公开(公告)号：US11651149B1

公开(公告)日：2023-05-16

申请号：US17874046

申请日：2022-07-26

Applicant: SPLUNK Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F3/048 ,  G06F40/174 ,  G06F16/2458

CPC classification number: G06F40/174 ,  G06F16/2477

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US11544257B2

公开(公告)日：2023-01-03

申请号：US17128913

申请日：2020-12-21

Applicant: SPLUNK Inc.

Inventor： Marc V. Robichaud ,  Jesse Miller ,  Cory Burke ,  Alexander James ,  Jeffrey Thomas Lloyd

IPC: G06F16/2452 ,  G06F16/00 ,  G06F16/26 ,  G06F16/33 ,  G06F16/23 ,  G06F16/242 ,  G06F16/2458 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/22 ,  G06F3/0484 ,  G06F21/62 ,  G06F40/177 ,  G06T11/20 ,  G06Q10/00 ,  G06F3/0482 ,  G06F3/04842 ,  G06Q10/10

Abstract: A method includes causing display of events that correspond to search results of a search query in a table. The table includes rows representing events comprising data items of event attributes, columns forming cells with the row, the columns representing respective event attributes, and interactive regions corresponding to one or more data items of the displayed data items. The method also includes in response to the user selecting a designated interactive region, causing display of a list of options, each displayed option corresponding to an interface template for composing query commands, and based on the user selecting an option in the displayed list of options, causing one or more commands to be added to the search query, the one or more commands composed based on the one or more data items that corresponds to the designated interactive region according to instructions of the interface template of the selected option.

公开(公告)号：US11544248B2

公开(公告)日：2023-01-03

申请号：US16260971

申请日：2019-01-29

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Marc V. Robichaud ,  Cory Burke ,  Alexander James ,  Jeffrey Thomas Lloyd

IPC: G06F16/23 ,  G06F16/33 ,  G06F16/2458 ,  G06F16/242 ,  G06F16/26 ,  G06F16/00 ,  G06F16/2453 ,  G06F16/2455 ,  G06F3/0484 ,  G06F21/62 ,  G06T11/20 ,  G06F3/04842 ,  G06F3/0482 ,  G06Q10/00 ,  G06F40/134 ,  G06F40/174 ,  G06F40/177 ,  G06F40/186 ,  G06Q10/10

Abstract: A method includes receiving, in a first query interface, a query composed by the user by typing commands into a query box of the first query interface and based on the receiving of the query, causing events corresponding to query results of the query to be displayed in the first query interface with fields corresponding to the events. Based on the selection by the user of an option, a second query interface is displayed with a table that includes events that correspond to query results of a loaded query. The table includes columns corresponding to event attributes, rows corresponding to events. Cells are populated with the data items of event attributes, where one of the columns corresponds to a field of the fields displayed in the first query interface. The table also includes interactive regions selectable by the user to add one or more commands to the loaded query.

公开(公告)号：US11449464B2

公开(公告)日：2022-09-20

申请号：US16746611

申请日：2020-01-17

Applicant: SPLUNK INC.

Inventor： Jesse Miller

IPC: G06F16/13 ,  G06F16/14 ,  G06F11/30 ,  G06F11/32 ,  G06F16/9032 ,  G06F11/34

Abstract: A graphical user interface allows a customer to specify delimiters and/or patterns that occur in event data and indicate the presence of a particular field. The graphical user interface applies a customer's delimiter specifications directly to event data and displays the resulting event data in real time. Delimiter specifications may be saved as configuration settings and systems in a distributed setting may use the delimiter specifications to extract field values as the systems process raw data into event data. Extracted field values are used to accelerate search queries that a system receives.

公开(公告)号：US11341129B2

公开(公告)日：2022-05-24

申请号：US16216021

申请日：2018-12-11

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Marc V. Robichaud ,  Cory Burke ,  Jeffrey Thomas Lloyd

IPC: G06F16/2452 ,  G06F16/00 ,  G06F16/26 ,  G06F16/33 ,  G06F16/23 ,  G06F16/242 ,  G06F16/2458 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/22 ,  G06F3/0484 ,  G06F21/62 ,  G06F40/177 ,  G06T11/20 ,  G06Q10/00 ,  G06F3/0482 ,  G06F3/04842 ,  G06Q10/10

Abstract: Embodiments of the present invention provide methods, computer-readable media, and systems directed at providing a data summary view. In some embodiments, a method may include receiving a request to display a data summary view of search results of a search query. The request may be received while the search results are displayed in a table format. The method may further include causing display of the data summary view. The data summary view can include a summary report for a selected event attribute of a plurality of event attributes that are represented in the table format. The summary report can include summary entries that present a summary of data items of the selected event attribute and a summary graph of the data items. The summary graph may depict a distribution of at least a subset of the data items of the selected event attribute over a period of time.

公开(公告)号：US11222014B2

公开(公告)日：2022-01-11

申请号：US15799917

申请日：2017-10-31

Applicant: SPLUNK INC.

Inventor： Marc V. Robichaud ,  Jesse Miller ,  Cory Burke ,  Alexander James ,  Jeffrey Thomas Lloyd

IPC: G06F16/2452 ,  G06F16/26 ,  G06F16/33 ,  G06F16/23 ,  G06F16/242 ,  G06F16/2458 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/22 ,  G06F3/0484 ,  G06F16/00 ,  G06F21/62 ,  G06F40/177 ,  G06Q10/00 ,  G06T11/20 ,  G06F3/0482 ,  G06Q10/10

Abstract: A method includes causing display of events that correspond to search results of a search query in a table. The table includes rows representing events comprising data items of event attributes, columns forming cells with the row, the columns representing respective event attributes, and interactive regions corresponding to one or more data items of the displayed data items. The method also includes in response to the user selecting a designated interactive region, causing display of a list of options, each displayed option corresponding to an interface template for composing query commands, and based on the user selecting an option in the displayed list of options, causing one or more commands to be added to the search query, the one or more commands composed based on the one or more data items that corresponds to the designated interactive region according to instructions of the interface template of the selected option.

公开(公告)号：US11061918B2

公开(公告)日：2021-07-13

申请号：US15479823

申请日：2017-04-05

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Jason Szeto ,  Jose Solis ,  Jindrich Dinga ,  David Marquardt

IPC: G06F16/2458 ,  G06F16/26

Abstract: Systems and methods are disclosed for locating data and categorizing a set of data using inverted indexes. The inverted indexes include token entries and field-value pair entries, as well as event references that correspond to events that include raw machine data. Using filter criteria, the inverted indexes are identified. In turn, the inverted indexes are used to identify a set of events that satisfy the filter criteria. The identified set of events are categorized based on categorization criteria and provided for display to a user.

公开(公告)号：US11042697B2

公开(公告)日：2021-06-22

申请号：US16589445

申请日：2019-10-01

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F3/048 ,  G06F40/174 ,  G06F16/2458

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US11030192B2

公开(公告)日：2021-06-08

申请号：US16250949

申请日：2019-01-17

Applicant: SPLUNK INC.

Inventor： Alexander James ,  Jesse Miller

IPC: G06F16/2452 ,  G06F16/00 ,  G06F16/26 ,  G06F16/33 ,  G06F16/23 ,  G06F16/242 ,  G06F16/2458 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/22 ,  G06F3/0484 ,  G06F21/62 ,  G06F40/177 ,  G06T11/20 ,  G06Q10/00 ,  G06F3/0482 ,  G06Q10/10

Abstract: A method includes assigning an access permission of a first user to a query object that represents a first query, the access permission granting the first user access rights to one or more data sources of the first query, the access permission being assigned as a runtime permission of the first query, granting a request from a second user to execute a second query, the first query being a subquery of the second query, and allowing the second user to execute the first query on the one or more data sources of the first query using the runtime permission assigned to the first query in executing the second query using the first query as the subquery.

公开(公告)号：US10235418B2

公开(公告)日：2019-03-19

申请号：US14815929

申请日：2015-07-31

Applicant: SPLUNK INC.

Inventor： Alexander James ,  Jesse Miller

IPC: G06F17/30 ,  G06F21/62

Abstract: A method includes assigning an access permission of a first user to a query object that represents a first query, the access permission granting the first user access rights to one or more data sources of the first query, the access permission being assigned as a runtime permission of the first query, granting a request from a second user to execute a second query, the first query being a subquery of the second query, and allowing the second user to execute the first query on the one or more data sources of the first query using the runtime permission assigned to the first query in executing the second query using the first query as the subquery.