CPC G06F 16/24578 (2019.01) [G06F 16/182 (2019.01); G06F 16/22 (2019.01); G06F 16/2322 (2019.01); G06F 16/24 (2019.01); G06F 16/248 (2019.01); G06F 16/2455 (2019.01); G06F 16/2471 (2019.01); G06F 16/2477 (2019.01); G06F 16/24553 (2019.01); G06F 16/24554 (2019.01); G06F 16/24575 (2019.01); G06F 16/334 (2019.01); G06F 16/9038 (2019.01); G06F 16/90328 (2019.01); G06F 16/951 (2019.01); G06F 16/9535 (2019.01); H04L 41/0604 (2013.01); H04L 41/22 (2013.01); H04L 67/1097 (2013.01)] | 16 Claims |
1. A computer-implemented method, comprising:
receiving, at a first computing device, a search query to be performed on a set of event records accessible by the first computing device;
searching, by the first computing device, the set of event records using the search query;
determining a set of event identifiers associated with respective event records of the set of event records accessible by the first computing device, wherein the respective event records satisfied the search query, wherein each event record comprises a portion of raw data related to an operation or activity in an information technology environment, and wherein each event identifier uniquely identifies a corresponding event record and enables subsequently locating the corresponding event record accessible by the first computing device without searching the set of event records;
outputting the set of event identifiers and corresponding computing device identifier onto a network, the computing device identifier identifying the first computing device for accessing the set of event records;
in response to a request to view underlying raw data associated with a particular event identifier of the set of event identifiers, receiving, at the first computing device in accordance with the corresponding computing device identifier, the particular event identifier;
obtaining, from the set of event records, a particular event record associated with the particular event identifier, the particular event record comprising a first portion of raw data related to an operation or activity in the information technology environment; and
outputting the first portion of raw data from the particular event record onto the network.
|