INTERACTIVE SELECTION AND DISPLAY OF A RAW DATA PARSING RULE

摘要

Embodiments are directed towards previewing results generated from indexing data raw data before the corresponding index data is added to an index store. Raw data may be received from a preview data source. After an initial set of configuration information may be established, the preview data may be submitted to an index processing pipeline. A previewing application may generate preview results based on the preview index data and the configuration information. The preview results may enable previewing how the data is being processed by the indexing application. If the preview results are not acceptable, the configuration information may be modified. The preview application enables modification of the configuration information until the generated preview results may be acceptable. If the configuration information is acceptable, the preview data may be processed and indexed in one or more index stores.

主权项

1. A method, comprising:
selecting a portion of raw data from at least one data source; causing display of one or more selectable parsing rules; receiving a first user input selecting a parsing rule among the one or more selectable parsing rules, the parsing rule to be applied to the selected portion of raw data; parsing the selected portion of raw data into a set of searchable, time-stamped events using the parsing rule, each searchable, time-stamped event in the set of searchable, time-stamped events including raw data from the selected portion of raw data; causing display of at least a portion of the set of searchable, time-stamped events; receiving a second user input indicating a user preference to use a different parsing rule; selecting a second parsing rule; processing raw data from the at least one data source using the second parsing rule, to create searchable, time-stamped events, the processed raw data including the selected portion of raw data and additional raw data different from the selected portion of raw data; storing the searchable, time-stamped events in an index store among a plurality of index stores, wherein the searchable, time-stamped events in the index store are used to service search queries received from a search engine; wherein the method is performed by one or more computing devices.