Abstract: In various implementations, search results corresponding to a search query are obtained. A data visualization is generated from the search results. The generated data visualization is pushed to a registered display of a display device, where the pushing causes presentation of the generated data visualization on the registered display. An alert configuration interface may be caused to be presented on a display management device. From the displayed alert configuration interface, user input indicating an assignment of a set of trigger conditions to a display alert may be received. The display alert can be pushed to the registered display based on determining the set of trigger conditions is satisfied. The pushed display alert may be presented over the data visualization on the registered display.

Abstract: Techniques are described for providing an extension framework for an IT and security operations application. The described extension framework allows various types of users to extend the user interfaces, data content, and functionality of an IT and security operations application to enhance and enrich users' workflow and investigative experiences. Example types of extensions enabled by the extension framework include modifying or supplementing GUI elements and other components, where users can implement these extensions at pre-defined extension points of the IT and security operations application. The extension framework further includes a data integration system that provides users with mechanisms to integrate data from external applications, services, or other data sources into their plugins.

Abstract: Machine data reflecting operation of a monitored system is ingested and made available for search by a data intake and query system (DIQS). Monitoring includes obtaining a subset of ordered events that are assigned to a task. In a graphical user interface on a display, a chart for the task is displayed. The chart includes an event identifier for each event of the subset of the ordered events, a confidence level value related to each event identifier of each event of the subset of ordered events, the confidence level value indicating the confidence level that the event is in the task. The chart further includes a time reference value identifying a time of each event.

Abstract: Resource management includes storing, for multiple workload pools of a data intake and query system, a workload pool hierarchy arranged in multiple workload pool layers. After storing a processing request is assigned a selected subset of workload pools in a second layer of the workload pool hierarchy based on a type of processing request. The processing request is then assigned to an individual workload pool in the selected subset to obtain a selected workload pool. Execution of the processing request is initiated on the selected workload pool.

Abstract: A method of rendering a service graph illustrating dependencies between a frontend and a backend of an application comprises generating a plurality of frontend traces from a plurality of frontend spans and generating a plurality of backend traces from a plurality of backend spans ingested from the application. The method also comprises aggregating frontend metrics data using the plurality of frontend traces and backend metrics data using the plurality of backend traces. The method further comprises determining connection information between one or more frontend traces of the plurality of frontend traces and corresponding backend traces of the plurality of backend traces. The method also comprises rendering the service graph using the connection information and the aggregated frontend and backend metrics data.

Abstract: An example method comprises: causing display of a user interface comprising a plurality of dynamic elements, the user interface to facilitate configuring a search frequency for metrics associated with the plurality of dynamic elements, wherein each metric represents a respective point in time or a period of time and is derived from a metric-time search of machine data associated with a respective asset node; and for each dynamic element of the plurality of dynamic elements: receiving, via the user interface, a search frequency for a metric associated with the dynamic element; and determining a value of the metric by executing, according to the search frequency for the metric, a search query associated with the dynamic element.

Abstract: A method of rendering a service graph responsive to a query comprises generating a plurality of frontend traces and a plurality of backend traces associated with an application or website. The method also comprises determining connection information between one or more frontend traces of the plurality of frontend traces and corresponding backend traces of the plurality of backend traces. Further, the method comprises consolidating the one or more frontend traces with the corresponding backend traces to form one or more end-to-end traces using the connection information. Responsive to the query, the method comprises retrieving a set of exemplary end-to-end traces from the one or more end-to-end traces and rendering a service graph in accordance with constraints applied in the query using the set of exemplary end-to-end traces and the connection information.

Abstract: Multi-threaded processing of search responses returned by search peers is disclosed. An example method may include transmitting, by a computer system, a search request to a plurality of search peers of a data aggregation and analysis system; receiving, by a first processing thread, a plurality of data packets from the plurality of search peers; parsing, by a second processing thread, one or more data packets of the plurality of data packets to produce a first partial response to the search request; parsing, by a third processing thread, the one or more data packets to produce a second partial response to the search request; and generating, based on the first partial response and the second partial response, an aggregated response to the search request.

Abstract: Systems and methods are described for updating text files for a processing pipeline without restarting the processing pipeline. A processing pipeline may include a frontend thread and a backend thread. The frontend thread of the processing pipeline may generate transformed data using the text file. A backend thread of the processing pipeline may periodically determine whether an updated text file has been uploaded. The backend thread can determine that an updated text file has been uploaded and cause the frontend thread to pause generating transformed data. The backend thread can validate the updated text file by comparing the text file and the updated text file. Based on validating the updated text file, the backend thread can cause the frontend thread to resume transforming data using the updated text file.

Abstract: Various embodiments of the present application set forth a computer-implemented method that includes receiving at a mobile device from a first data source, a plurality of live data snapshots, each live data snapshot included in the plurality of live data snapshots being associated with a different point in time, generating, based on a presentation template and a first live data snapshot included in the plurality of live data snapshots, a first presentation data snapshot, receiving, at the mobile device from a wearable device, a plurality of data requests, wherein each data request included in the plurality of data requests comprises a different request for data to be presented by the wearable device and is received at a different point in time, and a first rate of receiving the plurality of data requests by the mobile device is lower than a second rate of receiving the plurality of live data snapshots by the mobile device, and in response to receiving a first data request included in the plurality of data req

Abstract: Event time selection output techniques are described. In one or more implementations, one or more inputs are received, at one or more computing devices, that involve interaction associated with a particular one of a plurality of events via a user interface, in which the plurality of events result from a search of data, each of the plurality of events include the data that is associated with a respective point in time, and the one or more inputs specify a relative time in relation to the respective point in time of the particular event. A determination is made as to which of the plurality of events correspond to the specified relative time by the one or more computing devices and a result of the determination is output by the one or more computing devices for display in the user interface.

Abstract: In embodiments of statistics chart row mode drill down, a first interface is displayed in a table format that includes columns and rows, where each row is associated with an event and each column includes field for a respective event. The rows can further include one or more aggregated metrics representing a number of events associated with a respective row. A row can be emphasized in the first interface and, in response a menu can be displayed with selectable options to transition to a second interface, where the data displayed by the second interface is based on an option selected from the menu.

Abstract: Systems and methods are described for performing adaptive thresholding on key performance indicator (KPI) values using an online machine learning algorithm as the KPI values or the data from which the KPI values are derived is being ingested. For example, the system can identify outliers in a moving window of KPI values. To implement the adaptive thresholding, the system may identify seasonality and/or trend components in historical KPI values. When a new KPI value is obtained, the system may remove the identified seasonality and/or trend components from the KPI value, and determine whether the modified KPI value is an outlier using sketches or quantiles. The system can then repeat this process for each subsequently received KPI value.

Abstract: Transmission handling of analytics query response includes a search head, in a data intake and query system, receiving a query from an analytics system. The search head distributes at least a portion of the query to at least one indexer for processing the query. The at least one indexer transmits, bypassing the search head, and to the analytics system, events matching the query. The search head receives from the at least one indexer, data regarding the events, and sends the data regarding the events to the analytics system.

Abstract: Systems and methods are provided for provisioning a hosted computing environment in accordance with customer requirements relating to a service. In some embodiments, a computer-implemented method is provided. The method includes generating a graphical interface on a computing device and receiving input corresponding to an indication of one or more requirements, wherein the input is received using the graphical interface, and wherein the one or more requirements correspond to a hosted computing environment. The method further comprises converting each indication of the one or more requirements into one or more entries of a provisioning template, wherein the provisioning template includes multiple entries, and wherein the provisioning template is associated with the hosted computing environment. The method further comprises providing the provisioning template to a provisioning program to provision the hosted computing environment.

Abstract: Systems and methods include obtaining a set of events, each event in the set of events comprising a time-stamped portion of raw machine data, the raw machine data produced by one or more components within an information technology or security environment and reflects activity within the information technology or security environment. Thereafter, a first neural network is used to automatically identify variable text to extract as a field from the set of events. An indication of the variable text is provided as a field extraction recommendation, for example, to a user device for presentation to a user.