Identifying events derived from machine data based on an extracted portion from a first event

摘要

Methods and apparatus consistent with the invention provide the ability to organize and build understandings of machine data generated by a variety of information-processing environments. Machine data is a product of information-processing systems (e.g., activity logs, configuration files, messages, database records) and represents the evidence of particular events that have taken place and been recorded in raw data format. In one embodiment, machine data is turned into a machine data web by organizing machine data into events and then linking events together.

主权项

1. A method, comprising:
analyzing machine data stored in at least one storage device in order to segment the machine data into a plurality of events by determining beginning and ending of each event in the plurality of events in the machine data, each event in the plurality of events including some machine data from the stored machine data segmented for that event, the plurality of events including both events produced from a first data resource and events produced from a second data resource that is different from the first data resource and events data in one or more events produced from the fist data resource having a different data format than the machine data in one or more events produced from the second data resource; extracting a particular portion of machine data from an event in the plurality of events; identifying, in the plurality of events, one or more events that include the particular portion of machine data; wherein the method is performed by one or more computing devices.