Automatic entity definitions
First Claim
Patent Images
1. A method comprising:
- receiving and storing machine data from a plurality of data sources over a period of time;
applying data selection criteria to the machine data to select particular machine data identifying an entity, the entity having information generated by or about the entity among the machine data, wherein the entity hosts at least one of the plurality of data sources and generates at least a portion of the machine data as part of performing a service, wherein the service is provided by one or more entities and has a service definition specifying entity definitions corresponding to the one or more entities providing the service, wherein applying the data selection criteria to the machine data results in discovering undefined entities by selecting the particular machine data from multiple sources associated with multiple source types, the undefined entities comprising entities without a corresponding entity definition being stored in computer storage;
determining, based on the particular machine data, whether the identified entity has a corresponding entity definition physically represented in computer storage;
in response to determining that the identified entity does not have the corresponding entity definition, deriving content descriptive of the entity from the information generated by or about the entity, wherein deriving the content descriptive of the entity includes executing a second search query to produce a search result set having an entry corresponding to the entity, the entry having one or more data items, and a position of at least one of the data items in the entry indicating an element of the stored entity definition; and
generating a stored entity definition based at least in part on the derived content, the stored entity definition comprising information to identify the entity, to associate the entity with the service definition of the service, and to associate the entity with portions of the machine data, wherein the stored entity definition is physically represented in the computer storage;
wherein the entity performs the service and the service has a key performance indicator (KPI) associated with a first search query of the machine data that derives a value indicative of the performance of the service at a point in time or during a period of time, the value derived from machine data identified in the entity definitions for the one or more entities that provide the service, wherein the entity definitions comprise the stored entity definition;
wherein the method is performed by a computer system comprising one or more processors.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods are disclosed to take advantage of the early collection of machine data from a new or changed entity in a computing environment in order to update the definitional information about entities used by a service monitoring system. In some embodiments, the process undertaken to recognize new or changed entities in an IT environment from collected machine data may be informed by the expertise of a particular subject matter area by installing that intelligence in a codified form packaged as a domain add-on to the service monitoring system.
168 Citations
30 Claims
-
1. A method comprising:
-
receiving and storing machine data from a plurality of data sources over a period of time; applying data selection criteria to the machine data to select particular machine data identifying an entity, the entity having information generated by or about the entity among the machine data, wherein the entity hosts at least one of the plurality of data sources and generates at least a portion of the machine data as part of performing a service, wherein the service is provided by one or more entities and has a service definition specifying entity definitions corresponding to the one or more entities providing the service, wherein applying the data selection criteria to the machine data results in discovering undefined entities by selecting the particular machine data from multiple sources associated with multiple source types, the undefined entities comprising entities without a corresponding entity definition being stored in computer storage; determining, based on the particular machine data, whether the identified entity has a corresponding entity definition physically represented in computer storage; in response to determining that the identified entity does not have the corresponding entity definition, deriving content descriptive of the entity from the information generated by or about the entity, wherein deriving the content descriptive of the entity includes executing a second search query to produce a search result set having an entry corresponding to the entity, the entry having one or more data items, and a position of at least one of the data items in the entry indicating an element of the stored entity definition; and generating a stored entity definition based at least in part on the derived content, the stored entity definition comprising information to identify the entity, to associate the entity with the service definition of the service, and to associate the entity with portions of the machine data, wherein the stored entity definition is physically represented in the computer storage; wherein the entity performs the service and the service has a key performance indicator (KPI) associated with a first search query of the machine data that derives a value indicative of the performance of the service at a point in time or during a period of time, the value derived from machine data identified in the entity definitions for the one or more entities that provide the service, wherein the entity definitions comprise the stored entity definition; wherein the method is performed by a computer system comprising one or more processors. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17)
-
-
18. A system comprising:
-
a memory; and a processing device coupled with the memory to; receive and store machine data from a plurality of data sources over a period of time; apply data selection criteria to the machine data to select particular machine data identifying an entity, the entity having information generated by or about the entity among the machine data, wherein the entity hosts at least one of the plurality of data sources and generates at least a portion of the machine data as part of performing a service, wherein the service is provided by one or more entities and has a service definition specifying entity definitions corresponding to the one or more entities providing the service, wherein applying the data selection criteria to the machine data results in discovering undefined entities by selecting the particular machine data from multiple sources associated with multiple source types, the undefined entities comprising entities without a corresponding entity definition being stored in computer storage; determine, based on the particular machine data, whether the identified entity has a corresponding entity definition physically represented in computer storage; in response to determining that the identified entity does not have the corresponding entity definition, derive content descriptive of the entity from the information generated by or about the entity, wherein deriving the content descriptive of the entity includes executing a second search query to produce a search result set having an entry corresponding to the entity, the entry having one or more data items, and a position of at least one of the data items in the entry indicating an element of the stored entity definition; and generate a stored entity definition based at least in part on the derived content, the stored entity definition comprising information to identify the entity, to associate the entity with the service definition of the service, and to associate the entity with portions of the machine data, wherein the stored entity definition is physically represented in the computer storage; wherein the entity performs the service and the service has a key performance indicator (KPI) associated with a first search query of the machine data that derives a value indicative of the performance of the service at a point in time or during a period of time, the value derived from machine data identified in the entity definitions for the one or more entities that provide the service, wherein the entity definitions comprise the stored entity definition. - View Dependent Claims (19, 20, 21, 22, 23, 24)
-
-
25. A non-transitory computer readable storage medium encoding instructions thereon that, in response to execution by one or more processing devices, cause the processing device to perform operations comprising:
-
receiving and storing machine data from a plurality of data sources over a period of time; applying data selection criteria to the machine data to select particular machine data identifying an entity, the entity having information generated by or about the entity among the machine data, wherein the entity hosts at least one of the plurality of data sources and generates at least a portion of the machine data as part of performing a service, wherein the service is provided by one or more entities and has a service definition specifying entity definitions corresponding to the one or more entities providing the service, wherein applying the data selection criteria to the machine data results in discovering undefined entities by selecting the particular machine data from multiple sources associated with multiple source types, the undefined entities comprising entities without a corresponding entity definition being stored in computer storage; determining, based on the particular machine data, whether the identified entity has a corresponding entity definition physically represented in computer storage; in response to determining that the identified entity does not have the corresponding entity definition, deriving content descriptive of the entity from the information generated by or about the entity, wherein deriving the content descriptive of the entity includes executing a second search query to produce a search result set having an entry corresponding to the entity, the entry having one or more data items, and a position of at least one of the data items in the entry indicating an element of the stored entity definition; and generating a stored entity definition based at least in part on the derived content, the stored entity definition comprising information to identify the entity, to associate the entity with the service definition of the service, and to associate the entity with portions of the machine data, wherein the stored entity definition is physically represented in the computer storage; wherein the entity performs the service and the service has a key performance indicator (KPI) associated with a first search query of the machine data that derives a value indicative of the performance of the service at a point in time or during a period of time, the value derived from machine data identified in the entity definitions for the one or more entities that provide the service, wherein the entity definitions comprise the stored entity definition. - View Dependent Claims (26, 27, 28, 29, 30)
-
Specification