| CPC G06F 16/217 (2019.01) [G06F 11/079 (2013.01); G06F 11/3419 (2013.01); G06F 16/2358 (2019.01); G06F 16/244 (2019.01); G06F 16/2477 (2019.01); G06F 16/256 (2019.01)] | 18 Claims |
|
1. A computer-implemented method stored in one or more data-storage devices and executed using one or more processors of a computer system for aggregating and querying log messages generated by event sources in a distributed computing system, the method comprising:
determining event types of log messages generated by event sources of the distributed computing system;
aggregating the event types into aggregated records for a shortest time unit and storing the aggregated records in an aggregated records database, each aggregated record corresponding to one of the event types;
retrieving the aggregated records from the aggregated records database, aggregating the aggregated records of each even type for longer time units than the shortest time unit, and storing the aggregated records for longer time units in the aggregated records database; and
in response to receiving a query regarding occurrences of an event type in a query time interval via an interface,
splitting the query time interval into subintervals with time lengths that range from the shortest time unit to a longest time unit that lie within the query time interval, and
determining a total event count of occurrences of the event type in the query time interval based on the aggregated records with the same event type and time stamps in the subintervals, where in the total event count is a sum of event counts of the event type in the subintervals of the query time interval.
|