Adjusting network data storage based on event stream statistics
First Claim
1. A method performed by a configuration server coupled to a network, the method comprising:
- generating a graphical user interface (GUI) including at least one interface element used to define settings related to an event stream comprising timestamped event data, the event stream to be generated by at least one remote capture agent coupled to the network, the settings including at least one setting related to generation of at least one statistic;
generating configuration information based on input received via the at least one interface element;
receiving a first portion of the event stream from a remote capture agent;
generating, based on the configuration information, the at least one statistic based on the first portion of the event stream without subsequently storing and processing the first portion of the event stream;
determining, based on the at least one statistic and a storage limit, a percentage of a second portion of the event stream to store;
receiving the second portion of the event stream from the remote capture agent; and
causing the percentage of the second portion of the event stream to be stored.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements for managing one or more event streams containing the time-series event data, wherein managing the one or more event streams includes enabling the generation of a set of statistics from an event stream without subsequently storing and processing at least a first portion of the event stream by one or more components on a network. The GUI then updates the configuration information based on input received through the first set of user-interface elements.
305 Citations
30 Claims
-
1. A method performed by a configuration server coupled to a network, the method comprising:
-
generating a graphical user interface (GUI) including at least one interface element used to define settings related to an event stream comprising timestamped event data, the event stream to be generated by at least one remote capture agent coupled to the network, the settings including at least one setting related to generation of at least one statistic; generating configuration information based on input received via the at least one interface element; receiving a first portion of the event stream from a remote capture agent; generating, based on the configuration information, the at least one statistic based on the first portion of the event stream without subsequently storing and processing the first portion of the event stream; determining, based on the at least one statistic and a storage limit, a percentage of a second portion of the event stream to store; receiving the second portion of the event stream from the remote capture agent; and causing the percentage of the second portion of the event stream to be stored. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28)
-
-
29. An apparatus, comprising:
-
one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the apparatus to; generate a graphical user interface (GUI) including at least one interface element used to define settings related to an event stream comprising timestamped event data, the event stream to be generated by at least one remote capture agent coupled to a network, the settings including at least one setting related to generation of at least one statistic; and generate configuration information based on input received via the at least one interface element; receive a first portion of the event stream from a remote capture agent; generate, based on the configuration information, the at least one statistic based on the first portion of the event stream without subsequently storing and processing the first portion of the event stream; determine, based on the at least one statistic and a storage limit, a percentage of a second portion of the event stream to store; receive the second portion of the event stream from the remote capture agent; and cause the percentage of the second portion of the event stream to be stored, the percentage determined based on the at least one statistic.
-
-
30. A non-transitory computer-readable storage medium storing instructions which, when executed by a computer, cause a configuration server coupled to a network to perform operations comprising:
-
generating a graphical user interface (GUI) including at least one interface element used to define settings related to an event stream comprising timestamped event data, the event stream to be generated by at least one remote capture agent coupled to the network, the settings including at least one setting related to generation of at least one statistic based on the event stream without subsequently storing and processing at least a portion of the event stream; generating configuration information based on input received via the at least one interface element; receiving a first portion of the event stream from a remote capture agent; generating, based on the configuration information, the at least one statistic based on the first portion of the event stream without subsequently storing and processing the first portion of the event stream; determining, based on the at least one statistic and a storage limit, a percentage of a second portion of the event stream to store; receiving the second portion of the event stream from the remote capture agent; and causing the percentage of the second portion of the event stream to be stored, the percentage determined based on the at least one statistic.
-
Specification