Time series search engine
First Claim
Patent Images
1. A computer-implemented method for time searching data, comprising:
- receiving time series data streams from an information processing environment that includes a plurality of servers;
organizing the time series data stream for subsequent searching by performing actions, including;
determining at least one domain that corresponds to data in the time series data streams, wherein data in the time series data streams is aggregated based on at least the one determined domain;
time stamping the time series data streams to create at least one time stamped event that includes at least a portion of aggregated data from the time series data streams, wherein the time stamped event represents a statistic and a pattern of behavior;
employing at least one feature of the included aggregated data to determine at least one boundary for each time stamped event;
segmenting each time stamped event into a plurality of segments, wherein a segment is a substring of event text;
time indexing the time stamped events to create time bucketed indices based on the time stamps and segments; and
receiving a time series search request; and
executing the time series search request at least in part by searching the time bucketed indices.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.
-
Citations
33 Claims
-
1. A computer-implemented method for time searching data, comprising:
-
receiving time series data streams from an information processing environment that includes a plurality of servers; organizing the time series data stream for subsequent searching by performing actions, including; determining at least one domain that corresponds to data in the time series data streams, wherein data in the time series data streams is aggregated based on at least the one determined domain; time stamping the time series data streams to create at least one time stamped event that includes at least a portion of aggregated data from the time series data streams, wherein the time stamped event represents a statistic and a pattern of behavior; employing at least one feature of the included aggregated data to determine at least one boundary for each time stamped event; segmenting each time stamped event into a plurality of segments, wherein a segment is a substring of event text; time indexing the time stamped events to create time bucketed indices based on the time stamps and segments; and receiving a time series search request; and executing the time series search request at least in part by searching the time bucketed indices. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24)
-
-
25. An apparatus for a time series search engine for time searching data, comprising:
-
a memory for storing data and instructions; a processor for executing instructions that perform actions, including; receiving time series data streams from an information processing environment that includes a plurality of servers; organizing the time series data stream for subsequent searching by performing actions, including; determining at least one domain that corresponds to data in the time series data streams, wherein data in the time series data streams is aggregated based on at least the one determined domain; time stamping the time series data streams to create at least one time stamped event that includes at least a portion of aggregated data from the time series data streams, wherein the time stamped event represents a statistic and a pattern of behavior; employing at least one feature of the included aggregated data to determine at least one boundary for each time stamped event; segmenting each time stamped event into a plurality of segments, wherein a segment is a substring of event text; time indexing the time stamped events to create time bucketed indices based on the time stamps and segments; and receiving a time series search request; and executing the time series search request at least in part by searching the time bucketed indices. - View Dependent Claims (26, 27, 28, 29, 30, 31, 32)
-
-
33. A computer program product for time searching data, the computer program product stored on a non-transitory computer readable storage medium and including instructions for causing a computer system to execute a method for time searching data, the method comprising the actions of:
-
receiving time series data streams from an information processing environment that includes a plurality of servers; organizing the time series data stream for subsequent searching by performing actions, including; determining at least one domain that corresponds to data in the time series data streams, wherein data in the time series data streams is aggregated based on at least the one determined domain; time stamping the time series data streams to create at least one time stamped event that includes at least a portion of aggregated data from the time series data streams, wherein the time stamped event represents a statistic and a pattern of behavior; employing at least one feature of the included aggregated data to determine at least one boundary for each time stamped event; segmenting each time stamped event into a plurality of segments, wherein a segment is a substring of event text; time indexing the time stamped events to create time bucketed indices based on the time stamps and segments; and receiving a time series search request; and executing the time series search request at least in part by searching the time bucketed indices.
-
Specification