Field of the Invention
The disclosed embodiments generally relate to query-processing systems. More specifically, the disclosed embodiments relate to a query-processing system that facilitates generating alerts based on search results produced by the query-processing system.
Related Art
Modern data centers often comprise thousands of host computer systems that operate collectively to service requests from even larger numbers of remote clients. During operation, these data centers generate significant volumes of performance data and diagnostic information that need to be analyzed to diagnose performance and security problems. To monitor such large volumes of data, organizations often use event-based systems, such as the SPLUNK® ENTERPRISE system produced by Splunk Inc. of San Francisco, Calif., to store and process their performance data and diagnostic information. The Splunk system can be used to process large volumes of data by using queries specified in Splunk's Search Processing Language (SPL).
The search results produced by such queries often contain important information related to performance problems and security issues, and it is often necessary to take immediate action to deal with such problems. Hence, when a performance problem or security issue is detected, it is desirable to generate an alert that triggers one or more “alert actions” to deal with such problems. For example, an alert action can include sending an email to a system administrator, or causing a firewall to block packets received from a specific IP address. At present, this can only be accomplished by manually writing a script (or application) to examine the search results and generate an alert.
Hence, what is needed is a system that facilitates automatically generating alerts based on search results generated by a query-processing system.