Selective event reporting in a mobile telecommunications network
US-2015319058-A1 · Nov 5, 2015 · US
Configuring generation of event streams by remote capture agents
US10382599B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10382599-B2 |
| Application number | US-201715665268-A |
| Country | US |
| Kind code | B2 |
| Filing date | Jul 31, 2017 |
| Priority date | Oct 30, 2014 |
| Publication date | Aug 13, 2019 |
| Grant date | Aug 13, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
The disclosed embodiments provide a system that processes network data. During operation, the system obtains, at a remote capture agent, a first protocol classification for a first packet flow captured by the remote capture agent. Next, the system uses configuration information associated with the first protocol classification to build a first event stream from the first packet flow at the remote capture agent, wherein the first event stream comprises time-series event data generated from network packets in the first packet flow based on the first protocol classification. The system then transmits the first event stream over a network for subsequent storage and processing of the first event stream by one or more components on the network.
First claim
Opening claim text (preview).
What is claimed is: 1. A method performed by a configuration server to generate a plurality of event streams from network packets monitored by a plurality of remote capture agents, the method comprising: receiving, by the configuration server, input indicating: first configuration data associated with a first event stream to be generated by a first remote capture agent of the plurality of remote capture agents, the first event stream associated with a first type of event and to include time-series event data representing instances of the first type of event in network packets monitored by the first remote capture agent, and second configuration data associated with a second event stream to be generated by a second remote capture agent of the plurality of remote capture agents, the second event stream associated with a second type of event and to include time-series event data representing instances of the second type of event in the network packets monitored by the second remote capture agent; and sending, over a network, the first configuration data to the first remote capture agent and the second configuration data to the second remote capture agent. 2. The method of claim 1 , wherein sending the first configuration data causes the first remote capture agent to configure generation of the time-series event data from the network packets during runtime of the first remote capture agent. 3. The method of claim 1 , further comprising receiving, by the configuration server, input indicating third configuration data associated with a third event stream to be generated by the first remote capture agent of the plurality of remote capture agents, the third event stream associated with a third type of event that is different from the first and second type of event and to include time-series event data representing instances of the third type of event in the network packets monitored by the first remote capture agent. 4. The method of claim 1 , wherein the first configuration data instructs the first remote capture agent to send the first event stream to another component on the network for subsequent processing. 5. The method of claim 1 , wherein the first configuration data instructs the first remote capture agent to, in response to detecting encryption of the network packets of the first event stream, decrypt the network packets prior to generating the first event stream. 6. The method of claim 1 , wherein each network packet of the network packets monitored by the first remote capture agent is associated with at least one of: a source; a destination; a network address; a port; and a transport layer protocol. 7. The method of claim 1 , wherein the first configuration data further identifies one or more event attributes associated with the first type of event, the identified one or more event attributes causing the first remote capture agent to extract one or more values associated with the one or more event attributes from the network packets and to include the extracted one or more values in the first event stream. 8. The method of claim 1 , wherein the first configuration data further identifies one or more event attributes associated with the first type of event, the identified one or more event attributes causing the first remote capture agent to extract one or more values associated with the one or more event attributes from the network packets and to include the extracted one or more values in the first event stream, and wherein the first configuration data further instructs the first remote capture agent to perform one or more transformations to the extracted one or more values included in the first event stream. 9. The method of claim 1 , wherein the first type of event is associated with at least one of: a transport layer protocol; a session layer protocol; a presentation layer protocol; and an application layer protocol. 10. The method of claim 1 , wherein at least one of the plurality of remote capture agents is installed in a cloud computing environment. 11. An apparatus, comprising: a processor; a non-transitory computer readable storage medium storing instructions which, when executed by the processor, cause the apparatus to: receive, by a configuration server, input indicating: first configuration data associated with a first event stream to be generated by a first remote capture agent of a plurality of remote capture agents, the first event stream associated with a first type of event and to include time-series event data representing instances of the first type of event in network packets monitored by the first remote capture agent, and second configuration data associated with a second event stream to be generated by a second remote capture agent of the plurality of remote capture agents, the second event stream associated with a second type of event and to include time-series event data representing instances of the second type of event in the network packets monitored by the second remote capture agent; and send, over a network, the first configuration data to the first remote capture agent and the second configuration data to the second remote capture agent. 12. The apparatus of claim 11 , wherein sending the first configuration data causes the first remote capture agent to configure generation of the time-series event data from the network packets during runtime of the first remote capture agent. 13. The apparatus of claim 11 , wherein the instructions, when executed by the processor, further cause the apparatus to receive, by the configuration server, input indicating third configuration data associated with a third event stream to be generated by the first remote capture agent of the plurality of remote capture agents, the third event stream associated with a third type of event that is different from the first and second type of event and to include time-series event data representing instances of the third type of event in the network packets monitored by the first remote capture agent. 14. The apparatus of claim 11 , wherein the first configuration data instructs the first remote capture agent to send the first event stream to another component on the network for subsequent processing. 15. The apparatus of claim 11 , wherein the first configuration data instructs the first remote capture agent to, in response to detecting encryption of the network packets of the first event stream, decrypt the network packets prior to generating the first event stream. 16. The apparatus of claim 11 , wherein each network packet of the network packets monitored by the first remote capture agent is associated with at least one of: a source; a destination; a network address; a port; and a transport layer protocol. 17. The apparatus of claim 11 , wherein the first configuration data further identifies one or more event attributes associated with the first type of event, the identified one or more event attributes causing the first remote capture agent to extract one or more values associated with the one or more event attributes from the network packets and to include the extracted one or more values in the first event stream. 18. The apparatus of claim 11 , wherein the first configuration data further identifies one or more event attributes associated with the first type of event, the identified one or more event attributes causing the first remote capture agent to extract one or more values associated with the one or more event attributes from the network packets and to include the extracted one or more values in the first eve
Assignees
Inventors
Classifications
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10382599B2 cover?
- The disclosed embodiments provide a system that processes network data. During operation, the system obtains, at a remote capture agent, a first protocol classification for a first packet flow captured by the remote capture agent. Next, the system uses configuration information associated with the first protocol classification to build a first event stream from the first packet flow at the remo…
- Who is the assignee on this patent?
- Splunk Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L69/22. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Aug 13 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).