US 11,748,390 B1
Evaluating key performance indicators of information technology service
Tristan Antonio Fletcher, Pacifica, CA (US); Clint Sharp, Oakland, CA (US); and Anupadmaja Raghavan, Cupertino, CA (US)
Assigned to Splunk Inc., San Francisco, CA (US)
Filed by Splunk Inc., San Francisco, CA (US)
Filed on Jan. 13, 2022, as Appl. No. 17/575,336.
Application 17/575,336 is a continuation of application No. 14/800,678, filed on Jul. 15, 2015, granted, now 11,275,775.
Application 14/800,678 is a continuation in part of application No. 14/700,110, filed on Apr. 29, 2015, granted, now 9,864,797, issued on Jan. 9, 2018.
Application 14/700,110 is a continuation in part of application No. 14/611,200, filed on Jan. 31, 2015, granted, now 9,294,361, issued on Mar. 22, 2016.
Application 14/611,200 is a continuation in part of application No. 14/528,858, filed on Oct. 30, 2014, granted, now 9,130,860, issued on Sep. 8, 2015.
Claims priority of provisional application 62/062,104, filed on Oct. 9, 2014.
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 16/00 (2019.01); G06F 16/33 (2019.01); G06F 16/903 (2019.01); G06F 3/0482 (2013.01); G06F 3/04842 (2022.01); G06Q 10/0639 (2023.01); H04L 41/22 (2022.01); H04L 41/5009 (2022.01); H04L 41/50 (2022.01); H04L 43/04 (2022.01); H04L 41/069 (2022.01); H04L 69/329 (2022.01); H04L 9/40 (2022.01); H04L 41/0686 (2022.01)
CPC G06F 16/334 (2019.01) [G06F 3/0482 (2013.01); G06F 3/04842 (2013.01); G06F 16/903 (2019.01); G06Q 10/06393 (2013.01); H04L 41/069 (2013.01); H04L 41/22 (2013.01); H04L 41/5009 (2013.01); H04L 41/5032 (2013.01); H04L 43/04 (2013.01); H04L 69/329 (2013.01); H04L 41/0686 (2013.01); H04L 63/145 (2013.01)] 20 Claims
OG exemplary drawing
 
1. A method implemented by a computer system comprising one or more processors, the method comprising:
identifying a data model comprising a root object and a plurality of child objects of the root object, wherein the root object is associated with a search criterion to produce a set of events extractable from machine data associated with one or more entities providing an information technology (IT) service, wherein the root object is further associated with a set of fields to extract from the set of events, wherein a child object of the plurality of child objects inherits the search criterion of the root object and is further associated with an additional search criterion;
generating, based on the data model, a search query that derives a key performance indicator (KPI) value of a specified KPI by searching a portion of the machine data, wherein the specified KPI reflects an aspect of performance of the IT service, wherein the one or more entities are specified by entity definition information associating each of the one or more entities with a corresponding portion of the machine data, wherein the corresponding portion of the machine data is generated by one of: a respective entity of one or more entities or a different entity that monitors performance of the respective entity;
computing the specified KPI based on a result produced by executing the search query;
determining, based on the specified KPI and a plurality of KPI thresholds associated with the specified KPI, a state of the specified KPI; and
updating, based on a plurality of KPIs, an aggregate KPI reflecting performance of the IT service, wherein the aggregated KPI is a sum of the plurality of KPIs weighted by respective ratings of KPI states, and wherein the plurality of KPIs include the specified KPI.