Patent attributes
One or more processing devices receive a definition of a search query for a correlation search of a data store, the data store comprising time-stamped events that each include raw machine data reflecting activity in an information technology environment and produced by a component of the information technology environment, receive a definition of a triggering condition to be evaluated based on aggregated statistics of values of one or more fields of a dataset produced by the search query, receive a definition of one or more actions to be performed when the triggering condition is satisfied, generate, using search processing language, a statement to define the search query and the triggering condition, and in view of the results of the execution of the search processing language, cause generation of the correlation search using the defined search query, the triggering condition, and the one or more actions, the correlation search comprising updated search processing language having the search query and a processing command for criteria on which the triggering condition is based.
