Custom communication alerts

US 10,223,423 B2
Filed: 10/30/2014
Issued: 03/05/2019
Est. Priority Date: 10/02/2014
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method, comprising:

executing a search query on events in a data store, each event comprising a portion of raw data in textual form, wherein a field specified in the search query is mapped to an extraction rule that defines the field, the extraction rule identifying a location within the portion of raw data in an event containing a value for the field for the event;

detecting a triggering condition of an alert by one or more computing devices, the triggering condition found by determining search results of the search query satisfy the triggering condition; and

responsive to the detecting of the triggering condition of the alert, forming a communication corresponding to the alert by one or more computing devices, the communication including one or more tokens based on one or more values of the field defined by the extraction rule.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Custom communication alert techniques are described where a triggering condition is detected by one or more computing devices that is found by searching data using one or more extraction rules of a late-binding schema. Responsive to the detection of the triggering condition of the alert, a communication is formed by the one or more computing devices that corresponds to the alert and that includes one or more tokens based on one or more values of the data taken from fields defined by the one or more extraction rules. The communication is caused to be transmitted by the one or more computing device via a network for receipt by at least one computing device of an intended recipient of the communication.

Citations

30 Claims

1. A computer-implemented method, comprising:
- executing a search query on events in a data store, each event comprising a portion of raw data in textual form, wherein a field specified in the search query is mapped to an extraction rule that defines the field, the extraction rule identifying a location within the portion of raw data in an event containing a value for the field for the event;
  
  detecting a triggering condition of an alert by one or more computing devices, the triggering condition found by determining search results of the search query satisfy the triggering condition; and
  
  responsive to the detecting of the triggering condition of the alert, forming a communication corresponding to the alert by one or more computing devices, the communication including one or more tokens based on one or more values of the field defined by the extraction rule.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
- - 2. The computer-implemented method as described in claim 1, wherein the search query further specifies search criteria used by the executing to evaluate at least one of the values.
  - 3. The computer-implemented method as described in claim 1, wherein the one or more tokens are taken directly from the one or more values.
  - 4. The computer-implemented method as described in claim 1, wherein the one or more tokens are based on processing of the one or more values by performing a function on the one or more values retrieved by the extraction rule to derive the one or more tokens.
  - 5. The computer-implemented method as described in claim 1, wherein the one or more tokens are based on processing of the one or more values using a lookup table to find the one or more tokens that correspond to the one or more values.
  - 6. The computer-implemented method as described in claim 1, further comprising causing the communication to be transmitted via a network for receipt by at least one computing device of an intended recipient of the communication.
  - 7. The computer-implemented method as described in claim 1, wherein the forming includes using the one or more tokens to indicate an intended recipient of the communication.
  - 8. The computer-implemented method as described in claim 1, wherein the forming includes using the one or more tokens in a message body of the communication.
  - 9. The computer-implemented method as described in claim 1, wherein the executing associates each event of the events with a respective value of the values using the extraction rule to identify a location within the portion of raw data in the event containing the respective value for the field for the event, and the detecting the triggering condition of the alert includes determining a number of distinct values that are included in the values in the search results.
  - 10. The computer-implemented method as described in claim 1, wherein the one or more extraction rules includes a regex rule that is in the search query.
  - 11. The computer-implemented method as described in claim 1, wherein in the executing the search query, an additional field specified in the search query is mapped to an additional extraction rule that defines the additional field, the additional extraction rule identifying a different location within the portion of raw data in the event containing a value for the additional field for the event.
  - 12. The computer-implemented method as described in claim 1, wherein the field is specified in the search query using a field name of the field, and the executing maps the field name to the extraction rule by looking up the extraction rule in a rule base by the field name from the search query, wherein the rule base includes a plurality of extraction rules and associated field names.
  - 13. The computer-implemented method as described in claim 1, wherein the communication is an email, text message, instant message, or social network communication.
  - 14. The computer-implemented method as described in claim 1, wherein the portion of raw data in the event is a string of text, and the executing generates the value for the field for the event using the location identified by the extraction rule and generates an additional value for an additional field for the event using a different location than the location, the different location identified by a different extraction rule.
  - 15. The computer-implemented method as described in claim 1, wherein the detecting of the alert is configured to be performed at scheduled times or in real time.
  - 16. The computer-implemented method as described in claim 1, wherein the search query is a search string written in a search processing language.
  - 17. The computer-implemented method as described in claim 1, wherein each event is associated with a timestamp extracted from the portion of the raw data associated with the event.

18. A computer-implemented system comprising:
- one or more processors, and one or more computer memory to store instructions, the instructions when executed by the one or more processors to perform operations comprising;
  
  executing a search query on events in a data store, each event comprising a portion of raw data in textual form, wherein a field specified in the search query is mapped to an extraction rule that defines the field, the extraction rule identifying a location within the portion of raw data in an event containing a value for the field for the event;
  
  detecting a triggering condition of an alert by one or more computing devices, the triggering condition found by determining search results of the search query satisfy the triggering condition; and
  
  responsive to the detecting of the triggering condition of the alert, forming a communication corresponding to the alert by one or more computing devices, the communication including one or more tokens based on one or more values of the field defined by the extraction rule.
- View Dependent Claims (19, 20, 21, 22, 23)
- - 19. The computer-implemented system as described in claim 18, wherein the forming includes using the one or more tokens to indicate an intended recipient of the communication.
  - 20. The computer-implemented system as described in claim 18, wherein the forming includes using the one or more tokens in a message body of the communication.
  - 21. The computer-implemented system as described in claim 18, wherein the forming includes specifying verbiage to be included with the one or more tokens in a message body of the communication.
  - 22. The computer-implemented system as described in claim 18, wherein the forming includes assigning a priority to the communication based on the alert.
  - 23. The computer-implemented system as described in claim 18, wherein the determining the search results of the search query satisfy the triggering condition includes evaluating a user-defined Boolean expression of the triggering condition.

24. One or more computer-readable storage media comprising instructions stored thereon that, responsive to execution by one or more computing devices, causes the one or more computing devices to perform operations comprising:
- executing a search query on events in a data store, each event comprising a portion of raw data in textual form, wherein a field specified in the search query is mapped to an extraction rule that defines the field, the extraction rule identifying a location within the portion of raw data in an event containing a value for the field for the event;
  
  detecting a triggering condition of an alert by one or more computing devices, the triggering condition found by determining search results of the search query satisfy the triggering condition; and
  
  responsive to the detecting of the triggering condition of the alert, forming a communication corresponding to the alert by one or more computing devices, the communication including one or more tokens based on one or more values of the field defined by the extraction rule.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The one or more computer-readable storage media as described in claim 24, wherein the forming includes using the one or more tokens to indicate an intended recipient of the communication.
  - 26. The one or more computer-readable storage media as described in claim 24, wherein the forming includes using the one or more tokens in a message body of the communication.
  - 27. The one or more computer-readable storage media as described in claim 24, wherein the forming includes assigning a priority to the communication based on the alert.
  - 28. The one or more computer-readable storage media as described in claim 24, wherein the forming includes associating the search results with the communication as a link, an inline table, or an attachment.
  - 29. The one or more computer-readable storage media as described in claim 24, wherein the forming includes specifying verbiage to be included with the one or more tokens in a message body of the communication.
  - 30. The one or more computer-readable storage media as described in claim 24, wherein the one or more tokens are taken directly from the one or more values.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Splunk Inc. (Cisco Systems, Inc.)
Original Assignee
Splunk Inc. (Cisco Systems, Inc.)
Inventors
Filippi, Nicholas John, Feeney, Katherine Kyle, Burke, Cory Eugene, Nekkanti, Abhinav Prasad, Robichaud, Marc Vincent, Korobova, Irina
Primary Examiner(s)
Meng, Jau Shya

Application Number

US14/528,905
Publication Number

US 20160098402A1
Time in Patent Office

1,587 Days
Field of Search

707602, 711202
US Class Current
CPC Class Codes

G06F 11/00   Error detection; Error corr...

G06F 11/0709   in a distributed system con...

G06F 11/0751   Error or fault detection no...

G06F 11/0766   Error or fault reporting or...

G06F 16/00   Information retrieval; Data...

G06F 16/24565   Triggers; Constraints

G06F 16/254   Extract, transform and load...

G06F 16/9536   Search customisation based ...

G06F 9/542   Event management; Broadcast...

G06Q 10/00   Administration; Management

H04L 41/00   Arrangements for maintenanc...

H04L 41/0631   using root cause analysis; ...

Custom communication alerts

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

Custom communication alerts

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links