| CPC G06F 16/24565 (2019.01) [G06F 9/542 (2013.01); G06F 11/00 (2013.01); G06F 11/0709 (2013.01); G06F 11/0751 (2013.01); G06F 11/0766 (2013.01); G06F 16/9536 (2019.01); G06Q 10/00 (2013.01); H04L 41/00 (2013.01); H04L 41/0631 (2013.01); G06F 16/00 (2019.01); G06F 16/254 (2019.01)] | 20 Claims |
|
1. A computer-implemented method, comprising:
receiving, from a user interface, an assignment of one or more tokens for use in generating a message for an alert, the one or more tokens defining first one or more values generated from second one or more values of one or more fields of search results of a search query, wherein a triggering condition of the alert is evaluated against the search results during execution of the search query, the execution determining the search results as a subset of events that meet criteria specified by the search query,
wherein the search query is performed on the events in a data store, an event of the events including a portion of raw machine data associated with a timestamp,
wherein the criteria specified by the search query includes at least a field of the one or more fields, the field defined by an extraction rule for extracting a subportion of text from the portion of raw machine data in the event to produce a value of the second one or more values for the field for the event; and
based at least on the triggering condition being satisfied, causing display of the message including the first one or more values of the one or more tokens on a user device associated with the alert.
|