公开(公告)号：US11144185B1

公开(公告)日：2021-10-12

申请号：US16147310

申请日：2018-09-28

Applicant: SPLUNK INC.

Inventor： Jindrich Dinga ,  Simon Fishel ,  Cary Noel ,  Isabelle Park ,  Horst Werner

IPC: G06F3/0484 ,  G06F3/0482 ,  G06F16/904 ,  G06F16/9535

Abstract: Systems, methods, and computer readable media are disclosed for generating and providing concurrent journey visualizations associated with different journey definitions. In computer-implemented embodiments, a data intake and query system, or a journey visualization computing tool, can be used to generate and provide concurrent representations corresponding with different journey definitions. In operation, a set of journey instances associated with a journey having a set of steps is obtained. Each step may be associated with at least one event that includes raw machine data produced by a component of an information technology environment. Upon obtaining different journey definitions specifying filters to apply to the set of journey instances, the data intake and query system can generate journey visualizations in accordance with the journey definitions. Thereafter, the journey visualizations corresponding with the journey definitions can be concurrently displayed by a computing device via a graphical user interface.

公开(公告)号：US20210314347A1

公开(公告)日：2021-10-07

申请号：US17185612

申请日：2021-02-25

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L29/06 ,  G06F21/55 ,  G06F16/28

Abstract: Systems, methods, and software described herein provide enhancements for implementing security actions in a computing environment. In one example, a method of operating an advisement system to provide actions in a computing environment includes identifying a security incident in the computing environment, identifying a criticality rating for the asset, and obtaining enrichment information for the security incident from one or more internal or external sources. The method also provides identifying a severity rating for the security incident based on the enrichment information, and determining one or more security actions based on the enrichment information. The method further includes identifying effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, and identifying a subset of the one or more security actions to respond to the security incident based on the effects.

公开(公告)号：US11138191B1

公开(公告)日：2021-10-05

申请号：US16526833

申请日：2019-07-30

Applicant: Splunk Inc.

Inventor： Frederick De Boer

IPC: G06F16/00 ,  G06F16/242 ,  G06F16/25 ,  G06F16/2458 ,  G06F11/30 ,  G06F16/2455

Abstract: In accordance with various embodiments of the present disclosure, a data intake and query system (DIQS) performs a query on event data to return a result data set. A client device receives an input that includes one or more text strings and expands the received input into a multi-field search query, which is transmitted to the DIQS. The DIQS then parses the result data set by performing the multi-field search query on the result data set to return at least one event that includes one or more fields that have one or more values that correspond to the one or more text strings. The at least one event may then be caused to be displayed by the client device through a graphical user interface.

公开(公告)号：US11132373B1

公开(公告)日：2021-09-28

申请号：US16400001

申请日：2019-04-30

Applicant: Splunk Inc.

Inventor： Joseph Timko ,  Richa Mehta ,  Pradeep Baliganapalli Nagaraju ,  Dharmalingam Madheswaran

IPC: G06F16/24 ,  G06F16/248 ,  G06F16/2455 ,  G06F16/23 ,  G06F11/30 ,  G06F11/32 ,  G06F11/34 ,  G06F16/25 ,  G06F3/0482

Abstract: An asset monitoring and reporting system (AMRS) implements decoupled update cycle and disparate search frequency dispatch for dynamic elements of an asset monitoring and reporting system. The AMRS identifies occurrence of an update to a visualization of a client dashboarding component of an AMRS, the visualization comprising dynamic elements and corresponding dynamic element searches that are each associated with a search query to be submitted for execution to obtain a value of a metric of an asset node associated with a respective dynamic element. The AMRS further sends a request indicative of the dynamic elements to a server component of the AMRS, receives dynamic element objects for the dynamic elements, the dynamic element objects specifying search queries corresponding to the dynamic elements, modifies dynamic element searches of the dashboarding component in accordance with the search queries, and stores a definition of the visualization as control information.

公开(公告)号：US11126632B2

公开(公告)日：2021-09-21

申请号：US16051203

申请日：2018-07-31

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Arindam Bhattacharjee

IPC: G06F16/2458 ,  G06F16/27 ,  G06F16/21 ,  G06F16/951 ,  G06F40/205

Abstract: Systems and methods are disclosed for executing a query that includes an indication to process data managed by an external data system. The system identifies the external data system that manages the data to be processed, and obtained search configuration data from the external system. The system uses the search configuration data to generate a subquery for the external data system. The system also generates instructions for one or more worker nodes to receive and process results of the subquery from the external data system.

公开(公告)号：US20210286874A1

公开(公告)日：2021-09-16

申请号：US17332804

申请日：2021-05-27

Applicant: Splunk Inc.

Inventor： Zhuxuan Jin ,  George Apostolopoulos

IPC: G06F21/55 ,  G06F16/245 ,  H04L29/06 ,  G06F21/56

Abstract: A method is disclosed that includes receiving, at a computing device, an event log including multiple events, where the events are derived from machine data, determining a first score associated with a first granularity level by comparing an event from the event log with a first frequent patterns generated for the first granularity level, and determining a second score associated with a second granularity level by comparing the event with a second frequent patterns generated for the second granularity level. The method further includes determining an aggregate score for the event based on the first score and the second score, and comparing the aggregate score for the event with an anomaly score threshold. Further, the method includes issuing an alert identifying the event as an anomaly based on the aggregate score exceeding the anomaly score threshold.

公开(公告)号：US11120344B2

公开(公告)日：2021-09-14

申请号：US15663725

申请日：2017-07-29

Applicant: Splunk Inc.

Inventor： Dipock Das ,  Dayanand Pochugari ,  Neeraj Verma ,  Nikesh Padakanti ,  Aungon Nag Radon ,  Anand Srinivasabagavathar ,  Adam Oliner

IPC: G06N5/04 ,  G06N3/08 ,  G06N5/02 ,  G06N20/00 ,  G06F16/2452 ,  G06N20/10

Abstract: In various embodiments, a natural language (NL) application implements functionality that enables users to more effectively access various data storage systems based on NL requests. As described, the operations of the NL application are guided by, at least in part, on one or more templates and/or machine-learning models. Advantageously, the templates and/or machine-learning models provide a flexible framework that may be readily tailored to reduce the amount of time and user effort associated with processing NL requests and to increase the overall accuracy of NL application implementations.

公开(公告)号：US11119982B2

公开(公告)日：2021-09-14

申请号：US16460395

申请日：2019-07-02

Applicant: SPLUNK INC.

Inventor： Brian Bingham ,  Tristan Fletcher ,  Alok Anant Bhide

IPC: G06F16/00 ,  G06F16/14 ,  G06F3/0488 ,  G06F16/13 ,  G06F16/33 ,  G06F16/21 ,  G06F9/455 ,  G06F11/32 ,  G06F11/34

Abstract: The disclosed system and method acquire and store performance measurements relating to performance of a component in an information technology (IT) environment and log data produced by the IT environment, in association with corresponding time stamps. The disclosed system and method correlate at least one of the performance measurements with at least one of the portions of log data.

公开(公告)号：US20210281601A1

公开(公告)日：2021-09-09

申请号：US17326070

申请日：2021-05-20

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L29/06 ,  G06F21/55 ,  G06F16/28

Abstract: Systems, methods, and software described herein provide action recommendations to administrators of a computing environment based on effectiveness of previously implemented actions. In one example, an advisement system identifies a security incident for an asset in the computing environment, and obtains enrichment information for the incident. Based on the enrichment information a rule set and associated recommended security actions are identified for the incident. Once the recommended security actions are identified, a subset of the action recommendations are organized based on previous action implementations in the computing environment, and the subset is provided to an administrator for selection.

公开(公告)号：US11113294B1

公开(公告)日：2021-09-07

申请号：US16513573

申请日：2019-07-16

Applicant: Splunk Inc.

Inventor： Benoit Bourbie ,  Nikhil Mungel ,  Peigen Sun

IPC: G06F16/2458 ,  G06F16/2455 ,  G06F16/242

Abstract: Systems and methods are disclosed for recommending query templates to a user. The system can identify a token query parameter from a portion of a query entered in a user interface, and use the token to identify a query template from a group of query templates. In some cases, some of the query templates can correspond to other queries associated with users of different tenants and can be generated by replacing user query parameters with placeholders. The system can identify query parameters for the placeholders and cause a user interface to display the query template with the query parameters in place of the placeholders.