QUERY-INITIATED SEARCH ACROSS SEPARATE STORES FOR LOG DATA AND DATA FROM A REAL-TIME MONITORING ENVIRONMENT
First Claim
Patent Images
1. A computer-implemented method for time searching data, comprising:
- obtaining log data generated by at least one component in an information processing environment;
obtaining data that is not log data from a real-time monitoring environment;
storing the log data in a first searchable time series data store;
storing the data obtained from the real-time monitoring environment in a second searchable time series data store;
receiving a search query in a search language; and
based on the search query, searching the log data and the data obtained from the real-time monitoring environment.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.
-
Citations
30 Claims
-
1. A computer-implemented method for time searching data, comprising:
-
obtaining log data generated by at least one component in an information processing environment; obtaining data that is not log data from a real-time monitoring environment; storing the log data in a first searchable time series data store; storing the data obtained from the real-time monitoring environment in a second searchable time series data store; receiving a search query in a search language; and based on the search query, searching the log data and the data obtained from the real-time monitoring environment. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26)
-
-
27. A system comprising:
-
a memory; and a processing device coupled with the memory to; obtain log data generated by at least one component in an information processing environment, obtain data from a real-time monitoring environment, store the log data in a first searchable time series data store, store the data obtained from the real-time monitoring environment in a second searchable time series data store, and receive a search query in a search language, and based on the search query, searching the log data and the data obtained from the real-time monitoring environment. - View Dependent Claims (28)
-
-
29. A non-transitory computer-readable medium encoding instructions thereon that, in response to execution by one or more processing devices, cause the one or more processing devices to perform operations comprising:
-
obtaining log data generated by at least one component in an information processing environment; obtaining data from a real-time monitoring environment; storing the log data in a first searchable time series data store; storing the data obtained from the real-time monitoring environment in a second searchable time series data store; receiving a search query in a search language; and based on the search query, searching the log data and the data obtained from the real-time monitoring environment. - View Dependent Claims (30)
-
Specification