Identifying Anomalous Conditions in Machine Data

摘要

Embodiments are directed towards the visualization of machine data received from computing clusters. Embodiments may enable improved analysis of computing cluster performance, error detection, troubleshooting, error prediction, or the like. Individual cluster nodes may generate machine data that includes information and data regarding the operation and status of the cluster node. The machine data is received from each cluster node for indexing by one or more indexing applications. The indexed machine data including the complete data set may be stored in one or more index stores. A visualization application enables a user to select one or more analysis lenses that may be used to generate visualizations of the machine data. The visualization application employs the analysis lens to produce visualizations of the computing cluster machine data.

主权项

1. A computer-implemented method comprising:
receiving machine data from one or more data sources, the machine data related to performance aspects of one or more information technology systems; parsing the received machine data to determine event boundaries within the received machine data to generate a plurality of time stamped events, thereby transforming the received machine data into the plurality of time stamped events, the time stamp for each event extracted from the parsed machine data associated with that event; analyzing the plurality of time stamped events using heuristics to identify an occurrence of an event pattern; comparing the occurrence of the event pattern to one or more registered event patterns to identify whether the event pattern is an anomalous pattern, the one or more registered event patterns indicative of performance aspects of the one or more information technology systems; and generating a notification based upon the identification.