Automatic log sensor tuning
First Claim
Patent Images
1. A computer program product comprising software stored on a computer-readable storage medium, the software comprising:
- first program instructions programmed to identify first machine data from a first enterprise component by a first sensor in a collection framework, the first sensor tuned to a first setting for identifying the first machine data;
second program instructions programmed to process at least a portion of the first machine data by a first collector in the collection framework, having a first configuration, to generate first collected machine data, the first collector configured to distribute the first collected machine data to a search cluster;
third program instructions programmed to, responsive to an alert condition, generate a piped HTTP request for performing analytics on a set of collected machine data in the search cluster including the first collected machine data;
fourth program instructions programmed to receive a single threaded piped HTTP response to the piped HTTP request as analytics output;
fifth program instructions programmed to determine a second configuration for the first collector responsive to the analytics output;
sixth program instructions programmed to execute a sync instruction to the first collector to replace the first configuration of the first collector with the second configuration;
seventh program instructions programmed to receive a second machine data from the first sensor; and
eighth program instructions programmed to process at least a portion of the second machine data according to the second configuration of the first collector to generate second collected machine data;
wherein;
the second collected machine data includes event-specific data determined to be relevant by the performing analytics on the set of collected machine data.
1 Assignment
0 Petitions
Accused Products
Abstract
A process for automatic tuning a set of collectors and/or sensors includes: collecting first machine data by a first sensor in a collection framework, processing the first machine data by a first collector in the collection framework to yield first collected machine data, performing analytics on the first collected machine data to generate analytics output, and tuning, based, at least in part, on the analytics output, at least one of the following: the first sensor and the first collector.
-
Citations
10 Claims
-
1. A computer program product comprising software stored on a computer-readable storage medium, the software comprising:
-
first program instructions programmed to identify first machine data from a first enterprise component by a first sensor in a collection framework, the first sensor tuned to a first setting for identifying the first machine data; second program instructions programmed to process at least a portion of the first machine data by a first collector in the collection framework, having a first configuration, to generate first collected machine data, the first collector configured to distribute the first collected machine data to a search cluster; third program instructions programmed to, responsive to an alert condition, generate a piped HTTP request for performing analytics on a set of collected machine data in the search cluster including the first collected machine data; fourth program instructions programmed to receive a single threaded piped HTTP response to the piped HTTP request as analytics output; fifth program instructions programmed to determine a second configuration for the first collector responsive to the analytics output; sixth program instructions programmed to execute a sync instruction to the first collector to replace the first configuration of the first collector with the second configuration; seventh program instructions programmed to receive a second machine data from the first sensor; and eighth program instructions programmed to process at least a portion of the second machine data according to the second configuration of the first collector to generate second collected machine data; wherein; the second collected machine data includes event-specific data determined to be relevant by the performing analytics on the set of collected machine data. - View Dependent Claims (2, 3, 7, 9)
-
-
4. A computer system comprising:
-
a processor set; and a software storage device; wherein; the processor set is structured, located, connected and/or programmed to run software stored on the software storage device; and the software comprises; first program instructions programmed to identify first machine data from a first enterprise component by a first sensor in a collection framework, the first sensor tuned to a first setting for identifying the first machine data; second program instructions programmed to process at least a portion of the first machine data by a first collector in the collection framework to generate first collected machine data, the first collector configured to distribute the first collected machine data to a search cluster; third program instructions programmed to, responsive to an alert condition, generate a piped HTTP request for performing analytics on a set of collected machine data in the search cluster including the first collected machine data; fourth program instructions programmed to receive a single threaded piped HTTP response to the piped HTTP request as analytics output; fifth program instructions programmed to determine a second configuration for the first collector responsive to the analytics output; sixth program instructions programmed to execute a sync instruction to the first collector to replace the first configuration of the first collector with the second configuration; seventh program instructions programmed to receive a second machine data from the first sensor; and eighth program instructions programmed to process at least a portion of the second machine data according to the second configuration of the first collector to generate a second collected machine data; wherein; the second collected machine data includes event-specific data determined to be relevant by the performing analytics on the set of collected machine data. - View Dependent Claims (5, 6, 8, 10)
-
Specification