| CPC G06F 16/2228 (2019.01) [G06F 11/30 (2013.01); G06F 16/245 (2019.01); G06F 16/282 (2019.01); G06F 21/00 (2013.01); G06F 21/55 (2013.01); G06F 21/552 (2013.01); G06F 21/554 (2013.01); G06Q 10/10 (2013.01); H04L 63/1416 (2013.01)] | 20 Claims |
|
1. A computer-implemented method comprising:
storing, in an event data store, store events associated with logs generated by one or more computing devices;
storing, in the event data store, search events associated with search queries submitted for querying the event store, the search queries having associated search time periods, wherein the search events are stored with corresponding stored time periods that are configurable to be equal to the search time periods and configurable to be greater than the search time periods;
receiving a query having a value for a first field and a query time period;
searching the event data store based on the value of the first field and the query time period to produce results, the results comprising:
a set of store events associated with the value of the first field and the query time period; and
a set of search events associated with the value of the first field and the query time period, wherein at least one stored time period of the set of search events is greater than the query time period, wherein the set of search events cover a range of time that is greater than the query time period to provide information beyond the requested query time period; and
causing presentation on a display of the results, the presentation providing information about the set of store events and the set of search events.
|