Abstract: Systems and methods for presenting and sorting summaries of alerts triggered by search queries in data aggregation and analysis systems. An example method may comprise: causing, by one or more processing devices, one or more alert summaries to be displayed, each alert summary corresponding to an alert and representing one or more instances of the alert, the alert defined by a search query and a triggering condition; wherein an instance of the alert corresponds to a particular dataset that (i) is generated by executing the search query over time-series data falling within a particular time range in a set of time ranges over which the search query has been instructed to search, and (ii) satisfies the triggering condition for the alert; wherein an alert summary includes an indication of at least one of: a total count of alert instances generated by the alert, or a count of alert instances generated by the alert that have not been viewed by a user.

Abstract: An example method for managing datasets produced by alert-triggering search queries may include producing a dataset by executing a search query on a portion of data associated with a time window defined relative to a current time. The method may further include responsive to determining that a portion of the dataset satisfies a condition defining an alert, generating an instance of the alert. The method may further include associating, by a memory data structure, the instance of the alert with an identifier of the query and a parameter specifying a time of execution of the query that has triggered the instance. The method may further include receiving a request for the dataset portion. The method may further include substituting, in a definition of the time window, the current time with the time parameter. The method may further include reproducing the dataset portion by re-executing the query using the time window.

Abstract: An example method for managing datasets produced by alert-triggering search queries may include producing a dataset by executing a search query on a portion of data associated with a time window defined relative to a current time. The method may further include responsive to determining that a portion of the dataset satisfies a condition defining an alert, generating an instance of the alert. The method may further include associating, by a memory data structure, the instance of the alert with an identifier of the query and a parameter specifying a time of execution of the query that has triggered the instance. The method may further include receiving a request for the dataset portion. The method may further include substituting, in a definition of the time window, the current time with the time parameter. The method may further include reproducing the dataset portion by re-executing the query using the time window.

Abstract: An example method for managing datasets produced by alert-triggering search queries may include producing a dataset by executing a search query on a portion of data associated with a time window defined relative to a current time. The method may further include responsive to determining that a portion of the dataset satisfies a condition defining an alert, generating an instance of the alert. The method may further include associating, by a memory data structure, the instance of the alert with an identifier of the query and a parameter specifying a time of execution of the query that has triggered the instance. The method may further include receiving a request for the dataset portion. The method may further include substituting, in a definition of the time window, the current time with the time parameter. The method may further include reproducing the dataset portion by re-executing the query using the time window.

Abstract: An example method for managing datasets produced by alert-triggering search queries may include producing a dataset by executing a search query on a portion of data associated with a time window defined relative to a current time. The method may further include responsive to determining that a portion of the dataset satisfies a condition defining an alert, generating an instance of the alert. The method may further include associating, by a memory data structure, the instance of the alert with an identifier of the query and a parameter specifying a time of execution of the query that has triggered the instance. The method may further include receiving a request for the dataset portion. The method may further include substituting, in a definition of the time window, the current time with the time parameter. The method may further include reproducing the dataset portion by re-executing the query using the time window.

Abstract: An example method for managing datasets produced by alert-triggering search queries may include producing a dataset by executing a search query on a portion of data associated with a time window defined relative to a current time. The method may further include responsive to determining that a portion of the dataset satisfies a condition defining an alert, generating an instance of the alert. The method may further include associating, by a memory data structure, the instance of the alert with an identifier of the query and a parameter specifying a time of execution of the query that has triggered the instance. The method may further include receiving a request for the dataset portion. The method may further include substituting, in a definition of the time window, the current time with the time parameter. The method may further include reproducing the dataset portion by re-executing the query using the time window.

Abstract: Systems and methods for presenting and sorting summaries of alerts triggered by search queries in data aggregation and analysis systems. An example method may comprise: causing, by one or more processing devices, one or more alert summaries to be displayed, each alert summary corresponding to an alert and representing one or more instances of the alert, the alert defined by a search query and a triggering condition; wherein an instance of the alert corresponds to a particular dataset that (i) is generated by executing the search query over time-series data falling within a particular time range in a set of time ranges over which the search query has been instructed to search, and (ii) satisfies the triggering condition for the alert; wherein an alert summary includes an indication of at least one of: a total count of alert instances generated by the alert, or a count of alert instances generated by the alert that have not been viewed by a user.

Abstract: Systems and methods for managing datasets produced by alert-triggering search queries in data aggregation and analysis systems. An example method may comprise: executing, by one or more processing devices, a search query on a portion of searchable data associated with a time window to produce a dataset comprising one or more results; responsive to determining that at least a portion of the dataset satisfies a triggering condition defining an alert associated with the search query, generating an instance of the alert; associating, by a memory data structure, the instance of the alert with an identifier of the search query and a time parameter specifying the time window; receiving, from a client computing device, a request for the portion of the dataset; and responsive to determining that the portion of the dataset is not stored in the memory in a manner associating it with the instance of the alert, reproducing the portion of the dataset by re-executing the search query in view of the time parameter.