Analysis of tokenized HTTP event collector
First Claim
Patent Images
1. A computer-implemented method, comprising:
- receiving, at a data intake and query system, a request to analyze a set of data associated with the data intake and query system;
identifying a token identifier of a plurality of token identifiers based on the request, wherein the token identifier corresponds to a token received as part of an internet protocol (IP) message, and wherein the token is indicative of a data source associated with the IP message;
identifying a plurality of events associated with the token and stored by the data intake and query system, wherein each event comprises a portion of raw machine data associated with a timestamp;
determining a graphical visualization based on the request and the plurality of events;
identifying, based on the request, one or more components of the data intake and query system that are associated with the plurality of events; and
generating visualization data for the graphical visualization based on the token and the identified one or more components.
1 Assignment
0 Petitions
Accused Products
Abstract
A data intake and query systems processes events received via the hypertext transfer protocol (HTTP). The HTTP events are associated with tokens. The received events are received by event collectors and distributed for storage. The data intake and query system receives requests to provide analyses and visualizations regarding the stored HTTP events. These requests can be customized based on selected tokens and selected data storage components. The visualizations are generated in response to the requests, and transmitted to the requesting device.
52 Citations
15 Claims
-
1. A computer-implemented method, comprising:
-
receiving, at a data intake and query system, a request to analyze a set of data associated with the data intake and query system; identifying a token identifier of a plurality of token identifiers based on the request, wherein the token identifier corresponds to a token received as part of an internet protocol (IP) message, and wherein the token is indicative of a data source associated with the IP message; identifying a plurality of events associated with the token and stored by the data intake and query system, wherein each event comprises a portion of raw machine data associated with a timestamp; determining a graphical visualization based on the request and the plurality of events; identifying, based on the request, one or more components of the data intake and query system that are associated with the plurality of events; and generating visualization data for the graphical visualization based on the token and the identified one or more components. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory computer-readable storage medium comprising instructions stored thereon, which when executed by one or more processors, cause the one or more processors to perform operations comprising:
-
receiving, at a data intake and query system, a request to analyze a set of data associated with the data intake and query system; identifying a token identifier of a plurality of token identifiers based on the request, wherein the token identifier corresponds to a token received as part of an internet protocol (IP) message, and wherein the token is indicative of a data source associated with the IP message; identifying a plurality of events associated with the token and stored by the data intake and query system, wherein each event comprises a portion of raw machine data associated with a timestamp; determining a graphical visualization based on the request and the plurality of events; identifying, based on the request, one or more components of the data intake and query system that are associated with the plurality of events; and generating visualization data for the graphical visualization based on the token and the identified one or more components.
-
-
15. A system, comprising:
-
a communication interface; at least one memory having instructions stored thereon; and at least one processor configured to execute the instructions, wherein the at least one processor is configured to; receive, at a data intake and query system, a request to analyze a set of data associated with the data intake and query system; identify a token identifier of a plurality of token identifiers based on the request, wherein the token identifier corresponds to a token received as part of an internet protocol (IP) message, and wherein the token is indicative of a data source associated with the IP message; identify a plurality of events associated with the token and stored by the data intake and query system, wherein each event comprises a portion of raw machine data associated with a timestamp; determining a graphical visualization based on the request and the plurality of events; identify, based on the request, one or more components of the data intake and query system that are associated with the plurality of events; and generate visualization data for the graphical visualization based on the token and the identified one or more components.
-
Specification