Sumo Logic, Inc.
User interface for event data store

Abstract:

A processing device receives a query comprising a first field value and a time period and performs a first search of a data store using the first field value to identify a plurality of events having the time period and a field that comprises the first field value. The processing device determines a first subset of the plurality of events associated with a first context definition and determines a plurality of fields specified in the first context definition. The processing device determines, for events in the first subset, field values of one or more fields specified in the first context definition. The processing device generates a report based on the field values of the one or more fields specified in the first context definition from the events in the first subset. The processing device generates a response to the query that comprises at least a portion of the report.