公开(公告)号：US12205022B2

公开(公告)日：2025-01-21

申请号：US16945415

申请日：2020-07-31

Applicant: Splunk Inc.

Inventor： Ram Sriharsha ,  Zhaohui Wang ,  Kristal Curtis

IPC: G06N3/08 ,  G06F16/23 ,  G06F16/245

Abstract: Systems and methods are described for extracting data fields from logs ingested in a data processing pipeline or otherwise stored. For example, a log can be applied as an input to an artificial intelligence model trained to infer a log sourcetype of logs, and the artificial intelligence model can output an inferred log sourcetype of the log. The inferred log sourcetype can be used to select another artificial intelligence model trained to extract data fields from logs having the inferred log sourcetype, and the log can then be applied as an input to the other artificial intelligence model. The other artificial intelligence model may then output one or more data fields extracted from the log.

公开(公告)号：US12111874B1

公开(公告)日：2024-10-08

申请号：US18147641

申请日：2022-12-28

Applicant: SPLUNK Inc.

Inventor： Francis Beckert ,  Kristal Curtis ,  Om Rajyaguru ,  Abraham Starosta ,  Poonam Yadav

IPC: G06F16/9535 ,  G06F16/2457 ,  G06F16/248

CPC classification number: G06F16/9535 ,  G06F16/24578 ,  G06F16/248

Abstract: Implementations of this disclosure provide a search assistant engine that integrates with a data intake and query system and provides an intuitive user interface to assist a user in searching and evaluating indexed event data. Additionally, the search assistant engine provides logic to intelligently provide data to the user through the user interface such as determining fields of events likely to be of interest based on determining a mutual information score for each field and determining groups of related fields based on determining a mutual information score for each field grouping. Some implementations utilize machine learning techniques in certain analyses such as when clustering events and determining an event templates for each cluster. Additionally, the search assistant engine may import terms or characters from user interaction into predetermined search query templates to generate tailored search query for the user.

公开(公告)号：US20250028618A1

公开(公告)日：2025-01-23

申请号：US18222870

申请日：2023-07-17

Applicant: Splunk Inc.

Inventor： Houwu Bai ,  Kristal Curtis ,  William Deaderick ,  Tanner Gilligan ,  Poonam Yadav ,  Om Rajyaguru

IPC: G06F11/34 ,  G06F11/30 ,  G06F16/23 ,  G06F16/2458

Abstract: Computerized methodologies are disclosed that are directed to detecting anomalies within a time-series data set. A first aspect of the anomaly detection process includes analyzing the regularity of the data points of the time-series data set and determining whether a data aggregation process is to be performed based on the regularity of the data points, which results in a time-series data set having data points occurring at regular intervals. A seasonality pattern may be determined for the time-series data set, where a silhouette score is computed to measure the quality of the fit of the seasonality pattern to the time-series data. The silhouette score may be compared to a threshold and based on the comparison, the seasonality pattern or a set of heuristics may be utilized in an anomaly detection process. When the seasonality pattern is utilized, the seasonality pattern may be utilized to generate thresholds indicating anomalous behavior.

公开(公告)号：US11714698B1

公开(公告)日：2023-08-01

申请号：US17587877

申请日：2022-01-28

Applicant: Splunk, Inc.

Inventor： Kristal Curtis ,  William Deaderick ,  Wei Jie Gao ,  Tanner Gilligan ,  Chandrima Sarkar ,  Alexander Stojanovic ,  Ralph Donald Thompson ,  Sichen Zhong ,  Poonam Yadav

IPC: G06F11/30 ,  G06F11/07 ,  G06F18/214 ,  G06F18/21

CPC classification number: G06F11/0781 ,  G06F11/0769 ,  G06F18/214 ,  G06F18/2178

Abstract: A computerized method is disclosed for generating a prioritized listing of alerts based on scoring by a machine learning model and retraining the model based on user feedback. Operations of the method include receiving a plurality of alerts, generating a score for each of the plurality of alerts through evaluation of each of the plurality of alerts by a machine learning model, generating a prioritized listing of the plurality of alerts based on the generated scores, receiving user feedback on the prioritized listing, retraining the machine learning model based on the user feedback by generating a set of labeled alert pairs, wherein a labeled alert pair includes a first alert, a second alert, and an indication as to which of the first alert or the second alert is a higher priority in accordance with the user feedback, and evaluating subsequently received alerts with the retrained machine learning model.

公开(公告)号：US20180349482A1

公开(公告)日：2018-12-06

申请号：US16049748

申请日：2018-07-30

Applicant: Splunk Inc.

Inventor： Adam Jamison Oliner ,  Kristal Curtis ,  Iman Makaremi ,  Ross Andrew Lazerowitz

IPC: G06F17/30 ,  G06F9/451

CPC classification number: G06F3/0481 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/542 ,  G06F17/30964 ,  G06Q10/06393 ,  G06Q10/20 ,  H04L41/0604 ,  H04L41/0681 ,  H04L41/069 ,  H04L41/22 ,  H04L41/5009 ,  Y04S10/54

Abstract: Network connections are established between machines of an operating environment to be monitored and a server group of a data intake and query system (DIQS). Data reflecting machine and component operations of the environment is conveyed via the network to the DIQS where it is reflected as timestamped entries in a field-searchable datastore. Monitoring components may search the datastore and identify and record instances of notable events. Triaging models are selectively applied against the notable event instances to produce an enhanced notable event instance representation with modeled results effective to automatically perform or assist in triaging the notable events so they are dispatched in an optimal, effective, and efficient, manner.

公开(公告)号：US11704490B2

公开(公告)日：2023-07-18

申请号：US16945448

申请日：2020-07-31

Applicant: Splunk Inc.

Inventor： Ram Sriharsha ,  Zhaohui Wang ,  Kristal Curtis

IPC: G06F40/284 ,  G06N20/00 ,  G06F40/242 ,  G06F16/33 ,  G06N5/04

CPC classification number: G06F40/284 ,  G06F16/3347 ,  G06F40/242 ,  G06N5/04 ,  G06N20/00

Abstract: Systems and methods are described for training an artificial intelligence model to infer a log sourcetype of a log. For example, logs may have different log sourcetypes, and logs having the same log sourcetypes may have different messagetypes. The artificial intelligence model may be a machine learning model, and can be trained using training data that includes logs with known log sourcetypes. Each log can be tokenized, filtered, converted into a vector, and applied to a machine learning model as an input to perform the training. The machine learning model may output an inferred log sourcetype, which can be compared with the known log sourcetype to update model parameters to improve the machine learning model accuracy. The trained machine learning model may be trained to infer a log sourcetype of a log regardless of the messagetype of the log.

公开(公告)号：US11663176B2

公开(公告)日：2023-05-30

申请号：US16945229

申请日：2020-07-31

Applicant: Splunk Inc.

Inventor： Ram Sriharsha ,  Zhaohui Wang ,  Kristal Curtis ,  Abraham Starosta

IPC: G06F16/00 ,  G06F16/21 ,  G06N3/08 ,  G06K9/62 ,  G06F16/25

CPC classification number: G06F16/213 ,  G06F16/252 ,  G06F16/258 ,  G06K9/6231 ,  G06K9/6257 ,  G06N3/08

Abstract: Systems and methods are described for training an artificial intelligence model to extract one or more data fields from a log. For example, the artificial intelligence model may be a neural network. The neural network may be trained using training data obtained by iterating through a plurality of logs using active learning, and selecting a subset of the logs in the plurality to be labeled by a user. For example, the selected subset of logs may be logs that are not similar to other logs already labeled by a user. The user may be prompted to label the selected subset of logs to identify one or more data fields to extract. Once the selected subset of logs are labeled, these labeled logs can be used as the training data to train the neural network.

公开(公告)号：US11501112B1

公开(公告)日：2022-11-15

申请号：US15967435

申请日：2018-04-30

Applicant: SPLUNK, INC.

Inventor： Adam Oliner ,  Kristal Curtis ,  Nghi Huu Nguyen ,  Alexander Johnson

IPC: G06F16/90 ,  G06K9/62 ,  G06F11/07 ,  G06F17/18 ,  G06N20/00 ,  G06F16/907 ,  G06F16/903 ,  G06F16/28

Abstract: A computerized method of diagnosing a mislabeling of a source type of a received event. The method comprising operations of receiving an event by a source type analysis logic with a data index and query system, wherein the event includes a portion of raw machine data and is associated with a specific point in time, obtaining an original source type assigned to the event and one or more predicted source types. The one or more predicted source types are determined by analysis of a data representation of the event in view of training data and the training data includes a plurality of data representations corresponding to known source types. Additionally, the computerized method also includes an operation of, determining whether the event has been mislabeled and in response to determining the event has been mislabeled, diagnosing a source of the mislabeling.

公开(公告)号：US11106681B2

公开(公告)日：2021-08-31

申请号：US16175636

申请日：2018-10-30

Applicant: Splunk, Inc.

Inventor： Adam Oliner ,  Eric Sammer ,  Kristal Curtis ,  Nghi Nguyen

IPC: G06F17/00 ,  G06F16/2455 ,  G06F40/205 ,  G06F16/248 ,  G06N5/04

Abstract: Messages of a first data stream may be accessed from an ingestion buffer in communication with a streaming data processor to receive data from the first data stream. At the streaming data processor and using an inference model, a sourcetype associated with one or more messages from the first data stream may be determined. The one or more messages may include a portion of machine data. Using the streaming data processor, a second data stream may be generated from the first data stream. The second data stream may include a subset of messages from the first data stream. A message of the subset of messages may be included in the second data stream based on a condition associated with the sourcetype for the message. At least one processing operation may be performed on at least one of the subset of messages from the second data stream.

公开(公告)号：US12182174B1

公开(公告)日：2024-12-31

申请号：US18147639

申请日：2022-12-28

Applicant: SPLUNK Inc.

Inventor： Francis Beckert ,  Kristal Curtis ,  Om Rajyaguru ,  Abraham Starosta ,  Poonam Yadav

IPC: G06F16/24 ,  G06F16/248 ,  G06F16/28 ,  G06F16/957

Abstract: A search assistant engine is described that integrates with a data intake and query system and provides an intuitive user interface to assist a user in searching and evaluating indexed event data. Additionally, the search assistant engine provides logic to intelligently provide data to the user through the user interface such as determining fields of events likely to be of interest based on determining a mutual information score for each field and determining groups of related fields based on determining a mutual information score for each field grouping. Some implementations utilize machine learning techniques in certain analyses such as when clustering events and determining an event templates for each cluster. Additionally, the search assistant engine may import terms or characters from user interaction into predetermined search query templates to generate tailored search query for the user.