公开(公告)号：US12181956B1

公开(公告)日：2024-12-31

申请号：US18208879

申请日：2023-06-12

Applicant: Splunk Inc.

Inventor： Kristal Curtis ,  William Deaderick ,  Wei J. Gao ,  Tanner Gilligan ,  Chandrima Sarkar ,  Aleksander Stojanovic ,  Ralph Donald Thompson ,  Poonam Yadav ,  Sichen Zhong

IPC: G06F11/30 ,  G06F11/07 ,  G06F18/21 ,  G06F18/214

Abstract: Systems and methods are disclosed that are directed to improving the prioritization, display, and viewing of system alerts through the use of machine learning techniques to group the alerts and further to prioritize the groupings. Additionally, a graphical user interface is generated that illustrates the prioritized listing of the plurality of groupings. Thus, a system administrator or other user receives an improved experience as the number of notifications provided to the system administrator are reduced due to the grouping of individual alerts into related groupings and further due to the prioritization of the groupings. Previously, or in current technology, system alerts may be automatically generated and provided immediately to a system administrator. In some instances, any advantage of detecting system errors or system monitoring provided by the alerts is negated by the vast number of alerts and provision of minimally important alerts in a manner that concealed more important alerts.

公开(公告)号：US11886464B1

公开(公告)日：2024-01-30

申请号：US18100329

申请日：2023-01-23

Applicant: Splunk Inc.

Inventor： Adam Jamison Oliner ,  Kristal Curtis ,  Iman Makaremi ,  Ross Andrew Lazerowitz

IPC: H04L41/0604 ,  G06F16/28 ,  G06F16/21 ,  G06F9/54 ,  H04L41/22 ,  H04L41/069 ,  H04L41/5009 ,  H04L41/0681 ,  G06Q10/0639 ,  G06Q10/20 ,  G06F16/903 ,  G06Q10/10 ,  H04L67/50

CPC classification number: G06F16/282 ,  G06F9/542 ,  G06F16/213 ,  G06F16/903 ,  G06Q10/06393 ,  G06Q10/10 ,  G06Q10/20 ,  H04L41/0604 ,  H04L41/069 ,  H04L41/0681 ,  H04L41/22 ,  H04L41/5009 ,  H04L67/535

Abstract: Machine data of an operating environment is conveyed by a network to a data intake and query system (DIQS) which reflects the machine data as timestamped entries of a field-searchable datastore. Monitoring functionality may search the machine data to identify notable event instances. A notable event processing system correlates the notable event instance to one or more triaging models which are executed against the notable event to produce a modeled result. Information of the received notable event and the modeled results are combined into an enhanced representation of a notable event instance. The enhanced representation conditions downstream processing to automatically perform or assist triaging of notable event instances to optimize application of computing resources to highest priority conditions in the operating environment.

公开(公告)号：US10942960B2

公开(公告)日：2021-03-09

申请号：US16049748

申请日：2018-07-30

Applicant: Splunk Inc.

Inventor： Adam Jamison Oliner ,  Kristal Curtis ,  Iman Makaremi ,  Ross Andrew Lazerowitz

IPC: G06F16/338 ,  G06F9/451 ,  G06F16/38 ,  G06F16/33 ,  G06F9/54 ,  H04L12/24 ,  G06Q10/06 ,  G06Q10/00 ,  G06F16/903

Abstract: Network connections are established between machines of an operating environment to be monitored and a server group of a data intake and query system (DIQS). Data reflecting machine and component operations of the environment is conveyed via the network to the DIQS where it is reflected as timestamped entries in a field-searchable datastore. Monitoring components may search the datastore and identify and record instances of notable events. Triaging models are selectively applied against the notable event instances to produce an enhanced notable event instance representation with modeled results effective to automatically perform or assist in triaging the notable events so they are dispatched in an optimal, effective, and efficient, manner.

公开(公告)号：US10942946B2

公开(公告)日：2021-03-09

申请号：US16049757

申请日：2018-07-30

Applicant: Splunk Inc.

Inventor： Adam Jamison Oliner ,  Kristal Curtis ,  Iman Makaremi ,  Ross Andrew Lazerowitz

IPC: H04L12/24 ,  G06F16/28 ,  G06F16/21 ,  G06F9/54 ,  G06Q10/06 ,  G06Q10/00 ,  G06F16/903 ,  G06Q10/10 ,  H04L29/08

Abstract: Machine data of an operating environment is conveyed by a network to a data intake and query system (DIQS) which reflects the machine data as timestamped entries of a field-searchable datastore. Monitoring functionality may search the machine data to identify notable event instances. A notable event processing system correlates the notable event instance to one or more triaging models which are executed against the notable event to produce a modeled result. Information of the received notable event and the modeled results are combined into an enhanced representation of a notable event instance. The enhanced representation conditions downstream processing to automatically perform or assist triaging of notable event instances to optimize application of computing resources to highest priority conditions in the operating environment.

公开(公告)号：US20250028737A1

公开(公告)日：2025-01-23

申请号：US18222863

申请日：2023-07-17

Applicant: Splunk Inc.

Inventor： Houwu Bai ,  Kristal Curtis ,  William Deaderick ,  Tanner Gilligan ,  Poonam Yadav ,  Om Rajyaguru

IPC: G06F16/28 ,  G06F16/2458

Abstract: Computerized methodologies are disclosed that are directed to detecting anomalies within a time-series data set. An aspect of the anomaly detection process includes determining one or more seasonality patterns that correspond to a specific time-series data set by evaluating a set of candidate seasonality patterns (e.g., hourly, daily, weekly, day-start off-sets, etc.). The evaluation of a candidate seasonality pattern may include dividing the time-series data set into a collection of subsequences based on the particular candidate seasonality pattern. Further, the collection of subsequences may be divided into clusters and a silhouette score may be computed to measure the clustering quality of the candidate seasonality pattern. In some instances, the candidate seasonality pattern having the highest silhouette score is selected and utilized in anomaly detection process. In other instances, a plurality of seasonality patterns may be combined forming a time policy, where the time policy is utilized in anomaly detection process.

公开(公告)号：US12158880B1

公开(公告)日：2024-12-03

申请号：US17978153

申请日：2022-10-31

Applicant: SPLUNK, INC.

Inventor： Kristal Curtis ,  William Deaderick ,  Tanner Gilligan ,  Joseph Ross ,  Abraham Starosta ,  Sichen Zhong

IPC: G06F16/22 ,  G06F16/242 ,  G06F16/2458 ,  G06F16/28

Abstract: Implementations of this disclosure provide an anomaly detection system and methods of performing anomaly detection on a time-series dataset. The anomaly detection may include utilization of a forecasting machine learning algorithm to obtain a prediction of points of the dataset and comparing the predicted value of a point in the dataset with the actual value to determine an error value associated with that point. Additionally, the anomaly detection may include determination of a sensitivity threshold that impacts whether points within the dataset associated with certain error values are flagged as anomalies. The forecasting machine learning algorithm may implement a seasonality component determination process that accounts for seasonality or patterns in the dataset. A search query statement may be automatically generated through importing the sensitivity threshold into a predetermined search query statement that implements that forecasting machine learning algorithm.

公开(公告)号：US12008046B1

公开(公告)日：2024-06-11

申请号：US17837931

申请日：2022-06-10

Applicant: Splunk, Inc.

Inventor： Kristal Curtis ,  William Deaderick ,  Abraham Starosta

IPC: G06F16/903 ,  H04L41/069

CPC classification number: G06F16/90335 ,  H04L41/069

Abstract: A computerized method is disclosed that includes operations of obtaining a data set, selecting candidate parameter pairs to be analyzed, wherein the candidate parameter pairs include a window length and a sensitivity multiplier, and wherein the window length is a number of data points, performing an anomaly detection process for each candidate parameter pair including importing each candidate parameter pair into a predetermined search query thereby generating a set of populated predetermined search queries, wherein the predetermined search query is configured to perform the anomaly detection process, executing each search query of the set of populated predetermined search queries on the data set to obtain a set of anomaly detection results, and scoring each anomaly detection result by applying a set of heuristics to the set of the anomaly detection results, and generating an auto-tuned search query by selecting a first candidate parameter pair based on a score of each of the set of anomaly detection results and importing the first candidate parameter pair into the predetermined search query.

公开(公告)号：US11853303B1

公开(公告)日：2023-12-26

申请号：US17411357

申请日：2021-08-25

Applicant: SPLUNK Inc.

Inventor： Adam Oliner ,  Eric Sammer ,  Kristal Curtis ,  Nghi Nguyen

IPC: G06F16/00 ,  G06F16/2455 ,  G06F40/205 ,  G06F16/248 ,  G06N5/04

CPC classification number: G06F16/24568 ,  G06F16/248 ,  G06F16/24564 ,  G06F40/205 ,  G06N5/04

Abstract: As described herein, a portion of machine data of a message may be analyzed to infer, using an inference model, a sourcetype of the message. The portion of machine data may be generated by one or more components in an information technology environment. Based on the inference, a set of extraction rules associated with the sourcetype may be selected. Each extraction rule may define criteria for identifying a sub-portion of text from the portion of machine data of the message to produce a value. The set of extraction rules may be applied to the portion of machine data of the message to produce a result set that indicates a number of values identified using the set of extraction rules. Based on the result set, at least one action may be performed on one or more of inference data associated with the inference model and one or more messages.

公开(公告)号：US11748358B2

公开(公告)日：2023-09-05

申请号：US16175642

申请日：2018-10-30

Applicant: Splunk, Inc.

Inventor： Adam Oliner ,  Eric Sammer ,  Kristal Curtis ,  Nghi Nguyen

IPC: G06F16/245 ,  G06F16/2455 ,  G06F40/205 ,  G06F16/248 ,  G06N5/04

CPC classification number: G06F16/24568 ,  G06F16/248 ,  G06F16/24564 ,  G06F40/205 ,  G06N5/04

Abstract: As described herein, a portion of machine data of a message may be analyzed to infer, using an inference model, a sourcetype of the message. The portion of machine data may be generated by one or more components in an information technology environment. Based on the inference, a set of extraction rules associated with the sourcetype may be selected. Each extraction rule may define criteria for identifying a sub-portion of text from the portion of machine data of the message to produce a value. The set of extraction rules may be applied to the portion of machine data of the message to produce a result set that indicates a number of values identified using the set of extraction rules. Based on the result set, at least one action may be performed on one or more of inference data associated with the inference model and one or more messages.

公开(公告)号：US11593400B1

公开(公告)日：2023-02-28

申请号：US17158638

申请日：2021-01-26

Applicant: Splunk Inc.

Inventor： Adam Jamison Oliner ,  Kristal Curtis ,  Iman Makaremi ,  Ross Andrew Lazerowitz

IPC: H04L41/0604 ,  G06F16/28 ,  G06F16/21 ,  G06F9/54 ,  H04L41/22 ,  H04L41/069 ,  H04L41/5009 ,  H04L41/0681 ,  G06Q10/0639 ,  G06Q10/20 ,  G06F16/903 ,  G06Q10/10 ,  H04L67/50

Abstract: Machine data of an operating environment is conveyed by a network to a data intake and query system (DIQS) which reflects the machine data as timestamped entries of a field-searchable datastore. Monitoring functionality may search the machine data to identify notable event instances. A notable event processing system correlates the notable event instance to one or more triaging models which are executed against the notable event to produce a modeled result. Information of the received notable event and the modeled results are combined into an enhanced representation of a notable event instance. The enhanced representation conditions downstream processing to automatically perform or assist triaging of notable event instances to optimize application of computing resources to highest priority conditions in the operating environment.