| 发明名称 | Real time display of statistics and values for selected regular expressions | ||
| 摘要 | Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value. | ||
| 申请公布号 | US9152929(B2) | 申请公布日期 | 2015.10.06 |
| 申请号 | US201313748360 | 申请日期 | 2013.01.23 |
| 申请人 | Splunk Inc. | 发明人 | Carasso R. David;Delfino Micah James;Hwang Johnvey |
| 分类号 | G06F17/30;G06Q10/00 | 主分类号 | G06F17/30 |
| 代理机构 | Wong & Rees LLP | 代理人 | Wong & Rees LLP |
| 主权项 | 1. A computer-implemented method, comprising: accessing a set of events for a computing system, wherein each event in the set includes a portion of raw machine data, and wherein at least two events have their respective portions of raw machine data in different data formats; extracting a plurality of values from the events using an extraction rule, wherein the extraction rule defines where to find a field within the portion of raw machine data in an event and how to extract the value of the field without modifying the portion of the raw machine data; causing display of a plurality of the events in a first portion of a graphical interface, wherein values extracted from the displayed events are emphasized in the displayed events; causing display of a subset of the plurality of extracted values in a second portion of the graphical interface; determining a statistic that is a proportion of events that include the extracted values for the displayed subset of the extracted values; and causing display of the statistic in the second portion of the graphical interface; wherein the second portion and the first portion are concurrently displayed in a same graphical interface. | ||
| 地址 | San Francisco CA US | ||