Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one e
Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.
대표청구항▼
1. A computer-implemented method, comprising: analyzing one or more punctuation characters that appear in a portion of a set of machine data;mapping the one or more punctuation characters to a frequency of occurrence in the portion of the set of machine data;creating a sample signature using the fre
1. A computer-implemented method, comprising: analyzing one or more punctuation characters that appear in a portion of a set of machine data;mapping the one or more punctuation characters to a frequency of occurrence in the portion of the set of machine data;creating a sample signature using the frequency of occurrence of the one or more punctuation characters;determining a source of the set of machine data based on a comparison of the sample signature with signatures in a set of signatures from known sources;segmenting the machine data into a plurality of events using a set of rules corresponding to the determined source thereby allowing application of time-based search phrases across the segmented machine data in the plurality of events;wherein the method is performed by one or more computing devices. 2. The method of claim 1, further comprising: creating a signature for a known source by creating a source signature from machine data collected from the known source;storing the signature in the set of signatures. 3. The method of claim 1, wherein the sample signature is based on a function of punctuation characters and tokens appearing in the portion of the set of machine data. 4. The method of claim 1, wherein each event in the plurality of events includes a portion of the set of machine data. 5. The method of claim 1, wherein each event in the plurality of events includes a portion of the set of machine data, and wherein the portion of the set of machine data is field-searchable. 6. The method of claim 1, further comprising: creating a time stamp for each event in the plurality of events by extracting time stamp information from machine data included in each event. 7. The method of claim 1, wherein the determining a source of the set of machine data further comprises: matching the sample signature to signatures in the set of signatures from known sources using a nearest neighbor search. 8. The method of claim 1, further comprising: based on a determination that the source of the machine data is not known: defining a new source for the set of machine data;creating a new signature for the new source using the sample signature for the machine data. 9. The method of claim 1, further comprising: based on a determination that the source of the machine data is not known: setting the determined source for the set of machine data to a default source. 10. The method of claim 1, further comprising: determining that the machine data is binary machine data;converting the binary machine data into textual machine data using a process defined for the determined source. 11. The method of claim 1, further comprising: determining that the machine data is binary machine data by comparing a number of machine data lines in the machine data that appear to be binary and a number of machine data lines in the machine data that appear to be textual;converting the binary machine data into textual machine data using a process defined for the determined source. 12. One or more non-transitory computer-readable storage media, storing one or more sequences of instructions, which when executed by one or more processors cause performance of: analyzing one or more punctuation characters that appear in a portion of a set of machine data;mapping the one or more punctuation characters to a frequency of occurrence in the portion of the set of machine data;creating a sample signature using the frequency of occurrence of the one or more punctuation characters;determining a source of the set of machine data based on a comparison of the sample signature with signatures in a set of signatures from known sources;segmenting the machine data into a plurality of events using a set of rules corresponding to the determined source thereby allowing application of time-based search phrases across the segmented machine data in the plurality of events. 13. The one or more non-transitory computer-readable storage media as recited in claim 12, wherein the one or more sequences of instructions, when executed by the one or more processors cause further performance of: creating a signature for a known source by creating a source signature from machine data collected from the known source;storing the signature in the set of signatures. 14. The one or more non-transitory computer-readable storage media as recited in claim 12, wherein each event in the plurality of events includes a portion of the set of machine data, and wherein the portion of the set of machine data is field-searchable. 15. The one or more non-transitory computer-readable storage media as recited in claim 12, wherein the sample signature is based on a function of punctuation characters and tokens appearing in the portion of the set of machine data. 16. An apparatus, comprising: a signature creation device, implemented at least partially in hardware, that analyzes one or more punctuation characters that appear in a portion of a set of machine data;wherein the signature creation device maps the one or more punctuation characters to a frequency of occurrence in the portion of the set of machine data;wherein the signature creation device creates a sample signature using the frequency of occurrence of the one or more punctuation characters;a signature comparison device, implemented at least partially in hardware, that determines a source of the set of machine data based on a comparison of the sample signature with signatures in a set of signatures from known sources;an event creation device, implemented at least partially in hardware, that segments the machine data into a plurality of events using a set of rules corresponding to the determined source thereby allowing application of time-based search phrases across the segmented machine data in the plurality of events. 17. The apparatus as recited in claim 16, further comprising: wherein the signature creation device creates a signature for a known source by creating a source signature from machine data collected from the known source;a signature storage device, implemented at least partially in hardware, that stores the signature in the set of signatures. 18. The apparatus as recited in claim 16, wherein each event in the plurality of events includes a portion of the set of machine data, and wherein the portion of the set of machine data is field-searchable. 19. The apparatus as recited in claim 16, wherein the sample signature is based on a function of punctuation characters and tokens appearing in the portion of the set of machine data.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (54)
Njemanze, Hugh S.; Aguilar-Macias, Hector, Adjusting sensor time in a network security system.
Swan, Erik M.; Carasso, R. David; Das, Robin Kumar; Greene, Rory; Hall, Bradley; Mealy, Nicholas Christian; Murphy, Brian Philip; Sorkin, Stephen Phillip; Stechert, Andre David; Baum, Michael Joseph, Aggregation and display of search results from multi-criteria search queries on event data.
Reed Drummond Shattuck ; Heymann Peter Earnshaw ; Mushero Steven Mark ; Jones Kevin Benard ; Oberlander Jeffrey Todd, Computer-based communication system and method using metadata defining a control-structure.
Swan, Erik M.; Carasso, R. David; Das, Robin Kumar; Greene, Rory; Hall, Bradley; Mealy, Nicholas Christian; Murphy, Brian Philip; Sorkin, Stephen Phillip; Stechert, Andre David; Baum, Michael Joseph, Determining timestamps to be associated with events in machine data.
Ransil, Patrick W.; Martynov, Aleksey V.; Larson, James S.; Collette, James R.; Chu, Robert Wai-Chi; Saha, Partha, Method and apparatus for data partitioning and replication in a searchable data service.
Swan, Erik M.; Carasso, R. David; Das, Robin Kumar; Greene, Rory; Hall, Bradley; Mealy, Nicholas Christian; Murphy, Brian Philip; Sorkin, Stephen Phillip; Stechert, Andre David; Baum, Michael Joseph, Normalization of time stamps for event data.
Chen Ty-Foune,FRX ; Caudrelier Christian,FRX ; Espie Eric,FRX ; Reix Tony,FRX, Process and system for real-time monitoring of a data processing system for its administration and maintenance support in the operating phase.
Gerald D. Baulier ; Stephen M. Blott ; Benson L. Branch ; Thomas M. Cliff, Jr. ; Henry F. Korth ; Jonathan E. Polito ; Abraham Silberschatz ; Scott L. Speicher, Real-time event processing system for telecommunications and other applications.
Duyanovich,Linda M.; Gomez,Juan C.; Pollack,Kristal T.; Uttamchandani,Sandeep M., System and method for recording behavior history for abnormality detection.
Kolton Anthony D. (Chicago IL) Gamboa Ruben A. (Austin TX) Chimenti Danette S. (Austin TX), System for extracting historical market information with condition and attributed windows.
Baum, Michael Joseph; Carasso, R. David; Das, Robin Kumar; Greene, Rory; Hall, Bradley; Mealy, Nicholas Christian; Murphy, Brian Philip; Sorkin, Stephen Phillip; Stechert, Andre David; Swan, Erik M., Time series search engine.
Baum, Michael Joseph; Carasso, R. David; Das, Robin Kumar; Greene, Rory; Hall, Bradley; Mealy, Nicholas Christian; Murphy, Brian Philip; Sorkin, Stephen Phillip; Stechert, Andre David; Swan, Erik M., Time series search in primary and secondary memory.
Baum, Michael J.; Carasso, David; Das, Robin K.; Greene, Rory; Hall, Brad; Mealy, Nick; Murphy, Brian; Sorkin, Stephen; Stechert, Andre; Swan, Erik M., Time series search with interpolated time stamp.
Hernandez-Sherrington, Mauricio Antonio; Ho, Ching-Tien; Roth, Mary Ann; Yan, Lingling, Tolerant and extensible discovery of relationships in data using structural information and data analysis.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.