Processing of performance data and raw log data from an information technology environment
First Claim
Patent Images
1. A method comprising:
- acquiring, by a computer system, a plurality of performance measurements for a performance metric associated with at least one hardware or software component of an information technology (IT) environment;
acquiring, by the computer system, a plurality of portions of raw log data from at least one log file, the portions of raw log data representing activity of at least one hardware or software component of the IT environment;
storing, by the computer system, the acquired performance measurements in a first format;
storing, by the computer system, the acquired portions of raw log data from the at least one log file in a second format different from the first format; and
correlating, by the computer, at least one of the stored performance measurements with at least one of the stored portions of raw log data from the at least one log file, based on a correlation criterion, wherein said correlating includesin response to a user-specified search query including the correlation criterion, applying the search query to the stored performance measurements in the first format and the stored portions of log data in the second format different from the first format,causing display, via a graphical user interface, of a performance measurement that satisfies the correlation criterion, andcausing display, via the graphical user interface, of a portion of raw log data, from the at least one log file, that satisfies the correlation criterion.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosed system and method acquire and store performance measurements relating to performance of a component in an information technology (IT) environment and log data produced by the IT environment, in association with corresponding time stamps. The disclosed system and method correlate at least one of the performance measurements with at least one of the portions of log data.
306 Citations
32 Claims
-
1. A method comprising:
-
acquiring, by a computer system, a plurality of performance measurements for a performance metric associated with at least one hardware or software component of an information technology (IT) environment; acquiring, by the computer system, a plurality of portions of raw log data from at least one log file, the portions of raw log data representing activity of at least one hardware or software component of the IT environment; storing, by the computer system, the acquired performance measurements in a first format; storing, by the computer system, the acquired portions of raw log data from the at least one log file in a second format different from the first format; and correlating, by the computer, at least one of the stored performance measurements with at least one of the stored portions of raw log data from the at least one log file, based on a correlation criterion, wherein said correlating includes in response to a user-specified search query including the correlation criterion, applying the search query to the stored performance measurements in the first format and the stored portions of log data in the second format different from the first format, causing display, via a graphical user interface, of a performance measurement that satisfies the correlation criterion, and causing display, via the graphical user interface, of a portion of raw log data, from the at least one log file, that satisfies the correlation criterion. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 31, 32)
-
-
29. A non-transitory machine-readable storage medium for use in a processing system of a data intake and query system, the non-transitory machine-readable storage medium storing instructions, an execution of which in the processing system causes the processing system to perform operations comprising:
-
acquiring a plurality of performance measurements for a performance metric associated with at least one hardware or software component of an information technology (IT) environment; acquiring a plurality of portions of raw log data from at least one log file, the portions of raw log data representing activity of at least one hardware or software component of the IT environment; storing the acquired performance measurements in a first format; storing the acquired portions of raw log data from the at least one log file in a second format different from the first format; and correlating at least one of the stored performance measurements with at least one of the stored portions of raw log data from the at least one log file, based on a correlation criterion, wherein said correlating includes in response to a user-specified search query including the correlation criterion, applying the search query to the stored performance measurements in the first format and the stored portions of log data in the second format different from the first format, causing display, via a graphical user interface, of a performance measurement that satisfies the correlation criterion, and causing display, via the graphical user interface, of a portion of raw log data, from the at least one log file, that satisfies the correlation criterion.
-
-
30. A system comprising:
-
a communication device through which to communicate on a computer network; and at least one processor operatively coupled to the communication device and configured to perform operations including acquiring a plurality of performance measurements for a performance metric associated with at least one hardware or software component of an information technology (IT) environment; acquiring a plurality of portions of raw log data from at least one log file, the portions of raw log data representing activity of at least one hardware or software component of the IT environment; storing the acquired performance measurements in a first format; storing the acquired portions of raw log data from the at least one log file in a second format different from the first format; and correlating at least one of the stored performance measurements with at least one of the stored portions of raw log data from the at least one log file, based on a correlation criterion, wherein said correlating includes in response to a user-specified search query including the correlation criterion, applying the search query to the stored performance measurements in the first format and the stored portions of log data in the second format different from the first format, causing display, via a graphical user interface, of a performance measurement that satisfies the correlation criterion, and causing display, via the graphical user interface, of a portion of raw log data, from the at least one log file, that satisfies the correlation criterion.
-
Specification