IPC분류정보
국가/구분 |
United States(US) Patent
등록
|
국제특허분류(IPC7판) |
|
출원번호 |
US-0420938
(2017-01-31)
|
등록번호 |
US-9747316
(2017-08-29)
|
발명자
/ 주소 |
- Baum, Michael Joseph
- Carasso, R. David
- Das, Robin Kumar
- Greene, Rory
- Hall, Bradley
- Mealy, Nicholas Christian
- Murphy, Brian Philip
- Sorkin, Stephen Phillip
- Stechert, Andre David
- Swan, Erik M.
|
출원인 / 주소 |
|
대리인 / 주소 |
Knobbe, Martens, Olson & Bear, LLP
|
인용정보 |
피인용 횟수 :
2 인용 특허 :
109 |
초록
▼
Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one e
Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.
대표청구항
▼
1. A computer-implemented method, comprising: obtaining log data generated by at least one component in an information processing environment;obtaining data that is not log data from a real-time monitoring environment;storing the log data in a searchable time series data store as a plurality of even
1. A computer-implemented method, comprising: obtaining log data generated by at least one component in an information processing environment;obtaining data that is not log data from a real-time monitoring environment;storing the log data in a searchable time series data store as a plurality of events, each event having raw machine data that reflects activity in the information processing environment and is produced by a component of the information processing environment, wherein a particular event of the plurality of events is associated with a timestamp extracted from the raw machine data of the particular event;storing the data obtained from the real-time monitoring environment in the searchable time series data store;receiving a search query that includes search criteria identifying a relationship between the log data and the data obtained from the real-time monitoring environment; andexecuting the search query to identify the log data and the data obtained from the real-time monitoring environment that meet the search criteria. 2. The computer-implemented method of claim 1, wherein the search criteria includes finding similar data. 3. The computer-implemented method of claim 1, wherein the search criteria includes finding related data. 4. The computer-implemented method of claim 1, wherein the data obtained from the real-time monitoring environment includes sensor data. 5. The computer-implemented method of claim 1, wherein the data obtained from the real-time monitoring environment includes measurement data. 6. The computer-implemented method of claim 1, wherein the data obtained from the real-time monitoring environment includes operational performance data. 7. The computer-implemented method of claim 1, wherein the search criteria includes a defined time range. 8. The computer-implemented method of claim 1, wherein the search criteria includes a frequency of distribution. 9. The computer-implemented method of claim 1, wherein the search criteria includes a pattern of occurrence. 10. The computer-implemented method of claim 1, further comprising causing display of data identified by executing the search query. 11. The computer-implemented method of claim 1, wherein the search criteria includes a defined time range, and wherein the computer-implemented method further comprises causing display of data identified by executing the search query. 12. The computer-implemented method of claim 1, further comprising providing data identified by executing the search query through an application program interface (API). 13. The computer-implemented method of claim 1, wherein the log data comes from two or more sources. 14. The computer-implemented method of claim 1, wherein the obtained data from the real-time monitoring environment comes from two or more sources. 15. The computer-implemented method of claim 1, wherein at least some of the data obtained from the real-time monitoring environment is obtained synchronously. 16. The computer-implemented method of claim 1, wherein at least some of the data obtained from the real-time monitoring environment is obtained asynchronously. 17. The computer-implemented method of claim 1, wherein at least some of the data obtained from the real-time monitoring environment is obtained synchronously and at least some of the data obtained from the real-time monitoring environment is obtained asynchronously. 18. The computer-implemented method of claim 1, further comprising timestamping the log data prior to storing the log data in the searchable time series data store as the plurality of events. 19. The computer-implemented method of claim 1, wherein obtaining the log data comprises collecting the log data at more than one physical location. 20. The computer-implemented method of claim 1, wherein storing the log data comprises: aggregating the log data into the plurality of events;timestamping the plurality of events; andstoring the plurality of events in the searchable time series data store. 21. The computer-implemented method of claim 1, wherein storing the log data comprises: aggregating the log data into the plurality of events;timestamping the plurality of events; andstoring the plurality of events in the searchable time series data store in chronological order based on the timestamping. 22. The computer-implemented method of claim 1, wherein storing the log data comprises: aggregating the log data into the plurality of events;classifying the plurality of events by domain;timestamping the plurality of events based on the domain; andstoring the plurality of events in the searchable time series data store. 23. The computer-implemented method of claim 1, wherein storing the log data comprises: aggregating the log data into the plurality of events;classifying the plurality of events by domain;interpolating a timestamp for at least one event of the plurality of events that is not classified in a domain with a known timestamp format;timestamping the at least one event based on the interpolating; andstoring the at least one event in the searchable time series data store. 24. The computer-implemented method of claim 1, wherein storing the log data comprises: aggregating the log data into the plurality of events using extraction to detect a beginning and ending of each of the plurality of events; andstoring the plurality of events in the searchable time series data store. 25. The computer-implemented method of claim 1, wherein storing the log data comprises: aggregating the log data into the plurality of events using machine learning to identify boundaries between each of the plurality of events; andstoring the plurality of events in the searchable time series data store. 26. The computer-implemented method of claim 1, wherein storing the log data comprises: aggregating the log data into the plurality of events;timestamping the plurality of events; andcombining a group of events into a hot index, which is not searchable and does not persist; andconverting the hot index into a warm index when the hot index is at capacity, the warm index being stored in the searchable time series data store. 27. A system comprising: a memory; anda processing device coupled with the memory to: obtain log data generated by at least one component in an information processing environment,obtain data from a real-time monitoring environment,store the log data in a searchable time series data store as a plurality of events, each event having raw machine data that reflects activity in the information processing environment and is produced by a component of the information processing environment, wherein a particular event of the plurality of events is associated with a timestamp extracted from the raw machine data of the particular event,store the data obtained from the real-time monitoring environment in the searchable time series data store, andexecute a search on the log data and the data obtained from the real-time monitoring environment in the searchable time series data store. 28. The system of claim 27, wherein to store the log data, the processing device is coupled with the memory to: aggregate the log data into the plurality of events;timestamp the plurality of events, andstore the plurality of events in one or more time buckets in the searchable time series data store based on the timestamp. 29. A non-transitory computer-readable medium encoding instructions thereon that, in response to execution by one or more processing devices, cause the one or more processing devices to perform operations comprising: obtaining log data generated by at least one component in an information processing environment;obtaining data from a real-time monitoring environment;storing the log data in a searchable time series data store as a plurality of events, each event having raw machine data that reflects activity in the information processing environment and is produced by a component of the information processing environment, wherein a particular event of the plurality of events is associated with a timestamp extracted from the raw machine data of the particular event;storing the data obtained from the real-time monitoring environment in the searchable time series data store; andexecuting a search on the log data and the data obtained from the real-time monitoring environment in the searchable time series data store. 30. The computer-readable readable medium of claim 29, wherein storing the log data comprises: aggregating the log data into the plurality of events;timestamping the plurality of events; andstoring the plurality of events in the searchable time series data store.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.