Visualizations of statistics associated with captured network data
First Claim
1. A method performed by a configuration server coupled via a network to one or more remote capture agents, the method comprising:
- receiving one or more event streams from at least one remote capture agent of the one or more remote capture agents, the one or more event streams including timestamped event data generated by the at least one remote capture agent;
determining, based on configuration information associated with the one or more event streams, that the configuration server is to generate one or more statistics based on the timestamped event data received from the at least one remote capture agent without subsequently processing and storing the timestamped event data used to generate the statistics in a data store;
generating the one or more statistics based on the timestamped event data received from the at least one remote capture agent without subsequently processing and storing the timestamped event data used to generate the statistics in a data store; and
causing display of a graphical user interface (GUI) including a graph generated based on the one or more statistics.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements containing a set of statistics associated with one or more event streams that comprise the time-series event data. The system then causes for display, in the GUI, one or more graphs comprising one or more values from the set of statistics. Finally, the system causes for display, in the GUI, a value of a statistic from the set of statistics based on a position of a cursor over the one or more graphs.
309 Citations
30 Claims
-
1. A method performed by a configuration server coupled via a network to one or more remote capture agents, the method comprising:
-
receiving one or more event streams from at least one remote capture agent of the one or more remote capture agents, the one or more event streams including timestamped event data generated by the at least one remote capture agent; determining, based on configuration information associated with the one or more event streams, that the configuration server is to generate one or more statistics based on the timestamped event data received from the at least one remote capture agent without subsequently processing and storing the timestamped event data used to generate the statistics in a data store; generating the one or more statistics based on the timestamped event data received from the at least one remote capture agent without subsequently processing and storing the timestamped event data used to generate the statistics in a data store; and causing display of a graphical user interface (GUI) including a graph generated based on the one or more statistics. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. An apparatus, comprising:
-
one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the apparatus to; receive one or more event streams from at least one remote capture agent of one or more remote capture agents, the one or more event streams including timestamped event data generated by the at least one remote capture agent of the one or more remote capture agents; determine, based on configuration information associated with the one or more event streams, that a configuration server is to generate one or more statistics based on the timestamped event data received from the at least one remote capture agent without subsequently processing and storing the timestamped event data used to generate the statistics in a data store; generate the one or more statistics based on the timestamped event data received from the at least one remote capture agent without subsequently processing and storing the timestamped event data used to generate the statistics in a data store; and cause display of a graphical user interface (GUI) including a graph generated based on the one or more statistics.
-
-
30. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform operations comprising:
-
receiving one or more event streams from at least one remote capture agent of one or more remote capture agents, the one or more event stream including timestamped event data generated by the at least one remote capture agent of the one or more remote capture agents; determining, based on configuration information associated with the one or more event streams, that a configuration server is to generate one or more statistics based on the timestamped event data received from the at least one remote capture agent without subsequently processing and storing the timestamped event data used to generate the statistics in a data store; generating the one or more statistics based on the timestamped event data received from the at least one remote capture agent without subsequently processing and storing the timestamped event data used to generate the statistics in a data store; and causing display of a graphical user interface (GUI) including a graph generated based on the one or more statistics.
-
Specification