APPLICATION OF SEARCH POLICIES TO SEARCHES ON EVENT DATA STORED IN PERSISTENT DATA STRUCTURES
First Claim
Patent Images
1. A method, comprising:
- receiving raw data from a plurality of sources;
creating a plurality of events based on the raw data;
associating a time stamp with each event in the plurality of events;
indexing each time stamped event in the plurality of events;
creating persistent data structures for storing the plurality of events, wherein each persistent data structure corresponds to a specific time interval, wherein events stored in a particular persistent data structure have associated time stamps that fall within a particular time interval corresponding to the particular persistent data structure;
searching events in one or more persistent data structures according to a received search query, wherein the searching the events is halted upon satisfying one or more search policies.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.
44 Citations
20 Claims
-
1. A method, comprising:
-
receiving raw data from a plurality of sources; creating a plurality of events based on the raw data; associating a time stamp with each event in the plurality of events; indexing each time stamped event in the plurality of events; creating persistent data structures for storing the plurality of events, wherein each persistent data structure corresponds to a specific time interval, wherein events stored in a particular persistent data structure have associated time stamps that fall within a particular time interval corresponding to the particular persistent data structure; searching events in one or more persistent data structures according to a received search query, wherein the searching the events is halted upon satisfying one or more search policies. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. One or more non-transitory computer-readable storage media, storing one or more sequences of instructions, which when executed by one or more processors cause performance of:
-
receiving raw data from a plurality of sources; creating a plurality of events based on the raw data; associating a time stamp with each event in the plurality of events; indexing each time stamped event in the plurality of events; creating persistent data structures for storing the plurality of events, wherein each persistent data structure corresponds to a specific time interval, wherein events stored in a particular persistent data structure have associated time stamps that fall within a particular time interval corresponding to the particular persistent data structure; searching events in one or more persistent data structures according to a received search query, wherein the searching the events is halted upon satisfying one or more search policies. - View Dependent Claims (10, 11, 12, 13, 14, 15, 16)
-
-
17. An apparatus, comprising:
-
a raw data receiver, implemented at least partially in hardware, that receives raw data from a plurality of sources; an event creator, implemented at least partially in hardware, that creates a plurality of events based on the raw data; a time stamp processor, implemented at least partially in hardware, that associates a time stamp with each event in the plurality of events; an event indexer, implemented at least partially in hardware, that indexes each time stamped event in the plurality of events; a persistent data structure creation device, implemented at least partially in hardware, that creates persistent data structures for storing the plurality of events, wherein each persistent data structure corresponds to a specific time interval, wherein events stored in a particular persistent data structure have associated time stamps that fall within a particular time interval corresponding to the particular persistent data structure; an event search device, implemented at least partially in hardware, that searches events in one or more persistent data structures according to a received search query, wherein the event search device halts searching the events upon satisfying one or more search policies. - View Dependent Claims (18, 19, 20)
-
Specification