What technology area does this patent fall under?

Primary CPC classification H04L41/0813. Mapped technology areas include Electricity.

When was this patent published?

Publication date Thu May 05 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Streamlining configuration of protocol-based network data capture by remote capture agents

US2016127180A1 · US · A1

Patent metadata
Field	Value
Publication number	US-2016127180-A1
Application number	US-201414528932-A
Country	US
Kind code	A1
Filing date	Oct 30, 2014
Priority date	Oct 30, 2014
Publication date	May 5, 2016
Grant date	—

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system provides, in the GUI, a first set of user-interface elements for including one or more event attributes in the time-series event data of an event stream associated with a protocol classification of the network packets. The system then includes the one or more event attributes specified through the first set of user-interface elements in the configuration information.

First claim

Opening claim text (preview).

What is claimed is: 1 . A method for facilitating the processing of network data, comprising: providing, on a computer system, a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents; providing, in the GUI, a first set of user-interface elements for including one or more event attributes in the time-series event data of an event stream associated with a protocol classification of the network packets; and including the one or more event attributes specified through the first set of user-interface elements in the configuration information. 2 . The method of claim 1 , further comprising: providing the configuration information over a network to the one or more remote capture agents, wherein the configuration information is used to configure the generation of the time-series event data at the one or more remote capture agents during runtime of the one or more remote capture agents. 3 . The method of claim 1 , further comprising: providing, in the GUI, a second set of user-interface elements for managing the event stream; and obtaining the protocol classification for the event stream from the second set of user-interface elements. 4 . The method of claim 1 , wherein the GUI comprises a second set of user-interface elements for managing the event stream, and wherein managing the event stream comprises at least one of: cloning the event stream from an existing event stream; deleting the event stream; enabling the event stream; and disabling the event stream. 5 . The method of claim 1 , further comprising: providing, in the GUI, a second set of user-interface elements for filtering the network packets prior to generating the time-series event data from the network packets. 6 . The method of claim 1 , wherein the GUI comprises a second set of user-interface elements for filtering the network packets, and wherein filtering the network packets is associated with at least one of: a Boolean value; a numeric comparison; a definition; a regular expression; an exact match; a partial match; and an ordering. 7 . The method of claim 1 , wherein the GUI comprises a second set of user-interface elements for filtering the network packets, and wherein the second set of user-interface elements is used to apply a logical disjunction or a logical conjunction to a set of filters for filtering the network packets. 8 . The method of claim 1 , wherein the GUI comprises a second set of user-interface elements for filtering the network packets, and wherein the second set of user-interface elements is used to match a filter to any or all elements of a multi-value event attribute in the event stream. 9 . The method of claim 1 , further comprising: providing, in the GUI, a second set of user-interface elements for aggregating the one or more event attributes into aggregated event data that is included in the event stream. 10 . The method of claim 1 , wherein the GUI comprises a second set of user-interface elements for aggregating the one or more event attributes into aggregated event data, and wherein the second set of user-interface elements comprises a user-interface element for identifying an event attribute as: a key attribute used to generate a key representing the aggregated event data; or an aggregation attribute to be aggregated prior to inclusion in the aggregated event data. 11 . The method of claim 1 , wherein the GUI comprises a second set of user-interface elements for aggregating the one or more event attributes into aggregated event data, and wherein the second set of user-interface elements comprises: a first user-interface element for identifying an event attribute as: a key attribute used to generate a key representing the aggregated event data; or an aggregation attribute to be aggregated prior to inclusion in the aggregated event data; and a second user-interface element for obtaining an aggregation interval over which the one or more event attributes are aggregated into the aggregated event data. 12 . The method of claim 1 , wherein the protocol classification comprises at least one of: a transport layer protocol; a session layer protocol; a presentation layer protocol; and an application layer protocol. 13 . An apparatus, comprising: one or more processors; and memory storing instructions that, when executed by the one or more processors, cause the apparatus to: provide a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents; provide, in the GUI, a first set of user-interface elements for including one or more event attributes in the time-series event data of an event stream associated with a protocol classification of the network packets; and include the one or more event attributes specified through the first set of user-interface elements in the configuration information. 14 . The apparatus of claim 13 , wherein the memory further stores instructions that, when executed by the one or more processors, cause the apparatus to: provide the configuration information over a network to the one or more remote capture agents, wherein the configuration information is used to configure the generation of the time-series event data at the one or more remote capture agents during runtime of the one or more remote capture agents. 15 . The apparatus of claim 13 , wherein the memory further stores instructions that, when executed by the one or more processors, cause the apparatus to: provide, in the GUI, a second set of user-interface elements for managing the event stream; and obtaining the protocol classification for the event stream from the second set of user-interface elements. 16 . The apparatus of claim 13 , wherein the memory further stores instructions that, when executed by the one or more processors, cause the apparatus to: provide, in the GUI, a second set of user-interface elements for filtering the network packets prior to generating the time-series event data from the network packets. 17 . The apparatus of claim 13 , wherein the GUI comprises a second set of user-interface elements for filtering the network packets, and wherein filtering the network packets is associated with at least one of: a Boolean value; a numeric comparison; a definition; a regular expression; an exact match; a partial match; and an ordering. 18 . The apparatus of claim 13 , wherein the memory further stores instructions that, when executed by the one or more processors, cause the apparatus to: provide, in the GUI, a second set of user-interface elements for aggregating the one or more event attributes into aggregated event data that is included in the event stream. 19 . The apparatus of claim 13 , wherein the GUI comprises a second set of user-interface elements for aggregating the one or more event attributes into aggregated event data, and wherein the second set of user-interface elements comprises: a first user-interface element for identifying an event attribute as: a key attribute used to generate a key representing the aggregated event data; or an aggregation attribute to be aggregated prior to inclusion in the aggregated event data; and a second user-interface element for obtaining an aggregation interval over which the one or m

Assignees

Splunk Inc

Inventors

Classifications

H04L41/0813Primary
characterised by the conditions triggering a change of settings · CPC title
G06F3/04817
using icons (graphical or visual programming using iconic symbols G06F8/34) · CPC title
G06F3/04842
Selection of displayed objects or displayed text elements (G06F3/0482 takes precedence) · CPC title
G06F3/0482Primary
Interaction with lists of selectable items, e.g. menus · CPC title
H04L41/0622
based on time · CPC title

Patent family

Related publications grouped by family.

View patent family 55853906

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US2016127180A1 cover?: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system provides, in the GUI, a first set of user-interface …
Who is the assignee on this patent?: Splunk Inc
What technology area does this patent fall under?: Primary CPC classification H04L41/0813. Mapped technology areas include Electricity.
When was this patent published?: Publication date Thu May 05 2016 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).

How to read this patent

Abstract

First claim

Assignees

Inventors

Classifications

Patent family

External sources

Related patents

Selective event reporting in a mobile telecommunications network

Security Event Routing In a Distributed Hash Table

Method for streaming packet captures from network access devices to a cloud server over HTTP

Activity triggered photography in metaverse applications

Frequently asked questions