TRANSFORMATION OF NETWORK DATA AT REMOTE CAPTURE AGENTS
First Claim
Patent Images
1. A computer-implemented method for processing network data, comprising:
- obtaining, at a remote capture agent, configuration information for the remote capture agent from a configuration server over a network;
using the configuration information to configure the generation of event data from network data obtained from network packets at the remote capture agent; and
using the configuration information to configure transformation of the event data or the network data into transformed event data at the remote capture agent;
wherein the transformation of the event data or the network data comprises one or more of,normalizing different representations of the same data, andperforming a data-enrichment operation that uses an address from the event data or the network data to look up related data in a lookup table, andinclude the related data in the transformed event data.
1 Assignment
0 Petitions
Accused Products
Abstract
The disclosed embodiments provide a method and system for processing network data. During operation, the system obtains, at a remote capture agent, configuration information for the remote capture agent from a configuration server over a network. Next, the system uses the configuration information to configure the generation of event data from network data obtained from network packets at the remote capture agent. The system then uses the configuration information to configure transformation of the event data or the network data into transformed event data at the remote capture agent.
-
Citations
22 Claims
-
1. A computer-implemented method for processing network data, comprising:
-
obtaining, at a remote capture agent, configuration information for the remote capture agent from a configuration server over a network; using the configuration information to configure the generation of event data from network data obtained from network packets at the remote capture agent; and using the configuration information to configure transformation of the event data or the network data into transformed event data at the remote capture agent; wherein the transformation of the event data or the network data comprises one or more of, normalizing different representations of the same data, and performing a data-enrichment operation that uses an address from the event data or the network data to look up related data in a lookup table, and include the related data in the transformed event data. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system for processing network data, comprising:
-
a processor; a memory, coupled to the processor, which stores a program module configured to be executed by the processor, the program module including; instructions for obtaining, at a remote capture agent, configuration information for the remote capture agent from a configuration server over a network; instructions for using the configuration information to configure the generation of event data from network data obtained from network packets at the remote capture agent; and instructions for using the configuration information to configure transformation of the event data or the network data into transformed event data at the remote capture agent; wherein the transformation of the event data or the network data comprises one or more of, normalizing different representations of the same data, performing a data-enrichment operation that uses an address from the event data or the network data to look up related data in a lookup table, and include the related data in the transformed event data. - View Dependent Claims (11, 12, 13, 14, 15, 16)
-
-
17. A non-transitory computer-readable storage medium storing instructions that when executed by a computer cause the computer to perform a method for processing network data, the method comprising:
-
obtaining, at a remote capture agent, configuration information for the remote capture agent from a configuration server over a network; using the configuration information to configure the generation of event data from the network data obtained from network packets at the remote capture agent; and using the configuration information to configure transformation of the event data or the network data into transformed event data at the remote capture agent; wherein the transformation of the event data or the network data comprises one or more of, normalizing different representations of the same data, performing a data-enrichment operation that uses an address from the event data or the network data to look up related data in a lookup table, and include the related data in the transformed event data. - View Dependent Claims (18, 19, 20, 21, 22)
-
Specification