GROUPING AND MANAGING EVENT STREAMS GENERATED FROM CAPTURED NETWORK DATA

US 20150293954A1
Filed: 01/30/2015
Published: 10/15/2015
Est. Priority Date: 04/15/2014
Status: Active Grant

First Claim

Patent Images

1. A method for facilitating the processing of network data, comprising:

causing for display, on a computer system, a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents;

causing for display, in the GUI, a first set of user-interface elements for specifying a grouping of a set of event streams containing the time-series event data by an event stream attribute associated with the event streams; and

causing for display, in the GUI, a second set of user-interface elements comprising event stream information for one or more subsets of the event streams represented by the grouping of the event streams by the event stream attribute.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements for specifying a grouping of a set of event streams containing the time-series event data by an event stream attribute associated with the event streams. The system then causes for display, in the GUI, a second set of user-interface elements containing event stream information for one or more subsets of the event streams represented by the grouping of the event streams by the event stream attribute.

Citations

30 Claims

1. A method for facilitating the processing of network data, comprising:
- causing for display, on a computer system, a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents;
  
  causing for display, in the GUI, a first set of user-interface elements for specifying a grouping of a set of event streams containing the time-series event data by an event stream attribute associated with the event streams; and
  
  causing for display, in the GUI, a second set of user-interface elements comprising event stream information for one or more subsets of the event streams represented by the grouping of the event streams by the event stream attribute.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19)
- - 2. The method of claim 1, wherein causing for display the second set of user-interface elements comprising the event stream information for the one or more subsets of the event streams represented by the grouping of the event streams by the event stream attribute comprises:
    - causing for display one or more values of the event stream attribute; and
      
      grouping the displayed event stream information into the one or more subsets of the event streams based on the one or more values of the event stream attribute.
  - 3. The method of claim 1, wherein causing for display the second set of user-interface elements comprising the event stream information for the one or more subsets of the event streams represented by the grouping of the event streams by the event stream attribute comprises:
    - causing for display one or more values of a first event stream attribute and one or more values of a second event stream attribute;
      
      grouping the displayed event stream information into the one or more subsets of the event streams based on the one or more values of the first event stream attribute; and
      
      for each value from the one or more values of the first event stream attribute, further grouping the displayed event stream information into one or more additional subsets of the event streams based on the one or more values of the second event stream attribute.
  - 4. The method of claim 1, wherein the event stream attribute is selected from:
    - a category of an event stream;
      
      a protocol used by the network packets;
      
      an application used to create the event stream; and
      
      an event stream lifecycle of the event stream.
  - 5. The method of claim 1,wherein the event stream attribute is a category of an event stream, andwherein a value of the category is at least one of:
    - web;
      
      infrastructure;
      
      networking;
      
      file transfer;
      
      email;
      
      messaging;
      
      authentication;
      
      database;
      
      telephony;
      
      network management; and
      
      a user-created value.
  - 6. The method of claim 1,wherein the event stream attribute is a protocol used by the network packets, andwherein the protocol is at least one of:
    - a transport layer protocol;
      
      a session layer protocol;
      
      a presentation layer protocol; and
      
      an application layer protocol.
  - 7. The method of claim 1,wherein the event stream attribute is an application used to create an event stream, andwherein a value of the event stream attribute comprises a name of the application.
  - 8. The method of claim 1,wherein the event stream attribute is an event stream lifecycle of an event stream, andwherein the event stream lifecycle is permanent or ephemeral.
  - 9. The method of claim 1,wherein the event stream attribute is a permanent event stream lifecycle of an event stream, andwherein the event stream information comprises at least one of:
    - a name;
      
      a type;
      
      a protocol;
      
      an application;
      
      a description; and
      
      a status.
  - 10. The method of claim 1,wherein the event stream attribute is an ephemeral event stream lifecycle of an event stream, andwherein the event stream information comprises at least one of:
    - a name;
      
      a number of event streams;
      
      an application;
      
      a start time;
      
      an end time;
      
      a time remaining; and
      
      a status.
  - 11. The method of claim 1, wherein the event stream information comprises a graph of a metric associated with the time-series event data.
  - 12. The method of claim 1,wherein the second set of user-interface elements further comprise one or more user-interface elements for managing the event streams, andwherein managing the event stream comprises at least one of:
    - cloning a new event stream from an existing event stream;
      
      creating an event stream;
      
      deleting the event stream;
      
      enabling the event stream;
      
      disabling the event stream; and
      
      modifying an end time of the event stream.
  - 13. The method of claim 1, further comprising:
    - sorting the event stream information for the one or more subsets of the event streams represented by the grouping of the event streams by the event stream attribute.
  - 14. The method of claim 1, further comprising:
    - sorting the event stream information for the one or more subsets of the event streams represented by the grouping of the event streams by the event stream attribute,wherein the event stream information is sorted by at least one of;
      
      a name;
      
      a type;
      
      a protocol;
      
      an application;
      
      a description;
      
      a status; and
      
      a metric associated with the time-series event data in the event streams.
  - 15. The method of claim 1, further comprising:
    - causing for display, in the GUI, a user-interface element for performing a search of the event streams.
  - 16. The method of claim 1, wherein events in the event streams are searchable by a late-binding schema.
  - 17. The method of claim 1, further comprising:
    - causing for display, in the GUI, a third set of user-interface elements for managing an ephemeral event stream in the set of event streams, wherein managing the ephemeral event stream comprises at least one of;
      
      modifying an end time for terminating the capture of time-series event data in the ephemeral event stream;
      
      disabling the ephemeral event stream; and
      
      deleting the ephemeral event stream.
  - 18. The method of claim 1, further comprising:
    - causing for display, in the GUI, a set of graphs of a metric associated with the time-series event data in the one or more subsets of the event streams.
  - 19. The method of claim 1, further comprising:
    - causing for display, in the GUI, a set of graphs of a metric associated with the time-series event data in the one or more subsets of the event streams;
      
      aggregating the metric across the one or more subsets of the event streams; and
      
      causing for display, within the GUI, a graph of the aggregated metric across the one or more subsets of the event streams.

20. An apparatus, comprising:
- one or more processors; and
  
  memory storing instructions that, when executed by the one or more processors, cause the apparatus to;
  
  cause for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents;
  
  cause for display, in the GUI, a first set of user-interface elements for specifying a grouping of a set of event streams containing the time-series event data by an event stream attribute associated with the event streams; and
  
  cause for display, in the GUI, a second set of user-interface elements comprising event stream information for one or more subsets of the event streams represented by the grouping of the event streams by the event stream attribute.
- View Dependent Claims (21, 22, 23, 24, 25, 26, 27)
- - 21. The apparatus of claim 20, wherein causing for display the second set of user-interface elements comprising the event stream information for the one or more subsets of the event streams represented by the grouping of the event streams by the event stream attribute comprises:
    - causing for display one or more values of the event stream attribute; and
      
      grouping the displayed event stream information into the one or more subsets of the event streams based on the one or more values of the event stream attribute.
  - 22. The apparatus of claim 20, wherein causing for display the second set of user-interface elements comprising the event stream information for the one or more subsets of the event streams represented by the grouping of the event streams by the event stream attribute comprises:
    - causing for display one or more values of a first event stream attribute and one or more values of a second event stream attribute;
      
      grouping the displayed event stream information into the one or more subsets of the event streams based on the one or more values of the first event stream attribute; and
      
      for each value from the one or more values of the first event stream attribute, further grouping the displayed event stream information into one or more additional subsets of the event streams based on the one or more values of the second event stream attribute.
  - 23. The apparatus of claim 20,wherein the event stream attribute is a category of an event stream, andwherein a value of the category is at least one of:
    - web;
      
      infrastructure;
      
      networking;
      
      file transfer;
      
      email;
      
      messaging;
      
      authentication;
      
      database;
      
      telephony;
      
      network management; and
      
      a user-created value.
  - 24. The apparatus of claim 20,wherein the event stream attribute is a protocol used by the network packets, andwherein the protocol is at least one of:
    - a transport layer protocol;
      
      a session layer protocol;
      
      a presentation layer protocol; and
      
      an application layer protocol.
  - 25. The apparatus of claim 20,wherein the event stream attribute is a permanent event stream lifecycle of an event stream, andwherein the event stream information comprises at least one of:
    - a name;
      
      a type;
      
      a protocol;
      
      an application;
      
      a description; and
      
      a status.
  - 26. The apparatus of claim 20,wherein the event stream attribute is an ephemeral event stream lifecycle of an event stream, andwherein the event stream information comprises at least one of:
    - a name;
      
      a number of event streams;
      
      an application;
      
      a start time;
      
      an end time;
      
      a time remaining; and
      
      a status.
  - 27. The apparatus of claim 20,wherein the second set of user-interface elements further comprise one or more user-interface elements for managing the event streams, andwherein managing the event stream comprises at least one of.cloning a new event stream from an existing event stream;
    - creating an event stream;
      
      deleting the event stream;
      
      enabling the event stream;
      
      disabling the event stream; and
      
      modifying an end time of the event stream.

28. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for facilitating the processing of network data, the method comprising:
- causing for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents;
  
  causing for display, in the GUI, a first set of user-interface elements for specifying a grouping of a set of event streams containing the time-series event data by an event stream attribute associated with the event streams; and
  
  causing for display, in the GUI, a second set of user-interface elements comprising event stream information for one or more subsets of the event streams represented by the grouping of the event streams by the event stream attribute.
- View Dependent Claims (29, 30)
- - 29. The non-transitory computer-readable storage medium of claim 28, wherein causing for display the second set of user-interface elements comprising the event stream information for the one or more subsets of the event streams represented by the grouping of the event streams by the event stream attribute comprises:
    - causing for display one or more values of the event stream attribute; and
      
      grouping the displayed event stream information into the one or more subsets of the event streams based on the one or more values of the event stream attribute.
  - 30. The non-transitory computer-readable storage medium of claim 28, wherein the event stream attribute is a category of an event stream, andwherein a value of the category is at least one of:
    - web;
      
      infrastructure;
      
      networking;
      
      file transfer;
      
      email;
      
      messaging;
      
      authentication;
      
      database;
      
      telephony;
      
      network management; and
      
      a user-created value.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Splunk Inc. (Cisco Systems, Inc.)
Original Assignee
Splunk Inc. (Cisco Systems, Inc.)
Inventors
Hsiao, Fang I., Ching, Clayton S., Dickey, Michael R., Shcherbakov, Vladimir A., Teredesai, Nishant, Noel, Cary Glen

Granted Patent

US 10,360,196 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 16/22   Indexing; Data structures t...

G06F 16/24568   Data stream processing; Con...

H04L 65/60   Network streaming of media ...

GROUPING AND MANAGING EVENT STREAMS GENERATED FROM CAPTURED NETWORK DATA

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

GROUPING AND MANAGING EVENT STREAMS GENERATED FROM CAPTURED NETWORK DATA

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links