公开(公告)号：US10462004B2

公开(公告)日：2019-10-29

申请号：US14699807

申请日：2015-04-29

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Wei Jiang ,  Vladimir A. Shcherbakov ,  Ramkumar Chandrasekharan ,  Clayton S. Ching

IPC: G06F16/00 ,  H04L12/24 ,  G06F3/0482 ,  G06F3/0484 ,  G06F16/26 ,  G06F3/0481 ,  H04L29/08

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements containing a set of statistics associated with one or more event streams that comprise the time-series event data. The system then causes for display, in the GUI, one or more graphs comprising one or more values from the set of statistics. Finally, the system causes for display, in the GUI, a value of a statistic from the set of statistics based on a position of a cursor over the one or more graphs.

公开(公告)号：US10795884B2

公开(公告)日：2020-10-06

申请号：US15665302

申请日：2017-07-31

Applicant: Splunk Inc.

Inventor： Arindam Bhattacharjee ,  Sourav Pal ,  Ramkumar Chandrasekharan

IPC: G06F16/00 ,  G06F16/2453 ,  G06F16/2458 ,  G06F16/33 ,  G06F16/2455

Abstract: Systems and methods are disclosed for processing queries against a common storage utilizing dynamically allocated partitions operating on one or more worker nodes. The common storage can include one or more data stores, which collectively contain a data set divided across multiple buckets of data. To query the common storage, a query coordinator can retrieve metadata regarding the multiple buckets, in order to determine a subset of buckets that are potentially relevant to a query. The query coordinator can then dynamically allocate partitions operating on worker nodes to retrieve and intake individual buckets of the subset into a phased search process. The dynamic allocation can be selected to maximize parallelization of the buckets across partitions, thus increasing a speed at which the common storage can be searched.

公开(公告)号：US20180089262A1

公开(公告)日：2018-03-29

申请号：US15665302

申请日：2017-07-31

Applicant: Splunk Inc.

Inventor： Arindam Bhattacharjee ,  Sourav Pal ,  Ramkumar Chandrasekharan

IPC: G06F17/30

CPC classification number: G06F16/24532 ,  G06F16/24535 ,  G06F16/24554 ,  G06F16/2465 ,  G06F16/3334 ,  G06F16/3349

Abstract: Systems and methods are disclosed for processing queries against a common storage utilizing dynamically allocated partitions operating on one or more worker nodes. The common storage can include one or more data stores, which collectively contain a data set divided across multiple buckets of data. To query the common storage, a query coordinator can retrieve metadata regarding the multiple buckets, in order to determine a subset of buckets that are potentially relevant to a query. The query coordinator can then dynamically allocate partitions operating on worker nodes to retrieve and intake individual buckets of the subset into a phased search process. The dynamic allocation can be selected to maximize parallelization of the buckets across partitions, thus increasing a speed at which the common storage can be searched.

公开(公告)号：US20150341212A1

公开(公告)日：2015-11-26

申请号：US14699807

申请日：2015-04-29

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Wei Jiang ,  Vladimir A. Shcherbakov ,  Ramkumar Chandrasekharan ,  Clayton S. Ching

IPC: H04L12/24 ,  G06F3/0482 ,  G06F3/0484 ,  G06F17/30

CPC classification number: H04L41/0813 ,  G06F3/0481 ,  G06F3/0482 ,  G06F3/04842 ,  G06F16/26 ,  H04L41/22 ,  H04L67/12 ,  H04L67/36

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements containing a set of statistics associated with one or more event streams that comprise the time-series event data. The system then causes for display, in the GUI, one or more graphs comprising one or more values from the set of statistics. Finally, the system causes for display, in the GUI, a value of a statistic from the set of statistics based on a position of a cursor over the one or more graphs.

Abstract translation: 所公开的实施例提供了有助于网络数据的处理的系统。 在操作期间，该系统导致显示用于从由一个或多个远程捕获代理捕获的网络分组生成时间序列事件数据的图形用户界面（GUI）。 接下来，系统导致在GUI中显示包含与包括时间序列事件数据的一个或多个事件流相关联的一组统计信息的第一组用户界面元素。 然后，系统在GUI中显示包括来自该组统计信息中的一个或多个值的一个或多个图形。 最后，系统导致在GUI中根据一个或多个图形上的光标的位置从该组统计显示统计值的值。

公开(公告)号：US11716248B1

公开(公告)日：2023-08-01

申请号：US17578264

申请日：2022-01-18

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Wei Jiang ,  Vladimir A. Shcherbakov ,  Ramkumar Chandrasekharan ,  Clayton S. Ching

IPC: G06F16/00 ,  H04L41/0813 ,  H04L41/22 ,  G06F3/0482 ,  G06F3/04842 ,  G06F16/26 ,  G06F3/0481 ,  H04L67/12 ,  H04L67/75

CPC classification number: H04L41/0813 ,  G06F3/0481 ,  G06F3/0482 ,  G06F3/04842 ,  G06F16/26 ,  H04L41/22 ,  H04L67/12 ,  H04L67/75

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements containing a set of statistics associated with one or more event streams that comprise the time-series event data. The system then causes for display, in the GUI, one or more graphs comprising one or more values from the set of statistics. Finally, the system causes for display, in the GUI, a value of a statistic from the set of statistics based on a position of a cursor over the one or more graphs.

公开(公告)号：US11675816B1

公开(公告)日：2023-06-13

申请号：US17163258

申请日：2021-01-29

Applicant: Splunk Inc.

Inventor： Ramkumar Chandrasekharan ,  Tristan Antonio Fletcher ,  Ramprasad Siva Golla ,  Alpesh Sheth ,  Shailendra Suryawanshi ,  Xiang Zhou

IPC: G06F17/00 ,  G06F16/28 ,  G06N20/00

CPC classification number: G06F16/285 ,  G06N20/00

Abstract: Systems and methods are described for using a streaming data processor to group notable events reflecting operation of a computing system into episodes of related events reflecting an incident on the computing system, such as to enable root cause analysis of the incident. Each notable event can be generated based on one or more events detected within raw machine data. The streaming data processor can ingest a data stream of notable events, and apply a clustering algorithm to the events to cluster those events into episodes. When the episodes satisfy an action rule, the streaming data processor can take an action appropriate to that rule, such as transmitting an alert or programmatically altering operation of the computing system. The streaming data processor can utilize feedback as to the grouping of events into episodes to modify the clustering algorithm and improve accuracy of clustering.

公开(公告)号：US20200014593A1

公开(公告)日：2020-01-09

申请号：US16573937

申请日：2019-09-17

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Wei Jiang ,  Vladimir A. Shcherbakov ,  Ramkumar Chandrasekharan ,  Clayton S. Ching

IPC: H04L12/24 ,  G06F3/0482 ,  G06F3/0484 ,  G06F16/26

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements containing a set of statistics associated with one or more event streams that comprise the time-series event data. The system then causes for display, in the GUI, one or more graphs comprising one or more values from the set of statistics. Finally, the system causes for display, in the GUI, a value of a statistic from the set of statistics based on a position of a cursor over the one or more graphs.

公开(公告)号：US12028208B1

公开(公告)日：2024-07-02

申请号：US18330299

申请日：2023-06-06

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Wei Jiang ,  Vladimir A. Shcherbakov ,  Ramkumar Chandrasekharan ,  Clayton S. Ching

IPC: G06F16/00 ,  G06F3/0481 ,  G06F3/0482 ,  G06F3/04842 ,  G06F16/26 ,  H04L41/0813 ,  H04L41/22 ,  H04L67/12 ,  H04L67/75

CPC classification number: H04L41/0813 ,  G06F3/0481 ,  G06F3/0482 ,  G06F3/04842 ,  G06F16/26 ,  H04L41/22 ,  H04L67/12 ,  H04L67/75

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements containing a set of statistics associated with one or more event streams that comprise the time-series event data. The system then causes for display, in the GUI, one or more graphs comprising one or more values from the set of statistics. Finally, the system causes for display, in the GUI, a value of a statistic from the set of statistics based on a position of a cursor over the one or more graphs.

公开(公告)号：US11676072B1

公开(公告)日：2023-06-13

申请号：US17163212

申请日：2021-01-29

Applicant: Splunk Inc.

Inventor： Ramkumar Chandrasekharan ,  William Deaderick ,  Lila Fridley ,  Ramprasad Siva Golla ,  Shailendra Suryawanshi

IPC: G06F7/00 ,  G06N20/00 ,  G06F3/0482 ,  G06F3/0486 ,  G06F16/28

CPC classification number: G06N20/00 ,  G06F3/0482 ,  G06F3/0486 ,  G06F16/285

Abstract: Systems and methods are described for training a machine learning (ML) model to group notable events reflecting operation of a computing system into episodes of related events reflecting an incident on the computing system, such as to enable root cause analysis of the incident. The ML model is trained using pairwise binary similarity labels (PBSLs) indicating that two events must or must not be grouped together. An interface is provided that facilitates rapid generating of PBSLs by relocating one or more events from a first episode to a second episode. The relocation input is translated into PBSLs that are then used to train the ML model.

公开(公告)号：US11245581B2

公开(公告)日：2022-02-08

申请号：US16573937

申请日：2019-09-17

Applicant: Splunk Inc.

Inventor： Fang I Hsiao ,  Wei Jiang ,  Vladimir A. Shcherbakov ,  Ramkumar Chandrasekharan ,  Clayton S. Ching

IPC: G06F16/00 ,  H04L12/24 ,  G06F3/0482 ,  G06F3/0484 ,  G06F16/26 ,  G06F3/0481 ,  H04L29/08

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements containing a set of statistics associated with one or more event streams that comprise the time-series event data. The system then causes for display, in the GUI, one or more graphs comprising one or more values from the set of statistics. Finally, the system causes for display, in the GUI, a value of a statistic from the set of statistics based on a position of a cursor over the one or more graphs.