US 11,675,816 B1
Grouping evens into episodes using a streaming data processor
Ramkumar Chandrasekharan, Saratoga, CA (US); Tristan Antonio Fletcher, Pleasant Hill, CA (US); Ramprasad Siva Golla, San Jose, CA (US); Alpesh Sheth, Carmel, CA (US); Shailendra Suryawanshi, San Ramon, CA (US); and Xiang Zhou, Cupertino, CA (US)
Assigned to SPLUNK INC., San Francisco, CA (US)
Filed by Splunk Inc., San Francisco, CA (US)
Filed on Jan. 29, 2021, as Appl. No. 17/163,258.
Int. Cl. G06F 17/00 (2019.01); G06F 16/28 (2019.01); G06N 20/00 (2019.01)
CPC G06F 16/285 (2019.01) [G06N 20/00 (2019.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method comprising:
obtaining a data stream containing a set of events, each event representing machine data generated based on operation of a computing system;
passing individual events of the data stream through a streaming data processor configured to group events from the data stream into episodes, each episode corresponds to a subset of events grouped together according to similarities between events of the subset, wherein passing individual events of the data stream through the streaming data processor comprises:
comparing attributes of an individual event to aggregate attributes of an existing episode, the aggregate attributes representing an aggregation of attributes of events within the existing episode;
determining whether attributes of the individual event are within a threshold similarity level to the aggregate attributes; and
responsive to determining that the attributes of the individual event are not within the threshold similarity level, generating an additional episode including the individual event; and
outputting the events grouped into episodes as a record of operation of the computing system.