Interactive display of aggregated search result information

US 10,162,863 B2
Filed: 11/01/2014
Issued: 12/25/2018
Est. Priority Date: 03/14/2011
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

causing graphical display, on a client device, of a user interface;

sending, to a plurality of computing systems, a search request to search a set of time stamped events, wherein the search request was received from the client device via the user interface;

receiving, from two or more computing systems among the plurality of computing systems, at least two sets of search results and event references, wherein each set of search results of the at least two sets of search results includes information associated with one or more time stamped events that satisfy the search request, and each of the event references includes an event identifier and an order value corresponding to each of the one or more time stamped events that satisfy the search request;

aggregating the at least two sets of search results into an aggregated search result by merging the event references into a global ordered list of the event references based on the order values of the event references;

causing graphical display, within the user interface, of information based on the global ordered list of the event references of the aggregated search result;

in response to receiving input requesting additional information from at least a portion of the aggregated search result, determining a set of event identifiers corresponding to time stamped events included in the at least a portion of the aggregated search result;

sending, to the two or more computing systems, a request for time stamped events corresponding to the set of event identifiers;

receiving, from the two or more computing systems, the requested time stamped events; and

causing display, within the user interface, of the requested additional information using the received requested time stamped events.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method, system, and processor-readable storage medium are directed towards generating a report derived from data, such as event data, stored on a plurality of distributed nodes. In one embodiment the analysis is generated using a “divide and conquer” algorithm, such that each distributed node analyzes locally stored event data while an aggregating node combines these analysis results to generate the report. In one embodiment, each distributed node also transmits a list of event data references associated with the analysis result to the aggregating node. The aggregating node may then generate a global ordered list of data references based on the list of event data references received from each distributed node. Subsequently, in response to a user selection of a range of global event data, the report may dynamically retrieve event data from one or more distributed nodes for display according to the global order.

96 Citations

View as Search Results

24 Claims

1. A method, comprising:
- causing graphical display, on a client device, of a user interface;
  
  sending, to a plurality of computing systems, a search request to search a set of time stamped events, wherein the search request was received from the client device via the user interface;
  
  receiving, from two or more computing systems among the plurality of computing systems, at least two sets of search results and event references, wherein each set of search results of the at least two sets of search results includes information associated with one or more time stamped events that satisfy the search request, and each of the event references includes an event identifier and an order value corresponding to each of the one or more time stamped events that satisfy the search request;
  
  aggregating the at least two sets of search results into an aggregated search result by merging the event references into a global ordered list of the event references based on the order values of the event references;
  
  causing graphical display, within the user interface, of information based on the global ordered list of the event references of the aggregated search result;
  
  in response to receiving input requesting additional information from at least a portion of the aggregated search result, determining a set of event identifiers corresponding to time stamped events included in the at least a portion of the aggregated search result;
  
  sending, to the two or more computing systems, a request for time stamped events corresponding to the set of event identifiers;
  
  receiving, from the two or more computing systems, the requested time stamped events; and
  
  causing display, within the user interface, of the requested additional information using the received requested time stamped events.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, wherein the event identifier indicates a computing system that stores a time stamped event and a value indicating a location of the time stamped event in the computing system.
  - 3. The method of claim 1, wherein the two or more computing systems execute the search request to search the time stamped events concurrently, wherein each of the two or more computing systems is responsible for searching a portion of the time stamped events.
  - 4. The method of claim 1, wherein the search result information indicates statistical information about one or more time stamped events that satisfy the search request.
  - 5. The method of claim 1, further comprising:
    - wherein the search request is periodically sent to the computing system;
      
      generating a report based on search results from the periodic search request.
  - 6. The method of claim 1, wherein the search request is sent to the computing system in response to an event occurrence.
  - 7. The method of claim 1, wherein the set of time stamped events include raw data.
  - 8. The method of claim 1, wherein the received requested time stamped events include raw data.

9. An apparatus, comprising:
- one or more data processors; and
  
  one or more computer-readable storage media containing instructions which when executed on the one or more data processors, implement a plurality of subsystems including;
  
  a subsystem that sends, to a plurality of computing systems, a search request to search a set of time stamped events, wherein the search request was received via a user interface;
  
  a subsystem that receives, from two or more computing systems among the plurality of computing systems, at least two sets of search results and event references, wherein each set of search results of the at least two sets of search results includes information associated with one or more time stamped events that satisfy the search request and each of the event references includes an event identifier and an order value corresponding to each of the one or more time stamped events that satisfy the search request;
  
  a subsystem that aggregates the at least two sets of search results into an aggregated search result by merging the event references into a global ordered list of the event references based on the order values of the event references;
  
  a subsystem that causes graphical display, within the user interface, of information based on the global ordered list of the event references of the aggregated search result;
  
  a subsystem that in response to receiving input requesting additional information from at least a portion of the aggregated search result, determines a set of event identifiers corresponding to time stamped events included in the at least a portion of the aggregated search result;
  
  a subsystem that sends, to the two or more computing systems, a request for time stamped events corresponding to the set of event identifiers;
  
  a subsystem that receives, from the two or more computing systems, the requested time stamped events; and
  
  a subsystem that causes display, within the user interface, of the requested additional information using the received requested time stamped events.
- View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
- - 10. The apparatus as recited in claim 9, wherein the event identifier indicates a computing system that stores a time stamped event and a value indicating a location of the time stamped event in the computing system.
  - 11. The apparatus as recited in claim 9, wherein the two or more computing systems execute the search request to search the time stamped events concurrently, wherein each of the two or more computing systems is responsible for searching a portion of the time stamped events.
  - 12. The apparatus as recited in claim 9, wherein the search result information indicates statistical information about one or more time stamped events that satisfy the search request.
  - 13. The apparatus as recited in claim 9, further comprising:
    - wherein the search request is periodically sent to the computing system;
      
      a subsystem that generates a report based on search results from the periodic search request.
  - 14. The apparatus as recited in claim 9, wherein the search request is sent to the computing system in response to an event occurrence.
  - 15. The apparatus as recited in claim 9, wherein the set of time stamped events include raw data.
  - 16. The apparatus as recited in claim 9, wherein the received requested time stamped events include raw data.

17. A non-transitory computer-readable medium storing one or more sequences of instructions, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform:
- causing graphical display, on a client device, of a user interface;
  
  sending, to a plurality of computing systems, a search request to search a set of time stamped events, wherein the search request was received from the client device via the user interface;
  
  receiving, from two or more computing systems among the plurality of computing systems, at least two sets of search results and event references, wherein each set of search results of the at least two sets of search results includes information associated with one or more time stamped events that satisfy the search request and each of the event references includes an event identifier and an order value corresponding to each of the one or more time stamped events that satisfy the search request;
  
  aggregating the at least two sets of search results into an aggregated search result by merging the event references into a global ordered list of the event references based on the order values of the event references;
  
  causing graphical display, within the user interface, of information based on the global ordered list of the event references of the aggregated search result;
  
  in response to receiving input requesting additional information from at least a portion of the aggregated search result, determining a set of event identifiers corresponding to time stamped events included in the at least a portion of the aggregated search result;
  
  sending, to the two or more computing systems, a request for time stamped events corresponding to the set of event identifiers;
  
  receiving, from the two or more computing systems, the requested time stamped events; and
  
  causing display, within the user interface, of the requested additional information using the received requested time stamped events.
- View Dependent Claims (18, 19, 20, 21, 22, 23, 24)
- - 18. The non-transitory computer-readable medium as recited in claim 17, wherein the event identifier indicates a computing system that stores a time stamped event and a value indicating a location of the time stamped event in the computing system.
  - 19. The non-transitory computer-readable medium as recited in claim 17, wherein the two or more computing systems execute the search request to search the time stamped events concurrently, wherein each of the two or more computing systems is responsible for searching a portion of the time stamped events.
  - 20. The non-transitory computer-readable medium as recited in claim 17, wherein the search result information indicates statistical information about one or more time stamped events that satisfy the search request.
  - 21. The non-transitory computer-readable medium as recited in claim 17, further comprising:
    - wherein the search request is periodically sent to the computing system;
      
      generating a report based on search results from the periodic search request.
  - 22. The non-transitory computer-readable medium as recited in claim 17, wherein the search request is sent to the computing system in response to an event occurrence.
  - 23. The non-transitory computer-readable medium as recited in claim 17, wherein the set of time stamped events include raw data.
  - 24. The non-transitory computer-readable medium as recited in claim 17, wherein the received requested time stamped events include raw data.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Splunk Inc.
Original Assignee
Splunk Inc.
Inventors
Zhang, Steve Yu, Sorkin, Stephen P.
Primary Examiner(s)
Wilson, Kimberly L

Application Number

US14/530,692
Publication Number

US 20150058326A1
Time in Patent Office

1,515 Days
Field of Search

707769
US Class Current
CPC Class Codes

G06F 16/182   Distributed file systems

G06F 16/22   Indexing; Data structures t...

G06F 16/2322   using timestamps

G06F 16/24   Querying

G06F 16/2455   Query execution

G06F 16/24553   of query operations

G06F 16/24554   Unary operations; Data part...

G06F 16/24575   using context

G06F 16/24578   using ranking

G06F 16/2471   Distributed queries

G06F 16/2477   Temporal data queries

G06F 16/248   Presentation of query results

G06F 16/334   Query execution G06F16/335 ...

G06F 16/90328   using search space presenta...

G06F 16/9038   Presentation of query results

G06F 16/951   Indexing; Web crawling tech...

G06F 16/9535   Search customisation based ...

G06F 16/9538   Presentation of query results

H04L 41/0604   using filtering, e.g. reduc...

H04L 41/22   comprising specially adapte...

H04L 67/1097 : for distributed storage of ...

View All

Interactive display of aggregated search result information

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

96 Citations

24 Claims

Specification

Solutions

Use Cases

Quick Links

Interactive display of aggregated search result information

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

96 Citations

24 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links