Splunk Inc.
Multi-field search query of result data set generated from event data

Abstract:

In accordance with various embodiments of the present disclosure, a data intake and query system (DIQS) performs a query on event data to return a result data set. A client device receives an input that includes one or more text strings and expands the received input into a multi-field search query, which is transmitted to the DIQS. The DIQS then parses the result data set by performing the multi-field search query on the result data set to return at least one event that includes one or more fields that have one or more values that correspond to the one or more text strings. The at least one event may then be caused to be displayed by the client device through a graphical user interface.