US 12,405,958 B2
Targeting system state context in a search process in an observability pipeline system
Clint Sharp, Oakland, CA (US); Dritan Bitincka, Edgewater, NJ (US); Ledion Bitincka, San Francisco, CA (US); and Oliver Draese, Los Gatos, CA (US)
Assigned to Cribl, Inc., San Francisco, CA (US)
Filed by Cribl, Inc., San Francisco, CA (US)
Filed on May 23, 2023, as Appl. No. 18/322,054.
Claims priority of provisional application 63/423,264, filed on Nov. 7, 2022.
Claims priority of provisional application 63/419,632, filed on Oct. 26, 2022.
Claims priority of provisional application 63/414,762, filed on Oct. 10, 2022.
Claims priority of provisional application 63/344,864, filed on May 23, 2022.
Prior Publication US 2023/0376491 A1, Nov. 23, 2023
Int. Cl. G06F 16/00 (2019.01); G06F 11/34 (2006.01); G06F 16/2453 (2019.01); G06F 16/2457 (2019.01); G06F 16/248 (2019.01)
CPC G06F 16/24575 (2019.01) [G06F 11/3409 (2013.01); G06F 16/2453 (2019.01); G06F 16/248 (2019.01)] 11 Claims
OG exemplary drawing
 
1. A search method for searching event data in an observability pipeline system, the search method comprising:
at a computer node in a computer system, receiving a search query from a leader role of the observability pipeline system, the search query representing a request to search the event data at the computer node, the search query comprising a plurality of search operators, the plurality of search operators comprising:
a first search operator that specifies a system state context criterion; and
a second search operator that specifies an event criterion;
configuring an observability pipeline process according to the search query;
obtaining search results based on applying the observability pipeline process at the computer node, wherein applying the observability pipeline process comprises:
determining whether a current system state of the computer node matches the system state context criterion specified by the first search operator, wherein the system state context criterion comprises a target value of a system of a system state context associated with processes on the computer node, and determining whether the current state of the computer node matches the system state criterion comprises:
identifying current values of system state parameters for processes that are currently running on the computer node, and
determining whether the current values of the system state parameters for a subset of the processes match the target value of the system state context; and
only upon determining that the current system state of the computer node matches the system state context criterion specified by the first search operator, searching the event data from log files on the computer node using the event criterion specified by the second search operator to identify a subset of the event data on the computer node that matches the event criterion specified by the second search operator and including the subset of the event data from the log files in the search results, wherein the subset of the event data is generated by the subset of processes; and
sending the search results to the leader role.