US 9,811,562 B2
Event context management system
Kenny Tidwell, Los Altos, CA (US); David Frampton, Portola Valley, CA (US); and Brendan O'Connell, Sandown, NH (US)
Assigned to FactorChain Inc., Los Altos, CA (US)
Filed by FactorChain Inc., Los Altos, CA (US)
Filed on Feb. 24, 2016, as Appl. No. 15/52,636.
Claims priority of provisional application 62/120,871, filed on Feb. 25, 2015.
Prior Publication US 2016/0248792 A1, Aug. 25, 2016
Int. Cl. H04L 29/06 (2006.01); G06F 17/30 (2006.01); G06F 17/27 (2006.01)
CPC G06F 17/30477 (2013.01) [G06F 17/2705 (2013.01); G06F 17/30321 (2013.01); G06F 17/30368 (2013.01); G06F 17/30424 (2013.01); G06F 17/30528 (2013.01); G06F 17/30557 (2013.01); G06F 17/30569 (2013.01); G06F 17/30589 (2013.01); G06F 17/30598 (2013.01); G06F 17/30864 (2013.01); H04L 63/1416 (2013.01); H04L 63/1425 (2013.01); H04L 63/1441 (2013.01)] 20 Claims
OG exemplary drawing
 
12. A method comprising:
receiving a plurality of initial data streams comprising log data from a plurality of data sources, wherein a first initial data stream of the plurality of initial data streams comprises a first plurality of messages comprising first log data that is associated with a first data source of the plurality of data sources;
writing the plurality of initial data streams to a first data store, wherein the first initial data stream received from the first data source is stored in a first initial data stream record in the first data store;
determining a first log format of the first log data in the first initial data stream record;
determining boundaries of a plurality of discrete log entries included in one or more messages of the first plurality of messages based on the first log format;
separating the one or more messages into the plurality of discrete log entries; and
generating an event for a discrete log entry of the plurality of discrete log entries, wherein generating the event comprises:
parsing the discrete log entry based on the first log format to identify a plurality of fields;
identifying a subset of the plurality of fields to be used as keys for indexing events;
assigning a field type to each field in the subset of the plurality of fields; and
writing a plurality of event entries for the event into a second data store, wherein a separate event entry is written to the second data store for each field of the subset of the plurality of fields having an assigned field type.