公开(公告)号：US11210622B2

公开(公告)日：2021-12-28

申请号：US15339787

申请日：2016-10-31

Applicant: Splunk Inc.

Inventor： Ian Matthew Link ,  Alexander Lynn Raitz ,  Melanie Ann Garcia Alrajhi ,  Shruti Shrivastava ,  Fang I. Hsiao

IPC: G06Q10/06 ,  G06F40/205 ,  G06F16/903 ,  G06Q10/08

Abstract: Embodiments of the present invention are directed to generating augmented process models for use in process analytics. In one embodiment, a process model, search indicators, composite attributes, and relationship indicators are received. The process model defines a process and includes a plurality of components of the process. Search indicators indicate a search that, when executed, provides data related to the corresponding component. Composite attributes indicate data to be captured by machine data searches associated with the corresponding component. Relationship indicators indicate relationships between components of the process. An augmented process model is generated based on the process model, the search indicators, the composite attributes, and the relationship indicators, wherein the augmented process model is used to manage process instances associated with the process.

公开(公告)号：US11190422B2

公开(公告)日：2021-11-30

申请号：US16779056

申请日：2020-01-31

Applicant: Splunk Inc.

Inventor： David J. Cavuto ,  Vladimir A. Shcherbakov ,  Joshua H. Mak ,  Fang I. Hsiao

IPC: H04L12/26

Abstract: Techniques and mechanisms are disclosed for generating visualizations which graphically depict network activity occurring between pairs of networked computing devices. The visualizations are based on data indicating the network activity, where the network activity can involve devices having any network addresses within an entire network address space (e.g., any address within the Internet Protocol version v4 (IPv4) or IPv6 network address space), or within some subset of an entire network address space. The ability to visualize high-level information related to network activity occurring across an entire network address space enables network analysts and other users to readily analyze characteristics of computer networks which otherwise might not be evident or difficult to obtain using other types of visualizations.

公开(公告)号：US20200336390A1

公开(公告)日：2020-10-22

申请号：US16908564

申请日：2020-06-22

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Cary Glen Noel

IPC: H04L12/24 ,  H04L12/26

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system obtains a set of event streams from one or more remote capture agents over one or more networks, wherein the set of event streams comprises time-series event data generated from network packets captured by the one or more remote capture agents. Next, the system causes for display, within a graphical user interface (GUI), a first set of user interface elements, wherein the first set of user interface elements includes event stream information for an event stream in the set of event streams and a first graph of a metric associated with the time-series event data in the event stream. The system then updates the first graph in real-time with the time-series event data from the one or more remote capture agents.

公开(公告)号：US20200169484A1

公开(公告)日：2020-05-28

申请号：US16779056

申请日：2020-01-31

Applicant: Splunk Inc.

Inventor： David J. Cavuto ,  Vladimir A. Shcherbakov ,  Joshua H. Mak ,  Fang I. Hsiao

IPC: H04L12/26

Abstract: Techniques and mechanisms are disclosed for generating visualizations which graphically depict network activity occurring between pairs of networked computing devices. The visualizations are based on data indicating the network activity, where the network activity can involve devices having any network addresses within an entire network address space (e.g., any address within the Internet Protocol version v4 (IPv4) or IPv6 network address space), or within some subset of an entire network address space. The ability to visualize high-level information related to network activity occurring across an entire network address space enables network analysts and other users to readily analyze characteristics of computer networks which otherwise might not be evident or difficult to obtain using other types of visualizations.

公开(公告)号：US10594576B2

公开(公告)日：2020-03-17

申请号：US15421389

申请日：2017-01-31

Applicant: Splunk Inc.

Inventor： David J. Cavuto ,  Vladimir A. Shcherbakov ,  Joshua H. Mak ,  Fang I. Hsiao

IPC: H04L12/26

Abstract: Techniques and mechanisms are disclosed for generating visualizations which graphically depict network activity occurring between pairs of networked computing devices. The visualizations are based on data indicating the network activity, where the network activity can involve devices having any network addresses within an entire network address space (e.g., any address within the Internet Protocol version v4 (IPv4) or IPv6 network address space), or within some subset of an entire network address space. The ability to visualize high-level information related to network activity occurring across an entire network address space enables network analysts and other users to readily analyze characteristics of computer networks which otherwise might not be evident or difficult to obtain using other types of visualizations.

公开(公告)号：US10523521B2

公开(公告)日：2019-12-31

申请号：US14610457

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Nishant Teredesai ,  Cary Glen Noel

IPC: H04L12/24 ,  H04L12/26

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display, on a computer system, a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements for managing one or more ephemeral event streams that contain temporarily generated time-series event data from the network packets, wherein managing the one or more ephemeral event streams comprises modifying an end time for terminating the capture of time-series event data in an ephemeral event stream. The system then updates the configuration information based on input received through the first set of user-interface elements.

公开(公告)号：US20190236149A1

公开(公告)日：2019-08-01

申请号：US15884999

申请日：2018-01-31

Applicant: Splunk Inc.

Inventor： Venkata Kuruvada ,  Fang I. Hsiao ,  Nicholas Matthew Tankersley

IPC: G06F17/30 ,  G06F3/06 ,  G06Q10/06

Abstract: A server group of a data intake and query system (DIQS) establishes connections with multiple source data network nodes. Data from the multiple sources comports with a variety of different data modes and may be received via the established network connections on a periodic or continuous basis for ongoing capture as modal entries of modal buckets of a common networked storage volume. Rates of data reception across the network connections influences a process to maintain a measured utilization of storage volume capacity at, near, or below a targeted level.

公开(公告)号：US20170322985A1

公开(公告)日：2017-11-09

申请号：US15662206

申请日：2017-07-27

Applicant: Splunk Inc.

Inventor： Brent Boe ,  Alan Hardin ,  Fang I. Hsiao ,  Brian C. Reyes

IPC: G06F17/30 ,  H04L12/26 ,  H04L12/24

CPC classification number: G06F16/248 ,  G06F16/242 ,  G06F16/9535 ,  H04L41/0213 ,  H04L41/0813 ,  H04L41/22 ,  H04L41/5032 ,  H04L43/045 ,  H04L43/16

Abstract: A processing device performs a search query to produce a search result set having entries having data items. A table, having rows and columns, is displayed in a user interface. Each data item of a particular entry appears in a respective column of the same row of the table. Each column may correspond to the ordinal position of its respective data item. User input is received designating, for each respective column, a field name and an entity definition component type to which the respective column pertains, and stores for each data item of the particular entry an element value of an entity definition. The element has the element name designated for the respective column in which the data item appeared, and is associated with an entity definition component having the type designated for the respective column in which the data item appeared.

公开(公告)号：US09294361B1

公开(公告)日：2016-03-22

申请号：US14611200

申请日：2015-01-31

Applicant: Splunk Inc.

Inventor： Hemendra Singh Choudhary ,  Tristan Antonio Fletcher ,  Brian Bingham ,  Fang I. Hsiao ,  Brian C. Reyes

IPC: G06F15/16 ,  H04L12/24 ,  H04L12/26 ,  G06F17/30 ,  G06F3/0482 ,  G06F3/0484 ,  G06F12/00

CPC classification number: H04L43/16 ,  G06F3/0481 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/542 ,  G06F17/30424 ,  G06F17/30463 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30572 ,  G06F17/30675 ,  G06F17/30864 ,  G06F17/30867 ,  G06F17/30958 ,  G06F17/30964 ,  G06F17/30979 ,  G06F17/30991 ,  G06Q10/06393 ,  G06T11/206 ,  G06T2200/24 ,  H04L29/08072 ,  H04L41/0213 ,  H04L41/0806 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/5032 ,  H04L41/5035 ,  H04L41/5038 ,  H04L43/04 ,  H04L43/045 ,  H04L67/10 ,  H04L67/16

Abstract: One or more processing devices cause display of a graphical user interface (GUI) that includes a correlation search portion that enables a user to specify information for a key performance indicator (KPI) correlation search definition. The KPI correlation search definition includes search information and trigger determination information. The search information identifies KPI values, indicative of the KPI states, in a data store. The trigger determination information includes trigger criteria. The trigger determination evaluates the identified KPI values using the trigger criteria to determine whether to cause a defined action. A contribution threshold for a particular KPI definition is received via the GUI. The contribution threshold corresponds to a particular KPI state. The contribution threshold is stored as trigger criteria information. Each of the KPI values is derived from machine data pertaining to entities identified in a service definition using a search query specified by a KPI definition for the service.

Abstract translation: 一个或多个处理设备引起显示图形用户界面（GUI），该图形用户界面（GUI）包括能够使用户指定关键性能指标（KPI）相关搜索定义的信息的相关搜索部分。 KPI相关搜索定义包括搜索信息和触发确定信息。 搜索信息在数据存储中标识表示KPI状态的KPI值。 触发判定信息包括触发准则。 触发确定使用触发条件来评估所识别的KPI值，以确定是否导致定义的动作。 通过GUI接收特定KPI定义的贡献阈值。 贡献阈值对应于特定的KPI状态。 贡献阈值被存储为触发条件信息。 每个KPI值都是从使用由服务的KPI定义指定的搜索查询在服务定义中标识的实体的机器数据中导出的。

公开(公告)号：US20150341212A1

公开(公告)日：2015-11-26

申请号：US14699807

申请日：2015-04-29

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Wei Jiang ,  Vladimir A. Shcherbakov ,  Ramkumar Chandrasekharan ,  Clayton S. Ching

IPC: H04L12/24 ,  G06F3/0482 ,  G06F3/0484 ,  G06F17/30

CPC classification number: H04L41/0813 ,  G06F3/0481 ,  G06F3/0482 ,  G06F3/04842 ,  G06F16/26 ,  H04L41/22 ,  H04L67/12 ,  H04L67/36

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements containing a set of statistics associated with one or more event streams that comprise the time-series event data. The system then causes for display, in the GUI, one or more graphs comprising one or more values from the set of statistics. Finally, the system causes for display, in the GUI, a value of a statistic from the set of statistics based on a position of a cursor over the one or more graphs.

Abstract translation: 所公开的实施例提供了有助于网络数据的处理的系统。 在操作期间，该系统导致显示用于从由一个或多个远程捕获代理捕获的网络分组生成时间序列事件数据的图形用户界面（GUI）。 接下来，系统导致在GUI中显示包含与包括时间序列事件数据的一个或多个事件流相关联的一组统计信息的第一组用户界面元素。 然后，系统在GUI中显示包括来自该组统计信息中的一个或多个值的一个或多个图形。 最后，系统导致在GUI中根据一个或多个图形上的光标的位置从该组统计显示统计值的值。