Evicting data associated with a data intake and query system from a local storage
US-11500783-B1 · Nov 15, 2022 · US
System and method supporting log analytics or other log-related functions across multiple systems
US12585684B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-12585684-B2 |
| Application number | US-202418611521-A |
| Country | US |
| Kind code | B2 |
| Filing date | Mar 20, 2024 |
| Priority date | Mar 29, 2023 |
| Publication date | Mar 24, 2026 |
| Grant date | Mar 24, 2026 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A method includes receiving a user query identifying one or more criteria associated with logs or log-related information. The method also includes sending queries identifying the one or more criteria to multiple logging systems associated with different computing or networking systems. The method further includes obtaining responses from the logging systems, where at least some of the responses contain one or more logs or log-related information satisfying the one or more criteria. In addition, the method includes presenting the one or more logs or log-related information satisfying the one or more criteria to a user.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method comprising: pre-populating a cache system using a subset of logs or log-related information from multiple logging systems associated with different computing or networking systems, wherein the cache system includes a first cache and a second cache; receiving a user query identifying one or more criteria associated with the logs or log-related information; determining whether one or more logs or log-related information satisfying the one or more criteria is contained in the cache system; in response to determining that the one or more logs or log-related information satisfying the one or more criteria is not contained in the cache system, sending queries identifying the one or more criteria to the multiple logging systems; obtaining responses from the logging systems, at least some of the responses containing one or more logs or log-related information satisfying the one or more criteria; presenting the one or more logs or log-related information satisfying the one or more criteria to a user; and moving at least some of the subset of logs or log-related information from the first cache to the second cache based on age of the subset of logs or log-related information; wherein the cache system is pre-populated prior to receiving the user query; and wherein the cache system is pre-populated periodically over time at a specified time interval in order to include, in the cache system, logs or log-related information from the multiple logging systems within a most-recent specified time period. 2 . The method of claim 1 , wherein the subset of logs or log-related information used to pre-populate the cache system is not identified based on user queries. 3 . The method of claim 1 , further comprising: obtaining at least a portion of the one or more logs or log-related information from the cache system in response to determining that the one or more logs or log-related information satisfying the one or more criteria is contained in the cache system. 4 . The method of claim 1 , wherein pre-populating the cache system comprises obtaining the logs or log-related information from the logging systems within the most-recent specified time period and storing the obtained logs or log-related information in the first cache of the cache system. 5 . The method of claim 1 , wherein the cache system is pre-populated by executing a background task and without user interaction. 6 . The method of claim 1 , further comprising at least one of: pre-populating one or more specific types of data in the cache system; partitioning pre-populated data in the cache system by user or user group; and encrypting at least some of the pre-populated data in the cache system. 7 . The method of claim 1 , wherein: the first and second caches include different storage locations; pre-populating the cache system comprises storing different data in the different storage locations; and the different storage locations are associated with at least one of: different query capabilities and different costs. 8 . The method of claim 1 , further comprising: combining the one or more logs or log-related information obtained from the logging systems with one or more additional logs or additional log-related information obtained from the cache system. 9 . The method of claim 1 , wherein: the user query is received using a specified query syntax; and the method further comprises converting the specified query syntax into multiple query syntaxes used by two or more of the logging systems. 10 . The method of claim 1 , wherein: different ones of the responses from the logging systems are received in different syntaxes; and the method further comprises converting the different responses into a specified response syntax. 11 . The method of claim 1 , further comprising: authenticating the user; and sending at least one authentication token to at least one of the logging systems to enable retrieval of information from the at least one of the logging systems. 12 . The method of claim 1 , wherein pre-populating the cache system comprises: executing a background task; and using the background task: periodically querying the multiple logging systems for newer logs or log-related information within the most-recent specified time period; and pre-populating the first cache with the newer logs or log-related information; and wherein the most-recent specified time period includes one or more hours or one or more days. 13 . A system comprising: at least one processing device configured to: pre-populate a cache system using a subset of logs or log-related information from multiple logging systems associated with different computing or networking systems, wherein the cache system includes a first cache and a second cache; receive a user query identifying one or more criteria associated with the logs or log-related information; determine whether one or more logs or log-related information satisfying the one or more criteria is contained in the cache system; in response to determining that the one or more logs or log-related information satisfying the one or more criteria is not contained in the cache system, send queries identifying the one or more criteria to the multiple logging systems; obtain responses from the logging systems, at least some of the responses containing one or more logs or log-related information satisfying the one or more criteria; present the one or more logs or log-related information satisfying the one or more criteria to a user; and move at least some of the subset of logs or log-related information from the first cache to the second cache based on age of the subset of logs or log-related information; wherein the at least one processing device is configured to pre-populate the cache system prior to receiving the user query; and wherein the at least one processing device is configured to pre-populate the cache system periodically over time at a specified time interval in order to include, in the cache system, logs or log-related information from the multiple logging systems within a most-recent specified time period. 14 . The system of claim 13 , wherein the at least one processing device is configured to obtain at least a portion of the one or more logs or log-related information from the cache system in response to determining that the one or more logs or log-related information satisfying the one or more criteria is contained in the cache system. 15 . The system of claim 13 , wherein the at least one processing device is configured to pre-populate the cache system by obtaining the logs or log-related information from the logging systems within the most-recent specified time period and storing the obtained logs or log-related information in the first cache of the cache system. 16 . The system of claim 13 , wherein the at least one processing device is configured to pre-populate the cache system by executing a background task without user interaction. 17 . The system of claim 13 , wherein: the first and second caches include different storage locations; to pre-populate the cache system, the at least one processing device is configured to store different data in the different storage locations; and the different storage locations are associated with at least one of: different query capabilities and different costs. 18 . The system of claim 13 , wherein the at least one processing device is further configured to combine the one or more logs or log-related information obtained from th
Assignees
Inventors
Classifications
Query translation · CPC title
- H04L63/0807Primary
using tickets, e.g. Kerberos (cryptographic mechanisms or cryptographic arrangements for entity authentication using tickets or tokens H04L9/3213) · CPC title
Data logging (G06F11/14, G06F11/2205 take precedence) · CPC title
Filtering based on additional data, e.g. user or group profiles (filtering in web context G06F16/9535, G06F16/9536) · CPC title
- G06F16/338Primary
Presentation of query results · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US12585684B2 cover?
- A method includes receiving a user query identifying one or more criteria associated with logs or log-related information. The method also includes sending queries identifying the one or more criteria to multiple logging systems associated with different computing or networking systems. The method further includes obtaining responses from the logging systems, where at least some of the response…
- Who is the assignee on this patent?
- Goldman Sachs & Co Llc
- What technology area does this patent fall under?
- Primary CPC classification H04L63/0807. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Mar 24 2026 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 5 related publications on this page (citations in our corpus or others sharing the same primary CPC).