公开(公告)号：US12067007B1

公开(公告)日：2024-08-20

申请号：US17874024

申请日：2022-07-26

Applicant: SPLUNK Inc.

Inventor： Jesse Brandau Miller ,  Marc V. Robichaud ,  Cory Eugene Burke

IPC: G06F7/00 ,  G06F16/242 ,  G06F16/2455 ,  G06F16/248

CPC classification number: G06F16/2425 ,  G06F16/2428 ,  G06F16/2455 ,  G06F16/248

Abstract: A method includes causing display to a user of at least one event of a first result set from a first pipelined search on events at an event source. Each event comprises a time stamp and a portion of machine data. A selection of a command is received from the user. The selection is to extend the first pipelined search with the selected command in a second pipelined search. The system selects between the first result set and the event source for execution of the second pipelined search based on an analysis of the selected command and at least one command of the first pipelined search. Based on the selecting being of the first result set, display to the user is caused of at least one event of a second result set from the execution of the second pipelined search on the first result set.

公开(公告)号：US11816316B2

公开(公告)日：2023-11-14

申请号：US17224381

申请日：2021-04-07

Applicant: SPLUNK INC.

Inventor： Cory Eugene Burke ,  Katherine Kyle Feeney ,  Divanny I. Lamas ,  Marc Vincent Robichaud ,  Matthew G. Ness ,  Clara E. Lee

IPC: G06F17/00 ,  G06F3/04842 ,  G06F3/0482 ,  G06F16/22 ,  G06F16/242 ,  G06F16/248 ,  G06F16/25 ,  G06F16/951 ,  G06F16/2455 ,  G06F40/18 ,  G06V10/22 ,  G06F3/04847 ,  G06F9/451

CPC classification number: G06F3/04842 ,  G06F3/0482 ,  G06F3/04847 ,  G06F16/221 ,  G06F16/242 ,  G06F16/248 ,  G06F16/2455 ,  G06F16/252 ,  G06F16/951 ,  G06F40/18 ,  G06V10/22 ,  G06F9/451 ,  G06F16/2425

Abstract: In embodiments of statistics value chart interface cell mode drill down, a first interface displays in a table format that includes columns each with field values of an event field, and each column having a column heading of a different one of the event fields, and includes rows each with one or more of the field values, each field value in a row associated with a different one of the event fields, and having an aggregated metric that represents a number of events with field-value pairs that match all of the field values listed in a respective row and the corresponding event fields listed in the respective columns. A cell can be emphasized that includes one of the field values in a row that corresponds to one of the different event fields in a column, and in response, a menu displays options to transition to a second interface.

公开(公告)号：US11741086B2

公开(公告)日：2023-08-29

申请号：US17121935

申请日：2020-12-15

Applicant: SPLUNK Inc.

Inventor： Marc Vincent Robichaud ,  Cory Eugene Burke ,  Jeffrey Thomas Lloyd

IPC: G06F16/242 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847

CPC classification number: G06F16/2428 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847

Abstract: A search interface is displayed in a table format that includes one or more columns, each column including data items of an event attribute, the data items being of a set of events, and a plurality of rows forming cells with the one or more columns, each cell displaying a textual representation of at least one of the data items of the event attribute of a corresponding column. Based on a user selecting a portion of the textual representation in a corresponding cell, a list of options is displayed that corresponds to the selected portion of the textual representation. Furthermore, one or more commands are added to a search query that corresponds to the set of events, the one or more commands being based on at least an option that is selected from the list of options and the selected portion of the textual representation in the corresponding cell.

公开(公告)号：US11455087B2

公开(公告)日：2022-09-27

申请号：US16397393

申请日：2019-04-29

Applicant: SPLUNK INC.

Inventor： Cory Eugene Burke ,  Katherine Kyle Feeney ,  Divanny I. Lamas ,  Marc Vincent Robichaud ,  Matthew G. Ness ,  Clara E. Lee

IPC: G06F7/00 ,  G06F3/04842 ,  G06F3/0482 ,  G06F16/22 ,  G06F16/242 ,  G06F16/248 ,  G06F16/25 ,  G06F16/951 ,  G06F16/2455 ,  G06F40/18 ,  G06V10/22 ,  G06F3/04847 ,  G06F9/451

Abstract: In embodiments of field value search drill down, a search system exposes a search interface that displays one or more events returned as a search result set. A field-value pair can be emphasized in the field-value pairs of an event displayed in the search interface, and a menu is displayed with search options that are selectable to operate on the emphasized field-value pair of the event. The menu includes the search options to add search criteria of the emphasized field-value pair to a search command in a search bar of the search interface, exclude the search criteria of the emphasized field-value pair from a search, or create a new data search based on the emphasized field-value pair. A selection of one of the search options in the menu can be received, and the search command in the search bar is updated based on the search option that is selected.

公开(公告)号：US11226977B1

公开(公告)日：2022-01-18

申请号：US16896145

申请日：2020-06-08

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Jacob Barton Leverich ,  Jeffrey Thomas Lloyd ,  Adam Jamison Oliner ,  Marc Vincent Robichaud ,  Jesse Miller

IPC: G06F16/248 ,  G06F11/30 ,  G06F16/245 ,  G06F16/242 ,  G06F11/34

Abstract: A facility for defining an event subtype using examples is described. The facility displays events identified among machine-generated data. The facility receives user input selecting a first subset of the events as examples of an event subtype. In response to receiving the user input, the facility displays a second subset of the events predicted to belong to the event subtype on the basis of the examples of the event subtype.

公开(公告)号：US09977803B2

公开(公告)日：2018-05-22

申请号：US14611018

申请日：2015-01-30

Applicant: SPLUNK, INC.

Inventor： Marc Vincent Robichaud ,  Cory Eugene Burke ,  Jeffrey Thomas Lloyd

IPC: G06F17/30

CPC classification number: G06F17/30315 ,  G06F17/30386 ,  G06F17/30477

Abstract: A search interface is displayed in a table format that includes a plurality of columns, each column including data items of an event attribute, the data items being of a set of events, each column being selectable by a user, and a plurality of rows forming cells with the one or more columns, each cell comprising one or more of the data items of the event attribute of a corresponding column. Based on the user selecting one or more of the columns, a list of options is displayed corresponding to the selected one or more columns, and one or more commands are added to a search query that corresponds to the set of events. The one or more commands are based on at least an option that is selected from the list of options and the event attribute of each of the selected one or more columns.

公开(公告)号：US20160098463A1

公开(公告)日：2016-04-07

申请号：US14526380

申请日：2014-10-28

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Katherine Kyle Feeney ,  Divanny I. Lamas ,  Marc Vincent Robichaud ,  Matthew G. Ness ,  Clara E. Lee

IPC: G06F17/30 ,  G06F3/0484

CPC classification number: G06F3/04842 ,  G06F3/0482 ,  G06F3/04847 ,  G06F9/451 ,  G06F16/221 ,  G06F16/242 ,  G06F16/2425 ,  G06F16/2455 ,  G06F16/248 ,  G06F16/252 ,  G06F16/951 ,  G06F17/246 ,  G06K9/2054

Abstract: In embodiments of event segment search drill down, a search system exposes a search interface that displays multiple events returned as a search result set. A segment can be emphasized in event raw data of an event that is one of multiple events displayed in the search interface, and a menu is displayed with search options that are selectable to operate on the emphasized segment. The menu includes the search options to add the emphasized segment as a keyword to a search command in a search bar of the search interface, exclude the keyword that represents the emphasized segment from a search, or create a new data search based on the highlighted segment. A selection of one of the search options in the menu can be received, and the search command in the search bar is updated based on the search option that is selected.

Abstract translation: 在事件段搜索向下钻取的实施例中，搜索系统公开了显示作为搜索结果集返回的多个事件的搜索界面。 可以在事件的原始数据中突出显示分段，该事件是在搜索界面中显示的多个事件中的一个，并且显示具有可选择以在被强调的段上操作的搜索选项的菜单。 该菜单包括搜索选项，将强调段作为关键字添加到搜索接口的搜索栏中的搜索命令，从搜索中排除表示强调段的关键字，或者基于突出显示的段创建新的数据搜索 。 可以接收菜单中的一个搜索选项的选择，并且基于所选择的搜索选项来更新搜索栏中的搜索命令。

公开(公告)号：US20160098402A1

公开(公告)日：2016-04-07

申请号：US14528905

申请日：2014-10-30

Applicant: Splunk Inc.

Inventor： Nicholas John Filippi ,  Katherine Kyle Feeney ,  Cory Eugene Burke ,  Abhinav Prasad Nekkanti ,  Marc Vincent Robichaud ,  Irina Korobova

IPC: G06F17/30 ,  G06F9/54

CPC classification number: G06F17/3051 ,  G06F11/00 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/0766 ,  G06F17/30 ,  G06F17/30563 ,  G06Q10/00 ,  H04L41/00 ,  H04L41/0631

Abstract: Custom communication alert techniques are described. In one or more implementations, a triggering condition is detected by one or more computing devices that is found by searching data using one or more extraction rules of a late-binding schema. Responsive to the detection of the triggering condition of the alert, a communication is formed by the one or more computing devices that corresponds to the alert and that includes one or more tokens based on one or more values of the data taken from fields defined by the one or more extraction rules. The communication is caused to be transmitted by the one or more computing device via a network for receipt by at least one computing device of an intended recipient of the communication.

Abstract translation: 描述自定义通信警报技术。 在一个或多个实现中，通过使用后期绑定模式的一个或多个提取规则通过搜索数据而发现的一个或多个计算设备来检测触发条件。 响应于警报的触发条件的检测，由与警报对应的一个或多个计算设备形成通信，并且基于从由所述警报定义的字段取得的数据的一个或多个值来包括一个或多个令牌 一个或多个提取规则。 该通信被一个或多个计算设备经由网络发送，以由通信的预期接收者的至少一个计算设备接收。

公开(公告)号：US20160098385A1

公开(公告)日：2016-04-07

申请号：US14526468

申请日：2014-10-28

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Katherine Kyle Feeney ,  Divanny I. Lamas ,  Marc Vincent Robichaud ,  Matthew G. Ness ,  Clara E. Lee

IPC: G06F17/24 ,  G06F3/0484 ,  G06K9/20 ,  G06F3/0482

CPC classification number: G06F3/04842 ,  G06F3/0482 ,  G06F3/04847 ,  G06F9/451 ,  G06F17/246 ,  G06F17/30315 ,  G06F17/30389 ,  G06F17/30395 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30864 ,  G06K9/2054

Abstract: In embodiments of statistics value chart interface cell mode drill down, a first interface displays in a table format that includes columns each with field values of an event field, and each column having a column heading of a different one of the event fields, and includes rows each with one or more of the field values, each field value in a row associated with a different one of the event fields, and having an aggregated metric that represents a number of events with field-value pairs that match all of the field values listed in a respective row and the corresponding event fields listed in the respective columns. A cell can be emphasized that includes one of the field values in a row that corresponds to one of the different event fields in a column, and in response, a menu displays options to transition to a second interface.

Abstract translation: 在统计值图表接口单元模式下拉的实施例中，第一界面以表格格式显示，其格式包括各自具有事件字段的字段值的列，并且每列具有不同的事件字段的列标题，并且包括 每个具有一个或多个字段值的行，与行事件字段中的不同一个相关联的行中的每个字段值，并且具有表示具有与所有字段值匹配的字段值对的事件的数量的聚合度量 列在相应的行中以及相应列中列出的相应事件字段。 可以强调一个单元格，其中包括与列中的不同事件字段之一相对应的行中的一个字段值，并且作为响应，菜单显示用于转换到第二接口的选项。

公开(公告)号：US12019624B2

公开(公告)日：2024-06-25

申请号：US17121949

申请日：2020-12-15

Applicant: SPLUNK Inc.

Inventor： Marc Vincent Robichaud ,  Cory Eugene Burke ,  Jeffrey Thomas Lloyd

IPC: G06F16/242 ,  G06Q10/10

CPC classification number: G06F16/2423 ,  G06Q10/103

Abstract: A list of command entries is displayed in a search interface, each of the command entries representing one or more commands of a plurality of commands of a search query. The list of command entries are displayed in a sequence corresponding to the plurality of commands of the search query. Based on a user interaction with a designated command entry in the displayed list of command entries, the displayed list of command entries is modified with respect to the designated command. Furthermore, the search query is automatically modified with respect to the corresponding one or more commands represented by the designated command entry. The modification can include causing the designated command entry to be removed from or reordered in the displayed list of command entries and the automatic modification cam include causing the corresponding one or more commands to be removed from or reordered in the search query.