公开(公告)号：US11818018B1

公开(公告)日：2023-11-14

申请号：US17875170

申请日：2022-07-27

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Nishant Teredesai ,  Cary Glen Noel

IPC: H04L41/22 ,  H04L43/022 ,  H04L43/045

CPC classification number: H04L41/22 ,  H04L43/022 ,  H04L43/045

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display, on a computer system, a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements for managing one or more ephemeral event streams that contain temporarily generated time-series event data from the network packets, wherein managing the one or more ephemeral event streams comprises modifying an end time for terminating the capture of time-series event data in an ephemeral event stream. The system then updates the configuration information based on input received through the first set of user-interface elements.

公开(公告)号：US11425229B2

公开(公告)日：2022-08-23

申请号：US17010685

申请日：2020-09-02

Applicant: Splunk Inc.

Inventor： Vladimir A. Shcherbakov ,  Michael R. Dickey

IPC: H04L69/22 ,  H04L67/10

Abstract: The disclosed embodiments provide a system that processes network data. During operation, the system obtains, at a remote capture agent, a first protocol classification for a first packet flow captured by the remote capture agent. Next, the system uses configuration information associated with the first protocol classification to build a first event stream from the first packet flow at the remote capture agent, wherein the first event stream comprises time-series event data generated from network packets in the first packet flow based on the first protocol classification. The system then transmits the first event stream over a network for subsequent storage and processing of the first event stream by one or more components on the network.

公开(公告)号：US11115505B2

公开(公告)日：2021-09-07

申请号：US16404644

申请日：2019-05-06

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Clint Sharp

IPC: H04L29/06 ,  H04L12/26

Abstract: The disclosed embodiments provide a system for extracting custom content from network packets. During operation, the system receives a stream of packets. The system then parses packets in the stream to determine a protocol for each packet. Next, the system applies a custom-content-extraction rule to each packet associated with a target protocol to obtain the extracted content. Then, the system stores the extracted content in events in a data store to facilitate subsequent queries involving the extracted content.

公开(公告)号：US20200067790A1

公开(公告)日：2020-02-27

申请号：US16670816

申请日：2019-10-31

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Nishant Teredesai ,  Cary Glen Noel

IPC: H04L12/24 ,  H04L12/26

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display, on a computer system, a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements for managing one or more ephemeral event streams that contain temporarily generated time-series event data from the network packets, wherein managing the one or more ephemeral event streams comprises modifying an end time for terminating the capture of time-series event data in an ephemeral event stream. The system then updates the configuration information based on input received through the first set of user-interface elements.

公开(公告)号：US20150295780A1

公开(公告)日：2015-10-15

申请号：US14610457

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Nishant Teredesai ,  Cary Glen Noel

IPC: H04L12/24 ,  G06F3/0484

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display, on a computer system, a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements for managing one or more ephemeral event streams that contain temporarily generated time-series event data from the network packets, wherein managing the one or more ephemeral event streams comprises modifying an end time for terminating the capture of time-series event data in an ephemeral event stream. The system then updates the configuration information based on input received through the first set of user-interface elements.

Abstract translation: 所公开的实施例提供了有助于网络数据的处理的系统。 在操作期间，系统导致在计算机系统上显示用于从由一个或多个远程捕获代理捕获的网络分组生成时间序列事件数据的配置信息的图形用户界面（GUI）。 接下来，系统导致在GUI中显示第一组用户界面元素，用于管理从网络分组中包含临时生成的时间序列事件数据的一个或多个临时事件流，其中管理一个或多个短暂事件 流包括修改用于终止在短暂事件流中捕获时间序列事件数据的结束时间。 然后，系统基于通过第一组用户界面元素接收的输入来更新配置信息。

公开(公告)号：US11451453B2

公开(公告)日：2022-09-20

申请号：US16670816

申请日：2019-10-31

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Nishant Teredesai ,  Cary Glen Noel

IPC: H04L41/22 ,  H04L43/022 ,  H04L43/045

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display, on a computer system, a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements for managing one or more ephemeral event streams that contain temporarily generated time-series event data from the network packets, wherein managing the one or more ephemeral event streams comprises modifying an end time for terminating the capture of time-series event data in an ephemeral event stream. The system then updates the configuration information based on input received through the first set of user-interface elements.

公开(公告)号：US10805438B2

公开(公告)日：2020-10-13

申请号：US16459573

申请日：2019-07-01

Applicant: Splunk Inc.

Inventor： Vladimir A. Shcherbakov ,  Michael R. Dickey

IPC: H04L12/26 ,  H04L29/06 ,  H04L29/08

Abstract: The disclosed embodiments provide a system that processes network data. During operation, the system obtains, at a remote capture agent, a first protocol classification for a first packet flow captured by the remote capture agent. Next, the system uses configuration information associated with the first protocol classification to build a first event stream from the first packet flow at the remote capture agent, wherein the first event stream comprises time-series event data generated from network packets in the first packet flow based on the first protocol classification. The system then transmits the first event stream over a network for subsequent storage and processing of the first event stream by one or more components on the network.

公开(公告)号：US10693742B2

公开(公告)日：2020-06-23

申请号：US14609223

申请日：2015-01-29

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Cary Glen Noel

IPC: H04L12/24 ,  H04L12/26

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system obtains a set of event streams from one or more remote capture agents over one or more networks, wherein the set of event streams comprises time-series event data generated from network packets captured by the one or more remote capture agents. Next, the system causes for display, within a graphical user interface (GUI), a first set of user interface elements, wherein the first set of user interface elements includes event stream information for an event stream in the set of event streams and a first graph of a metric associated with the time-series event data in the event stream. The system then updates the first graph in real-time with the time-series event data from the one or more remote capture agents.

公开(公告)号：US20190327348A1

公开(公告)日：2019-10-24

申请号：US16459573

申请日：2019-07-01

Applicant: Splunk Inc.

Inventor： Vladimir A. Shcherbakov ,  Michael R. Dickey

IPC: H04L29/06 ,  H04L29/08

Abstract: The disclosed embodiments provide a system that processes network data. During operation, the system obtains, at a remote capture agent, a first protocol classification for a first packet flow captured by the remote capture agent. Next, the system uses configuration information associated with the first protocol classification to build a first event stream from the first packet flow at the remote capture agent, wherein the first event stream comprises time-series event data generated from network packets in the first packet flow based on the first protocol classification. The system then transmits the first event stream over a network for subsequent storage and processing of the first event stream by one or more components on the network.

公开(公告)号：US10366101B2

公开(公告)日：2019-07-30

申请号：US14610438

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Nishant Teredesai ,  Matthew S. Zises

IPC: G06F17/30 ,  G06F16/26 ,  H04L12/24 ,  H04L29/06 ,  H04L12/26

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements comprising event stream information for one or more ephemeral event streams used to temporarily generate the time-series event data from the network packets. The system then causes for display, in the GUI, a mechanism for navigating between the event stream information and creation information for one or more creators of the one or more ephemeral event streams.