Grouping and managing event streams generated from captured network data
First Claim
1. A method for facilitating the processing of network data, comprising:
- receiving, via a first graphical user interface (GUI), input defining a plurality of event streams to be generated by one or more remote capture agents, each event stream of the plurality of event streams associated with a plurality of event stream attributes;
transmitting, via a network, configuration information generated based on the received input, the configuration information used by the one or more remote capture agents to generate the plurality of event streams, each event stream of the plurality of event streams including timestamped event data derived from network traffic monitored by the one or more remote capture agents;
causing display of a second GUI including a representation of the plurality of event streams;
receiving, via the second GUI, input specifying a value for an event stream attribute of the plurality of event stream attributes associated with at least one event stream of the plurality of event streams; and
updating the second GUI to display a representation of only event streams matching the specified value for the event stream attribute.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements for specifying a grouping of a set of event streams containing the time-series event data by an event stream attribute associated with the event streams. The system then causes for display, in the GUI, a second set of user-interface elements containing event stream information for one or more subsets of the event streams represented by the grouping of the event streams by the event stream attribute.
313 Citations
30 Claims
-
1. A method for facilitating the processing of network data, comprising:
-
receiving, via a first graphical user interface (GUI), input defining a plurality of event streams to be generated by one or more remote capture agents, each event stream of the plurality of event streams associated with a plurality of event stream attributes; transmitting, via a network, configuration information generated based on the received input, the configuration information used by the one or more remote capture agents to generate the plurality of event streams, each event stream of the plurality of event streams including timestamped event data derived from network traffic monitored by the one or more remote capture agents; causing display of a second GUI including a representation of the plurality of event streams; receiving, via the second GUI, input specifying a value for an event stream attribute of the plurality of event stream attributes associated with at least one event stream of the plurality of event streams; and updating the second GUI to display a representation of only event streams matching the specified value for the event stream attribute. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
-
-
20. An apparatus, comprising:
-
one or more hardware processors; and memory storing instructions that, when executed by the one or more hardware processors, cause the apparatus to; receive, via a first graphical user interface (GUI), input defining a plurality of event streams to be generated by one or more remote capture agents, each event stream of the plurality of event streams associated with a plurality of event stream attributes; transmit, via a network, configuration information generated based on the received input, the configuration information used by the one or more remote capture agents to generate the plurality of event streams, each event stream of the plurality of event streams including timestamped event data derived from network traffic monitored by the one or more remote capture agents; cause display of a second GUI including a representation of the plurality of event streams; receive, via the second GUI, input specifying a value for an event stream attribute of the plurality of event stream attributes associated with at least one event stream of the plurality of event streams; and update the second GUI to display a representation of only event streams matching the specified value for the event stream attribute. - View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
-
-
28. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for facilitating the processing of network data, the method comprising:
-
receiving, via a first graphical user interface (GUI), input defining a plurality of event streams to be generated by one or more remote capture agents, each event stream of the plurality of event streams associated with a plurality of event stream attributes; transmitting, via a network, configuration information generated based on the received input, the configuration information used by the one or more remote capture agents to generate the plurality of event streams, each event stream of the plurality of event streams including timestamped event data derived from network traffic monitored by the one or more remote capture agents; causing display of a second GUI including a representation of the plurality of event streams; receiving, via the second GUI, input specifying a value for an event stream attribute of the plurality of event stream attributes associated with at least one event stream of the plurality of event streams; and updating the second GUI to display a representation of only event streams matching the specified value for the event stream attribute. - View Dependent Claims (29, 30)
-
Specification