Temporarily suppressing and/or disabling notifications to a client device of events detected by a security device monitoring an environment. The notifications may be disabled and/or suppressed based upon a request from a user of the client device, or when the client device is nearby the security device. The user may request that notifications are suppressed for a definable suppression duration, wherein a timer is started to run for the suppression duration, and notifications are suppressed while the timer is running. When the client device is nearby the security device, suppression of the notifications for other users may be defined by a user-configurable table. A notification from a security device may include a suppress button to suppress notifications from that security device for a suppression period.

Temporarily suppressing and/or disabling notifications to a client device of events detected by a security device monitoring an environment. The notifications may be disabled and/or suppressed based upon a request from a user of the client device, or when the client device is nearby the security device. The user may request that notifications are suppressed for a definable suppression duration, wherein a timer is started to run for the suppression duration, and notifications are suppressed while the timer is running. When the client device is nearby the security device, suppression of the notifications for other users may be defined by a user-configurable table. A notification from a security device may include a suppress button to suppress notifications from that security device for a suppression period.

Machine data of an operating environment is conveyed by a network to a data intake and query system (DIQS) which reflects the machine data as timestamped entries of a field-searchable datastore. Monitoring functionality may search the machine data to identify notable event instances. A notable event processing system correlates the notable event instance to one or more triaging models which are executed against the notable event to produce a modeled result. Information of the received notable event and the modeled results are combined into an enhanced representation of a notable event instance. The enhanced representation conditions downstream processing to automatically perform or assist triaging of notable event instances to optimize application of computing resources to highest priority conditions in the operating environment.

Machine data of an operating environment is conveyed by a network to a data intake and query system (DIQS) which reflects the machine data as timestamped entries of a field-searchable datastore. Monitoring functionality may search the machine data to identify notable event instances. A notable event processing system correlates the notable event instance to one or more triaging models which are executed against the notable event to produce a modeled result. Information of the received notable event and the modeled results are combined into an enhanced representation of a notable event instance. The enhanced representation conditions downstream processing to automatically perform or assist triaging of notable event instances to optimize application of computing resources to highest priority conditions in the operating environment.

Operational machine components of an information technology (IT) or other microprocessor- or microcontroller-permeated environment generate disparate forms of machine data. Network connections are established between these components and processors of an automatic data intake and query system (DIQS). The DIQS conducts network transactions on a periodic and/or continuous basis with the machine components to receive the disparate data and ingest certain of the data as measurement entries of a DIQS metrics datastore that is searchable for DIQS query processing. The DIQS may receive search queries to process against the received and ingested data via an exposed network interface. In one example embodiment, a query building component conducts a user interface using a network attached client device. The query building component may elicit search criteria via the user interface using a natural language interface, construct a proper query therefrom, and present new information based on results returned from the DIQS.

Operational machine components of an information technology (IT) or other microprocessor- or microcontroller-permeated environment generate disparate forms of machine data. Network connections are established between these components and processors of an automatic data intake and query system (DIQS). The DIQS conducts network transactions on a periodic and/or continuous basis with the machine components to receive the disparate data and ingest certain of the data as measurement entries of a DIQS metrics datastore that is searchable for DIQS query processing. The DIQS may receive search queries to process against the received and ingested data via an exposed network interface. In one example embodiment, a query building component conducts a user interface using a network attached client device. The query building component may elicit search criteria via the user interface using a natural language interface, construct a proper query therefrom, and present new information based on results returned from the DIQS.

A system is provided for automated cross-network monitoring of computing hardware and software status. In particular, the system may track the status of various computing resources using process automation-based operations to simulate calls made by users to the various resources that the users are authorized to access. Based on said operations, the system may assess whether the authorized pathways to the resources and/or their respective components are properly functioning by capturing information regarding the resource, its associated components, and the current status of the resource. The results of these operations may be aggregated to provide an overview of which resources and/or systems are functioning and which are not. In this way, the system may provide a detailed view of the statuses of the individual resources and components within an entity's complex computing network.

In one embodiment, a service that monitors a network detects a plurality of anomalies in the network. The service uses data regarding the detected anomalies as input to one or more machine learning models. The service maps, using a conceptual space, outputs of the one or more machine learning models to symbols. The service applies a symbolic reasoning engine to the symbols, to rank the anomalies. The service sends an alert for a particular one of the detected anomalies to a user interface, based on its corresponding rank.

In one embodiment, a service that monitors a network detects a plurality of anomalies in the network. The service uses data regarding the detected anomalies as input to one or more machine learning models. The service maps, using a conceptual space, outputs of the one or more machine learning models to symbols. The service applies a symbolic reasoning engine to the symbols, to rank the anomalies. The service sends an alert for a particular one of the detected anomalies to a user interface, based on its corresponding rank.

Example techniques for adaptive time window-based log message deduplication are described. In an example, message values are obtained from received log messages. Further, the number of log messages received in a time window having a message value is counted. A log message from which the message value is obtained and the counted number are transmitted upon expiry of the time window. A length of a time window in which a subsequent counting of log messages is to be performed is determined based on various parameters.