The patent badge is an abbreviated version of the USPTO patent document. The patent badge does contain a link to the full patent document.
The patent badge is an abbreviated version of the USPTO patent document. The patent badge covers the following: Patent number, Date patent was issued, Date patent was filed, Title of the patent, Applicant, Inventor, Assignee, Attorney firm, Primary examiner, Assistant examiner, CPCs, and Abstract. The patent badge does contain a link to the full patent document (in Adobe Acrobat format, aka pdf). To download or print any patent click here.
Patent No.:
Date of Patent:
Oct. 20, 2015
Filed:
Sep. 04, 2009
Wei Huang, Fremont, CA (US);
Yizheng Zhou, Cupertino, CA (US);
Bin Yu, San Ramon, CA (US);
Wenting Tang, Sunnyvale, CA (US);
Christian F. Beedgen, Cupertino, CA (US);
Wei Huang, Fremont, CA (US);
Yizheng Zhou, Cupertino, CA (US);
Bin Yu, San Ramon, CA (US);
Wenting Tang, Sunnyvale, CA (US);
Christian F. Beedgen, Cupertino, CA (US);
Hewlett-Packard Development Company, L.P., Houston, TX (US);
Abstract
A logging system includes an event receiver and a storage manager. The receiver receives log data, processes it, and outputs a column-based data 'chunk.' The manager receives and stores chunks. The receiver includes buffers that store events and a metadata structure that stores metadata about the contents of the buffers. Each buffer is associated with a particular event field and includes values from that field from one or more events. The metadata includes, for each 'field of interest,' a minimum value and a maximum value that reflect the range of values of that field over all of the events in the buffers. A chunk is generated for each buffer and includes the metadata structure and a compressed version of the buffer contents. The metadata structure acts as a search index when querying event data. The logging system can be used in conjunction with a security information/event management (SIEM) system.