| CPC G06F 16/13 (2019.01) [G06F 16/148 (2019.01); H04L 43/062 (2013.01)] | 20 Claims |
|
1. A method comprising:
creating a flow log object that includes a plurality of log entries at a plurality of log entry locations;
creating an index object that includes a plurality of shards and a flow table that indicate the log entry locations; and
storing the flow log object and the index object in at least one nonvolatile memory,
wherein
each of the log entries includes a plurality of indexed field values for a plurality of indexed fields that include a first indexed field and a second indexed field,
the log entries include a log entry stored at an entry location,
a first shard entry is stored in a first one of the shards indicated by a first shard identifier determined using the first indexed field,
the first shard entry stores a first flow entry indicator in association with a first flow key determined using the first indexed field,
the first flow entry indicator indicates a first log entry indicator that indicates the entry location,
a second shard entry is stored in a second one of the shards indicated by a second shard identifier determined using the second indexed field,
the second shard entry stores a second flow entry indicator in association with a second flow key determined using the second indexed field, and
the second flow entry indicator indicates a second log entry indicator that indicates the entry location.
|