公开(公告)号：US11743285B2

公开(公告)日：2023-08-29

申请号：US16528397

申请日：2019-07-31

Applicant: Splunk Inc.

Inventor： Brian Luger

IPC: H04L9/40

CPC classification number: H04L63/145 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1483 ,  H04L63/308

Abstract: Techniques and mechanisms are disclosed enabling efficient collection of forensic data from client devices, also referred to herein as endpoint devices, of a networked computer system. Embodiments described herein further enable correlating forensic data with other types of non-forensic data from other data sources. A network security application described herein further enables generating various dashboards, visualizations, and other interfaces for managing forensic data collection, and displaying information related to collected forensic data and information related to identified correlations between items of forensic data and other items of non-forensic data.

公开(公告)号：US11741131B1

公开(公告)日：2023-08-29

申请号：US17162300

申请日：2021-01-29

Applicant: Splunk Inc.

Inventor： Akash Dwivedi ,  Himanshu Gupta ,  Eric Tschetter ,  Rahul Gidwani

IPC: G06F16/22 ,  G06F16/248 ,  G06F16/28 ,  G06F16/2455

CPC classification number: G06F16/287 ,  G06F16/22 ,  G06F16/248 ,  G06F16/24553 ,  G06F16/288

Abstract: Systems and methods are disclosed for efficiently uploading event data of a data intake and processing system and building journey instances using the uploaded event data in a distributed manner. Each journey instance is illustratively associated with a series of events within the event data occurring over a journey duration. For example, a cloud-based hosting system can implement a cloud-based distributed system that receives fragmented uploads of event data from the data intake and query system. Once received, the cloud-based hosting system can combine the event data from one or more uploads and re-stitch portions of the uploaded event data using a set of worker nodes to build journey instances.

公开(公告)号：US11741089B1

公开(公告)日：2023-08-29

申请号：US17589661

申请日：2022-01-31

Applicant: Splunk Inc.

Inventor： Michael Porath ,  Siegfried Puchbauer-Schnabel

IPC: G06F16/242 ,  G06F16/29 ,  G06F16/248 ,  G06F16/951 ,  G06F16/2457 ,  G06F3/04842

CPC classification number: G06F16/2428 ,  G06F3/04842 ,  G06F16/248 ,  G06F16/24578 ,  G06F16/29 ,  G06F16/951

Abstract: A data intake and query system may store raw machine data that includes location information. A client system may include a user interface for searching the data intake and query system. The user interface allows a user to define a field search query and to define one or more ad-hoc boundary regions on a map. A combined query is transmitted to the data intake and query system, the combined query including both the field search query and location search information that is based on the ad-hoc boundary regions. The data intake and query system runs the combined query and returns responsive results, which are displayed at the client user interface.

公开(公告)号：US11741086B2

公开(公告)日：2023-08-29

申请号：US17121935

申请日：2020-12-15

Applicant: SPLUNK Inc.

Inventor： Marc Vincent Robichaud ,  Cory Eugene Burke ,  Jeffrey Thomas Lloyd

IPC: G06F16/242 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847

CPC classification number: G06F16/2428 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847

Abstract: A search interface is displayed in a table format that includes one or more columns, each column including data items of an event attribute, the data items being of a set of events, and a plurality of rows forming cells with the one or more columns, each cell displaying a textual representation of at least one of the data items of the event attribute of a corresponding column. Based on a user selecting a portion of the textual representation in a corresponding cell, a list of options is displayed that corresponds to the selected portion of the textual representation. Furthermore, one or more commands are added to a search query that corresponds to the set of events, the one or more commands being based on at least an option that is selected from the list of options and the selected portion of the textual representation in the corresponding cell.

公开(公告)号：US11736452B1

公开(公告)日：2023-08-22

申请号：US17246536

申请日：2021-04-30

Applicant: SPLUNK INC.

Inventor： Christopher Chan ,  Ryan O'Connor ,  Philippe Tang ,  Simon Tam ,  Sterling Trafford

IPC: H04L9/40

CPC classification number: H04L63/0428 ,  H04L63/0272 ,  H04L63/0869

Abstract: In various embodiments, a computer-implemented method comprises determining that a first property associated with a dashboard is modified at a first device, determining that the dashboard is accessible at a second device, where the first device and the second device are coupled via a trusted tunnel bridge, and in a real-time response to determining that the first property was modified, transmitting, to the second device via the trusted tunnel bridge, an update that causes the second device modify the dashboard based on the modified first property.

公开(公告)号：US11736378B1

公开(公告)日：2023-08-22

申请号：US17566421

申请日：2021-12-30

Applicant: SPLUNK INC.

Inventor： Asmita Puri ,  Alan Hardin ,  Kan Wu ,  Fang I. Hsiao

IPC: H04L43/16 ,  H04L43/08 ,  H04L43/091 ,  H04L41/22 ,  G06F16/951 ,  H04L41/0604 ,  H04L41/042 ,  G06F3/0486 ,  G06F3/0482 ,  H04L43/0852 ,  H04L9/40

CPC classification number: H04L43/16 ,  G06F16/951 ,  H04L41/042 ,  H04L41/0604 ,  H04L41/22 ,  H04L43/08 ,  H04L43/091 ,  G06F3/0482 ,  G06F3/0486 ,  H04L43/0852 ,  H04L63/20

Abstract: Information technology environment monitoring systems, for example, perform analytics over machine data received from networked entities. Outputs of such a system may be useful to help a user identify a problem and resolve an incident. Inventive aspects enable user interactions to trigger automatic connection with network servers to establish communication channels for conveying analytics and other information related to the problem between and among network nodes participating in the resolution of the problem or incident.

公开(公告)号：US11733829B2

公开(公告)日：2023-08-22

申请号：US16412310

申请日：2019-05-14

Applicant: SPLUNK INC.

Inventor： Tristan Fletcher ,  Cary Glen Noel ,  Alok Bhide

IPC: G06F9/455 ,  G06F3/0484 ,  G06F11/34 ,  G06F3/0482 ,  H04L41/22 ,  G06F3/04842 ,  G06F11/32 ,  H10N30/01

CPC classification number: G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F9/45533 ,  G06F11/323 ,  H04L41/22 ,  H10N30/01 ,  G06F11/3409 ,  G06F2201/815 ,  G06F2203/04803

Abstract: In some embodiments, in response to the user selecting a first node in the tree to be pinned, the system displays a first detail panel for the first node, wherein the first detail panel displays state information for the first node, wherein the state information is frozen at the time of pinning. Moreover, in response to the user selecting a second node in the tree to be pinned, the system displays a second detail panel for the second node, wherein the second detail panel displays state information for the second node, wherein the state information is frozen at the time of pinning. Note that the first detail panel is displayed concurrently with the second detail panel to facilitate comparing state information between the first and second nodes.

公开(公告)号：US11729074B1

公开(公告)日：2023-08-15

申请号：US17069693

申请日：2020-10-13

Applicant: SPLUNK Inc.

Inventor： Abhinav Mishra ,  Ram Sriharsha

IPC: H04L43/067 ,  H04L43/022 ,  H04L43/062 ,  H04L43/04

CPC classification number: H04L43/067 ,  H04L43/022 ,  H04L43/04 ,  H04L43/062

Abstract: Embodiments of the present invention are directed to facilitating performing online data decomposition. In accordance with aspects of the present disclosure, an incoming data point of a time series data set is obtained. Thereafter, an iterative process of estimating trend and seasonality is performed to decompose the incoming data point to a set of data components based on a particular set of previous data points of the time series data set and corresponding data components. Generally, the set of data components for the incoming data point include a trend component, a seasonality component, and a residual component. The set of data components is provided for analysis of the incoming data point, such as, for example, to identify data anomalies.

公开(公告)号：US11727039B2

公开(公告)日：2023-08-15

申请号：US17811849

申请日：2022-07-11

Applicant: Splunk Inc.

Inventor： Alexander William Cruise ,  Byron Jason Shelden ,  Claire Alexandria Tanner Semple

IPC: G06F16/2455 ,  G06F16/28 ,  G06Q10/10 ,  G06F11/30 ,  G06F9/54

CPC classification number: G06F16/285 ,  G06F9/542 ,  G06F11/30 ,  G06F16/24568 ,  G06F16/288 ,  G06Q10/10

Abstract: Systems and methods are disclosed for implementing a low-latency data stream monitoring system. The data stream monitoring system may obtain raw data from a data source as soon after the data is generated, and may classify the data according to different topics. The topics may be published in a publish-subscribe messaging model, and data enrichment systems may subscribe to the topics to receive data for enrichment. The data enrichment systems may supplement or replace the raw data with additional information, and may further classify or reclassify the enriched data into different topics. The enriched data may then be published to an alert generation system, which may apply various criteria to the enriched data to determine that alerts should be generated, generate the alerts, and publish or transmit the alerts to client devices. Individual data streams, topics, enrichments, criteria, and alarms may be added, removed, or modified as required.

公开(公告)号：US11727007B1

公开(公告)日：2023-08-15

申请号：US17073752

申请日：2020-10-19

Applicant: SPLUNK Inc.

Inventor： Chinmay Madhav Kulkarni ,  Lin Ma ,  Amir Malekpour ,  Mohan Rajagopalan ,  John C. Reed ,  Ram Sriharsha

IPC: G06F16/21 ,  G06F16/2455 ,  G06F16/2453 ,  G06F16/242 ,  G06N20/00 ,  G06F16/248 ,  G06N5/01

CPC classification number: G06F16/24553 ,  G06F16/248 ,  G06F16/2423 ,  G06F16/24534 ,  G06N5/01 ,  G06N20/00

Abstract: A computer-implemented method is disclosed including operations of receiving a request to store a representation of a machine learning model in a non-transitory computer-readable medium, validating the representation of the machine learning model, storing the representation of the machine learning model, receiving a query from a web-based programming application, the query including a sequence of operators, parsing the query to detect and identify each operator within the sequence of operators, converting the query to directed acyclic graph (DAG) and providing the DAG to a distributed processing engine configured to execute the DAG. The computer-implemented method includes further operations of, prior to converting the query to the DAG, altering the query to improve efficiency of execution of the DAG. Altering the query may include at least one of consolidating at least two operators, applying a filter operation to an operator, or applying a projection to the operator.