Bidirectional linking of ephemeral event streams to creators of the ephemeral event streams

US 10,366,101 B2
Filed: 01/30/2015
Issued: 07/30/2019
Est. Priority Date: 04/15/2014
Status: Active Grant

First Claim

Patent Images

1. A method for facilitating the processing of network data, comprising:

receiving input via a first graphical user interface (GUI) associated with a first application of a data intake and query system, the input defining an ephemeral event stream to be generated by one or more remote capture agents based on network packets monitored by the one or more remote capture agents, the ephemeral event stream associated with a trigger condition which, when the trigger condition is detected, causes the one or more remote capture agents to generate the ephemeral event stream for only a defined period of time;

transmitting, via a network, to the one or more remote capture agents configuration information generated based on the received input, the configuration information used by the one or more remote capture agents to generate the ephemeral event stream upon detection of the trigger condition;

causing display of a second GUI associated with a second application of the data intake and query system, the second GUI including a representation of the ephemeral event stream, the representation of the ephemeral event stream including an interface element that, when selected, causes navigation to a third GUI associated with the first application; and

in response to receiving input selecting the interface element, causing display of the third GUI associated with the first application, the third GUI including information describing the generation of the ephemeral event stream by the one or more remote capture agents.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements comprising event stream information for one or more ephemeral event streams used to temporarily generate the time-series event data from the network packets. The system then causes for display, in the GUI, a mechanism for navigating between the event stream information and creation information for one or more creators of the one or more ephemeral event streams.

295 Citations

30 Claims

1. A method for facilitating the processing of network data, comprising:
- receiving input via a first graphical user interface (GUI) associated with a first application of a data intake and query system, the input defining an ephemeral event stream to be generated by one or more remote capture agents based on network packets monitored by the one or more remote capture agents, the ephemeral event stream associated with a trigger condition which, when the trigger condition is detected, causes the one or more remote capture agents to generate the ephemeral event stream for only a defined period of time;
  
  transmitting, via a network, to the one or more remote capture agents configuration information generated based on the received input, the configuration information used by the one or more remote capture agents to generate the ephemeral event stream upon detection of the trigger condition;
  
  causing display of a second GUI associated with a second application of the data intake and query system, the second GUI including a representation of the ephemeral event stream, the representation of the ephemeral event stream including an interface element that, when selected, causes navigation to a third GUI associated with the first application; and
  
  in response to receiving input selecting the interface element, causing display of the third GUI associated with the first application, the third GUI including information describing the generation of the ephemeral event stream by the one or more remote capture agents.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the representation of the ephemeral event stream further represents a plurality of ephemeral event streams that are grouped based on a same attribute.
  - 3. The method of claim 1, wherein the representation of the ephemeral event stream further represents a plurality of ephemeral event streams that are grouped based on a same attribute, wherein the attribute is selected from:
    - an event stream category associated with the plurality of ephemeral event streams;
      
      a protocol used by the network packets;
      
      an application used to create the plurality of ephemeral event streams; and
      
      an event stream lifecycle of the plurality of ephemeral event streams.
  - 4. The method of claim 1, wherein the second GUI includes interface elements used to manage ephemeral event streams including the ephemeral event stream, wherein managing the ephemeral event stream comprises at least one of:
    - modifying an end time for terminating capture of time-series event data in the ephemeral event stream;
      
      disabling the ephemeral event stream; and
      
      deleting the ephemeral event stream.
  - 5. The method of claim 1, further comprising:
    - receiving, via the second GUI, input indicating a request to create a new ephemeral event stream;
      
      updating the configuration information based on input; and
      
      transmitting the updated configuration information to the one or more remote capture agents.
  - 6. The method of claim 1, wherein the second GUI further displays a representation of time-series event data included in the ephemeral event stream.
  - 7. The method of claim 1, wherein the second GUI further displays at least one of:
    - a name of the first application;
      
      a protocol associated with the ephemeral event stream;
      
      a duration of the ephemeral event stream; and
      
      the trigger condition for activating the ephemeral event stream.
  - 8. The method of claim 1, wherein the first application is a security application used to monitor network traffic captured by the one or more remote capture agents.
  - 9. The method of claim 1, wherein the trigger condition is associated with a potential security risk.
  - 10. The method of claim 1, wherein the representation of the ephemeral event stream comprises at least one of:
    - a name of the ephemeral event stream;
      
      a number of ephemeral event streams grouped with the ephemeral event stream;
      
      a name of the first application;
      
      a start time at which the ephemeral event stream was generated;
      
      an end time for the ephemeral event stream;
      
      a time remaining for generating of the ephemeral event stream; and
      
      a status of the ephemeral event stream.
  - 11. The method of claim 1, wherein the interface element comprises a hyperlink to the third GUI.
  - 12. The method of claim 1, wherein the third GUI includes a hyperlink that, when selected, causes navigation from the third GUI to the second GUI.
  - 13. The method of claim 1, wherein the input defining the ephemeral event stream includes:
    - a query used to identify a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network.
  - 14. The method of claim 1, wherein the trigger condition is detected based on a recurring search of time-series event data generated by the one or more remote capture agents.
  - 15. The method of claim 1, wherein the third GUI includes an interface element displaying a representation of a security risk corresponding to the trigger condition.
  - 16. The method of claim 1, wherein the ephemeral event stream comprises time-series event data generated based on network traffic monitored by the one or more remote capture agents.

17. An apparatus, comprising:
- one or more hardware processors; and
  
  memory storing instructions that, when executed by the one or more hardware processors, cause the apparatus to;
  
  receive input via a first graphical user interface (GUI) associated with a first application of a data intake and query system, the input defining an ephemeral event stream to be generated by one or more remote capture agents based on network packets monitored by the one or more remote capture agents, the ephemeral event stream associated with a trigger condition which, when the trigger condition is detected, causes the one or more remote capture agents to generate the ephemeral event stream for only a defined period of time;
  
  transmit, via a network, to the one or more remote capture agents configuration information generated based on the received input, the configuration information used by the one or more remote capture agents to generate the ephemeral event stream upon detection of the trigger condition;
  
  cause display of a second GUI associated with a second application of the data intake and query system, the second GUI including a representation of the ephemeral event stream, the representation of the ephemeral event stream including an interface element that, when selected, causes navigation to a third GUI associated with the first application; and
  
  in response to receiving input selecting the interface element, cause display of the third GUI associated with the first application, the third GUI including information describing the generation of the ephemeral event stream by the one or more remote capture agents.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The apparatus of claim 17, wherein the second GUI includes interface elements used to manage ephemeral event streams including the ephemeral event stream, wherein managing the ephemeral event stream comprises at least one of:
    - modifying an end time for terminating capture of time-series event data in the ephemeral event stream;
      
      disabling the ephemeral event stream; and
      
      deleting the ephemeral event stream.
  - 19. The apparatus of claim 17, wherein the second GUI further displays a representation of time-series event data included in the ephemeral event stream.
  - 20. The apparatus of claim 17, wherein the second GUI further displays at least one of:
    - a name of the first application;
      
      a protocol associated with the ephemeral event stream;
      
      a duration of the ephemeral event stream; and
      
      the trigger condition for activating the ephemeral event stream.
  - 21. The apparatus of claim 17, wherein the first application is a security application used to monitor network traffic captured by the one or more remote capture agents.
  - 22. The apparatus of claim 17, wherein the trigger condition is associated with a potential security risk.
  - 23. The apparatus of claim 17, wherein the interface element comprises a hyperlink to the third GUI.

24. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for facilitating the processing of network data, the method comprising:
- receiving input via a first graphical user interface (GUI) associated with a first application of a data intake and query system, the input defining an ephemeral event stream to be generated by one or more remote capture agents based on network packets monitored by the one or more remote capture agents, the ephemeral event stream associated with a trigger condition which, when the trigger condition is detected, causes the one or more remote capture agents to generate the ephemeral event stream for only a defined period of time;
  
  transmitting, via a network, to the one or more remote capture agents configuration information generated based on the received input, the configuration information used by the one or more remote capture agents to generate the ephemeral event stream upon detection of the trigger condition;
  
  causing display of a second GUI associated with a second application of the data intake and query system, the second GUI including a representation of the ephemeral event stream, the representation of the ephemeral event stream including an interface element that, when selected, causes navigation to a third GUI associated with the first application; and
  
  in response to receiving input selecting the interface element, causing display of the third GUI associated with the first application, the third GUI including information describing the generation of the ephemeral event stream by the one or more remote capture agents.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The non-transitory computer-readable storage medium of claim 24, wherein the second GUI includes interface elements used to manage ephemeral event streams including the ephemeral event stream, wherein managing the ephemeral event stream comprises at least one of:
    - modifying an end time for terminating the capture of time-series event data in the ephemeral event stream;
      
      disabling the ephemeral event stream; and
      
      deleting the ephemeral event stream.
  - 26. The non-transitory computer-readable storage medium of claim 24, wherein the second GUI further displays a representation of time-series event data included in the ephemeral event stream.
  - 27. The non-transitory computer-readable storage medium of claim 24, wherein the second GUI further displays at least one of:
    - a name of the first application;
      
      a protocol associated with the ephemeral event stream;
      
      a duration of the ephemeral event stream; and
      
      the trigger condition for activating the ephemeral event stream.
  - 28. The non-transitory computer-readable storage medium of claim 24, wherein the first application is a security application used to monitor network traffic captured by the one or more remote capture agents.
  - 29. The non-transitory computer-readable storage medium of claim 24, wherein the trigger condition is associated with a potential security risk.
  - 30. The non-transitory computer-readable storage medium of claim 24, wherein the interface element comprises a hyperlink to the third GUI.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Splunk Inc.
Original Assignee
Splunk Inc.
Inventors
Ching, Clayton S., Dickey, Michael R., Shcherbakov, Vladimir A., Teredesai, Nishant, Zises, Matthew S.
Primary Examiner(s)
Wilson, Kimberly L

Application Number

US14/610,438
Publication Number

US 20150295779A1
Time in Patent Office

1,642 Days
Field of Search

707741
US Class Current
CPC Class Codes

G06F 16/26   Visual data mining; Browsin...

H04L 41/22   comprising specially adapte...

H04L 43/022   by sampling

H04L 43/045   for graphical visualisation...

H04L 63/1433   Vulnerability analysis

Bidirectional linking of ephemeral event streams to creators of the ephemeral event streams

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

295 Citations

30 Claims

Specification

Use Cases

Quick Links

Others

Bidirectional linking of ephemeral event streams to creators of the ephemeral event streams

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

295 Citations

30 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others