Method and system for inline top N query computation
First Claim
1. A method of processing network events, comprising:
- receiving multiple sets of network events, each set corresponding to a different respective predefined time period and each network event having an associated group of event attributes;
identifying a subset, within each set of network events, whose event attributes satisfy a predefined query;
generating a distinct aggregation result table for each identified subset of network events;
aggregating, in a first aggregation result table, information concerning a first identified subset of network events in accordance with at least one of the event attributes;
aggregating, in a second aggregation result table, information concerning a second identified subset of network events in accordance with the at least one of the event attributes; and
merging the first and second aggregation result tables so as to produce a merged set of results for the predefined query;
wherein the merging further comprises;
identifying a first entry in the first aggregation result table and a second entry in the second aggregation result table, wherein the first entry and the second entry have the same value for the at least one of the event attributes;
generating a new entry in a query result table by combining the first and second entries together;
wherein the method is performed by one or more computing devices.
2 Assignments
0 Petitions
Accused Products
Abstract
A system and method of generating an overall top N query result from multiple sets of sessionized network events that correspond to different time periods include identifying a subset within each set of network events whose event attributes satisfy a predefined query, generating an aggregation result table for each identified subset of network events in accordance with an aggregation attribute, identifying matching first and second entries in first and second aggregation result tables that have a same aggregation attribute value, generating a new entry in a query result table by merging the matching first and second entries together, and selecting entries in the query result table that have highest session counts as the overall top N query result.
69 Citations
35 Claims
-
1. A method of processing network events, comprising:
-
receiving multiple sets of network events, each set corresponding to a different respective predefined time period and each network event having an associated group of event attributes; identifying a subset, within each set of network events, whose event attributes satisfy a predefined query; generating a distinct aggregation result table for each identified subset of network events; aggregating, in a first aggregation result table, information concerning a first identified subset of network events in accordance with at least one of the event attributes; aggregating, in a second aggregation result table, information concerning a second identified subset of network events in accordance with the at least one of the event attributes; and merging the first and second aggregation result tables so as to produce a merged set of results for the predefined query; wherein the merging further comprises; identifying a first entry in the first aggregation result table and a second entry in the second aggregation result table, wherein the first entry and the second entry have the same value for the at least one of the event attributes; generating a new entry in a query result table by combining the first and second entries together; wherein the method is performed by one or more computing devices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A system for processing network events, comprising:
-
one or more central processing units for executing programs; and an interface for receiving network events; and a query analysis engine executable by the one or more central processing units, the query analysis engine further comprising; receiving instructions for receiving multiple sets of the network events via the interface, each set corresponding to a different respective predefined time period and each network event having an associated group of event attributes; an event filter for identifying a subset, within each set of network events, whose event attributes satisfy a predefined query; generation instructions for generating a distinct aggregation result table for each identified subset of network events; aggregation instructions for; aggregating, in a first aggregation result table, information concerning a first identified subset of network events in accordance with at least one of the event attributes; and aggregating, in a second aggregation result table, information concerning a second identified subset of network events in accordance with the at least one of the event attributes; and query result instructions for merging the first and second aggregation result tables so as to produce a merged set of results for the predefined query; wherein the query result instructions further comprise instructions for; identifying a first entry in the first aggregation result table and a second entry in the second aggregation result table, wherein the first entry and the second entry have the same value for the at least one of the event attributes; and generating a new entry in a query result table by combining the first and second entries together. - View Dependent Claims (14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. A computer program product stored in a non-transitory computer-readable storage medium, for use in conjunction with a computer system, comprising:
-
receiving instructions for receiving multiple sets of network events, each set corresponding to a different respective predefined time period and each network event having an associated group of event attributes; an event filter for identifying a subset, within each set of network events, whose event attributes satisfy a predefined query; and generation instructions for generating a distinct aggregation result table for each identified subset of network events; aggregation instructions for;
aggregating, in a first aggregation result table, information concerning a first identified subset of network events in accordance with at least one of the event attributes; andaggregating, in a second aggregation result table, information concerning a second identified subset of network events in accordance with the at least one of the event attributes; and query result instructions for merging the first and second aggregation result tables aggregated information associated with the multiple sets of network events so as to produce a merged set of results for the predefined query; wherein the query result instructions further comprise instructions for; identifying a first entry in the first aggregation result table and a second entry in the second aggregation result table, wherein the first entry and the second entry have the same value for the at least one of the event attributes; and generating a new entry in a query result table by combining the first and second entries together. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32, 33, 34, 35)
-
Specification