SCALABLE INTERACTIVE DISPLAY OF DISTRIBUTED DATA
1 Assignment
0 Petitions
Accused Products
Abstract
A method, system, and processor-readable storage medium are directed towards generating a report derived from data, such as event data, stored on a plurality of distributed nodes. In one embodiment the analysis is generated using a “divide and conquer” algorithm, such that each distributed node analyzes locally stored event data while an aggregating node combines these analysis results to generate the report. In one embodiment, each distributed node also transmits a list of event data references associated with the analysis result to the aggregating node. The aggregating node may then generate a global ordered list of data references based on the list of event data references received from each distributed node. Subsequently, in response to a user selection of a range of global event data, the report may dynamically retrieve event data from one or more distributed nodes for display according to the global order.
34 Citations
40 Claims
-
1-20. -20. (canceled)
-
21. A computer-implemented method, comprising:
-
maintaining a plurality of distributed machines, wherein each distributed machine has access to search a subgroup of a stored set of events, and wherein each event is associated with a timestamp; receiving a query including a criterion for searching the set of events; directing the plurality of distributed machines to search, in respective subgroups to which they have access, for events responsive to the query; receiving from the distributed machines information about values for a field that are extracted from the events responsive to the query; synthesizing the information about the values for the field to determine a number corresponding to how many unique values exist for the field in the events responsive to the query; displaying a field name representing the field; and displaying, in association with the field name, the number corresponding to how many unique values exist for the field. - View Dependent Claims (22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
-
36. A computer-implemented system, comprising:
-
one or more processors; and one or more non-transitory computer-readable storage mediums containing instructions configured to cause the one or more processors to perform operations including; maintaining a plurality of distributed machines, wherein each distributed machine has access to search a subgroup of a plurality of subgroups of a set of events, each event being associated with a timestamp; receiving a query including a criterion for searching the set of events; directing the plurality of distributed machines to search, in respective subgroups to which they have access, for events responsive to the query; receiving from the distributed machines information about values for a field extracted from the events responsive to the query; synthesizing the information about the values for the field to determine a number corresponding to how many unique values exist for the field in the events responsive to the query; displaying a field name representing the field; and displaying in association with the field name the number corresponding to how many unique values exist for the field. - View Dependent Claims (37, 38)
-
-
39. A computer-program product, tangibly embodied in a non-transitory machine-readable storage medium, including instructions configured to cause a data processing apparatus to perform operations, comprising:
-
maintaining a plurality of distributed machines, wherein each distributed machine has access to search a subgroup of a plurality of subgroups of a set of events, each event being associated with a timestamp; receiving a query including a criterion for searching the set of events; directing the plurality of distributed machines to search, in respective subgroups to which they have access, for events responsive to the query; receiving from the distributed machines information about values for a field extracted from the events responsive to the query; synthesizing the information about the values for the field to determine a number corresponding to how many unique values exist for the field in the events responsive to the query; displaying a field name representing the field; and displaying, in association with the field name, the number corresponding to how many unique values exist for the field. - View Dependent Claims (40)
-
Specification