Statistics time chart interface row mode drill down

US 9,921,730 B2
Filed: 10/28/2014
Issued: 03/20/2018
Est. Priority Date: 10/05/2014
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

generating a set of events responsive to a search query, each event comprising a timestamp and a portion of raw machine data that reflects activity in an information technology environment of at least one computing system;

causing display of a first interface in a tabular format that includes one or more rows, each row comprising;

a time increment corresponding to a plurality of the events that each have a field-value pair matching a particular event field; and

one or more aggregated metrics, wherein each aggregated metric of a particular row indicates a number of events included in a subset of the plurality of the events that each occurred within the time increment of the particular row and has a particular value in the particular event field; and

in response to a user selection of at least a row of the one or more rows, causing transition to a second interface associated with the row.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

In embodiments of statistics time chart interface row mode drill down, a first interface is displayed in a table format that includes columns each having a column heading comprising a different value, each different value associated with a particular event field, and includes rows each with a time increment and one or more aggregated metrics, each aggregated metric representing a number of events having a field-value pair that matches the different value represented in one of the columns and within the time increment over which the aggregated metric is calculated. A row that includes the time increment and the aggregated metrics can be emphasized in the first interface, and in response, a menu is displayed with selectable options to transition to a second interface based on a selected one of the options.

112 Citations

31 Claims

1. A method, comprising:
- generating a set of events responsive to a search query, each event comprising a timestamp and a portion of raw machine data that reflects activity in an information technology environment of at least one computing system;
  
  causing display of a first interface in a tabular format that includes one or more rows, each row comprising;
  
  a time increment corresponding to a plurality of the events that each have a field-value pair matching a particular event field; and
  
  one or more aggregated metrics, wherein each aggregated metric of a particular row indicates a number of events included in a subset of the plurality of the events that each occurred within the time increment of the particular row and has a particular value in the particular event field; and
  
  in response to a user selection of at least a row of the one or more rows, causing transition to a second interface associated with the row.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 2. The method as recited in claim 1, wherein each aggregated metric comprises a statistics value displayed in the row comprising the aggregated metric.
  - 3. The method as recited in claim 1, wherein the second interface displays a listing of the plurality of the events corresponding to the time increment.
  - 4. The method as recited in claim 1, wherein the second interface corresponds to the time increment in the selected row, the second interface comprising an instance of the tabular format in which the time increment for each row of a plurality of rows is a respective sub range of the time increment of the selected row of the first interface.
  - 5. The method as recited in claim 1, further comprising determining the plurality of the events for the row based on the timestamp of each event of the plurality of the events falling within the time increment of the row.
  - 6. The method as recited in claim 1, wherein aggregated metric for each row comprises a count of how many events in the set of events both fall within the time increment and have the particular value in the particular event field, the count being displayed in the row.
  - 7. The method as recited in claim 1, wherein the tabular format comprises a plurality of columns, each column corresponding to a different value of the particular event field, and the one or more aggregated metrics of each row include a corresponding aggregated metric for each of the columns.
  - 8. The method as recited in claim 1, wherein the one or more rows include a plurality of rows, the time increment of each row corresponding to a different time range.
  - 9. The method as recited in claim 1, wherein the user selection comprises selecting an option in a menu of options corresponding to the selected row, the options displayed in the menu including a view events option that is selectable to cause the second interface to display a listing of events that includes only events corresponding to the time increment of the selected row.
  - 10. The method as recited in claim 1, wherein the user selection comprises selecting an option in a menu of options corresponding to the selected row, the options displayed in the menu including a narrow time range option that is selectable to cause the second interface to include an instance of the tabular format in which the time increment for each row of a plurality of rows is a respective sub range of the time increment of the selected row of the first interface.
  - 11. The method as recited in claim 1, wherein the particular event field is included in the tabular format based on being specified in the search query and the search query is in a pipelined search language.
  - 12. The method as recited in claim 1, wherein the user selection comprises selecting an option in a menu corresponding to the selected row, the menu displaying a time duration that encompasses the time increment corresponding to the selected row.
  - 13. The method as recited in claim 1, where the user selection uses an input pointer and the method further comprises:
    - emphasizing the selected row responsive to detection of the input pointer over any of the one or more aggregated metrics or the time increment in the selected row.
  - 14. The method as recited in claim 1, wherein the tabular format comprises a plurality of columns corresponding to the particular event field, and a different value of the particular event field is used as a respective column heading for each column.
  - 15. The method as recited in claim 1, wherein the aggregated metric of the row is displayed in a cell that does not display any value of any event in the set of events and the cell corresponds to only the row of the one or more rows.
  - 16. The method as recited in claim 1, wherein the generating the set of events uses a search that applies a late-binding schema to the portion of raw machine data of the events.
  - 17. The method as recited in claim 1, wherein the method further comprises extracting the particular event field from the portion of raw machine data for each event of the subset of the plurality of the events.
  - 18. The method as recited in claim 1, further comprising:
    - calculating the one or more metrics for each of the one or more rows based on the generated set of events responsive to the search query; and
      
      causing the display of the first interface based on the calculated one or more metrics for each of the one or more rows.

19. A computer-implemented system, comprising:
- one or more processors; and
  
  one or more computer-readable media having executable instructions embodied thereon, which, when executed by the one or more processors, cause the one or more processors to perform a method comprising;
  
  generating a set of events responsive to a search query, each event comprising a timestamp and a portion of raw machine data that reflects activity in an information technology environment of at least one computing system;
  
  causing display of a first interface in a tabular format that includes one or more rows, each row comprising;
  
  a time increment corresponding to a plurality of the events that each have a field-value pair matching a particular event field; and
  
  one or more aggregated metrics, wherein each aggregated metric of a particular row indicates a number of events included in a subset of the plurality of the events that each occurred within the time increment of the particular row and has a particular value in the particular event field; and
  
  in response to a user selection of at least a row of the one or more rows, causing transition to a second interface associated with the row.
- View Dependent Claims (20, 21, 22, 23, 24, 25)
- - 20. The system as recited in claim 19, wherein the second interface displays a listing of the plurality of the events corresponding to the time increment.
  - 21. The system as recited in claim 19, wherein the second interface corresponds to the time increment in the selected row, the second interface comprising an instance of the tabular format in which the time increment for each row of a plurality of rows is a respective sub range of the time increment of the selected row of the first interface.
  - 22. The system as recited in claim 19, wherein the aggregated metric for each row comprises a count of how many events in the set of events both fall within the time increment and have the particular value in the particular event field, the count being displayed in the row.
  - 23. The system as recited in claim 19, further comprising determining the plurality of the events for the row based on the timestamp of each event of the plurality of the events falling within the time increment of the row.
  - 24. The system as recited in claim 19, wherein the particular event field is included in the tabular format based on being specified in the search query and the search query is in a pipelined search language.
  - 25. The system as recited in claim 19, wherein the user selection comprises selecting an option in a menu corresponding to the selected row, the menu displaying a time duration that encompasses the time increment corresponding to the selected row.

26. One or more computer-readable, non-volatile storage memory comprising stored instructions that are executable to cause one or more processors to perform operations comprising:
- generating a set of events responsive to a search query, each event comprising a timestamp and a portion of raw machine data that reflects activity in an information technology environment of at least one computing system;
  
  causing display of a first interface in a tabular format that includes one or more rows, each row comprising;
  
  a time increment corresponding to a plurality of the events that each have a field-value pair matching a particular event field; and
  
  one or more aggregated metrics, wherein each aggregated metric of a particular indicates a number of events included in a subset of the plurality of the events that each occurred within the time increment of the particular row and has a particular value in the particular event field; and
  
  in response to a user selection of at least a row of the one or more rows, causing transition to a second interface associated with the row.
- View Dependent Claims (27, 28, 29, 30, 31)
- - 27. The one or more computer-readable, non-volatile storage memory as recited in claim 26, wherein the second interface displays a listing of the plurality of the events corresponding to the time increment.
  - 28. The one or more computer-readable, non-volatile storage memory as recited in claim 26, wherein the second interface corresponds to the time increment in the selected row, the second interface comprising an instance of the tabular format in which the time increment for each row of a plurality of rows is a respective sub range of the time increment of the selected row of the first interface.
  - 29. The one or more computer-readable, non-volatile storage memory as recited in claim 26, wherein the aggregated metric for each row comprises a count of how many events in the set of events both fall within the time increment and have the particular value in the particular event field, the count being displayed in the row.
  - 30. The one or more computer-readable, non-volatile storage memory as recited in claim 26, wherein the particular event field is included in the tabular format based on being specified in the search query and the search query is in a pipelined search language.
  - 31. The one or more computer-readable, non-volatile storage memory as recited in claim 26, wherein the user selection comprises selecting an option in a menu corresponding to the selected row, the menu displaying a time duration that encompasses the time increment corresponding to the selected row.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Splunk Inc.
Original Assignee
Splunk Inc.
Inventors
Burke, Cory Eugene, Feeney, Katherine Kyle, Lamas, Divanny I., Robichaud, Marc Vincent, Ness, Matthew G., Lee, Clara E.
Primary Examiner(s)
Baderman, Scott
Assistant Examiner(s)
Mrabi, Hassan

Application Number

US14/526,454
Publication Number

US 20160098384A1
Time in Patent Office

1,239 Days
Field of Search

715227
US Class Current
CPC Class Codes

G06F 16/221   Column-oriented storage; Ma...

G06F 16/242   Query formulation

G06F 16/2425   Iterative querying; Query f...

G06F 16/2455   Query execution

G06F 16/248   Presentation of query results

G06F 16/252   between a Database Manageme...

G06F 16/951   Indexing; Web crawling tech...

G06F 3/0482   Interaction with lists of s...

G06F 3/04842   Selection of displayed obje...

G06F 3/04847   Interaction techniques to c...

G06F 40/18   of spreadsheets form-fillin...

G06F 9/451   Execution arrangements for ...

G06V 10/22   by selection of a specific ...

Statistics time chart interface row mode drill down

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

112 Citations

31 Claims

Specification

Solutions

Use Cases

Quick Links

Statistics time chart interface row mode drill down

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

112 Citations

31 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links