Presentation And Sorting Of Summaries Of Alert Instances Triggered By Search Questions

US 20160253415A1
Filed: 07/09/2014
Published: 09/01/2016
Est. Priority Date: 07/09/2014
Status: Active Grant

First Claim

Patent Images

1. A method, comprising:

causing, by one or more processing devices, one or more alert summaries to be displayed, each alert summary corresponding to an alert and representing one or more instances of the alert, the alert defined by a search query and a triggering condition;

wherein an instance of the alert corresponds to a particular dataset that (i) is generated by executing the search query over time-series data falling within a particular time range in a set of time ranges over which the search query has been instructed to search, and (ii) satisfies the triggering condition for the alert;

wherein an alert summary includes an indication of at least one of;

a total count of alert instances generated by the alert, or a count of alert instances generated by the alert that have not been viewed by a user.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Systems and methods for presenting and sorting summaries of alerts triggered by search queries in data aggregation and analysis systems. An example method may comprise: causing, by one or more processing devices, one or more alert summaries to be displayed, each alert summary corresponding to an alert and representing one or more instances of the alert, the alert defined by a search query and a triggering condition; wherein an instance of the alert corresponds to a particular dataset that (i) is generated by executing the search query over time-series data falling within a particular time range in a set of time ranges over which the search query has been instructed to search, and (ii) satisfies the triggering condition for the alert; wherein an alert summary includes an indication of at least one of: a total count of alert instances generated by the alert, or a count of alert instances generated by the alert that have not been viewed by a user.

32 Citations

View as Search Results

30 Claims

1. A method, comprising:
- causing, by one or more processing devices, one or more alert summaries to be displayed, each alert summary corresponding to an alert and representing one or more instances of the alert, the alert defined by a search query and a triggering condition;
  
  wherein an instance of the alert corresponds to a particular dataset that (i) is generated by executing the search query over time-series data falling within a particular time range in a set of time ranges over which the search query has been instructed to search, and (ii) satisfies the triggering condition for the alert;
  
  wherein an alert summary includes an indication of at least one of;
  
  a total count of alert instances generated by the alert, or a count of alert instances generated by the alert that have not been viewed by a user.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16)
- - 2. The method of claim 1, wherein the alert summary comprises a selectable user interface element visually representing the alert, a title of the alert, or a description of the alert.
  - 3. The method of claim 1, further comprising:
    - receiving a selection of a particular displayed alert summary; and
      
      based on the selection of the alert summary, causing one or more alert instances represented by the selected alert summary to be displayed.
  - 4. The method of claim 1, further comprising:
    - receiving a selection of a particular displayed alert summary;
      
      based on the selection of the alert summary, causing one or more alert instances represented by the selected alert summary to be displayed;
      
      receiving a selection of a particular displayed alert instance; and
      
      based on the selection of the alert instance, causing a data set that has triggered the selected alert instance to be displayed.
  - 5. The method of claim 1, further comprising:
    - for each alert summary, maintaining an unviewed instance count of alert instances of a respective alert that have not been viewed.
  - 6. The method of claim 1, further comprising:
    - for each alert summary, updating an unviewed instance count of alert instances of a respective alert that have not been viewed; and
      
      causing the updated unviewed instance count to be displayed with the alert summary.
  - 7. The method of claim 1, further comprising:
    - updating, for each alert summary, an unviewed instance count of alert instances of a respective alert that have not been viewed; and
      
      causing the alert summaries to be displayed in a sorted order according to unviewed instance counts of the alert summaries.
  - 8. The method of claim 1, further comprising:
    - updating a count of alert instances that have been generated by the alert corresponding to the alert summary; and
      
      causing the updated count of alert instances of the event to be displayed with the alert summary.
  - 9. The method of claim 1, further comprising:
    - updating, for each alert summary, a total count of alert instances of a respective alert; and
      
      causing the alert summaries to be displayed in a sorted order according to the total counts of the alert instances of the respective alerts of the alert summaries.
  - 10. The method of claim 1, further comprising:
    - executing the search query over the time-series data falling within the particular time range to produce the particular dataset;
      
      responsive to determining that the dataset satisfies the triggering condition, generating the instance of the alert.
  - 11. The method of claim 1, further comprising:
    - executing the search query over the time-series data falling within the particular time range to produce the particular dataset;
      
      responsive to determining that the dataset satisfies the triggering condition, generating the instance of the alert; and
      
      updating a count of alert instances generated for the alert corresponding to the alert summary.
  - 12. The method of claim 1, further comprising:
    - executing the search query over the time-series data falling within the particular time range to produce the particular dataset, wherein execution of the search query includes applying a late binding schema to the time-series data, the late binding schema including one or more fields defined by one or more extraction rules;
      
      responsive to determining that the particular dataset satisfies the triggering condition, generating an instance of the alert.
  - 13. The method of claim 1, wherein the alert summaries are displayed by either a desktop computing device or a mobile computing device.
  - 14. The method of claim 1, wherein the time-series data includes portions of raw machine data.
  - 15. The method of claim 1, wherein determining whether the particular dataset satisfies the triggering condition for the alert includes comparing a number of data items in the particular dataset with a threshold value.
  - 16. The method of claim 1, wherein determining whether the particular dataset satisfies the triggering condition includes performing a secondary conditional search on the particular dataset.

17. A computer system comprising:
- a memory; and
  
  one or more processing devices, coupled to the memory, to;
  
  cause, by one or more processing devices, one or more alert summaries to be displayed, each alert summary corresponding to an alert and representing one or more instances of the alert, the alert defined by a search query and a triggering condition;
  
  wherein an instance of the alert corresponds to a particular dataset that (i) is generated by executing the search query over time-series data falling within a particular time range in a set of time ranges over which the search query has been instructed to search, and (ii) satisfies the triggering condition for the alert;
  
  wherein an alert summary includes an indication of at least one of;
  
  a total count of alert instances generated by the alert, or a count of alert instances generated by the alert that have not been viewed by a user.
- View Dependent Claims (18, 19, 20, 21, 22, 23)
- - 18. The computer system of claim 17, wherein the alert summary comprises a selectable user interface element visually representing the alert, a title of the alert, or a description of the alert.
  - 19. The computer system of claim 17, wherein the processing devices are further to:
    - receive a selection of a particular displayed alert summary; and
      
      based on the selection of the alert summary, cause one or more alert instances represented by the selected alert summary to be displayed.
  - 20. The computer system of claim 17, wherein the processing devices are further to:
    - receive a selection of a particular displayed alert summary;
      
      based on the selection of the alert summary, cause one or more alert instances represented by the selected alert summary to be displayed;
      
      receive a selection of a particular displayed alert instance; and
      
      based on the selection of the alert instance, cause a data set that has triggered the selected alert instance to be displayed.
  - 21. The computer system of claim 17, wherein the processing devices are further to:
    - for each alert summary, maintain an unviewed instance count of alert instances of a respective alert that have not been viewed.
  - 22. The computer system of claim 17, wherein the processing devices are further to:
    - for each alert summary, update an unviewed instance count of alert instances of a respective alert that have not been viewed; and
      
      cause the updated unviewed instance count to be displayed with the alert summary.
  - 23. The computer system of claim 17, wherein the processing devices are further to:
    - update, for each alert summary, an unviewed instance count of alert instances of a respective alert that have not been viewed; and
      
      cause the alert summaries to be displayed in a sorted order according to unviewed instance counts of the alert summaries.

24. A computer-readable non-transitory storage medium comprising executable instructions that, when executed by a computer system, cause the computer system to perform operations comprising:
- causing one or more alert summaries to be displayed, each alert summary corresponding to an alert and representing one or more instances of the alert, the alert defined by a search query and a triggering condition;
  
  wherein an instance of the alert corresponds to a particular dataset that (i) is generated by executing the search query over time-series data falling within a particular time range in a set of time ranges over which the search query has been instructed to search, and (ii) satisfies the triggering condition for the alert;
  
  wherein an alert summary includes an indication of at least one of;
  
  a total count of alert instances generated by the alert, or a count of alert instances generated by the alert that have not been viewed by a user.
- View Dependent Claims (25, 26, 27, 28, 29, 30)
- - 25. The computer-readable non-transitory storage medium of claim 24, wherein the alert summary comprises a selectable user interface element visually representing the alert, a title of the alert, or a description of the alert.
  - 26. The computer-readable non-transitory storage medium of claim 24, further comprising executable instructions causing the computer system to:
    - receive a selection of a particular displayed alert summary; and
      
      based on the selection of the alert summary, cause one or more alert instances represented by the selected alert summary to be displayed.
  - 27. The computer-readable non-transitory storage medium of claim 24, further comprising executable instructions causing the computer system to:
    - receive a selection of a particular displayed alert summary;
      
      based on the selection of the alert summary, cause one or more alert instances represented by the selected alert summary to be displayed;
      
      receive a selection of a particular displayed alert instance; and
      
      based on the selection of the alert instance, cause a data set that has triggered the selected alert instance to be displayed.
  - 28. The computer-readable non-transitory storage medium of claim 24, further comprising executable instructions causing the computer system to:
    - for each alert summary, maintain an unviewed instance count of alert instances of a respective alert that have not been viewed.
  - 29. The computer-readable non-transitory storage medium of claim 24, further comprising executable instructions causing the computer system to:
    - for each alert summary, update an unviewed instance count of alert instances of a respective alert that have not been viewed; and
      
      cause the updated unviewed instance count to be displayed with the alert summary.
  - 30. The computer-readable non-transitory storage medium of claim 24, further comprising executable instructions causing the computer system to:
    - update, for each alert summary, an unviewed instance count of alert instances of a respective alert that have not been viewed; and
      
      cause the alert summaries to be displayed in a sorted order according to unviewed instance counts of the alert summaries.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Splunk Inc.
Original Assignee
Splunk Inc.
Inventors
Ni, Yue, Filippi, Nick, Ma, Xianqin, Zhong, Qianjie, Wang, Ting, Li, Dawei

Granted Patent

US 11,755,635 B2
Time in Patent Office

Days
Field of Search
US Class Current

1/1
CPC Class Codes

G06F 11/0721   within a central processing...

G06F 11/0766   Error or fault reporting or...

G06F 16/24565   Triggers; Constraints

G06F 16/3331   Query processing

G06F 16/338   Presentation of query results

G06F 16/345   Summarisation for human users

G06F 3/04842   Selection of displayed obje...

G06F 9/542   Event management; Broadcast...

Presentation And Sorting Of Summaries Of Alert Instances Triggered By Search Questions

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

32 Citations

30 Claims

Specification

Use Cases

Quick Links

Others

Presentation And Sorting Of Summaries Of Alert Instances Triggered By Search Questions

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

32 Citations

30 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others