| 发明名称 | Data model for machine data for semantic search | ||
| 摘要 | Embodiments are directed towards generating data models that may give semantic meaning for unstructured data or structured data that may include data generated and/or received by search engines, including a time series engine. Data models also may be generated to provide semantic meaning to structured data. A data model may be composed of a hierarchical data model objects analogous to an object-oriented programming class hierarchy. Users may employ a data modeling application to produce reports using search objects that may be part of, or associated with the data model. The data modeling application may employ the search object and the data model to generate a query string for searching a data repository to produce a result set. A data modeling application may map the result set data to data model objects that may be used to generate reports. | ||
| 申请公布号 | US8788525(B2) | 申请公布日期 | 2014.07.22 |
| 申请号 | US201213607117 | 申请日期 | 2012.09.07 |
| 申请人 | Splunk Inc. | 发明人 | Neels Alice Emily;Ganapathi Archana Sulochana;Robichaud Marc Vincent;Sorkin Stephen Phillip;Zhang Steve Yu |
| 分类号 | G06F17/30 | 主分类号 | G06F17/30 |
| 代理机构 | Hickman Palermo Truong Becker Bingham Wong LLP | 代理人 | Hickman Palermo Truong Becker Bingham Wong LLP ;Wong Kirk D. |
| 主权项 | 1. A computer implemented method, comprising: accessing time stamped events in a data store on a computing device including one or more processors, wherein the set of events are searchable; maintaining a data model that is associated with a set of the time stamped events, wherein the data model defines a schema to apply to the set of the time stamped events, wherein the data model includes one or more sub-models, and wherein each sub-model of the one or more sub-models is associated with a subset of events in the set of the time stamped events, the subset of events being smaller than the set of the time stamped events; causing display of a graphical interface that lists the one or more sub-models of the data model; receiving first input corresponding to a selection of a particular sub-model of the one or more sub-models through the graphical interface; responsive to the first input, narrowing the set of the time stamped events that are searchable to a particular subset of events that is associated with the selected particular sub-model; subsequent to receiving the first input, receiving second input corresponding to criteria for a search query; after receiving the second input, initiating a search that uses the received criteria to evaluate values extracted using an extraction rule or a regular expression from events in the particular subset of events, wherein the extraction rule or the regular expression corresponds to a field in the schema. | ||
| 地址 | San Francisco CA US | ||