Processing of performance data and log data from an information technology environment by using diverse data stores
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-009/455
G06F-017/30
G06T-011/20
G06F-003/0484
출원번호
US-0421412
(2017-01-31)
등록번호
US-10019496
(2018-07-10)
발명자
/ 주소
Bingham, Brian
Fletcher, Tristan
Bhide, Alok Anant
출원인 / 주소
Splunk Inc.
대리인 / 주소
Shook, Hardy & Bacon, L.L.P.
인용정보
피인용 횟수 :
0인용 특허 :
120
초록▼
The disclosed system and method acquire and store performance measurements relating to performance of a component in an information technology (IT) environment and log data produced by the IT environment, in association with corresponding time stamps. The disclosed system and method correlate at lea
The disclosed system and method acquire and store performance measurements relating to performance of a component in an information technology (IT) environment and log data produced by the IT environment, in association with corresponding time stamps. The disclosed system and method correlate at least one of the performance measurements with at least one of the portions of log data.
대표청구항▼
1. A method comprising: acquiring, by a computer system, a plurality of performance measurements for a performance metric associated with at least one hardware or software component of an information technology (IT) environment;storing, by the computer system, the acquired performance measurements i
1. A method comprising: acquiring, by a computer system, a plurality of performance measurements for a performance metric associated with at least one hardware or software component of an information technology (IT) environment;storing, by the computer system, the acquired performance measurements in a first time-series data store;acquiring, by the computer system, a plurality of portions of log data representing activity of at least one hardware or software component of the IT environment;storing, by the computer system, the acquired portions of log data in a second time-series data store separate from the first time-series data store;causing display of a graphical user interface element;receiving a correlation criterion via an input associated with the graphical user interface element;generating, by the computer system, a search query in a search query language, the search query including the correlation criterion; andcorrelating, by the computer system, at least one of the stored performance measurements with at least one of the stored portions of log data, wherein saidcorrelating includes applying the search query in the search query language to the stored performance measurements and the stored portions of log data, causing display of a performance measurement that satisfies the correlation criterion, and causing display of a portion of log data that satisfies the correlation criterion. 2. A method as recited in claim 1, further comprising: inputting a user-specified search query, the user-specified search query including the correlation criterion;wherein said correlating includes, in response to the user-specified search query, searching the first time-series data store for performance data that satisfy the correlation criterion and searching the second time-series data store for log data that satisfy the correlation criterion. 3. A method as recited in claim 1, further comprising: inputting a user-specified search query in a text-based search query language, the user-specified search query including the correlation criterion;wherein said correlating includes, in response to the user-specified search query, searching the first time-series data store for performance data that satisfy the correlation criterion and searching the second time-series data store for log data that satisfy the correlation criterion. 4. A method as recited in claim 1, further comprising: inputting a user-specified search query in a text-based search query language, the user-specified search query including the correlation criterion, wherein the correlation criterion comprises a user-specified value or a user-specified range of values, for a user-specified field;wherein said correlating includes, in response to the user-specified search query, searching the first time-series data store for performance data that satisfy the correlation criterion and searching the second time-series data store for log data that satisfy the correlation criterion. 5. A method as recited in claim 1, wherein the correlation criterion is a user-specified value or a user-specified range of values, for a user-specified field. 6. A method as recited in claim 1, wherein the performance measurements are stored in a time-series data store in a first format, and the portions of log data are stored in said time-series data store in a second format different from the first format. 7. A method as recited in claim 1, wherein the performance measurements are stored in the first time-series data store in a first format, and the portions of log data are stored in the second time-series data store in a second format different from the first format. 8. A method as recited in claim 1, wherein the performance measurements are stored in the first time-series data store in a first format, and the portions of log data are stored in the second time-series data store in a second format different from the first format; the method further comprising inputting a user-specified search query in a text-based search query language, the user-specified search query including the correlation criterion;wherein said correlating comprises, in response to the user-specified search query, searching the first time-series data store for performance data that satisfy the correlation criterion and searching the second time-series data store for log data that satisfy the correlation criterion. 9. A method as recited in claim 1, wherein the performance measurements are stored in the first time-series data store in a first format, and the portions of log data are stored in the second time-series data store in a second format different from the first format; the method further comprising inputting a user-specified search query, the user-specified search query including the correlation criterion, wherein the correlation criterion comprises a user-specified value or a user-specified range of values, for a user-specified field;wherein said correlating includes, in response to the user-specified search query, searching the first time-series data store for performance data that satisfy the correlation criterion and searching the second time-series data store for log data that satisfy the correlation criterion. 10. A method as recited in claim 1, further comprising: causing display of a graphical user interface element, wherein the graphical user interface element is one of a drop-down selection list, a slider or a checkboxinputting the correlation criterion from a user via the graphical user interface element. 11. A method as recited in claim 1, wherein the search query language is a text-based search query language. 12. A method as recited in claim 1, wherein the correlation criterion identifies a hardware or software component in the IT environment. 13. A method as recited in claim 1, wherein each of the acquired performance measurements and each of the acquired portions of log data is stored with a time-stamp. 14. A method as recited in claim 1, wherein: each of the acquired performance measurements and each of the acquired portions of log data is stored with a time-stamp; andsaid correlating comprises identifying at least one of the stored performance measurements and at least one of the stored portions of log data that have time stamps that satisfy a user-specified time criterion. 15. A method as recited in claim 1, wherein said storing comprises: storing the acquired performance measurements as time-stamped performance events and storing the acquired portions of log data as time-stamped log events, such that each performance event and each log event is stored in association with a respective time stamp. 16. A method as recited in claim 1, wherein said correlating comprises causing concurrent display of the performance measurements that satisfy the correlation criterion and a listing of raw log data that satisfy the search criterion. 17. A method as recited in claim 1, wherein the performance measurements have been determined by direct measurement of a hardware or software component in the IT environment. 18. A method as recited in claim 1, wherein the plurality of portions of log data are from a text-based log file. 19. A method as recited in claim 1, wherein the plurality of performance measurements are not derived from a log file and are acquired independently of the plurality of portions of log data. 20. A method as recited in claim 1, wherein the plurality of performance measurements are acquired independently of the plurality of portions of log data, and wherein the performance measurements have been determined by direct measurement of a hardware or software component in the IT environment and the plurality of portions of log data are from a text-based log file. 21. A method as recited in claim 1, wherein the plurality of performance measurements are acquired independently of the plurality of portions of log data by direct measurement of a hardware or software component in the IT environment, and the plurality of portions of log data are acquired independently of the performance measurements. 22. A method as recited in claim 1, wherein acquiring the plurality of performance measurements comprises acquiring, via an application programming interface (API), the plurality of performance measurements from a third-party software application that collects the performance measurements. 23. A method as recited in claim 1, further comprising: acquiring structure data indicative of structure characteristics of the IT environment;storing the acquired structure data indicative of structure characteristics of the IT environment; andcorrelating a performance characteristic of the IT environment with a structure characteristic of the IT environment, based on the stored performance measurements and stored structure data. 24. A method as recited in claim 1, further comprising: acquiring structure data indicative of structure characteristics of the IT environment, wherein the structure data is derived from log data from the IT environment;storing the acquired structure data indicative of structure characteristics of the IT environment; andcorrelating a performance characteristic of the IT environment with a structure characteristic of the IT environment, based on the stored performance measurements and stored structure data. 25. A method as recited in claim 1, wherein the performance metric comprises a performance metric for at least one hardware or software resource of a computer system. 26. A method as recited in claim 1, wherein the performance metric comprises a performance metric for at least one virtual machine or virtual machine host. 27. A method as recited in claim 1, wherein the performance metric comprises a performance metric for a virtual machine cluster. 28. A non-transitory machine-readable storage medium for use in a processing system of a data intake and query system, the non-transitory machine-readable storage medium storing instructions, an execution of which in the processing system causes the processing system to perform operations comprising: acquiring a plurality of performance measurements for a performance metric associated with at least one hardware or software component of an information technology (IT) environment;storing the acquired performance measurements in a first time-series data store;acquiring a plurality of portions of log data representing activity of at least one hardware or software component of the IT environment;storing the acquired portions of log data in a second time-series data store separate from the first time-series data store;causing display of a graphical user interface element;receiving a correlation criterion via an input associated with the graphical user interface element;generating, by the computer system, a search query in a search query language, the search query including the correlation criterion; andcorrelating at least one of the stored performance measurements with at least one of the stored portions of log data, wherein said correlating includes applying the search query in the search query language to the stored performance measurements and the stored portions of log data, causing display of a performance measurement that satisfies the correlation criterion, and causing display of a portion of log data that satisfies the correlation criterion. 29. A system comprising: a communication device through which to communicate on a computer network; andat least one processor operatively coupled to the communication device and configured to perform operations including acquiring a plurality of performance measurements for a performance metric associated with at least one hardware or software component of an information technology (IT) environment;storing the acquired performance measurements in a first time-series data store;acquiring a plurality of portions of log data representing activity of at least one hardware or software component of the IT environment;storing the acquired portions of log data in a second time-series data store separate from the first time-series data store;causing display of a graphical user interface element;receiving a correlation criterion via an input associated with the graphical user interface element;generating, by the computer system, a search query in a search query language, the search query including the correlation criterion; andcorrelating at least one of the stored performance measurements with at least one of the stored portions of log data, wherein said correlating includes applying the search query in the search query language to the stored performance measurements and the stored portions of log data, causing display of a performance measurement that satisfies the correlation criterion, and causing display of a portion of log data that satisfies the correlation criterion.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (120)
Srinivasa, Gowri; Lilha, Himanshu, Adaptive multimodal communication assist system.
Simpson Carl J. ; Kesten Randy J. ; Javier Manuel A. ; Pearce Steve ; Payne Sam G. ; Gertner Kevin, Channel forming device with a secured distal extremity.
Reed Drummond Shattuck ; Heymann Peter Earnshaw ; Mushero Steven Mark ; Jones Kevin Benard ; Oberlander Jeffrey Todd, Computer-based communication system and method using metadata defining a control-structure.
Fletcher, Tristan Antonio; Bhide, Alok Anant, Defining a graphical visualization along a time-based graph lane using key performance indicators derived from machine data.
Bingham, Brian; Fletcher, Tristan, Determining performance states of components in a virtual machine environment based on performance states of related subcomponents.
Bingham, Brian; Fletcher, Tristan, Determining performance states of parent components in a virtual-machine environment based on performance states of related child components.
Bingham, Brian; Fletcher, Tristan, Determining performance states of parent components in a virtual-machine environment based on performance states of related child components during a time period.
Kan, Masaki; Kajiki, Yoshihiro; Yamakawa, Satoshi; Torii, Takashi; Kaneko, Yuji, Information document search system, method and program for partitioned indexes on a time series in association with a backup document storage.
Alekseyev, Leonid Viktorovich; Bingham, Brian John; Fletcher, Tristan Antonio; Reyes, Brian C., Machine data-derived key performance indicators with per-entity states.
Crossley, Nicholas D. J.; Dugger, Troy R.; Honey, David J.; Lee, Samuel Sung-Ok; Matthews, Schuyler B.; Wiborg Weber, Darcy L., Managing reusable artifacts using placeholders.
Ransil, Patrick W.; Martynov, Aleksey V.; Larson, James S.; Collette, James R.; Chu, Robert Wai-Chi; Saha, Partha, Method and apparatus for data partitioning and replication in a searchable data service.
Geiner Robert Vaughn ; Nick Jeffrey Mark ; Phillips Mark ; Warnes James Henry ; Zimmer Dennis Jack,GB2, Method and system for log management in a coupled data processing system.
Swan, Erik M.; Carasso, R. David; Das, Robin Kumar; Greene, Rory; Hall, Bradley; Mealy, Nicholas Christian; Murphy, Brian Philip; Sorkin, Stephen Phillip; Stechert, Andre David; Baum, Michael Joseph, Normalization of time stamps for event data.
Gerald D. Baulier ; Stephen M. Blott ; Benson L. Branch ; Thomas M. Cliff, Jr. ; Henry F. Korth ; Jonathan E. Polito ; Abraham Silberschatz ; Scott L. Speicher, Real-time event processing system for telecommunications and other applications.
Panigrahy, Rina, Searching for a path to identify where to move entries among hash tables with storage for multiple entries per bucket during insert operations.
Casey, William L.; Luedecke, Michael J., System and method for externalized real-time log correlation and performance monitoring of service-oriented applications.
Artzi, Amanuel Ronen; Adiwijaya, Igg M.; Vijendra, Sudhir; Kleers, Ehud, System and method for managing a virtual domain environment to enable root cause and impact analysis.
Beeston, Ralph T.; Greco, Paul M.; Noel, Michael R.; Smith, Cory G., System and method for performing a search operation within a sequential access data storage subsystem.
Kolton Anthony D. (Chicago IL) Gamboa Ruben A. (Austin TX) Chimenti Danette S. (Austin TX), System for extracting historical market information with condition and attributed windows.
Lin, Chun-Hsien; Ko, Francis; Zuo, Kewei; Lo, Henry; Wang, Jean, System for extraction of key process parameters from fault detection classification to enable wafer prediction.
Baum, Michael J.; Carasso, David; Das, Robin K.; Greene, Rory; Hall, Brad; Mealy, Nick; Murphy, Brian; Sorkin, Stephen; Stechert, Andre; Swan, Erik M., Time series search engine.
Baum, Michael Joseph; Carasso, R. David; Das, Robin Kumar; Greene, Rory; Hall, Bradley; Mealy, Nicholas Christian; Murphy, Brian Philip; Sorkin, Stephen Phillip; Stechert, Andre David; Swan, Erik M., Time series search engine.
Baum, Michael Joseph; Carasso, R. David; Das, Robin Kumar; Greene, Rory; Hall, Bradley; Mealy, Nicholas Christian; Murphy, Brian Philip; Sorkin, Stephen Phillip; Stechert, Andre David; Swan, Erik M., Time series search in primary and secondary memory.
Baum, Michael J.; Carasso, David; Das, Robin K.; Greene, Rory; Hall, Brad; Mealy, Nick; Murphy, Brian; Sorkin, Stephen; Stechert, Andre; Swan, Erik M., Time series search with interpolated time stamp.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.