| 发明名称 |
Real Time Indication Of Previously Extracted Data Fields For Regular Expressions |
| 摘要 |
Embodiments are directed towards real time display of event records with an indication of previously provided extraction rules. A plurality of extraction rules may be provided to the system, such as automatically generated and/or user created extraction rules. These extraction rules may include regular expressions. A plurality of event records may be displayed to the user, such that text in a field defined by an extraction rule is emphasized in the display of the event record. The same emphasis may be provided for text in overlapping fields, or the emphasis may be somewhat different for different fields. The user interface may enable a user to select a portion of text of an event record, such as by rolling-over or clicking on an emphasized part of the event record. By selecting the portion of the event record, the interface may display each extraction rule associated with the selected portion. |
| 申请公布号 |
US2014236971(A1) |
申请公布日期 |
2014.08.21 |
| 申请号 |
US201414266839 |
申请日期 |
2014.05.01 |
| 申请人 |
Splunk Inc. |
发明人 |
Carasso R. David;Delfino Micah James;Hwang Johnvey |
| 分类号 |
G06F7/24 |
主分类号 |
G06F7/24 |
| 代理机构 |
|
代理人 |
|
| 主权项 |
1. A method, comprising:
organizing, on a first device, machine data into a plurality of events; automatically generating at least one extraction rule based on a value selected from machine data in an event among the plurality of events; extracting at least one value from at least one event in the plurality of events using the at least one extraction rule. |
| 地址 |
San Francisco CA US |
