Interactive display of search result information
First Claim
1. A method, comprising:
- causing an aggregating node of a computing system to send, to each of a plurality of distributed nodes of the computing system, a search request to search a set of time stamped events;
causing the aggregating node to generate search result information based on a combination of sub-query results provided by each of the plurality of distributed nodes, wherein the search result information includes event references received from each of the plurality of distributed nodes;
receiving, from the computing system, the search result information, wherein the search result information further includes information associated with one or more time stamped events that satisfy the search request, and the event references include an event identifier corresponding to each of the one or more time stamped events that satisfy the search request;
causing display, within a graphical user interface, of an interactive report generated based on the search result information, wherein the interactive report enables a subsequent input request for additional information about at least a portion of the search result information;
in response to receiving the subsequent input request;
determining a set of event identifiers from the event references corresponding to time stamped events included in the at least a portion of the search result information; and
causing the aggregating node to sends to at least a portion of the distributed nodes of the computing system, a request for time stamped events corresponding to the set of event identifiers;
receiving, from the portion of the distributed nodes of the computing system, the requested time stamped events; and
causing display, within the graphical user interface, of the requested additional information using the received requested time stamped events.
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system, and processor-readable storage medium are directed towards generating a report derived from data, such as event data, stored on a plurality of distributed nodes. In one embodiment the analysis is generated using a “divide and conquer” algorithm, such that each distributed node analyzes locally stored event data while an aggregating node combines these analysis results to generate the report. In one embodiment, each distributed node also transmits a list of event data references associated with the analysis result to the aggregating node. The aggregating node may then generate a global ordered list of data references based on the list of event data references received from each distributed node. Subsequently, in response to a user selection of a range of global event data, the report may dynamically retrieve event data from one or more distributed nodes for display according to the global order.
-
Citations
21 Claims
-
1. A method, comprising:
-
causing an aggregating node of a computing system to send, to each of a plurality of distributed nodes of the computing system, a search request to search a set of time stamped events; causing the aggregating node to generate search result information based on a combination of sub-query results provided by each of the plurality of distributed nodes, wherein the search result information includes event references received from each of the plurality of distributed nodes; receiving, from the computing system, the search result information, wherein the search result information further includes information associated with one or more time stamped events that satisfy the search request, and the event references include an event identifier corresponding to each of the one or more time stamped events that satisfy the search request; causing display, within a graphical user interface, of an interactive report generated based on the search result information, wherein the interactive report enables a subsequent input request for additional information about at least a portion of the search result information; in response to receiving the subsequent input request; determining a set of event identifiers from the event references corresponding to time stamped events included in the at least a portion of the search result information; and causing the aggregating node to sends to at least a portion of the distributed nodes of the computing system, a request for time stamped events corresponding to the set of event identifiers; receiving, from the portion of the distributed nodes of the computing system, the requested time stamped events; and causing display, within the graphical user interface, of the requested additional information using the received requested time stamped events. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus, comprising:
-
one or more data processors; and a non-transitory computer-readable storage medium containing instructions which when executed on the one or more data processors, cause the one or more processors to perform operations including; causing an aggregating node of a computing system to sends to each of a plurality of distributed nodes of the computing system, a search request to search a set of time stamped events; causing the aggregating node to generate search result information based on a combination of sub-query results provided by each of the plurality of distributed nodes, wherein the search result information includes event references received from each of the plurality of distributed nodes; receiving, from the computing system, the search result information, wherein the search result information further includes information associated with one or more time stamped events that satisfy the search request and the event references include an event identifier corresponding to each of the one or more time stamped events that satisfy the search request; causing display, within a graphical user interface, of an interactive report generated based on the search result information, wherein the interactive report enables a subsequent input request for additional information from at least a portion of the search result information; in response to receiving the subsequent input request; determining a set of event identifiers from the event references corresponding to time stamped events included in the at least a portion of the search result information; and causing the aggregating node to sends to at least a portion of the distributed nodes of the computing system, a request for time stamped events corresponding to the set of event identifiers; receiving, from the portion of the distributed nodes of the computing system, the requested time stamped events; and causing display, within the graphical user interface, of the requested additional information using the received requested time stamped events. - View Dependent Claims (9, 10, 11, 12, 13, 14)
-
-
15. A non-transitory computer-readable medium storing one or more sequences of instructions, wherein execution of the one or more sequences of instructions by one or more processors causes the one or more processors to perform:
-
causing an aggregating node of a computing system to send to each of a plurality of distributed nodes of the computing system, a search request to search a set of time stamped events; causing the aggregating node to generate search result information based on a combination of sub-query results provided by each of the plurality of distributed nodes, wherein the search result information includes event references received from each of the plurality of distributed nodes; receiving, from the computing system, the search result information, wherein the search result information further includes information associated with one or more time stamped events that satisfy the search request and the event references include an event identifier corresponding to each of the one or more time stamped events that satisfy the search request; causing display, within a graphical user interface, of an interactive report generated based on the search result information, wherein the interactive report enables a subsequent input request for additional information from at least a portion of the search result information; in response to receiving the subsequent input request; determining a set of event identifiers from the event references corresponding to time stamped events included in the at least a portion of the search result information; and causing the aggregating node to send to at least a portion of the distributed nodes of the computing system, a request for time stamped events corresponding to the set of event identifiers; receiving, from the portion of the distributed nodes of the computing system, the requested time stamped events; and causing display, within the graphical user interface, of the requested additional information using the received requested time stamped events. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
Specification