Thresholds for key performance indicators derived from machine data
Inventors
Bhide, Alok Anant • Bingham, Brian John • Fletcher, Tristan Antonio • Reyes, Brian
Assignees
Publication Number
US-10331742-B2
Publication Date
2019-06-25
Expiration Date
2034-10-30
Interested in licensing this patent?
MTEC can help explore whether this patent might be available for licensing for your application.
Abstract
One or more processing devices access a service definition for a service provided by one or more entities that each produce machine data or about which machine data is generated. The service definition identifies the entities that provide the service and, for each entity, identifying information for locating machine data pertaining to that entity. The processing devices access a key performance indicator (KPI) for the service that is defined by a search query that produces a value derived from the machine data pertaining to the entities identified in the service definition. The value indicates how the service is performing at a point in time or during a period of time and indicates a state of the KPI. A graphical interface is displayed and an indication of at least one threshold, which defines an end of a range of values representing a state of the KPI, for the KPI is received.
Core Innovation
The invention provides a method and system for defining and managing thresholds for key performance indicators (KPIs) derived from machine data in an information technology environment. The system allows the creation of entity definitions that associate entities with heterogeneous machine data, regardless of format or alias, and enables the association of these entity definitions with service definitions. Each service comprises one or more entities, and each entity’s relevant machine data is normalized for effective monitoring.
A key aspect is the presentation of a user interface that enables users to set one or more thresholds for a KPI. Each threshold defines an end of a range of values that represents a particular state of the KPI, such as normal, warning, or critical. The interface facilitates input for naming states, assigning visual indicators (like color or icons), and associating these parameters with KPIs. The system then records this threshold information to automate the process of determining the state of the KPI based on real-time or historical values produced by executing search queries on the machine data.
The invention also addresses the challenges posed by the vast and unstructured nature of machine-generated data in modern data centers. By providing mechanisms to normalize diverse data sources and formats and associating them with entities and services, the system enables efficient indexing, searching, and performance visualization. KPIs defined by customizable search queries can be evaluated at user-defined frequencies or schedules, with threshold states automatically determined and displayed via graphical dashboards, aiding operators in monitoring, diagnosing, and responding to service-level events.
Claims Coverage
The claims define three major inventive features, primarily concerning threshold management for KPIs based on machine data in IT environments.
Presenting an interface for threshold indication and KPI state conditioning
The system presents an interface enabling an indication of one or more thresholds for a KPI, with each threshold defining an end of a range of values corresponding to a particular state. The KPI is defined by a search query that produces a value derived from machine data identified in entity definitions. These thresholds and state names can be specified through the interface, and threshold information is recorded in storage. This information conditions an automatic process that determines a KPI’s current state based on the value produced by the search query and the configured threshold boundaries.
Entity-driven machine data normalization and KPI calculation
Each entity definition represents a respective entity performing a service and includes identification of machine data pertaining to that entity, regardless of variation in source or format. The method supports deriving KPI values by aggregating data associated with these entity definitions, using extraction rules or a late-binding schema at search time. The solution accommodates machine data from multiple sources, different formats, and both raw and log data, supporting effective normalization and performance measurement in complex environments.
Automated and scheduled KPI state evaluation and threshold application across time-stamped event data
The automatic process for determining KPI states operates according to a configured frequency or schedule, using timestamped events comprised of raw machine data. The interface supports not only the definition of thresholds, but also their application to individual KPIs or aggregate KPIs. The method enables visual customization for state indication, and the system records all threshold parameters in association with KPIs for subsequent state processing and display.
Collectively, these features cover a system for defining, recording, and leveraging custom thresholds and state metadata for KPIs computed from normalized, heterogeneous machine data, supporting dynamic and automated performance monitoring at both entity and aggregate service levels.
Stated Advantages
Provides flexibility for users to associate heterogeneous machine data from multiple sources and formats with entities and services, enabling comprehensive service-level monitoring.
Enables end-users to define and customize KPI states, including names and visual indicators, to match organizational needs for actionable monitoring.
Automates the process of determining and displaying KPI states based on real-time or scheduled evaluation of search query results, improving the accuracy and timeliness of performance awareness.
Supports granular and aggregate KPI calculations to reflect individual or overall service health, including weighting and frequency settings for individual KPIs.
Documented Applications
Monitoring services in IT environments, such as web hosting, email, database, revision control, sandbox services, and networking services, using KPIs derived from machine data.
Automated performance visualization via dashboards and graphical widgets showing service and KPI health over time, including spark lines, gauges, and trend indicators.
Configuring and triggering notable event detection and alarms based on KPI state distributions and correlation searches, supporting incident detection and operational response.
Enabling users to troubleshoot, analyze, and visualize IT service performance data at both granular entity levels and at abstracted, business-service levels.
Interested in licensing this patent?