Patent attributes
Clustering structured log data by key-values includes receiving, via a user interface, a request to apply an operator to cluster log messages according to values for keys associated with the request. At least a portion of each log message comprises structured machine data including a set of key-value pairs. The method further includes receiving a log message and determining whether to include the log message in a cluster based at least in part on an evaluation of values in the structured machine data of the log message for the keys associated with the request. The cluster is included in a set of clusters. Each cluster in the set is associated with a different combination of values for the keys associated with the request. The method further includes providing, via the user interface, information associated with the cluster.
