Inline visualizations of metrics related to captured network data
First Claim
1. A method performed by a computer-implemented component of an event-processing system, the method comprising:
- obtaining, over one or more networks, a plurality of event streams generated by one or more remote capture agents, each event stream of the plurality of event streams including time-series event data generated by the one or more remote capture agents from network packets captured by the one or more remote capture agents;
executing at least one correlation search used to identify notable events in each event stream of the plurality of event streams;
for each event stream of the plurality of event streams, generating a respective time-series for a metric corresponding to a number of notable events identified in the event stream over time based on execution of the at least one correlation search; and
causing display of a graphical user interface (GUI) including, for each event stream of the plurality of event streams;
at least one first interface element displaying event stream information related to the event stream of the plurality of event streams, andat least one second interface element displaying an event stream-specific graph of the respective time-series for the metric associated with the event stream.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system obtains a set of event streams from one or more remote capture agents over one or more networks, wherein the set of event streams comprises time-series event data generated from network packets captured by the one or more remote capture agents. Next, the system causes for display, within a graphical user interface (GUI), a first set of user interface elements, wherein the first set of user interface elements includes event stream information for an event stream in the set of event streams and a first graph of a metric associated with the time-series event data in the event stream. The system then updates the first graph in real-time with the time-series event data from the one or more remote capture agents.
-
Citations
27 Claims
-
1. A method performed by a computer-implemented component of an event-processing system, the method comprising:
-
obtaining, over one or more networks, a plurality of event streams generated by one or more remote capture agents, each event stream of the plurality of event streams including time-series event data generated by the one or more remote capture agents from network packets captured by the one or more remote capture agents; executing at least one correlation search used to identify notable events in each event stream of the plurality of event streams; for each event stream of the plurality of event streams, generating a respective time-series for a metric corresponding to a number of notable events identified in the event stream over time based on execution of the at least one correlation search; and causing display of a graphical user interface (GUI) including, for each event stream of the plurality of event streams; at least one first interface element displaying event stream information related to the event stream of the plurality of event streams, and at least one second interface element displaying an event stream-specific graph of the respective time-series for the metric associated with the event stream. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. An apparatus, comprising:
-
one or more hardware processors; and memory storing instructions that, when executed by the one or more processors, cause the apparatus to; obtain, over one or more networks, a plurality of event streams generated by one or more remote capture agents, each event stream of the plurality of event streams including time-series event data generated by the one or more remote capture agents from network packets captured by the one or more remote capture agents; execute at least one correlation search used to identify notable events in each event stream of the plurality of event streams; for each event stream of the plurality of event streams, generating a respective time-series for a metric corresponding to a number of notable events identified in the event stream over time based on execution of the at least one correlation search; and cause display of a graphical user interface (GUI) including, for each event stream of the plurality of event streams; at least one first interface element displaying event stream information related to the event stream of the plurality of event streams, and at least one second interface element displaying an event stream-specific graph of the respective time-series for the metric associated with the event stream. - View Dependent Claims (16, 17, 18, 19, 20, 21)
-
-
22. A non-transitory computer-readable storage medium storing instructions which, when executed by one or more hardware processors, cause performance of operations comprising:
-
obtaining, over one or more networks, a plurality of event streams generated by one or more remote capture agents, each event stream of the plurality of event streams including time-series event data generated by the one or more remote capture agents from network packets captured by the one or more remote capture agents; executing at least one correlation search used to identify notable events in each event stream of the plurality of event streams; for each event stream of the plurality of event streams, generating a respective time-series for a metric corresponding to a number of notable events identified in the event stream over time based on execution of the at least one correlation search; and causing display of a graphical user interface (GUI) including, for each event stream of the plurality of event streams; at least one first interface element displaying event stream information related to the event stream of the plurality of event streams, and at least one second interface element displaying an event stream-specific graph of the respective time-series for the metric associated with the event stream. - View Dependent Claims (23, 24, 25, 26, 27)
-
Specification