公开(公告)号：US10318553B2

公开(公告)日：2019-06-11

申请号：US14611189

申请日：2015-01-31

Applicant: Splunk Inc.

Inventor： Michael Joseph Baum ,  R. David Carasso ,  Robin Kumar Das ,  Bradley Hall ,  Brian Phillip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Erik M. Swan ,  Rory Greene ,  Nicholas Christian Mealy ,  Christina Frances Regina Noren

IPC: G06F17/40 ,  G06F16/28 ,  G06F16/35 ,  G06F16/31 ,  G06F16/23 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/2457 ,  G06K9/62 ,  G06F17/27 ,  H04L29/06 ,  G06F16/33 ,  G06F11/34

Abstract: Methods and apparatus consistent with the invention provide the ability to organize and build understandings of machine data generated by a variety of information-processing environments. Machine data is a product of information-processing systems (e.g., activity logs, configuration files, messages, database records) and represents the evidence of particular events that have taken place and been recorded in raw data format. In one embodiment, machine data is turned into a machine data web by organizing machine data into events and then linking events together.

公开(公告)号：US20180293051A1

公开(公告)日：2018-10-11

申请号：US16003998

申请日：2018-06-08

Applicant: Splunk Inc.

Inventor： R. David Carasso ,  Micah James Delfino ,  Johnvey Hwang

IPC: G06F7/24 ,  G06F17/30

CPC classification number: G06F7/24 ,  G06F16/2477

Abstract: Embodiments are directed towards real time display of event records with an indication of previously provided extraction rules. A plurality of extraction rules may be provided to the system, such as automatically generated and/or user created extraction rules. These extraction rules may include regular expressions. A plurality of event records may be displayed to the user, such that text in a field defined by an extraction rule is emphasized in the display of the event record. The same emphasis may be provided for text in overlapping fields, or the emphasis may be somewhat different for different fields. The user interface may enable a user to select a portion of text of an event record, such as by rolling-over or clicking on an emphasized part of the event record. By selecting the portion of the event record, the interface may display each extraction rule associated with the selected portion.

公开(公告)号：US20170255601A1

公开(公告)日：2017-09-07

申请号：US15582668

申请日：2017-04-29

Applicant: SPLUNK, Inc.

Inventor： R. David Carasso ,  Micah James Delfino ,  Johnvey Hwang

IPC: G06F17/24 ,  G06F17/30

CPC classification number: G06F16/287 ,  G06F3/0482 ,  G06F3/04842 ,  G06F16/248 ,  G06F16/332 ,  G06F16/334 ,  G06F16/338 ,  G06F16/34 ,  G06F16/93 ,  G06F16/951 ,  G06F17/24 ,  G06F17/241 ,  G06F17/243 ,  G06Q10/00 ,  G06Q10/0637 ,  Y04S10/54

Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.

公开(公告)号：US20170139963A1

公开(公告)日：2017-05-18

申请号：US15421068

申请日：2017-01-31

Applicant: Splunk Inc.

Inventor： Michael Joseph Baum ,  R. David Carasso ,  Robin Kumar Das ,  Rory Greene ,  Bradley Hall ,  Nicholas Christian Mealy ,  Brian Philip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Erik M. Swan

IPC: G06F17/30

CPC classification number: G06F16/2272 ,  G06F16/2228 ,  G06F16/2291 ,  G06F16/2322 ,  G06F16/24568 ,  G06F16/24575 ,  G06F16/24578 ,  G06F16/2477 ,  G06F16/248 ,  G06F16/951

Abstract: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.

公开(公告)号：US09594789B2

公开(公告)日：2017-03-14

申请号：US14611170

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Michael Joseph Baum ,  R. David Carasso ,  Robin Kumar Das ,  Rory Greene ,  Bradley Hall ,  Nicholas Christian Mealy ,  Brian Philip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Erik M. Swan

IPC: G06F7/00 ,  G06F17/30

CPC classification number: G06F17/30336 ,  G06F17/30321 ,  G06F17/30342 ,  G06F17/30353 ,  G06F17/30516 ,  G06F17/30528 ,  G06F17/3053 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/30864

Abstract: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.

Abstract translation: 根据本发明的方法和设备提供了基于搜索来组织，索引，搜索和呈现时间序列数据的能力。 时间序列数据是在一个或多个通常连续的流中发生的时间戳记录的序列，表示某种类型的活动。 在一个实施例中，时间序列数据被组织成具有归一化时间戳的离散事件，并且事件由时间和关键字索引。 完全或部分地基于搜索时计算的时间索引机制，关键字索引机制或统计索引，检索相关的事件信息。

公开(公告)号：US20170046403A1

公开(公告)日：2017-02-16

申请号：US15339953

申请日：2016-11-01

Applicant: Splunk Inc.

Inventor： Erik M. Swan ,  R. David Carasso ,  Robin Kumar Das ,  Rory Greene ,  Bradley Hall ,  Nicholas Christian Mealy ,  Brian Philip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Michael Joseph Baum

IPC: G06F17/30

CPC classification number: G06F17/30336 ,  G06F17/30321 ,  G06F17/30342 ,  G06F17/30353 ,  G06F17/30516 ,  G06F17/30528 ,  G06F17/3053 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/30864

Abstract: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.

Abstract translation: 根据本发明的方法和设备提供了基于搜索来组织，索引，搜索和呈现时间序列数据的能力。 时间序列数据是在一个或多个通常连续的流中发生的时间戳记录的序列，表示某种类型的活动。 在一个实施例中，时间序列数据被组织成具有归一化时间戳的离散事件，并且事件由时间和关键字索引。 完全或部分地基于搜索时计算的时间索引机制，关键字索引机制或统计索引，检索相关的事件信息。

公开(公告)号：US20160140238A1

公开(公告)日：2016-05-19

申请号：US15007176

申请日：2016-01-26

Applicant: Splunk Inc.

Inventor： Erik M. Swan ,  R. David Carasso ,  Robin Kumar Das ,  Rory Greene ,  Bradley Hall ,  Nicholas Christian Mealy ,  Brian Philip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Michael Joseph Baum

IPC: G06F17/30

CPC classification number: G06F17/30336 ,  G06F17/30321 ,  G06F17/30342 ,  G06F17/30353 ,  G06F17/30516 ,  G06F17/30528 ,  G06F17/3053 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/30864

Abstract: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.

Abstract translation: 根据本发明的方法和设备提供了基于搜索来组织，索引，搜索和呈现时间序列数据的能力。 时间序列数据是在一个或多个通常连续的流中发生的时间戳记录的序列，表示某种类型的活动。 在一个实施例中，时间序列数据被组织成具有归一化时间戳的离散事件，并且事件由时间和关键字索引。 完全或部分地基于搜索时计算的时间索引机制，关键字索引机制或统计索引，检索相关的事件信息。

公开(公告)号：US20160070736A1

公开(公告)日：2016-03-10

申请号：US14929248

申请日：2015-10-30

Applicant: Splunk Inc.

Inventor： Erik M. Swan ,  R. David Carasso ,  Robin Kumar Das ,  Rory Greene ,  Bradley Hall ,  Nicholas Christian Mealy ,  Brian Philip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Michael Joseph Baum

IPC: G06F17/30

CPC classification number: G06F17/30336 ,  G06F17/30321 ,  G06F17/30342 ,  G06F17/30353 ,  G06F17/30516 ,  G06F17/30528 ,  G06F17/3053 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/30864

Abstract: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.

Abstract translation: 根据本发明的方法和设备提供了基于搜索来组织，索引，搜索和呈现时间序列数据的能力。 时间序列数据是在一个或多个通常连续的流中发生的时间戳记录的序列，表示某种类型的活动。 在一个实施例中，时间序列数据被组织成具有归一化时间戳的离散事件，并且事件由时间和关键字索引。 完全或部分地基于搜索时计算的时间索引机制，关键字索引机制或统计索引，检索相关的事件信息。

公开(公告)号：US20150317377A1

公开(公告)日：2015-11-05

申请号：US14530686

申请日：2014-10-31

Applicant: Splunk Inc.

Inventor： Michael Joseph Baum ,  R. David Carasso ,  Robin Kumar Das ,  Bradley Hall ,  Brian Philip Murphy ,  Stephen Philip Sorkin ,  Andre David Stechert ,  Erik M. Swan ,  Rory Greene ,  Nicholas Christian Mealy ,  Christina Frances Regina Noren

IPC: G06F17/30

CPC classification number: G06F17/30604 ,  G06F11/3476 ,  G06F17/2785 ,  G06F17/30368 ,  G06F17/30477 ,  G06F17/30507 ,  G06F17/30525 ,  G06F17/30551 ,  G06F17/30598 ,  G06F17/30619 ,  G06F17/30657 ,  G06F17/30705 ,  G06K9/6217 ,  H04L63/1425 ,  H04L63/20

Abstract: Methods and apparatus consistent with the invention provide the ability to organize and build understandings of machine data generated by a variety of information-processing environments. Machine data is a product of information-processing systems (e.g., activity logs, configuration files, messages, database records) and represents the evidence of particular events that have taken place and been recorded in raw data format. In one embodiment, machine data is turned into a machine data web by organizing machine data into events and then linking events together.

Abstract translation: 与本发明一致的方法和设备提供组织和构建由各种信息处理环境生成的机器数据的理解的能力。 机器数据是信息处理系统（例如，活动日志，配置文件，消息，数据库记录）的产物，并且表示已经发生并以原始数据格式记录的特定事件的证据。 在一个实施例中，机器数据通过将机器数据组织到事件中并将事件链接在一起而变成机器数据网。

公开(公告)号：US20150149460A1

公开(公告)日：2015-05-28

申请号：US14611191

申请日：2015-01-31

Applicant: Splunk Inc.

Inventor： Michael Joseph Baum ,  R. David Carasso ,  Robin Kumar Das ,  Bradley Hall ,  Brian Phillip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Erik M. Swan ,  Rory Greene ,  Nicholas Christian Mealy ,  Christina Frances Regina Noren

IPC: G06F17/30

CPC classification number: G06F17/30604 ,  G06F11/3476 ,  G06F17/2785 ,  G06F17/30368 ,  G06F17/30477 ,  G06F17/30507 ,  G06F17/30525 ,  G06F17/30551 ,  G06F17/30598 ,  G06F17/30619 ,  G06F17/30657 ,  G06F17/30705 ,  G06K9/6217 ,  H04L63/1425 ,  H04L63/20

Abstract: Methods and apparatus consistent with the invention provide the ability to organize and build understandings of machine data generated by a variety of information-processing environments. Machine data is a product of information-processing systems (e.g., activity logs, configuration files, messages, database records) and represents the evidence of particular events that have taken place and been recorded in raw data format. In one embodiment, machine data is turned into a machine data web by organizing machine data into events and then linking events together.

Abstract translation: 与本发明一致的方法和设备提供组织和构建由各种信息处理环境生成的机器数据的理解的能力。 机器数据是信息处理系统（例如，活动日志，配置文件，消息，数据库记录）的产物，并且表示已经发生并以原始数据格式记录的特定事件的证据。 在一个实施例中，机器数据通过将机器数据组织到事件中并将事件链接在一起而变成机器数据网。