公开(公告)号：US12182174B1

公开(公告)日：2024-12-31

申请号：US18147639

申请日：2022-12-28

Applicant: SPLUNK Inc.

Inventor： Francis Beckert ,  Kristal Curtis ,  Om Rajyaguru ,  Abraham Starosta ,  Poonam Yadav

IPC: G06F16/24 ,  G06F16/248 ,  G06F16/28 ,  G06F16/957

Abstract: A search assistant engine is described that integrates with a data intake and query system and provides an intuitive user interface to assist a user in searching and evaluating indexed event data. Additionally, the search assistant engine provides logic to intelligently provide data to the user through the user interface such as determining fields of events likely to be of interest based on determining a mutual information score for each field and determining groups of related fields based on determining a mutual information score for each field grouping. Some implementations utilize machine learning techniques in certain analyses such as when clustering events and determining an event templates for each cluster. Additionally, the search assistant engine may import terms or characters from user interaction into predetermined search query templates to generate tailored search query for the user.

公开(公告)号：US12182169B1

公开(公告)日：2024-12-31

申请号：US17589600

申请日：2022-01-31

Applicant: Splunk, Inc.

Inventor： William Deaderick ,  William Stanton ,  Thomas Camp Vieth

IPC: G06F11/00 ,  G06F11/07 ,  G06F16/28 ,  G06F11/30 ,  G06F11/34 ,  G06F16/242 ,  G06N20/00

Abstract: A computerized method is disclosed for grouping alerts through machine learning while implementing certain time constraints. The method includes receiving an alert to be assigned to any of a plurality of existing issues or to a newly created issue, the alert including a temporal field that includes a timestamp of an arrival time of the alert, wherein an issue is a grouping of one or more alerts, determining a subset of existing issues from the plurality of existing issues that each satisfy time constraints, wherein the time constraints correspond to (i) a time elapsed between a most recent alert of a first existing issue and a timestamp of the alert, or (ii) a maximum issue time length of the first existing issue, and deploying a trained machine learning model to assign the alert to either an existing issue of the subset of existing issues or a newly created issue.

公开(公告)号：US12182151B1

公开(公告)日：2024-12-31

申请号：US18104142

申请日：2023-01-31

Applicant: SPLUNK Inc.

Inventor： Daniel Federschmidt ,  Ashley Hoang ,  Yuan Ling ,  Mayur Sanjaybhai Pipaliya ,  Nicolas Stone ,  Carl Yestrau

IPC: G06F16/00 ,  G06F3/0482 ,  G06F16/16 ,  G06F16/22 ,  G06F16/2458 ,  G06F16/25

Abstract: Implementations of this disclosure provide for automated monitoring of configuration parameters of a primary data intake and query system instance operating within a distributed deployment environment. Further implementations provide for automatically generating instructions in response to a detected change in a configuration parameter of the primary data intake and query system instance and transmitting those instructions to one or more secondary data intake and query system instances. The instructions, upon execution by one or more processors, cause the configuration parameters of the one or more secondary data intake and query system instances to be updated in accordance with the detected change in the configuration parameter of the primary data intake and query system instance.

公开(公告)号：US12181956B1

公开(公告)日：2024-12-31

申请号：US18208879

申请日：2023-06-12

Applicant: Splunk Inc.

Inventor： Kristal Curtis ,  William Deaderick ,  Wei J. Gao ,  Tanner Gilligan ,  Chandrima Sarkar ,  Aleksander Stojanovic ,  Ralph Donald Thompson ,  Poonam Yadav ,  Sichen Zhong

IPC: G06F11/30 ,  G06F11/07 ,  G06F18/21 ,  G06F18/214

Abstract: Systems and methods are disclosed that are directed to improving the prioritization, display, and viewing of system alerts through the use of machine learning techniques to group the alerts and further to prioritize the groupings. Additionally, a graphical user interface is generated that illustrates the prioritized listing of the plurality of groupings. Thus, a system administrator or other user receives an improved experience as the number of notifications provided to the system administrator are reduced due to the grouping of individual alerts into related groupings and further due to the prioritization of the groupings. Previously, or in current technology, system alerts may be automatically generated and provided immediately to a system administrator. In some instances, any advantage of detecting system errors or system monitoring provided by the alerts is negated by the vast number of alerts and provision of minimally important alerts in a manner that concealed more important alerts.

公开(公告)号：USD1054444S1

公开(公告)日：2024-12-17

申请号：US29879934

申请日：2023-07-14

Applicant: SPLUNK Inc.

Designer： Tatsuya Hama ,  Clark E Mullen ,  Ioan Popa ,  Iryna Vogler-Ivashchanka

公开(公告)号：US12164889B1

公开(公告)日：2024-12-10

申请号：US18539646

申请日：2023-12-14

Applicant: Splunk Inc.

Inventor： Matthew Hanson ,  Sydney Flak ,  Colin Fagan ,  Jeffery Roberts ,  Govinda Salinas ,  Philip Royer

IPC: G06F9/44 ,  G06F8/36 ,  G06F8/658 ,  G06F8/71 ,  G06F9/445

Abstract: Techniques are described for enabling users of an information technology (IT) and security operations application to create highly reusable custom functions for playbooks. The creation and execution of playbooks using an IT and security operations application generally enables users to automate operations related to an IT environment responsive to the identification of various types of incidents or other triggering conditions. Users can create playbooks to automate operations such as, for example, modifying firewall settings, quarantining devices, restarting servers, etc., to improve users' ability to efficiently respond to various types of incidents operational issues that arise from time to time in IT environments.

公开(公告)号：US12164565B2

公开(公告)日：2024-12-10

申请号：US18190519

申请日：2023-03-27

Applicant: Splunk Inc.

Inventor： Ram Sriharsha ,  Kristal Lyn Curtis ,  Iryna Vogler-Ivashchanka ,  Clark Eugene Mullen

IPC: G06F16/23 ,  G06F9/38 ,  G06F9/54 ,  G06F16/14 ,  G06F16/16 ,  G06F16/22 ,  G06F16/242 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/28 ,  G06F16/901 ,  G06F17/16 ,  G06F17/18 ,  G06F18/21 ,  G06F18/214 ,  G06N20/00 ,  G06N20/20

Abstract: Systems and methods are described for processing ingested data in an asynchronous manner as the data is being ingested to detect potential anomalies. For example, one or more streaming data processors can convert data as the data is ingested into a comparable data structure, determine whether the comparable data structure should be assigned to an existing data pattern or a new data pattern, and optionally update a characteristic of the data pattern to which the comparable data structure is assigned. The streaming data processor(s) can perform these operations automatically in real-time or in periodic batches. Once one or more comparable data structures have been assigned to one or more data patterns, the streaming data processor(s) can analyze the comparable data structures assigned to a particular data pattern to determine whether any of the comparable data structures appear to be anomalous.

公开(公告)号：US12164524B2

公开(公告)日：2024-12-10

申请号：US18304770

申请日：2023-04-21

Applicant: Splunk Inc.

Inventor： Sanjeev Kulkarni ,  Boyang Peng ,  Karthikeyan Ramasamy ,  Poornima Devaraj

IPC: G06F16/22 ,  G06F16/242 ,  G06F16/2455 ,  G06F16/248 ,  H04L45/741 ,  H04L49/00 ,  H04L49/90 ,  H04L49/9005

Abstract: Systems and methods are described for customizable data streams in a streaming data processing system. Routing criteria for the customizable data streams are defined by a user, an automated process, or any other process. The routing criteria can be defined using graphical controls. The streaming data processing system uses the routing criteria to determine data that should be used to populate a particular data stream. Further, processing pipelines are customized such that a particular processing pipeline can obtain data from a particular user defined data stream and write data to a particular user defined data stream. Data is routed through the user defined data streams and customized processing pipelines based on a data route. A data route for a set of data may include multiple user defined data streams and multiple processing pipelines. The data route can include a loop of processing pipelines and data streams.

公开(公告)号：US12155678B1

公开(公告)日：2024-11-26

申请号：US17526893

申请日：2021-11-15

Applicant: SPLUNK INC.

Inventor： Camille Gaspard

IPC: G06F21/00 ,  H04L9/40 ,  H04L67/50

Abstract: In one embodiment, a discrepancy detection application automatically detects and addresses unauthorized activities associated with one or more authorization keys based on a request log and a provider log. The request log specifies activities that a client initiated, where the activities are associated with the authorization keys. The provider log specifies activities that a cloud provider performed, where the activities are associated with the authorization keys. In operation, the discrepancy detection application determines that one or more unauthorized activities have occurred based on comparing the request log to the provider log. The discrepancy detection application then performs an action that addresses the unauthorized activities. Advantageously, by detecting discrepancies between activities initiated by the client and activities performed by the cloud provider, the discrepancy detection application automatically detects any leaked authorization keys and minimizes resulting damages incurred by the client.

公开(公告)号：US12141426B1

公开(公告)日：2024-11-12

申请号：US16528462

申请日：2019-07-31

Applicant: SPLUNK INC.

Inventor： Devin Bhushan ,  Jesse Chor ,  Sammy Lee ,  Glen Wong

IPC: G06F3/04847 ,  G06F16/953 ,  H04L41/22

Abstract: A mobile device is fitted with an extended reality (XR) software application program executing on a processor within an XR system, and optionally a camera. Via the XR software application program, various techniques are performed for interacting with a physical object via the XR environment, in particular modifying, for example, a state or a parameter or operations of the object. In a technique, the XR software application program facilitates directing a physical computing system or device to perform certain actions associated with a physical object.