公开(公告)号：US11269872B1

公开(公告)日：2022-03-08

申请号：US16528567

申请日：2019-07-31

Applicant: SPLUNK INC.

Inventor： Yow Han Moo ,  Dayanand Pochugari ,  Aungon Nag Radon ,  Xin Li ,  Venkat Mamdi ,  Anand Srinivasabagavathar

IPC: G06F17/00 ,  G06F16/242 ,  G06N20/00 ,  G06F16/248 ,  G06F16/2457

Abstract: Various embodiments of the present application set forth a computer-implemented method that includes receiving, from a device, a natural-language (NL) request. The method further includes selecting, using the NL request, an intent from a set of intents, wherein the intent is associated with a pre-defined intent template, the pre-defined intent template including a set of property fields that are associated with one or more portions of the NL request. The method also includes determining, based on the NL request, a set of property field values for the set of property fields. The method further includes generating a query to be executed on a field-searchable data source, wherein the query is based on one or more property field values included in the set of property field values. The method also includes receiving, in response to the query, a result that includes a set of event field values. In addition, the method includes causing the device to display at least a portion of the result.

公开(公告)号：US11263229B1

公开(公告)日：2022-03-01

申请号：US16657987

申请日：2019-10-18

Applicant: Splunk Inc.

Inventor： Chandrashekar Basavaiah ,  Jindrich Dinga ,  Elizabeth Li ,  Cary Glen Noel ,  Isabelle Park ,  Eric Tschetter ,  Joshua Walters ,  Mei Chun Yeh

IPC: G06F16/00 ,  G06F16/25 ,  G06F16/245 ,  G06F16/22

Abstract: Systems and methods are disclosed for efficiently detecting alert states within unstructured event data. Alert states are illustratively defined as occurring when a threshold number of journey instances are present within the unstructured event data, each journey instance representing a series of events within the event data representing steps within a pre-defined journey. Detecting journey instances within unstructured event data can require significant computational resources, and thus attempting to detect alert states directly from unstructured event data can lead to inefficiencies. Embodiments of this disclosure enable a structured data set of journey instances to be generated from unstructured event data, and for the structured data set to be evaluated based on criteria of multiple alert states. By utilizing a single structured data set to support evaluation based on multiple alert states, detecting alert states from unstructured event data is rendered more efficient.

公开(公告)号：US11252056B2

公开(公告)日：2022-02-15

申请号：US16417315

申请日：2019-05-20

Applicant: Splunk Inc.

Inventor： Michael Dickey

IPC: H04L12/26 ,  H04L12/24

Abstract: The disclosed embodiments provide a method and system for processing network data. During operation, the system obtains, at a remote capture agent, configuration information for the remote capture agent from a configuration server over a network. Next, the system uses the configuration information to configure the generation of event data from network data obtained from network packets at the remote capture agent. The system then uses the configuration information to configure transformation of the event data or the network data into transformed event data at the remote capture agent.

公开(公告)号：US11226977B1

公开(公告)日：2022-01-18

申请号：US16896145

申请日：2020-06-08

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Jacob Barton Leverich ,  Jeffrey Thomas Lloyd ,  Adam Jamison Oliner ,  Marc Vincent Robichaud ,  Jesse Miller

IPC: G06F16/248 ,  G06F11/30 ,  G06F16/245 ,  G06F16/242 ,  G06F11/34

Abstract: A facility for defining an event subtype using examples is described. The facility displays events identified among machine-generated data. The facility receives user input selecting a first subset of the events as examples of an event subtype. In response to receiving the user input, the facility displays a second subset of the events predicted to belong to the event subtype on the basis of the examples of the event subtype.

公开(公告)号：US11218357B1

公开(公告)日：2022-01-04

申请号：US16120010

申请日：2018-08-31

Applicant: Splunk Inc.

Inventor： Govind Salinas ,  Sourabh Satish ,  Robert John Truesdell

IPC: H04L12/24 ,  H04L12/26 ,  H04L29/06

Abstract: Described herein are systems, methods, and software to enhance incident response for an information technology (IT) environment. In one implementation, an incident service identifies an incident in the IT environment and determines a correlation between the incident and other incidents in the IT environment. Once correlated, the incident service aggregates incident data of the incident with incident data of the other incidents and generates a summary using the aggregated incident data.

公开(公告)号：US11217023B1

公开(公告)日：2022-01-04

申请号：US16657509

申请日：2019-10-18

Applicant: SPLUNK INC.

Inventor： Samuel John Angelo Alberico ,  Jesse Chor ,  Kelly Kong ,  Ian Slattery ,  Glen Wong

IPC: G06T17/05 ,  G06T19/00 ,  G06F3/01 ,  G06T13/20 ,  G06T19/20 ,  G06F3/0481

Abstract: Techniques are disclosed for generating a three-dimensional (3D) visualization of data in an extended reality (XR) environment. One embodiment provides a computer-implemented method that includes receiving, via an input device, a repositioning of a first panel displayed within an XR environment and determining that, subsequent to the repositioning, at least one portion of the first panel overlaps with a second panel displayed within the XR environment. The method further includes, subsequent to the determination, generating a first 3D visualization of first data associated with the first panel and second data associated with the second panel. In addition, the method includes causing the first 3D visualization to be displayed within the XR environment.

公开(公告)号：US20210400088A1

公开(公告)日：2021-12-23

申请号：US17371977

申请日：2021-07-09

Applicant: Splunk Inc.

Inventor： Brian Luger

IPC: H04L29/06

Abstract: Techniques and mechanisms are disclosed enabling efficient collection of forensic data from client devices, also referred to herein as endpoint devices, of a networked computer system. Embodiments described herein further enable correlating forensic data with other types of non-forensic data from other data sources. A network security application described herein further enables generating various dashboards, visualizations, and other interfaces for managing forensic data collection, and displaying information related to collected forensic data and information related to identified correlations between items of forensic data and other items of non-forensic data.

公开(公告)号：US11200246B2

公开(公告)日：2021-12-14

申请号：US15339906

申请日：2016-10-31

Applicant: Splunk Inc.

Inventor： Esguerra Ma Kharisma ,  Igor Stojanovski ,  Vishal Patel

IPC: G06F16/22 ,  G06F16/242 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/248 ,  G06F16/25 ,  G06F16/28 ,  G06F16/835 ,  G06F16/901 ,  G06F16/903 ,  G06F16/9038 ,  G06F16/951 ,  G06F16/9535 ,  G06F3/0481 ,  G06T11/20 ,  H04L12/26 ,  H04L29/08

Abstract: The disclosed embodiments include a method performed by a data intake and query system. The method includes ingesting metrics including respective key values and respective measured values, where the respective key values include a primary key value of a selected primary key. The method further includes generating a hash value for each metric by processing each primary key value with a hashing function, and indexing each metric in association with an existing hash bucket having a matching hash value.

公开(公告)号：US20210385139A1

公开(公告)日：2021-12-09

申请号：US17443228

申请日：2021-07-22

Applicant: Splunk Inc.

Inventor： Qianjie Zhong ,  Geng Qin ,  Ting Wang ,  Min Zhang ,  Micah Delfino ,  Jef Bekes ,  D. Randall Young ,  Cary Noel ,  Feng Shao ,  Dritan Bitincka

IPC: H04L12/26 ,  H04L12/24

Abstract: Techniques and mechanisms are disclosed that enable collection of various types of data from cloud computing services and the generation of various dashboards and visualizations to view information about collections of cloud computing resources. A user can configure collection of data from one or more cloud computing services and view visualizations using an application platform referred to herein as a cloud computing management application. A cloud computing management application further may be configured to generate and cause display of interactive topology map representations of cloud computing resources based on the collected data, where an interactive topology map enables users to view an intuitive visualization of a collection of computing resources, efficiently cause performance of actions with respect to various resources displayed in the topology map, and analyze the collection of resources in ways that are not possible using conventional cloud computing service management consoles.

公开(公告)号：US20210385123A1

公开(公告)日：2021-12-09

申请号：US17407738

申请日：2021-08-20

Applicant: Splunk Inc.

Inventor： Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC: H04L12/24 ,  H04L29/06

Abstract: Described herein are systems, methods, and software to enhance the management of responses to incidents. In one example, a method of improving incident response comprises identifying an incident in an information technology (IT) environment associated with a first entity of a plurality of entities, and identifying action implementation information related to the incident. The method further anonymizes the action implementation information for the incident, and determines action suggestions based at least on the anonymized action implementation information.