公开(公告)号：US20160224643A1

公开(公告)日：2016-08-04

申请号：US14610702

申请日：2015-01-30

Applicant: SPLUNK INC.

Inventor： Marc Vincent Robichaud

IPC: G06F17/30

CPC classification number: G06F16/254 ,  G06F11/30 ,  G06F11/3006 ,  G06F11/3072 ,  G06F11/321 ,  G06F11/3452 ,  G06F16/313

Abstract: First one or more values are extracted from a plurality of events using a first extraction rule. The extracted first one or more values are assigned to a first field of the plurality of events as a first set of field-data item pairs. Second one or more values are extracted from the plurality of the events using a second extraction rule. The second extraction rule identifies the second one or more values and a field label corresponding to the second one or more values in the extracted first one or more values of the first set of field-data item pairs. The extracted second one or more values are assigned to a second field of the plurality of events as a second set of field-data item pairs. The field label extracted using the second extraction rule or a modified version thereof may be assigned to the second field.

Abstract translation: 使用第一提取规则从多个事件中提取第一个或多个值。 所提取的第一个或多个值被分配给多个事件的第一个字段作为第一组字段数据项对。 使用第二提取规则从多个事件中提取第二个一个或多个值。 第二提取规则识别第二个一个或多个值以及对应于所提取的第一组场数据项对中的第一个一个或多个值中的第二个一个或多个值的字段标签。 提取的第二个一个或多个值被分配给多个事件的第二个字段作为第二组字段数据项对。 可以将使用第二提取规则或其修改版本提取的字段标签分配给第二字段。

公开(公告)号：US20160224624A1

公开(公告)日：2016-08-04

申请号：US14611007

申请日：2015-01-30

Applicant: SPLUNK INC.

Inventor： Marc Vincent Robichaud

IPC: G06F17/30

CPC classification number: G06F17/30445 ,  G06F17/30389

Abstract: A dependency is created between a first search query and a second search query. The first search query defines a first data processing pipeline and the second search query defines a second data processing pipeline that extends the first data processing pipeline. A modification is detected to the first data processing pipeline defined by the first search query. Based on the modification to the first data processing pipeline being detected, the dependency is enforced such that the second data processing pipeline is modified to extend the modified first data processing pipeline. The modification to the first data processing pipeline can include a first set of pipelined commands corresponding to the first search query being modified, and the dependency can be enforced by causing a second set of pipelined commands corresponding to the second search query to be modified to include the modified first set of pipelined commands.

Abstract translation: 在第一搜索查询和第二搜索查询之间创建依赖关系。 第一搜索查询定义第一数据处理流水线，第二搜索查询定义扩展第一数据处理流水线的第二数据处理流水线。 检测到由第一搜索查询定义的第一数据处理流水线的修改。 基于对被检测的第一数据处理流水线的修改，执行依赖关系，使得修改第二数据处理流水线以扩展修改的第一数据处理流水线。 对第一数据处理流水线的修改可以包括与要修改的第一搜索查询相对应的第一组流水线命令，并且可以通过使与第二搜索查询相对应的第二组流水线命令被修改以包括 修改后的第一套流水线命令。

公开(公告)号：US20160098485A1

公开(公告)日：2016-04-07

申请号：US14526406

申请日：2014-10-28

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Katherine Kyle Feeney ,  Divanny I. Lamas ,  Marc Vincent Robichaud ,  Matthew G. Ness ,  Clara E. Lee

IPC: G06F17/30 ,  G06F3/0484 ,  G06F3/0482

CPC classification number: G06F3/04842 ,  G06F3/0482 ,  G06F3/04847 ,  G06F9/451 ,  G06F17/246 ,  G06F17/30315 ,  G06F17/30389 ,  G06F17/30395 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30864 ,  G06K9/2054

Abstract: In embodiments of field value search drill down, a search system exposes a search interface that displays one or more events returned as a search result set. A field-value pair can be emphasized in the field-value pairs of an event displayed in the search interface, and a menu is displayed with search options that are selectable to operate on the emphasized field-value pair of the event. The menu includes the search options to add search criteria of the emphasized field-value pair to a search command in a search bar of the search interface, exclude the search criteria of the emphasized field-value pair from a search, or create a new data search based on the emphasized field-value pair. A selection of one of the search options in the menu can be received, and the search command in the search bar is updated based on the search option that is selected.

Abstract translation: 在字段值搜索向下钻取的实施例中，搜索系统公开了显示作为搜索结果集返回的一个或多个事件的搜索界面。 可以在搜索界面中显示的事件的字段值对中强调字段值对，并且显示具有可选择以在事件的强调字段值对上操作的搜索选项的菜单。 该菜单包括搜索选项，以将搜索条件增加到搜索接口的搜索栏中的搜索命令，从搜索中排除强调字段值对的搜索条件，或创建新数据 基于强调的字段值对进行搜索。 可以接收菜单中的一个搜索选项的选择，并且基于所选择的搜索选项来更新搜索栏中的搜索命令。

公开(公告)号：US20160098409A1

公开(公告)日：2016-04-07

申请号：US14526430

申请日：2014-10-28

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Katherine Kyle Feeney ,  Divanny I. Lamas ,  Marc Vincent Robichaud ,  Matthew G. Ness ,  Clara E. Lee

IPC: G06F17/30 ,  G06F3/0484 ,  G06F3/0482

Abstract: In embodiments of statistics value chart interface row mode drill down, a first interface is displayed in a table format that includes columns each with field values of an event field, and each column having a column heading of a different one of the event fields, and includes rows each with one or more of the field values, where each field value in a row is associated with a different one of the event fields, and each row includes an aggregated metric that represents a number of events having field-value pairs that match all of the one or more field values listed in a respective row and the corresponding event fields listed in the respective columns. A row can be emphasized in the first interface, and in response, a menu is displayed with selectable options to transition to a second interface that displays a listing of the events based on a selected one of the options.

Abstract translation: 在统计值图表接口行方式向下钻取的实施例中，以表格格式显示第一接口，该格式包括各自具有事件字段的字段值的列，并且每列具有不同的事件字段的列标题，以及 包括每个具有一个或多个字段值的行，其中，行中的每个字段值与事件字段中的不同的一个相关联，并且每行包括表示具有匹配的字段值对的事件的数量的聚合度量 在相应行中列出的所有一个或多个字段值以及相应列中列出的相应事件字段。 在第一个界面中可以强调一行，作为响应，显示一个带有可选择选项的菜单，以转换到第二个界面，该界面基于选定的一个选项显示事件列表。

公开(公告)号：US20160092485A1

公开(公告)日：2016-03-31

申请号：US14525048

申请日：2014-10-27

Applicant: Splunk Inc.

Inventor： Divanny I. Lamas ,  Marc Vincent Robichaud

IPC: G06F17/30

CPC classification number: G06F17/30342 ,  G06F17/30551

Abstract: Event time selection output techniques are described. In one or more implementations, one or more inputs are received, at one or more computing devices, that involve interaction associated with a particular one of a plurality of events via a user interface, in which the plurality of events result from a search of data, each of the plurality of events include the data that is associated with a respective point in time, and the one or more inputs specify a relative time in relation to the respective point in time of the particular event. A determination is made as to which of the plurality of events correspond to the specified relative time by the one or more computing devices and a result of the determination is output by the one or more computing devices for display in the user interface.

Abstract translation: 描述事件时间选择输出技术。 在一个或多个实施方式中，被接收的一个或多个输入，在一个或多个计算设备，即涉及与经由用户接口的多个事件中的特定一个相关联的交互，其中，所述多个事件中从搜索数据的结果 中，每个所述多个事件中的包括与在时间相应的点相关联的数据，并且该一个或多个输入指定要在特定事件的时间相对于所述相应点的相对时间。 的判断被作出，以所述多个事件中的由所述一个或多个计算设备对应​​于所述指定的相对时间和确定的结果是通过在用户界面显示所述一个或多个计算设备的输出。

公开(公告)号：US20150363460A1

公开(公告)日：2015-12-17

申请号：US14834361

申请日：2015-08-24

Applicant: Splunk Inc.

Inventor： Archana Sulochana Ganapathi ,  Alice Emily Neels ,  Marc Vincent Robichaud ,  Stephen Phillip Sorkin ,  Steve Yu Zhang

IPC: G06F17/30

CPC classification number: G06F17/30395 ,  G06F17/30424 ,  G06F17/30477 ,  G06F17/30554

Abstract: Embodiments are directed towards determining and tracking metadata for the generation of visualizations of requested data. A user may request data by providing a query that may be employed to search for the requested data. The query may include a plurality of commands, which may be employed in a pipeline to perform the search and to generate a table of the requested data. In some embodiments, each command may be executed to perform an action on a set of data. The execution of a command may generate one or more columns to append and/or insert into the table of requested data. Metadata for each generated column may be determined based on the actions performed by executing the commands. The table of requested data and the column metadata may be employed to generate and display a visualization of at least a portion of the requested data to a user.

Abstract translation: 实施例旨在确定和跟踪用于生成所请求数据的可视化的元数据。 用户可以通过提供可用于搜索所请求的数据的查询来请求数据。 该查询可以包括多个命令，其可以在流水线中用于执行搜索并生成所请求的数据的表。 在一些实施例中，可以执行每个命令以对一组数据执行动作。 命令的执行可以生成一个或多个列来附加和/或插入到所请求的数据的表中。 可以基于通过执行命令执行的动作来确定每个生成的列的元数据。 可以使用所请求的数据和列元数据的表来生成并向用户显示所请求的数据的至少一部分的可视化。

公开(公告)号：US12189931B1

公开(公告)日：2025-01-07

申请号：US18313987

申请日：2023-05-08

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Katherine Kyle Feeney ,  Divanny I. Lamas ,  Marc Vincent Robichaud ,  Matthew G. Ness ,  Clara E. Lee

IPC: G06F15/16 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F16/22 ,  G06F16/242 ,  G06F16/2455 ,  G06F16/248 ,  G06F16/25 ,  G06F16/951 ,  G06F40/18 ,  G06V10/22 ,  G06F9/451

Abstract: In embodiments of statistics chart row mode drill down, a first interface is displayed in a table format that includes columns and rows, where each row is associated with an event and each column includes field for a respective event. The rows can further include one or more aggregated metrics representing a number of events associated with a respective row. A row can be emphasized in the first interface and, in response a menu can be displayed with selectable options to transition to a second interface, where the data displayed by the second interface is based on an option selected from the menu.

公开(公告)号：US11816316B2

公开(公告)日：2023-11-14

申请号：US17224381

申请日：2021-04-07

Applicant: SPLUNK INC.

Inventor： Cory Eugene Burke ,  Katherine Kyle Feeney ,  Divanny I. Lamas ,  Marc Vincent Robichaud ,  Matthew G. Ness ,  Clara E. Lee

IPC: G06F17/00 ,  G06F3/04842 ,  G06F3/0482 ,  G06F16/22 ,  G06F16/242 ,  G06F16/248 ,  G06F16/25 ,  G06F16/951 ,  G06F16/2455 ,  G06F40/18 ,  G06V10/22 ,  G06F3/04847 ,  G06F9/451

CPC classification number: G06F3/04842 ,  G06F3/0482 ,  G06F3/04847 ,  G06F16/221 ,  G06F16/242 ,  G06F16/248 ,  G06F16/2455 ,  G06F16/252 ,  G06F16/951 ,  G06F40/18 ,  G06V10/22 ,  G06F9/451 ,  G06F16/2425

Abstract: In embodiments of statistics value chart interface cell mode drill down, a first interface displays in a table format that includes columns each with field values of an event field, and each column having a column heading of a different one of the event fields, and includes rows each with one or more of the field values, each field value in a row associated with a different one of the event fields, and having an aggregated metric that represents a number of events with field-value pairs that match all of the field values listed in a respective row and the corresponding event fields listed in the respective columns. A cell can be emphasized that includes one of the field values in a row that corresponds to one of the different event fields in a column, and in response, a menu displays options to transition to a second interface.

公开(公告)号：US11741086B2

公开(公告)日：2023-08-29

申请号：US17121935

申请日：2020-12-15

Applicant: SPLUNK Inc.

Inventor： Marc Vincent Robichaud ,  Cory Eugene Burke ,  Jeffrey Thomas Lloyd

IPC: G06F16/242 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847

CPC classification number: G06F16/2428 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847

Abstract: A search interface is displayed in a table format that includes one or more columns, each column including data items of an event attribute, the data items being of a set of events, and a plurality of rows forming cells with the one or more columns, each cell displaying a textual representation of at least one of the data items of the event attribute of a corresponding column. Based on a user selecting a portion of the textual representation in a corresponding cell, a list of options is displayed that corresponds to the selected portion of the textual representation. Furthermore, one or more commands are added to a search query that corresponds to the set of events, the one or more commands being based on at least an option that is selected from the list of options and the selected portion of the textual representation in the corresponding cell.

公开(公告)号：US11455087B2

公开(公告)日：2022-09-27

申请号：US16397393

申请日：2019-04-29

Applicant: SPLUNK INC.

Inventor： Cory Eugene Burke ,  Katherine Kyle Feeney ,  Divanny I. Lamas ,  Marc Vincent Robichaud ,  Matthew G. Ness ,  Clara E. Lee

IPC: G06F7/00 ,  G06F3/04842 ,  G06F3/0482 ,  G06F16/22 ,  G06F16/242 ,  G06F16/248 ,  G06F16/25 ,  G06F16/951 ,  G06F16/2455 ,  G06F40/18 ,  G06V10/22 ,  G06F3/04847 ,  G06F9/451

Abstract: In embodiments of field value search drill down, a search system exposes a search interface that displays one or more events returned as a search result set. A field-value pair can be emphasized in the field-value pairs of an event displayed in the search interface, and a menu is displayed with search options that are selectable to operate on the emphasized field-value pair of the event. The menu includes the search options to add search criteria of the emphasized field-value pair to a search command in a search bar of the search interface, exclude the search criteria of the emphasized field-value pair from a search, or create a new data search based on the emphasized field-value pair. A selection of one of the search options in the menu can be received, and the search command in the search bar is updated based on the search option that is selected.