresponding field value and a reference value that identifies a location in the field searchable data store where an associated event record is stored.

公开(公告)号：US20170139996A1

公开(公告)日：2017-05-18

申请号：US15421236

申请日：2017-01-31

Applicant: SPLUNK INC.

Inventor： David Ryan Marquardt ,  Mitchell Blank ,  Stephen Sorkin

IPC: G06F17/30

CPC classification number: G06F17/30477 ,  G06F17/30315 ,  G06F17/30336 ,  G06F17/30377 ,  G06F17/30864

Abstract: Embodiments of the present disclosure provide a method for generating an inverted index in accordance with a user generated collection query. The method comprises providing a field searchable data store that comprises a plurality of event records, each event record comprising a time-stamped portion of raw machine data. The method further comprises receiving a collection query that references a field name. Further, responsive to the collection query, an inverted index is generated by: a) determining an extraction rule associated with the field name; b) extracting a field value corresponding to the field name from one or more event records in the field searchable data store using the extraction rule; and c) populating the inverted index responsive to each extracted field value, wherein each entry comprises the field name, the corresponding field value and a reference value that identifies a location in the field searchable data store where an associated event record is stored