Uniform Storage and Search of Security-Related Events Derived from Machine Data from Different Sources

摘要

Methods and apparatus consistent with the invention provide the ability to organize and build understandings of machine data generated by a variety of information-processing environments. Machine data is a product of information-processing systems (e.g., activity logs, configuration files, messages, database records) and represents the evidence of particular events that have taken place and been recorded in raw data format. In one embodiment, machine data is turned into a machine data web by organizing machine data into events and then linking events together.

主权项

1. A method, comprising:
analyzing machine data stored in at least one storage device in order to segment the machine data into a plurality of events by determining a beginning and ending of each event in the plurality of events in the machine data, the machine data related to security aspects of one or more information technology systems, each event in the plurality of events including a portion of the machine data segmented for that event, the plurality of events including both events produced from a first data resource and events produced from a second data resource that is different from the first data resource, the machine data in one or more events produced from the first data resource having a different data format than the machine data in one or more events produced from the second data resource; determining a time stamp for each event in the plurality of events; performing a search on machine data included in the plurality of events, the search pertaining to security aspects of the one or more information technology systems; wherein the method is performed by one or more computing devices.