US 12,072,852 B1
Generating schema change alerts in a data intake and query system
Gleb Esman, San Mateo, CA (US)
Assigned to Splunk Inc., San Francisco, CA (US)
Filed by Splunk Inc., San Francisco, CA (US)
Filed on Oct. 31, 2022, as Appl. No. 17/977,799.
Application 17/977,799 is a continuation of application No. 17/191,436, filed on Mar. 3, 2021, granted, now 11,514,006.
Application 17/191,436 is a continuation of application No. 16/147,701, filed on Sep. 29, 2018, granted, now 10,977,222, issued on Apr. 13, 2021.
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 16/00 (2019.01); G06F 3/0482 (2013.01); G06F 16/21 (2019.01); G06F 16/242 (2019.01); G06F 16/2455 (2019.01); G06F 16/2458 (2019.01); G06F 16/248 (2019.01)
CPC G06F 16/212 (2019.01) [G06F 3/0482 (2013.01); G06F 16/2423 (2019.01); G06F 16/24564 (2019.01); G06F 16/2477 (2019.01); G06F 16/248 (2019.01)] 20 Claims
OG exemplary drawing
 
1. A computer-implemented method, comprising:
obtaining a plurality of timestamped events corresponding to data associated with a defined time window;
generating a plurality of schema summary events by executing a query against the plurality of timestamped events, wherein each schema summary event of the plurality of schema summary events describes a data schema associated with the data;
identifying, based on the plurality of schema summary events, a data schema change associated with the data schema, wherein the data schema change includes a modification to a field in the data; and
generating an alert indicating the data schema change.