| CPC G06F 16/287 (2019.01) [G06F 9/30079 (2013.01); G06F 16/24534 (2019.01); G06F 16/24564 (2019.01); G06F 16/24568 (2019.01)] | 19 Claims |
|
1. A method implemented by one or more processing devices of a computer system, the method comprising:
receiving, by the computer system, an input data stream comprising raw machine data;
processing the raw machine data by a data processing pipeline that produces transformed machine data, wherein the data processing pipeline comprises an ordered plurality of pipeline stages, wherein a pipeline stage of the ordered plurality of pipeline stages applies a rule of a set of rules to an input of the pipeline stage, wherein the rule specifies an action to be performed on the input of the pipeline stage responsive to evaluating a conditional expression applied to the input of the pipeline stage, wherein the action generates an output of the pipeline stage, and wherein,—responsive to determining that two or more conditional expressions match one or more data points of the input of the pipeline stage, the pipeline stage creates two or more copies of the one or more data points;
performing, by the computer system, one or more subsequent pipeline stages of the plurality of pipeline stages on each copy of the two or more copies of the one or more data points, by invoking rules having the conditional expressions matching respective copies of the one or more data points; and
supplying, by the computer system, the transformed machine data to a data collection, indexing, and visualization system.
|