US 11,669,533 B1
Inferring sourcetype based on match rates for rule packages
Li Li, Richmond (CA); Yongxin Su, Richmond (CA); Ting Yuan, Waterloo (CA); Qian Jie Zhong, Vancouver (CA); and Yiyun Zhu, Vancouver (CA)
Assigned to Splunk Inc., San Francisco, CA (US)
Filed by Splunk Inc., San Francisco, CA (US)
Filed on Jul. 14, 2021, as Appl. No. 17/376,021.
Application 17/376,021 is a continuation of application No. 16/264,525, filed on Jan. 31, 2019, granted, now 11,086,890.
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 16/2458 (2019.01); H04L 67/10 (2022.01); G06F 3/04847 (2022.01)
CPC G06F 16/2465 (2019.01) [G06F 3/04847 (2013.01); H04L 67/10 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
obtaining a set of events, each event comprising a time stamp and a portion of raw machine data, wherein the raw machine data is produced by one or more components within an information technology environment and reflects activity within the information technology environment;
identifying a match rate for a rule package, including a set of extraction rules associated with a particular sourcetype, the match rate indicating an extent at which the set of extraction rules of the rule package correspond with the set of events; and
determining that the set of events corresponds with the particular sourcetype based on the match rate for the rule package including the set of extraction rules associated with the particular sourcetype.