TRANSFORMING EVENT DATA USING REMOTE CAPTURE AGENTS AND TRANSFORMATION SERVERS
First Claim
1. A computer-implemented method performed by a configuration server coupled to a network, the method comprising:
- receiving input specifying;
at least one first setting related to generation of an event stream by at least one remote capture agent, the event stream including timestamped event data generated from network packets to be monitored by the at least one remote capture agent,at least one second setting related to transformation, by a transformation server that is separate from the at least one remote capture agent, of the timestamped event data of the event stream into transformed timestamped event data, andat least one third setting instructing the at least one remote capture agent to send the timestamped event data of the event stream to the transformation server;
generating configuration information based on the at least one first setting, the at least one second setting, and the at least one third setting; and
sending at least a portion of the configuration information to the at least one remote capture agent, the configuration information causing the at least one remote capture agent to generate the event stream and to send the generated event stream to the transformation server.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosed embodiments provide a method and system for processing network data. During operation, the system obtains, at a remote capture agent, configuration information for the remote capture agent from a configuration server over a network. Next, the system uses the configuration information to configure the generation of event data from network data obtained from network packets at the remote capture agent. The system then uses the configuration information to configure transformation of the event data or the network data into transformed event data at the remote capture agent.
107 Citations
30 Claims
-
1. A computer-implemented method performed by a configuration server coupled to a network, the method comprising:
-
receiving input specifying; at least one first setting related to generation of an event stream by at least one remote capture agent, the event stream including timestamped event data generated from network packets to be monitored by the at least one remote capture agent, at least one second setting related to transformation, by a transformation server that is separate from the at least one remote capture agent, of the timestamped event data of the event stream into transformed timestamped event data, and at least one third setting instructing the at least one remote capture agent to send the timestamped event data of the event stream to the transformation server; generating configuration information based on the at least one first setting, the at least one second setting, and the at least one third setting; and sending at least a portion of the configuration information to the at least one remote capture agent, the configuration information causing the at least one remote capture agent to generate the event stream and to send the generated event stream to the transformation server. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. An apparatus, comprising:
-
one or more processors; a non-transitory computer-readable storage medium coupled to the one or more processors, the computer-readable storage medium storing instructions which, when executed by the one or more processors, causes the apparatus to; receive input specifying; at least one first setting related to generation of an event stream by at least one remote capture agent, the event stream including timestamped event data generated from network packets to be monitored by the at least one remote capture agent, at least one second setting related to transformation, by a transformation server that is separate from the at least one remote capture agent, of the timestamped event data of the event stream into transformed timestamped event data, and at least one third setting instructing the at least one remote capture agent to send the timestamped event data of the event stream to the transformation server; generate configuration information based on the at least one first setting, the at least one second setting, and the at least one third setting; and send at least a portion of the configuration information to the at least one remote capture agent, the configuration information causing the at least one remote capture agent to generate the event stream and to send the generated event stream to the transformation server. - View Dependent Claims (20, 21, 22, 23, 24)
-
-
25. A non-transitory computer-readable storage medium storing instructions which, when executed by a processor, cause the processor to perform operations comprising:
-
receiving input specifying; at least one first setting related to generation of an event stream by at least one remote capture agent, the event stream including timestamped event data generated from network packets to be monitored by the at least one remote capture agent, at least one second setting related to transformation, by a transformation server that is separate from the at least one remote capture agent, of the timestamped event data of the event stream into transformed timestamped event data, and at least one third setting instructing the at least one remote capture agent to send the timestamped event data of the event stream to the transformation server; generating configuration information based on the at least one first setting, the at least one second setting, and the at least one third setting; and sending at least a portion of the configuration information to the at least one remote capture agent, the configuration information causing the at least one remote capture agent to generate the event stream and to send the generated event stream to the transformation server. - View Dependent Claims (26, 27, 28, 29, 30)
-
Specification