公开(公告)号：US20140208245A1

公开(公告)日：2014-07-24

申请号：US14169268

申请日：2014-01-31

Applicant: SPLUNK INC.

Inventor： R. David CARASSO ,  Micah James DELFINO ,  Johnvey HWANG

IPC: G06F3/0484

CPC classification number: G06F16/34 ,  G06F3/0484 ,  G06F3/04842 ,  G06F16/242 ,  G06F16/2423 ,  G06F16/2477 ,  G06F17/24 ,  G06F17/243 ,  G06F17/28 ,  H04L67/10

Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.

Abstract translation: 实施例涉及基于诸如正则表达式的至少一个提取规则来实时显示事件记录和提取的值。 可以使用用户界面来使用户能够自动生成提取规则和/或手动输入提取规则。 可以使用户手动编辑先前提供的提取规则，这可以导致更新的提取值的实时显示。 提取规则可以用于从多个记录中的每一个提取值，包括非结构化机器数据的事件记录。 可以针对每个唯一提取的值确定统计量，并且可以实时地向用户显示。 用户界面还可以使用户能够选择至少一个唯一的提取值来显示包括与所选择的值匹配的提取值的那些事件记录。

公开(公告)号：US20140207784A1

公开(公告)日：2014-07-24

申请号：US14168888

申请日：2014-01-30

Applicant: SPLUNK INC.

Inventor： R. David CARASSO ,  Micah James Delfino

IPC: G06F7/24 ,  G06F17/30

CPC classification number: G06F17/30563 ,  G06F3/0482 ,  G06F3/04842 ,  G06F7/24 ,  G06F17/30601 ,  G06F17/30705

Abstract: Embodiments are directed towards generating a representative sampling as a subset from a larger dataset that includes unstructured data. A graphical user interface enables a user to provide various data selection parameters, including specifying a data source and one or more subset types desired, including one or more of latest records, earliest records, diverse records, outlier records, and/or random records. Diverse and/or outlier subset types may be obtained by generating clusters from an initial selection of records obtained from the larger dataset. An iteration analysis is performed to determine whether a sufficient number of clusters and/or cluster types have been generated that exceed at least one threshold and when not exceeded, additional clustering is performed on additional records. From the resultant clusters, and/or other subtype results, a subset of records is obtained as the representative sampling subset.

Abstract translation: 实施例旨在从包括非结构化数据的较大数据集生成代表性采样作为子集。 图形用户界面使得用户能够提供各种数据选择参数，包括指定数据源和期望的一个或多个子集类型，包括最新记录，最早记录，不同记录，离群记录和/或随机记录中的一个或多个。 可以通过从从较大数据集获得的记录的初始选择生成聚类来获得不同的和/或离群子集类型。 执行迭代分析以确定是否已经生成了超过至少一个阈值的足够数量的集群和/或集群类型，并且当不超过时，对附加记录执行附加集群。 从所得到的集群和/或其他子类型结果中，获得记录的子集作为代表性抽样子集。

公开(公告)号：US20190171629A1

公开(公告)日：2019-06-06

申请号：US16264610

申请日：2019-01-31

Applicant: Splunk Inc.

Inventor： Michael Joseph BAUM ,  R. David CARASSO ,  Robin Kumar DAS ,  Rory GREENE ,  Bradley HALL ,  Nicholas Christian MEALY ,  Brian Philip MURPHY ,  Stephen Phillip SORKIN ,  Andre David STECHERT ,  Erik M. SWAN

IPC: G06F16/22 ,  G06F16/2457 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/248 ,  G06F16/951 ,  G06F16/23

Abstract: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.

公开(公告)号：US20170270088A1

公开(公告)日：2017-09-21

申请号：US15582670

申请日：2017-04-29

Applicant: SPLUNK, Inc.

Inventor： R. David CARASSO ,  Micah James Delfino ,  Johnvey HWANG

IPC: G06F17/24 ,  H04L29/08 ,  G06F17/30 ,  G06F3/0484

CPC classification number: G06F16/34 ,  G06F3/0484 ,  G06F3/04842 ,  G06F16/242 ,  G06F16/2423 ,  G06F16/2477 ,  G06F17/24 ,  G06F17/243 ,  G06F17/28 ,  H04L67/10

Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.

公开(公告)号：US20150339351A1

公开(公告)日：2015-11-26

申请号：US14815980

申请日：2015-08-01

Applicant: Splunk Inc.

Inventor： Erik M. SWAN ,  R. David CARASSO ,  Robin Kumar DAS ,  Rory GREENE ,  Bradley HALL ,  Nicholas Christian MEALY ,  Brian Philip MURPHY ,  Stephen Phillip SORKIN ,  Andre David STECHERT ,  Michael Joseph BAUM

IPC: G06F17/30

Abstract: Methods and apparatus consistent with the invention provide the ability to search and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.

Abstract translation: 与本发明一致的方法和装置提供了基于搜索搜索和呈现时间序列数据的能力。 时间序列数据是在一个或多个通常连续的流中发生的时间戳记录的序列，表示某种类型的活动。 在一个实施例中，时间序列数据被组织成具有归一化时间戳的离散事件，并且事件由时间和关键字索引。 完全或部分地基于搜索时计算的时间索引机制，关键字索引机制或统计索引，检索相关的事件信息。

公开(公告)号：US20150149480A1

公开(公告)日：2015-05-28

申请号：US14611170

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Erik M. SWAN ,  R. David CARASSO ,  Robin Kumar DAS ,  Rory GREENE ,  Bradley HALL ,  Nicholas Christian MEALY ,  Brian Philip MURPHY ,  Stephen Phillip SORKIN ,  Andre David STECHERT ,  Michael Joseph BAUM

IPC: G06F17/30

CPC classification number: G06F17/30336 ,  G06F17/30321 ,  G06F17/30342 ,  G06F17/30353 ,  G06F17/30516 ,  G06F17/30528 ,  G06F17/3053 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/30864

Abstract: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.

Abstract translation: 根据本发明的方法和设备提供了基于搜索来组织，索引，搜索和呈现时间序列数据的能力。 时间序列数据是在一个或多个通常连续的流中发生的时间戳记录的序列，表示某种类型的活动。 在一个实施例中，时间序列数据被组织成具有归一化时间戳的离散事件，并且事件由时间和关键字索引。 完全或部分地基于搜索时计算的时间索引机制，关键字索引机制或统计索引，检索相关的事件信息。

公开(公告)号：US20150143220A1

公开(公告)日：2015-05-21

申请号：US14611093

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： R. David CARASSO ,  Micah James DELFINO ,  Johnvey HWANG

IPC: G06F17/24 ,  H04L29/08

CPC classification number: G06F16/34 ,  G06F3/0484 ,  G06F3/04842 ,  G06F16/242 ,  G06F16/2423 ,  G06F16/2477 ,  G06F17/24 ,  G06F17/243 ,  G06F17/28 ,  H04L67/10

Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.

Abstract translation: 实施例涉及基于诸如正则表达式的至少一个提取规则来实时显示事件记录和提取的值。 可以使用用户界面来使用户能够自动生成提取规则和/或手动输入提取规则。 可以使用户手动编辑先前提供的提取规则，这可以导致更新的提取值的实时显示。 提取规则可以用于从多个记录中的每一个提取值，包括非结构化机器数据的事件记录。 可以针对每个唯一提取的值确定统计量，并且可以实时地向用户显示。 用户界面还可以使用户能够选择至少一个唯一的提取值来显示包括与所选择的值匹配的提取值的那些事件记录。

公开(公告)号：US20210004396A1

公开(公告)日：2021-01-07

申请号：US17028722

申请日：2020-09-22

Applicant: SPLUNK INC.

Inventor： R. David CARASSO ,  Micah James Delfino ,  Johnvey HWANG

IPC: G06F16/34 ,  G06F16/242 ,  G06F16/2458 ,  G06F40/40 ,  G06F40/166 ,  G06F40/174 ,  G06F3/0484 ,  H04L29/08

Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.

公开(公告)号：US20170139968A1

公开(公告)日：2017-05-18

申请号：US15421416

申请日：2017-01-31

Applicant: Splunk Inc.

Inventor： Michael Joseph BAUM ,  R. David CARASSO ,  Robin Kumar DAS ,  Rory GREENE ,  Bradley HALL ,  Nicholas Christian MEALY ,  Brian Philip MURPHY ,  Stephen Phillip SORKIN ,  Andre David STECHERT ,  Erik M. SWAN

IPC: G06F17/30

CPC classification number: G06F17/30336 ,  G06F17/30321 ,  G06F17/30342 ,  G06F17/30353 ,  G06F17/30516 ,  G06F17/30528 ,  G06F17/3053 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/30864

Abstract: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.

公开(公告)号：US20140149438A1

公开(公告)日：2014-05-29

申请号：US14170228

申请日：2014-01-31

Applicant: SPLUNK INC.

Inventor： Michael Joseph BAUM ,  R. David CARASSO ,  Robin Kumar DAS ,  Bradley HALL ,  Brian Phillip MURPHY ,  Stephen Phillip SORKIN ,  Andre David STECHERT ,  Erik M. SWAN ,  Rory GREENE ,  Nicholas Christian MEALY ,  Christina Frances Regina NOREN

IPC: G06F17/30

CPC classification number: G06F17/30604 ,  G06F11/3476 ,  G06F17/2785 ,  G06F17/30368 ,  G06F17/30477 ,  G06F17/30507 ,  G06F17/30525 ,  G06F17/30551 ,  G06F17/30598 ,  G06F17/30619 ,  G06F17/30657 ,  G06F17/30705 ,  G06K9/6217 ,  H04L63/1425 ,  H04L63/20

Abstract: Methods and apparatus consistent with the invention provide the ability to organize and build understandings of machine data generated by a variety of information-processing environments. Machine data is a product of information-processing systems (e.g., activity logs, configuration files, messages, database records) and represents the evidence of particular events that have taken place and been recorded in raw data format. In one embodiment, machine data is turned into a machine data web by organizing machine data into events and then linking events together.

Abstract translation: 与本发明一致的方法和设备提供组织和构建由各种信息处理环境生成的机器数据的理解的能力。 机器数据是信息处理系统（例如，活动日志，配置文件，消息，数据库记录）的产物，并且表示已经发生并以原始数据格式记录的特定事件的证据。 在一个实施例中，机器数据通过将机器数据组织到事件中并将事件链接在一起而变成机器数据网。