CPC G06F 16/2465 (2019.01) [G06F 3/04847 (2013.01); H04L 67/10 (2013.01)] | 20 Claims |
1. A computer-implemented method comprising:
obtaining a set of events, each event comprising a time stamp and a portion of raw machine data, wherein the raw machine data is produced by one or more components within an information technology environment and reflects activity within the information technology environment;
identifying a match rate for a rule package, including a set of extraction rules associated with a particular sourcetype, the match rate indicating an extent at which the set of extraction rules of the rule package correspond with the set of events; and
determining that the set of events corresponds with the particular sourcetype based on the match rate for the rule package including the set of extraction rules associated with the particular sourcetype.
|