| CPC G06F 3/04847 (2013.01) [G06F 3/0482 (2013.01); G06F 16/245 (2019.01); G06F 16/25 (2019.01); G06N 20/00 (2019.01)] | 22 Claims |
|
1. A computer-implemented method comprising:
providing for display, via a graphical user interface, a plurality of extraction rules relevant to an event set and corresponding match rates, the plurality of extraction rules identified as relevant to the event set by determining a match rate for each extraction rule indicating a number of events of in the event set that match the extraction rule as compared to a total number of events in the event set, wherein each event in the event set is associated with a timestamp and includes a portion of raw machine data that reflects activity in an information technology environment and that is produced by a component of that information technology environment, and wherein each extraction rule, of the plurality of extraction rules, indicates how to extract a subportion of text from the portion of raw machine data in the event to produce a value for a field specified by the extraction rule;
receiving, via the graphical user interface, a selection of an extraction rule of the plurality of extraction rules;
providing for display, via the graphical user interface, a set of events matching the selected extraction rule;
receiving, via the graphical user interface, a modification applied to the displayed extraction rule and a modification applied to a field name associated with the set of events matching the selected extraction rule; and
providing the modifications, provided via the graphical user interface, into a machine learning model to enhance extraction rules available for performing subsequent data extraction, wherein the machine learning model uses the modifications to enhance the extraction rules by reordering extraction rules.
|