US 12,034,759 B2
Automatic creation and updating of event group summaries
John Coates, Berkeley, CA (US); Lucas Murphey, Wadsworth, IL (US); David Hazekamp, Tinley Park, IL (US); and James Hansen, San Ramon, CA (US)
Assigned to SPLUNK INC., San Francisco, CA (US)
Filed by SPLUNK INC., San Francisco, CA (US)
Filed on Oct. 21, 2021, as Appl. No. 17/507,698.
Application 17/507,698 is a continuation of application No. 16/526,354, filed on Jul. 30, 2019, granted, now 11,178,167.
Application 16/526,354 is a continuation of application No. 15/996,866, filed on Jun. 4, 2018, granted, now 10,382,472, issued on Aug. 13, 2019.
Application 15/996,866 is a continuation of application No. 15/421,420, filed on Jan. 31, 2017, granted, now 9,992,220, issued on Jun. 5, 2018.
Application 15/421,420 is a continuation of application No. 15/056,999, filed on Feb. 29, 2016, granted, now 9,596,252, issued on Mar. 14, 2017.
Application 15/056,999 is a continuation of application No. 14/280,311, filed on May 16, 2014, granted, now 9,276,946, issued on Mar. 1, 2016.
Application 14/280,311 is a continuation of application No. 13/956,285, filed on Jul. 31, 2013, granted, now 8,752,178, issued on Jun. 10, 2014.
Prior Publication US 2022/0046052 A1, Feb. 10, 2022
This patent is subject to a terminal disclaimer.
Int. Cl. H04L 9/40 (2022.01); G06F 16/28 (2019.01); G06F 21/55 (2013.01)
CPC H04L 63/1433 (2013.01) [G06F 16/285 (2019.01); G06F 21/554 (2013.01); H04L 63/14 (2013.01); H04L 63/1408 (2013.01); H04L 63/1416 (2013.01); G06F 2221/034 (2013.01); G06F 2221/2151 (2013.01); H04L 63/20 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
creating, by a computer system, an event group, the event group including a plurality of events, each event in the event group having a respective portion of machine data, wherein each event in the event group is included in the event group based on an event matching criterion relating to one or more field values of a respective one or more fields present in a respective portion of machine data;
creating, by the computer system, an event group summary that summarizes one or more fields present in the portion of machine data included in the plurality of events included in the event group;
causing, by the computer system, display of a graphical user interface that includes a plurality of event group summaries including the event group summary;
receiving, by the computer system, one or more new events, each having a respective portion of machine data; and
in response to receiving the one or more new events,
identifying, by the computer system, the one or more new events as belonging to the event group, and
modifying, by the computer system, the event group summary based upon one or more fields present in the machine data contained in the one or more new events.