US 12,130,842 B2
Segmenting machine data into events
Michael Joseph Baum, Ross, CA (US); R. David Carasso, San Rafael, CA (US); Robin Kumar Das, Healdsburg, CA (US); Bradley Hall, Palo Alto, CA (US); Brian Philip Murphy, London (GB); Stephen Phillip Sorkin, San Francisco, CA (US); Andre David Stechert, Brooklyn, NY (US); Erik M. Swan, Peidmont, CA (US); Rory Greene, San Francisco, CA (US); Nicholas Christian Mealy, Oakland, CA (US); and Christina Frances Regina Noren, San Francisco, CA (US)
Assigned to Cisco Technology, Inc., San Jose, CA (US)
Filed by Splunk Inc., San Francisco, CA (US)
Filed on Mar. 3, 2023, as Appl. No. 18/178,417.
Application 18/178,417 is a continuation of application No. 17/447,408, filed on Sep. 10, 2021, granted, now 11,599,400.
Application 17/447,408 is a continuation of application No. 16/399,146, filed on Apr. 30, 2019, granted, now 11,119,833, issued on Sep. 14, 2021.
Application 16/399,146 is a continuation of application No. 14/611,189, filed on Jan. 31, 2015, granted, now 10,318,553, issued on Jun. 11, 2019.
Application 14/611,189 is a continuation of application No. 14/170,228, filed on Jan. 31, 2014, granted, now 9,128,916, issued on Sep. 8, 2015.
Application 14/170,228 is a continuation of application No. 13/664,109, filed on Oct. 30, 2012, granted, now 8,694,450, issued on Apr. 8, 2014.
Application 13/664,109 is a continuation of application No. 13/099,268, filed on May 2, 2011, granted, now 8,589,321, issued on Nov. 19, 2013.
Application 13/099,268 is a continuation of application No. 11/459,632, filed on Jul. 24, 2006, granted, now 7,937,344, issued on May 3, 2011.
Claims priority of provisional application 60/702,496, filed on Jul. 25, 2005.
Prior Publication US 2023/0205791 A1, Jun. 29, 2023
Int. Cl. G06F 16/28 (2019.01); G06F 9/54 (2006.01); G06F 18/21 (2023.01)
CPC G06F 16/285 (2019.01) [G06F 9/54 (2013.01); G06F 9/541 (2013.01); G06F 9/542 (2013.01); G06F 18/21 (2023.01)] 20 Claims
OG exemplary drawing
 
1. A method comprising:
identifying a first source signature for a first source of machine data and a second source signature for a second source of machine data;
receiving machine data;
comparing a first portion of the machine data with the first source signature and a second portion of the machine data with the second source signature;
based on comparing the first portion of the machine data with the first source signature and the second portion of the machine data with the second source signature, determining the first portion of the machine data is associated with the first source of machine data and the second portion of the machine data is associated with the second source of machine data;
based on determining the first portion of the machine data is associated with the first source of machine data, segmenting the first portion of the machine data into at least one first event, wherein segmenting the first portion of the machine data into the at least one first event comprises determining a particular starting point in the first portion of the machine data and a particular ending point in the first portion of the machine data for the at least one first event;
based on determining the second portion of the machine data is associated with the second source of machine data, segmenting the second portion of the machine data into at least one second event, wherein segmenting the second portion of the machine data into at least one second event comprises determining a particular starting point in the second portion of the machine data and a particular ending point in the second portion of the machine data for the at least one second event;
identifying, in real time, a pattern that associates the at least one first event with the at least one second event; and
providing, to a computing system, information associated with the pattern that associates the at least one first event with the at least one second event.