Generating notification visualizations based on event pattern matching

US 10,691,523 B2
Filed: 07/31/2016
Issued: 06/23/2020
Est. Priority Date: 09/07/2012
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

creating a plurality of time stamped events from data received from one or more information technology systems;

analyzing the plurality of time stamped events to identify whether an event pattern that occurs in the plurality of time stamped events is the same or similar to one or more registered event patterns, the one or more registered event patterns indicative of performance aspects of the one or more information technology systems;

generating, based upon identification of one or more registered event patterns of the one or more registered event patterns that are the same or similar to the event pattern, a visualization representing one or more information technology systems of the one or more information technology systems that generated events associated with the event pattern;

generating within the visualization a control tool, wherein interaction with the control tool triggers;

retrieving events by searching the plurality of time stamped events for events surrounding the event pattern; and

replaying the retrieved events; and

generating within the visualization a representation of the replaying of the retrieved events surrounding the event pattern;

wherein the method is performed by one or more computing devices.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Embodiments are directed towards the visualization of machine data received from computing clusters. Embodiments may enable improved analysis of computing cluster performance, error detection, troubleshooting, error prediction, or the like. Individual cluster nodes may generate machine data that includes information and data regarding the operation and status of the cluster node. The machine data is received from each cluster node for indexing by one or more indexing applications. The indexed machine data including the complete data set may be stored in one or more index stores. A visualization application enables a user to select one or more analysis lenses that may be used to generate visualizations of the machine data. The visualization application employs the analysis lens to produce visualizations of the computing cluster machine data.

48 Citations

View as Search Results

20 Claims

1. A method, comprising:
- creating a plurality of time stamped events from data received from one or more information technology systems;
  
  analyzing the plurality of time stamped events to identify whether an event pattern that occurs in the plurality of time stamped events is the same or similar to one or more registered event patterns, the one or more registered event patterns indicative of performance aspects of the one or more information technology systems;
  
  generating, based upon identification of one or more registered event patterns of the one or more registered event patterns that are the same or similar to the event pattern, a visualization representing one or more information technology systems of the one or more information technology systems that generated events associated with the event pattern;
  
  generating within the visualization a control tool, wherein interaction with the control tool triggers;
  
  retrieving events by searching the plurality of time stamped events for events surrounding the event pattern; and
  
  replaying the retrieved events; and
  
  generating within the visualization a representation of the replaying of the retrieved events surrounding the event pattern;
  
  wherein the method is performed by one or more computing devices.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13)
- - 2. The method of claim 1, wherein the one or more registered event patterns are specified by a user.
  - 3. The method of claim 1, wherein the analyzing the plurality of time stamped events uses scripts to analyze the event pattern.
  - 4. The method of claim 1, wherein the analyzing the plurality of events uses regular expressions to analyze the event pattern.
  - 5. The method of claim 1, wherein the creating the plurality of time stamped events further comprises:
    - wherein the data received from the one or more information technology systems are machine data;
      
      parsing the machine data to determine event boundaries within the machine data to generate the plurality of time stamped events, thereby transforming the machine data into the plurality of time stamped events.
  - 6. The method of claim 1, wherein the creating the plurality of time stamped events further comprises:
    - wherein the data received from the one or more information technology systems are machine data;
      
      parsing the machine data to determine event boundaries within the machine data to generate the plurality of time stamped events, thereby transforming the machine data into the plurality of time stamped events, the machine data includes log files.
  - 7. The method of claim 1, wherein the event pattern comprises a pattern represented in a heat map, and wherein the heat map indicates a metric for each information technology system of the one or more information technology systems.
  - 8. The method of claim 1, wherein the event pattern comprises a pattern represented in a heat map, wherein the heat map indicates a metric for each information technology system of the one or more information technology systems, and wherein analyzing the plurality of time stamped events further comprises determining whether the heat map is expanding or contracting by comparing the heat map to previous heat maps.
  - 9. The method of claim 1, further comprising:
    - based on user input, replaying, within the visualization, events, among the plurality of events, surrounding the event pattern within a replay period.
  - 10. The method of claim 1, wherein at least one of the one or more registered event patterns is indicative of an occurrence of an abnormal condition.
  - 11. The method of claim 1, wherein at least one of the one or more registered event patterns is indicative that an error has occurred.
  - 12. The method of claim 1, wherein the analyzing the plurality of time stamped events includes determining that the event pattern occurred during a limited-duration time window associated with the one or more registered event patterns using time stamps of two or more events from the plurality of time stamped events that, together, form the event pattern.
  - 13. The method of claim 1, wherein the analyzing the plurality of time stamped events includes determining that the event pattern occurred during a user selected time window associated with the one or more registered event patterns using time stamps of two or more events from the plurality of time stamped events that, together, form the event pattern.

14. One or more non-transitory storage media storing instructions which, when executed by one or more computing devices, cause:
- creating a plurality of time stamped events from data received from one or more information technology systems;
  
  analyzing the plurality of time stamped events to identify whether an event pattern that occurs in the plurality of time stamped events is the same or similar to one or more registered event patterns, the one or more registered event patterns indicative of performance aspects of the one or more information technology systems;
  
  generating, based upon identification of one or more registered event patterns of the one or more registered event patterns that are the same or similar to the event pattern, a visualization representing one or more information technology systems of the one or more information technology systems that generated events associated with the event pattern;
  
  generating within the visualization a control tool, wherein interaction with the control tool triggers;
  
  retrieving events by searching the plurality of time stamped events for events surrounding the event pattern; and
  
  replaying the retrieved events; and
  
  generating within the visualization a representation of the replaying of events surrounding the event pattern.
- View Dependent Claims (15, 16, 20)
- - 15. The one or more non-transitory storage media of claim 14, wherein the instructions when executed by the one or more computing devices, further cause:
    - based on user input, replaying, within the visualization, events among the plurality of events surrounding the event pattern within a replay period.
  - 16. The one or more non-transitory storage media of claim 14, wherein the analyzing the plurality of time stamped events is used to discover an occurrence of an abnormal condition.
  - 20. The one or more non-transitory storage media of claim 14, wherein the analyzing the plurality of time stamped events includes determining that the event pattern occurred during a limited-duration time window associated with the one or more registered event patterns using time stamps of two or more events from the plurality of time stamped events that, together, form the event pattern.

17. An apparatus, comprising:
- an event creation device, implemented at least partially in hardware, that creates a plurality of time stamped events from data received from one or more information technology systems;
  
  an event analysis device, implemented at least partially in hardware, that analyzes the plurality of time stamped events to identify whether an event pattern that occurs in the plurality of time stamped events is the same or similar to one or more registered event patterns, the one or more registered event patterns indicative of performance aspects of the one or more information technology systems;
  
  a display formatter, implemented at least partially in hardware, that generates, based upon identification of one or more registered event patterns of the one or more registered event patterns that are the same or similar to the event pattern, a visualization representing one or more information technology systems of the one or more information technology systems that generated events associated with the event pattern;
  
  wherein the display formatter generates within the visualization a control tool, wherein interaction with the control tool triggers the display formatter to retrieve events by searching the plurality of time stamped events for events surrounding the event pattern, and replay the retrieved events; and
  
  wherein the display formatter generates within the visualization a representation of the replaying of events surrounding the event pattern.
- View Dependent Claims (18, 19)
- - 18. The apparatus of claim 17, wherein the display formatter based on user input, replays, within the visualization, events among the plurality of events surrounding the event pattern within a replay period.
  - 19. The apparatus of claim 17, wherein the event analysis device analyzes the plurality of time stamped events to discover an occurrence of an abnormal condition.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Splunk Inc.
Original Assignee
Splunk Inc.
Inventors
Noel, Cary Glen, Pakkirisamy, Kirubakaran, Raitz, Alex, Tsai, Pierre
Primary Examiner(s)
Brown, Sheree N

Application Number

US15/224,654
Publication Number

US 20160342454A1
Time in Patent Office

1,423 Days
Field of Search

707741
US Class Current
CPC Class Codes

G06F 11/0709   in a distributed system con...

G06F 11/0712   in a virtual computing plat...

G06F 11/0721   within a central processing...

G06F 11/0751   Error or fault detection no...

G06F 11/0769   Readable error formats, e.g...

G06F 11/0787   Storage of error reports, e...

G06F 11/079   Root cause analysis, i.e. e...

G06F 9/542   Event management; Broadcast...

G06N 5/022   Knowledge engineering; Know...

G06N 5/048   Fuzzy inferencing

Generating notification visualizations based on event pattern matching

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

48 Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Generating notification visualizations based on event pattern matching

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

48 Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links