公开(公告)号：US12182174B1

公开(公告)日：2024-12-31

申请号：US18147639

申请日：2022-12-28

Applicant: SPLUNK Inc.

Inventor： Francis Beckert ,  Kristal Curtis ,  Om Rajyaguru ,  Abraham Starosta ,  Poonam Yadav

IPC: G06F16/24 ,  G06F16/248 ,  G06F16/28 ,  G06F16/957

Abstract: A search assistant engine is described that integrates with a data intake and query system and provides an intuitive user interface to assist a user in searching and evaluating indexed event data. Additionally, the search assistant engine provides logic to intelligently provide data to the user through the user interface such as determining fields of events likely to be of interest based on determining a mutual information score for each field and determining groups of related fields based on determining a mutual information score for each field grouping. Some implementations utilize machine learning techniques in certain analyses such as when clustering events and determining an event templates for each cluster. Additionally, the search assistant engine may import terms or characters from user interaction into predetermined search query templates to generate tailored search query for the user.

公开(公告)号：US12050507B1

公开(公告)日：2024-07-30

申请号：US17582995

申请日：2022-01-24

Applicant: Splunk, Inc.

Inventor： Abraham Starosta ,  Francis Beckert ,  Chandrima Sarkar

IPC: G06F11/07 ,  G06F16/2455 ,  G06F16/2458

CPC classification number: G06F11/0781 ,  G06F16/24561 ,  G06F16/2471

Abstract: A computerized method is disclosed for automated handling of data ingestion anomalies. The method features training a data model based on a first volume of data associated with a first time period. Thereafter, using the data model, a predictive analysis is conducted on a second volume of data associated with a second time period subsequent to the first time period to produce a predicted data ingestion volume. After, a correlative analysis between the predicted data ingestion volume and an actual data ingestion volume during the second time period is conducted to produce a prediction error. A notification is generated based on the prediction error.

公开(公告)号：US12216527B1

公开(公告)日：2025-02-04

申请号：US17583056

申请日：2022-01-24

Applicant: Splunk, Inc.

Inventor： Abraham Starosta ,  Francis Beckert ,  Chandrima Sarkar

IPC: G06F11/00 ,  G06F11/07 ,  G06F16/23 ,  G06N20/00 ,  G06F11/30 ,  G06F11/34

Abstract: A computerized method is disclosed for automated handling of data ingestion anomalies. The method features operations of detecting a data ingestion anomaly and determining a cause for the data ingestion anomaly. The causal determination may be conducted by at least (i) determining features of an anomalous data ingestion volume, (ii) training a second data model, after a first data model being used to detect the data ingestion anomaly, with data sets consistent with the determined features, (iii) applying the second data model to predict whether a data ingestion sub-volume is anomalous, (iv) obtaining system state information during ingestion of the anomalous data ingestion sub-volume, and (v) determining the cause of the anomalous data ingestion volume based on the system state information.

公开(公告)号：US12111874B1

公开(公告)日：2024-10-08

申请号：US18147641

申请日：2022-12-28

Applicant: SPLUNK Inc.

Inventor： Francis Beckert ,  Kristal Curtis ,  Om Rajyaguru ,  Abraham Starosta ,  Poonam Yadav

IPC: G06F16/9535 ,  G06F16/2457 ,  G06F16/248

CPC classification number: G06F16/9535 ,  G06F16/24578 ,  G06F16/248

Abstract: Implementations of this disclosure provide a search assistant engine that integrates with a data intake and query system and provides an intuitive user interface to assist a user in searching and evaluating indexed event data. Additionally, the search assistant engine provides logic to intelligently provide data to the user through the user interface such as determining fields of events likely to be of interest based on determining a mutual information score for each field and determining groups of related fields based on determining a mutual information score for each field grouping. Some implementations utilize machine learning techniques in certain analyses such as when clustering events and determining an event templates for each cluster. Additionally, the search assistant engine may import terms or characters from user interaction into predetermined search query templates to generate tailored search query for the user.