Processing of log data and performance data obtained via an application programming interface (API)

US 10,225,136 B2
Filed: 01/31/2017
Issued: 03/05/2019
Est. Priority Date: 04/30/2013
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

acquiring, by a computer system, a plurality of portions of log data from at least one log file, the portions of log data representing activity of at least one hardware or software component of an information technology (IT) environment;

acquiring, by a computer system, a plurality of performance measurements for a performance metric associated with at least one hardware or software component of the IT environment, wherein said acquiring includes acquiring the plurality of performance measurements via an application programming interface (API) of a third-party software application that collects the performance measurements;

storing, by the computer system, the acquired performance measurements and the acquired portions of log data from the at least one log file;

obtaining a correlation criterion from a user input to a graphical user interface element that enables a user to input a search criterion as said correlation criterion separate from input of a complete search query; and

correlating, by the computer system, at least one of the stored performance measurements with at least one of the stored portions of log data from the at least one log file, based on the correlation criterion, wherein said correlating includesin response to a user-specified search query including the correlation criterion, applying the search query to the stored performance measurements and stored portions of log data,causing display of an indication of a performance measurement that satisfies the correlation criterion, andcausing display of an indication of a portion of log data from the at least one log file, that satisfies the correlation criterion.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed system and method acquire and store performance measurements relating to performance of a component in an information technology (IT) environment and log data produced by the IT environment, in association with corresponding time stamps. The disclosed system and method correlate at least one of the performance measurements with at least one of the portions of log data.

295 Citations

28 Claims

1. A method comprising:
- acquiring, by a computer system, a plurality of portions of log data from at least one log file, the portions of log data representing activity of at least one hardware or software component of an information technology (IT) environment;
  
  acquiring, by a computer system, a plurality of performance measurements for a performance metric associated with at least one hardware or software component of the IT environment, wherein said acquiring includes acquiring the plurality of performance measurements via an application programming interface (API) of a third-party software application that collects the performance measurements;
  
  storing, by the computer system, the acquired performance measurements and the acquired portions of log data from the at least one log file;
  
  obtaining a correlation criterion from a user input to a graphical user interface element that enables a user to input a search criterion as said correlation criterion separate from input of a complete search query; and
  
  correlating, by the computer system, at least one of the stored performance measurements with at least one of the stored portions of log data from the at least one log file, based on the correlation criterion, wherein said correlating includesin response to a user-specified search query including the correlation criterion, applying the search query to the stored performance measurements and stored portions of log data,causing display of an indication of a performance measurement that satisfies the correlation criterion, andcausing display of an indication of a portion of log data from the at least one log file, that satisfies the correlation criterion.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 28)
- - 2. A method as recited in claim 1, wherein the API is an API of a software application for managing a virtual machine environment.
  - 3. A method as recited in claim 1, wherein the correlation criterion is a time-based criterion.
  - 4. A method as recited in claim 1, wherein the correlation criterion is not a time-based criterion.
  - 5. A method as recited in claim 1, wherein the correlation criterion is a user-specified search criterion.
  - 6. A method as recited in claim 1, wherein the correlation criterion is a user-specified search criterion that is not a time-based criterion.
  - 7. A method as recited in claim 1, wherein said correlating comprises causing concurrent display of the performance measurements that satisfy the correlation criterion and a listing of raw log data that satisfy the correlation criterion.
  - 8. A method as recited in claim 1, wherein the user-specified search criterion relates to a machine in the IT environment.
  - 9. A method as recited in claim 1, further comprising:
    - obtaining the correlation criterion from a user'"'"'s selection from a drop-down list in a graphical user interface.
  - 10. A method as recited in claim 1, wherein the correlation criterion relates to a machine in the IT environment and is specified by a user'"'"'s selection from a drop-down list of machines included in the IT environment.
  - 11. A method as recited in claim 1, whereinsaid storing comprises storing each of the acquired performance measurements and each of the acquired portions of log data with a time-stamp in a time-series data store;
    - said correlating further comprises identifying at least one of the stored performance measurements and at least one of the stored portions of log data that have time stamps that satisfy a user-specified time criterion.
  - 12. A method as recited in claim 1, wherein the performance measurements have been determined by direct measurement of a hardware or software component in the IT environment.
  - 13. A method as recited in claim 1, wherein the plurality of portions of log data are from a text-based log file.
  - 14. A method as recited in claim 1, wherein the plurality of performance measurements are not derived from a log file and are acquired independently of the plurality of portions of log data.
  - 15. A method as recited in claim 1, wherein the plurality of performance measurements are acquired independently of the plurality of portions of log data, and wherein the performance measurements have been determined by direct measurement of a hardware or software component in the IT environment and the plurality of portions of log data are from a text-based log file.
  - 16. A method as recited in claim 1, wherein the plurality of performance measurements are acquired independently of the plurality of portions of log data by direct measurement of a hardware or software component in the IT environment, and the plurality of portions of log data are acquired independently of the performance measurements.
  - 17. A method as recited in claim 1, wherein the performance measurements are stored in a first time-series data store, and the portions of log data are stored in a second time-series data store separate from the first time-series data store.
  - 18. A method as recited in claim 1, wherein the performance measurements are stored in a time-series data store in a first format, and the portions of log data are stored in said time-series data store in a second format different from the first format.
  - 19. A method as recited in claim 1, wherein the performance measurements are stored in a first time-series data store in a first format, and the portions of log data are stored in a second time-series data store separate from the first time-series data store in a second format different from the first format.
  - 20. A method as recited in claim 1, wherein the performance measurements are stored in a first time-series data store in a first format, and the portions of log data are stored in a second time-series data store separate from the first time-series data store in a second format different from the first format;
    - wherein said correlating includes, in response to the correlation criterion, searching the first time-series data store for performance data that satisfy the correlation criterion and searching the second time-series data store for log data that satisfy the correlation criterion.
  - 21. A method as recited in claim 1, further comprising:
    - acquiring structure data indicative of structure characteristics of the IT environment;
      
      storing the acquired structure data indicative of structure characteristics of the IT environment; and
      
      correlating a performance characteristic of the IT environment with a structure characteristic of the IT environment, based on the stored performance measurements and stored structure data.
  - 22. A method as recited in claim 1, further comprising:
    - acquiring structure data indicative of structure characteristics of the IT environment, wherein the structure data is derived from log data from the IT environment;
      
      storing the acquired structure data indicative of structure characteristics of the IT environment; and
      
      correlating a performance characteristic of the IT environment with a structure characteristic of the IT environment, based on the stored performance measurements and stored structure data.
  - 23. A method as recited in claim 1, wherein the performance metric comprises a performance metric for at least one hardware or software resource of a computer system.
  - 24. A method as recited in claim 1, wherein the performance metric comprises a performance metric for at least one virtual machine or virtual machine host.
  - 25. A method as recited in claim 1, wherein the performance metric comprises a performance metric for a virtual machine cluster.
  - 28. A method as recited in claim 1, wherein the plurality of performance measurements are repeatedly retrieved via the application programming interface of the third-party application and stored in persistent storage as events.

26. A non-transitory machine-readable storage medium for use in a processing system of a data intake and query system, the non-transitory machine-readable storage medium storing instructions, an execution of which in the processing system causes the processing system to perform operations comprising:
- acquiring a plurality of portions of log data from at least one log file, the portions of log data representing activity of at least one hardware or software component of an information technology (IT) environment;
  
  acquiring a plurality of performance measurements for a performance metric associated with at least one hardware or software component of the IT environment, wherein said acquiring includes acquiring the plurality of performance measurements via an application programming interface (API) of a third-party software application that collects the performance measurements;
  
  storing the acquired performance measurements and the acquired portions of log data from the at least one log file;
  
  obtaining a correlation criterion from a user input to a graphical user interface element that enables a user to input a search criterion as said correlation criterion but does not enable input of a complete search query; and
  
  correlating at least one of the stored performance measurements with at least one of the stored portions of log data from the at least one log file, based on the correlation criterion, wherein said correlating includesin response to a user-specified search query including the correlation criterion, applying the search query to the stored performance measurements and stored portions of log data,causing display of an indication of a performance measurement that satisfies the correlation criterion, andcausing display of an indication of a portion of log data from the at least one log file, that satisfies the correlation criterion.

27. A system comprising:
- a communication device through which to communicate on a computer network; and
  
  at least one processor operatively coupled to the communication device and configured to perform operations including acquiring a plurality of portions of log data from at least one log file, the portions of log data representing activity of at least one hardware or software component of an information technology (IT) environment;
  
  acquiring a plurality of performance measurements for a performance metric associated with at least one hardware or software component of the IT environment, wherein said acquiring includes acquiring the plurality of performance measurements via an application programming interface (API) of a third-party software application that collects the performance measurements;
  
  storing the acquired performance measurements and the acquired portions of log data from the at least one log file;
  
  obtaining a correlation criterion from a user input to a graphical user interface element that enables a user to input a search criterion as said correlation criterion but does not enable input of a complete search query; and
  
  correlating at least one of the stored performance measurements with at least one of the stored portions of log data from the at least one log file, based on the correlation criterion, wherein said correlating includesin response to a user-specified search query including the correlation criterion, applying the search query to the stored performance measurements and stored portions of log data,causing display of an indication of a performance measurement that satisfies the correlation criterion, andcausing display of an indication of a portion of log data from the at least one log file, that satisfies the correlation criterion.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Splunk Inc.
Original Assignee
Splunk Inc.
Inventors
Bingham, Brian, Fletcher, Tristan, Bhide, Alok Anant
Primary Examiner(s)
Donabed, Ninos

Application Number

US15/421,353
Publication Number

US 20170257258A1
Time in Patent Office

763 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/3006   where the computing system ...

G06F 11/301   where the computing system ...

G06F 11/3024   where the computing system ...

G06F 11/3037   where the computing system ...

G06F 11/323   Visualisation of programs o...

G06F 11/3409   for performance assessment

G06F 11/3452   Performance evaluation by s...

G06F 16/2455   Query execution

G06F 16/248   Presentation of query results

G06F 17/40   Data acquisition and loggin...

G06F 2201/815   Virtual middleware or OS fu...

G06F 9/45533   Hypervisors; Virtual machin...

H04L 41/069   using logs of notifications...

H04L 41/22   comprising specially adapte...

H04L 43/06   Generation of reports

Processing of log data and performance data obtained via an application programming interface (API)

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

295 Citations

28 Claims

Specification

Solutions

Use Cases

Quick Links

Processing of log data and performance data obtained via an application programming interface (API)

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

295 Citations

28 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links