公开(公告)号：US10223423B2

公开(公告)日：2019-03-05

申请号：US14528905

申请日：2014-10-30

Applicant: Splunk Inc.

Inventor： Nicholas John Filippi ,  Katherine Kyle Feeney ,  Cory Eugene Burke ,  Abhinav Prasad Nekkanti ,  Marc Vincent Robichaud ,  Irina Korobova

IPC: G06F17/30 ,  G06F11/00 ,  G06F11/07 ,  G06Q10/00 ,  H04L12/24

Abstract: Custom communication alert techniques are described where a triggering condition is detected by one or more computing devices that is found by searching data using one or more extraction rules of a late-binding schema. Responsive to the detection of the triggering condition of the alert, a communication is formed by the one or more computing devices that corresponds to the alert and that includes one or more tokens based on one or more values of the data taken from fields defined by the one or more extraction rules. The communication is caused to be transmitted by the one or more computing device via a network for receipt by at least one computing device of an intended recipient of the communication.

公开(公告)号：US10061824B2

公开(公告)日：2018-08-28

申请号：US14611002

申请日：2015-01-30

Applicant: SPLUNK INC.

Inventor： Marc Vincent Robichaud ,  Cory Eugene Burke ,  Jeffrey Thomas Lloyd ,  Jesse Miller

IPC: G06F17/30 ,  G06F3/0484 ,  G06F17/24

Abstract: A search interface is displayed in a table format that includes one or more columns, each column including data items of an event attribute, the data items being of a set of events, and a plurality of rows forming cells with the one or more columns, each cell including one or more of the data items of the event attribute of a corresponding column. Based on a user selecting one or more of the cells, a list of options if displayed corresponding to the selection, and one or more commands are added to a search query that corresponds to the set of events, the one or more commands being based on at least an option that is selected from the list of options and the event attribute for each of the one or more of the data items of each of the selected one or more cells.

公开(公告)号：US20180157722A1

公开(公告)日：2018-06-07

申请号：US15885491

申请日：2018-01-31

Applicant: SPLUNK INC.

Inventor： Divanny I. Lamas ,  Marc Vincent Robichaud ,  Carl Sterling Yestrau

IPC: G06F17/30 ,  G06F3/0481 ,  G06F3/0484 ,  G06F3/0482

CPC classification number: G06F16/25 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/04842 ,  G06F16/2393 ,  G06F16/2455 ,  G06F16/2477 ,  G06F16/26 ,  G06F16/9038

Abstract: An event limited field picker for a search user interface is described. In one or more implementations, a service may operate to collect and store data as events each of which includes a portion of the data correlated with a point in time. Clients may use a search user interface perform searches by input of search criteria. Responsive to receiving search criteria, the service may operate to apply a late binding schema to extract events that match the search criteria and provide search results for display via the search user interface. The search user interface exposes an event limited field picker operable to make selections of fields with respect to individual events in a view of the search results. In response to receiving an indication of a fields selected via the picker, visibility of selected fields may be updated to control which field and values are included in different views.

公开(公告)号：US20180157400A1

公开(公告)日：2018-06-07

申请号：US15885486

申请日：2018-01-31

Applicant: SPLUNK INC.

Inventor： Cory Eugene Burke ,  Katherine Kyle Feeney ,  Divanny I. Lamas ,  Marc Vincent Robichaud ,  Matthew G. Ness ,  Clara E. Lee

IPC: G06F3/0484 ,  G06K9/20 ,  G06F17/30 ,  G06F3/0482 ,  G06F17/24

CPC classification number: G06F3/04842 ,  G06F3/0482 ,  G06F3/04847 ,  G06F9/451 ,  G06F16/221 ,  G06F16/242 ,  G06F16/2425 ,  G06F16/2455 ,  G06F16/248 ,  G06F16/252 ,  G06F16/951 ,  G06F17/246 ,  G06K9/2054

Abstract: In embodiments of statistics time chart interface row mode drill down, a first interface is displayed in a table format that includes columns each having a column heading comprising a different value, each different value associated with a particular event field, and includes rows each with a time increment and one or more aggregated metrics, each aggregated metric representing a number of events having a field-value pair that matches the different value represented in one of the columns and within the time increment over which the aggregated metric is calculated. A row that includes the time increment and the aggregated metrics can be emphasized in the first interface, and in response, a menu is displayed with selectable options to transition to a second interface based on a selected one of the options.

公开(公告)号：US09842160B2

公开(公告)日：2017-12-12

申请号：US14610676

申请日：2015-01-30

Applicant: SPLUNK INC.

Inventor： Marc Vincent Robichaud

IPC: G06F17/30 ,  G06F3/0484

CPC classification number: G06F17/30616 ,  G06F3/04842

Abstract: First one or more values are extracted from a plurality of events using a first extraction rule. The extracted first one or more values are assigned to a first field of the plurality of events as a first set of field-data item pairs and a field label is assigned to the first field. Second one or more values and a field label corresponding to the second one or more values are extracted from the plurality of the events using a second extraction rule, where the extracted field label corresponds to the assigned field label of the first field. The extracted second one or more values are assigned to a second field of the plurality of events as a second set of field-data item pairs, thereby distinguishing the extracted second one or more values from the extracted first one or more values.

公开(公告)号：US09582585B2

公开(公告)日：2017-02-28

申请号：US14448937

申请日：2014-07-31

Applicant: Splunk Inc.

Inventor： Alice Emily Neels ,  Sundar Vasan ,  Simon Fishel ,  Marc Vincent Robichaud

IPC: G06F3/0482 ,  G06F3/0484 ,  G06F17/30

CPC classification number: G06F17/30867 ,  G06F3/0482 ,  G06F3/04842 ,  G06F17/30424 ,  G06F17/3053

Abstract: Fields may be discovered in events that are returned in response to an initial search. The events may comprise portions of raw data. Furthermore, the fields may be defined by extraction rules for extracting values from corresponding portions of raw data. The displaying of a graphical user interface (GUI) may be caused where the GUI enables a user to select or enter criteria for a subset of the discovered fields without entering a search query in a search bar. At least one criterion for at least one field from the subset of the discovered fields may be received through a portion of the GUI that does not include a search bar for entering a search query. The events returned in response to the initial search query may be caused to be filtered based on the received criterion.

Abstract translation: 可以在响应初始搜索返回的事件中发现字段。 事件可以包括原始数据的部分。 此外，这些字段可以由用于从原始数据的相应部分提取值的提取规则来定义。 图形用户界面（GUI）的显示可能是在GUI允许用户选择或输入所发现的字段的子集的标准而不在搜索栏中输入搜索查询的情况下引起的。 可以通过不包括用于输入搜索查询的搜索栏的GUI的一部分来接收来自所发现字段的子集的至少一个字段的至少一个标准。 响应于初始搜索查询而返回的事件可能被导致根据接收到的标准进行过滤。

公开(公告)号：US20170031659A1

公开(公告)日：2017-02-02

申请号：US14815954

申请日：2015-07-31

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Jacob Barton Leverich ,  Jeffrey Thomas Lloyd ,  Adam Jamison Oliner ,  Marc Vincent Robichaud

IPC: G06F9/44 ,  G06F17/30

Abstract: A facility for defining an event subtype using examples is described. The facility displays events identified among machine-generated data. The facility receives user input selecting a first subset of the events as examples of an event subtype. In response to receiving the user input, the facility displays a second subset of the events predicted to belong to the event subtype on the basis of the examples of the event subtype.

Abstract translation: 描述使用示例来定义事件子类型的设施。 设备显示在机器生成的数据之间标识的事件。 该设施接收选择事件的第一子集的用户输入，作为事件子类型的示例。 响应于接收到用户输入，设施基于事件子类型的示例显示预测属于事件子类型的事件的第二子集。

公开(公告)号：US20160224531A1

公开(公告)日：2016-08-04

申请号：US14610717

申请日：2015-01-30

Applicant: SPLUNK INC.

Inventor： Marc Vincent Robichaud ,  Cory Eugene Burke ,  Jeffrey Thomas Lloyd

IPC: G06F17/24 ,  G06F17/30 ,  G06F3/0484 ,  G06F3/0483 ,  G06F3/0482

Abstract: A based on a selection by a user of first one or more values of one or more events displayed in a graphical interface, an extraction rule is automatically determined that is capable of extracting a field label-value pair at least partially within at least the selected one or more values. An option is displayed that correspond to the determined extraction rule in the graphical interface. Based on the user selecting the option in the graphical interface, display is caused of second one or more values of one or more field label-value pairs extracted from the one or more events using the extraction rule. The one or more events may be displayed in a table format, and the first one or more value may be selected by the user selecting one or more cells, columns, or text portions in the table format.

Abstract translation: A，基于用户对图形界面中显示的一个或多个事件的第一个或多个值的选择，自动确定提取规则，其能够至少部分地至少部分地在所选择的内容中提取场标签值对 一个或多个值。 显示与图形界面中确定的提取规则相对应的选项。 基于用户在图形界面中选择选项，使用提取规则从一个或多个事件中提取的一个或多个字段标签值对的第二个或多个值引起显示。 一个或多个事件可以以表格格式显示，并且可以由用户选择表格格式中的一个或多个单元格，列或文本部分来选择第一个或多个值。

公开(公告)号：US20160147849A1

公开(公告)日：2016-05-26

申请号：US15011294

申请日：2016-01-29

Applicant: SPLUNK, INC.

Inventor： Divanny I. Lamas ,  Marc Vincent Robichaud ,  Carl Sterling Yestrau

IPC: G06F17/30 ,  G06F3/0481 ,  G06F3/0484

CPC classification number: G06F17/30557 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/04842 ,  G06F17/30383 ,  G06F17/30477 ,  G06F17/30551 ,  G06F17/30572 ,  G06F17/30991

Abstract: An event limited field picker for a search user interface is described. In one or more implementations, a service may operate to collect and store data as events each of which includes a portion of the data correlated with a point in time. Clients may use a search user interface perform searches by input of search criteria. Responsive to receiving search criteria, the service may operate to apply a late binding schema to extract events that match the search criteria and provide search results for display via the search user interface. The search user interface exposes an event limited field picker operable to make selections of fields with respect to individual events in a view of the search results. In response to receiving an indication of a fields selected via the picker, visibility of selected fields may be updated to control which field and values are included in different views.

Abstract translation: 描述了用于搜索用户界面的事件限制字段选择器。 在一个或多个实现中，服务可以操作以收集和存储数据作为事件，每个事件包括与时间点相关联的数据的一部分。 客户可以使用搜索用户界面通过输入搜索条件执行搜索。 响应于接收搜索条件，服务可以操作以应用晚期绑定模式来提取与搜索条件匹配的事件，并且通过搜索用户界面提供用于显示的搜索结果。 搜索用户界面暴露事件限制字段选择器，其可操作以在搜索结果的视图中对各个事件进行字段的选择。 响应于接收到通过选择器选择的字段的指示，可以更新所选字段的可见性，以控制哪些字段和值被包括在不同的视图中。

公开(公告)号：US20160147829A1

公开(公告)日：2016-05-26

申请号：US15011284

申请日：2016-01-29

Applicant: SPLUNK, INC.

Inventor： Divanny I. Lamas ,  Marc Vincent Robichaud ,  Carl Sterling Yestrau

IPC: G06F17/30 ,  G06F3/0484 ,  G06F3/0481 ,  G06F3/0482

CPC classification number: G06F17/30398 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/04847 ,  G06F11/0766 ,  G06F17/30554 ,  G06F2203/04803 ,  H04L41/22

Abstract: An event view selector for a search user interface is described. In one or more implementations, a service may operate to collect and store data as events and apply a late binding schema to extract events that match the search criteria and provide search results for display via the search user interface. The search user interface exposes an event view selector operable to enable transitions between multiple different views of the events associated with different levels of detail. The views may include at least a raw view, a list view, and a table view. Responsive to receiving an indication of a view selected via the event view selector, the selected view may be exposed via the search user interface.

Abstract translation: 描述用于搜索用户界面的事件视图选择器。 在一个或多个实现中，服务可以操作以收集和存储数据作为事件，并且应用后期绑定模式来提取与搜索条件匹配的事件，并且通过搜索用户界面提供用于显示的搜索结果。 搜索用户界面公开了可操作的事件视图选择器，以启用与不同细节级别相关联的事件的多个不同视图之间的转换。 视图可以至少包括原始视图，列表视图和表视图。 响应于接收通过事件视图选择器选择的视图的指示，所选择的视图可以经由搜索用户界面公开。