公开(公告)号：US20220342920A1

公开(公告)日：2022-10-27

申请号：US17861083

申请日：2022-07-08

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Jason Szeto ,  Jose Solis ,  Jindrich Dinga ,  David Marquardt

IPC: G06F16/34 ,  G06T11/20 ,  G06F16/335 ,  G06F16/35

Abstract: Systems and methods are disclosed involving user interface (UI) search tools for locating data, including tools for summarizing indexed raw machine data that organize and present results to enable expansion and exploration of initial summarizations. The initial summarizations may be explored and refined to help users determine how to identify and best focus a search on data subsets of greater interest.

公开(公告)号：US11226977B1

公开(公告)日：2022-01-18

申请号：US16896145

申请日：2020-06-08

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Jacob Barton Leverich ,  Jeffrey Thomas Lloyd ,  Adam Jamison Oliner ,  Marc Vincent Robichaud ,  Jesse Miller

IPC: G06F16/248 ,  G06F11/30 ,  G06F16/245 ,  G06F16/242 ,  G06F11/34

Abstract: A facility for defining an event subtype using examples is described. The facility displays events identified among machine-generated data. The facility receives user input selecting a first subset of the events as examples of an event subtype. In response to receiving the user input, the facility displays a second subset of the events predicted to belong to the event subtype on the basis of the examples of the event subtype.

公开(公告)号：US20200012715A1

公开(公告)日：2020-01-09

申请号：US16541637

申请日：2019-08-15

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  Catherine Anne Hanson ,  David Carasso

IPC: G06F17/24 ,  G06F16/2458

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US10528607B2

公开(公告)日：2020-01-07

申请号：US15223598

申请日：2016-07-29

Applicant: SPLUNK INC.

Inventor： Jindrich Dinga ,  Yuan Xie ,  Katherine Kyle Feeney ,  Jesse Miller

IPC: G06F9/44 ,  G06F16/33 ,  G06F8/33 ,  G06F11/30

Abstract: Various approaches for automating code completion are described herein. More particularly, approaches are provided that automatically generate coded commands of a coding language (i.e., code) that function and operate as intended by the user. As the user codes the commands, such approaches assist a user in various ways. For example, such automated assistance provides the user an understanding of various coding options available in the coding language. The assistance also enforces the proper employment of the available coding options, as well as provides an understanding of the functionality of the generated code. Automating code completion provides various benefits to the user, such as decreasing the time the user spends generating code, increasing the likelihood that the generated code functions and operates on a system as intended, and reducing the number of code versions required to be executed or compiled by the system.

公开(公告)号：US10394946B2

公开(公告)日：2019-08-27

申请号：US15694654

申请日：2017-09-01

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  Catherine Anne Hanson ,  David Carasso

IPC: G06F3/048 ,  G06F17/24 ,  G06F16/2458

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US20190188203A1

公开(公告)日：2019-06-20

申请号：US16250949

申请日：2019-01-17

Applicant: SPLUNK INC.

Inventor： Alexander James ,  Jesse Miller

IPC: G06F16/2452 ,  G06F16/2455 ,  G06F16/22

CPC classification number: G06F16/24524 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F16/00 ,  G06F16/22 ,  G06F16/23 ,  G06F16/235 ,  G06F16/2372 ,  G06F16/2423 ,  G06F16/24544 ,  G06F16/2455 ,  G06F16/24564 ,  G06F16/2477 ,  G06F16/26 ,  G06F16/33 ,  G06F16/3334 ,  G06F17/245 ,  G06F17/30374 ,  G06F17/30466 ,  G06F21/6227 ,  G06Q10/00 ,  G06Q10/10 ,  G06T11/206 ,  G06T2200/24

Abstract: A method includes assigning an access permission of a first user to a query object that represents a first query, the access permission granting the first user access rights to one or more data sources of the first query, the access permission being assigned as a runtime perfusion of the first query, granting a request from a second user to execute a second query, the first query being a subquery of the second query, and allowing the second user to execute the first query on the one or more data sources of the first query using the runtime permission assigned to the first query in executing the second query using the first query as the subquery.

公开(公告)号：US20180300349A1

公开(公告)日：2018-10-18

申请号：US16013381

申请日：2018-06-20

Applicant: Splunk Inc.

Inventor： Alexander Munk ,  Jesse Miller

IPC: G06F17/30 ,  G06F3/0482

Abstract: A data intake and query system provides interfaces that enable users to configure source type definitions used by the system. A data intake and query system generally refers to a system for collecting and analyzing data including machine-generated data. Such a system may be configured to consume many different types of machine data generated by any number of different data sources including various servers, network devices, applications, etc. At a high level, a source type definition comprises one or more properties that define how various components of a data intake and query system collect, index, store, search and otherwise interact with particular types of data consumed by the system. The interfaces provided by the system generally comprise one or more interface components for configuring various attributes of a source type definition.

公开(公告)号：US20170139887A1

公开(公告)日：2017-05-18

申请号：US15417430

申请日：2017-01-27

Applicant: Splunk, Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F17/24 ,  G06F3/0484 ,  G06F17/30

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US20150149879A1

公开(公告)日：2015-05-28

申请号：US14610668

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  Catherine Anne Hanson ,  David Carasso

IPC: G06F17/24

CPC classification number: G06F17/243 ,  G06F17/30551

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

Abstract translation: 所公开的技术涉及制定和提炼在查询时使用具有后期绑定模式的原始数据的字段提取规则。 字段提取规则识别原始数据的部分，以及它们的数据类型和层次关系。 这些提取规则是针对未组织成尚未通过标准提取或转换方法处理的关系结构的非常大的数据集执行的。 通过使用示例事件，关注主要和次要示例事件有助于制定跨多个数据格式的单个提取规则，或者针对不同格式的多个规则。 选择工具标记示例事件以指示提取规则的正例，并确定负面示例以避免错误的值选择。 提取规则可以保存以供查询时间使用，并且可以被并入事件数据的集合和子集的数据模型中。

公开(公告)号：US11822512B1

公开(公告)日：2023-11-21

申请号：US17947708

申请日：2022-09-19

Applicant: Splunk Inc.

Inventor： Jesse Miller

IPC: G06F16/13 ,  G06F16/14 ,  G06F11/30 ,  G06F11/32 ,  G06F16/9032 ,  G06F11/34

CPC classification number: G06F16/13 ,  G06F11/30 ,  G06F11/323 ,  G06F16/148 ,  G06F16/9032 ,  G06F11/3495 ,  G06F2201/86

Abstract: A graphical user interface allows a customer to specify delimiters and/or patterns that occur in event data and indicate the presence of a particular field. The graphical user interface applies a customer's delimiter specifications directly to event data and displays the resulting event data in real time. Delimiter specifications may be saved as configuration settings and systems in a distributed setting may use the delimiter specifications to extract field values as the systems process raw data into event data. Extracted field values are used to accelerate search queries that a system receives.