The approaches described in this section are approaches that could be pursued, but not necessarily approaches that have been previously conceived or pursued. Therefore, unless otherwise indicated, it should not be assumed that any of the approaches described in this section qualify as prior art merely by virtue of their inclusion in this section.
Today, many online services are implemented as complex, large-scale distributed computing systems. These online services include, but are not limited to, many Internet services used by users around the globe. Many of these online services are constructed from collections of software components often developed by different software development teams, potentially in different software programming languages. It is not uncommon for the software components of an online service to span tens, hundreds, or thousands of machines, or more, across one or more data center facilities. Solutions that help programmers, developer operations personnel (dev-ops), and other technical personnel responsible for developing and maintaining distributed computing systems reason about security and performance issues in such environments would be appreciated.
One possible solution for this is to collect data generated by machines (machine data) in the environment, index the machine data, and allow users to query the machine data via the index using a general-purpose query language. This solution can provide great flexibility to users in querying the machine data. However, due to its general-purpose nature, this solution is inefficient for event context enrichment involving determining ancestor and descendant processes, and metadata thereof, of a given process associated with an event. For example, the solution requires the user to formulate a complex query statement, and a query engine to perform a number of computationally expensive join operations, in order to achieve this enrichment. Furthermore, again because of the general-purpose nature of the solution, indexing large-volumes of machine data is slow and I/O intensive.
What is needed then is a more efficient solution for event context enrichment involving determining ancestor and descendant processes, and metadata thereof, of a given process associated with an event. Preferably, the solution will be more efficient both in terms of ease-of-use by users and in terms of computer processing of enrichment queries. The present disclosure provides a solution to this and other needs. The solution of the present disclosure may be implemented in conjunction with or in place of existing solutions for event context enrichment.