Many types of computing system components generate abundant and diverse machine data. For example, components utilized in large computing environments by corporations, governmental agencies, and academic institutions may generate many different types of log data describing aspects of their operation. This log data, such as machine-generated syslog and web-server logs, is typically unstructured and, as a result, is not defined or otherwise organized according to a fixed structure. Although this machine data is unstructured, this data may contain valuable information, such as data identifying user transactions, customer behaviors, sensor activity, machine behavior, security threats, fraudulent activity, and more. However, due to the lack of structure in this data, managing unstructured data such as system logs can be challenging.
Traditional structured data management (“SDM”) applications, such as business intelligence (“BI”) applications, have the capability to connect to structured databases, such as relational databases, and perform interactive queries and charting against the data stored in the database. Examples of SDM applications include, but are not limited to, MICROSOFT EXCEL from MICROSOFT Corporation of Redmond, Wash., and the TABLEAU family of products from TABLEAU SOFTWARE of Seattle, Wash.
Traditional SDM applications, however, only have the capability to connect to structured databases and cannot utilize unstructured data such as the logs described above. As a consequence, users who are familiar the operations of SDM applications are typically unable to leverage their experience with the SDM applications when utilizing applications that provide functionality for searching and otherwise utilizing unstructured data such as machine data.
It is with respect to these and other considerations that the disclosure made herein is presented.