公开(公告)号：US11108659B2

公开(公告)日：2021-08-31

申请号：US16378400

申请日：2019-04-08

Applicant: Splunk Inc.

Inventor： Michael Dickey

IPC: H04L12/26 ,  H04L12/24

Abstract: The disclosed embodiments provide a method and system for processing network data. During operation, the system obtains, at a remote capture agent, configuration information for the remote capture agent from a configuration server over a network. Next, the system uses the configuration information to configure the generation of event data from network data obtained from network packets at the remote capture agent. The system then uses the configuration information to configure transformation of the event data or the network data into transformed event data at the remote capture agent.

公开(公告)号：US20210258340A1

公开(公告)日：2021-08-19

申请号：US17306703

申请日：2021-05-03

Applicant: Splunk Inc.

Inventor： Sourabh SATISH ,  Oliver FRIEDRICHS ,  Atif MAHADIK ,  Govind SALINAS

IPC: H04L29/06 ,  G06F21/55 ,  G06F16/28

Abstract: Systems, methods, and software described herein enhances how security actions are implemented within a computing environment. In one example, a method of implementing security actions for a computing environment comprising a plurality of computing assets includes identifying a security action in a command language for the computing environment. The method further provides identifying one or more computing assets related to the security action, and obtaining hardware and software characteristics for the one or more computing assets. The method also includes translating the security action in the command language to one or more action procedures based on the hardware and software characteristics, and initiating implementation of the one or more action procedures in the one or more computing assets.

公开(公告)号：US11093518B1

公开(公告)日：2021-08-17

申请号：US16049628

申请日：2018-07-30

Applicant: Splunk Inc.

Inventor： Ai-chi Lu ,  Arun Ramani ,  Nicholas Matthew Tankersley

IPC: G06F7/00 ,  G06F16/00 ,  G06F16/248 ,  G06F3/0484 ,  G06F16/9535

Abstract: Data intake and query system (DIQS) instances supporting applications including lower-tier, focused, work group oriented applications, are tailored to display the metrics for the needs of the user. An interface caused by operation of an entity monitoring system (EMS) operating in conjunction with the lower-tier DIQS displays the monitored entities as individual representations. The user selects a metric and a metric threshold. The EMS causes a display of an interface having a representation for each monitored entity. Each representation includes a metric value and indicates an entity status based on the metric value and the threshold. The user can dynamically change the threshold on the interface for easy visualization of aggregation of monitored entities to determine the performance of the infrastructure. The interface also provides the user with the ability to select an entity and click through to the entity analysis workspace for more detailed information.

公开(公告)号：US20210248123A1

公开(公告)日：2021-08-12

申请号：US17243967

申请日：2021-04-29

Applicant: Splunk Inc.

Inventor： Michael Joseph Baum ,  R. David Carasso ,  Robin Kumar Das ,  Rory Greene ,  Bradley Hall ,  Nicholas Christian Mealy ,  Brian Philip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Erik M. Swan

IPC: G06F16/22 ,  G06F16/23 ,  G06F16/2457 ,  G06F16/951 ,  G06F16/2458 ,  G06F16/2455 ,  G06F16/248

Abstract: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is stored as discrete events time stamps. A search is received and relevant event information is retrieved based in whole or in part on the time stamp, a keyword indexing mechanism, or statistical indices calculated at the time of the search.

公开(公告)号：US11086890B1

公开(公告)日：2021-08-10

申请号：US16264525

申请日：2019-01-31

Applicant: SPLUNK INC.

Inventor： Li Li ,  Yongxin Su ,  Ting Yuan ,  Qian Jie Zhong ,  Yiyun Zhu

IPC: G06F16/2458 ,  H04L29/08 ,  G06F3/0484

Abstract: Embodiments of the present invention are directed to validating extraction rules. In embodiments, a set of events for which field extraction is desired is obtained. Thereafter, an extraction rule is applied to the set of events to extract fields of the events. The application of the extraction rule can be monitored to determine that the applied extraction rule is invalid. Based on the applied extraction rule being invalid, a new extraction rule can be generated to apply to the set of events.

公开(公告)号：US11086869B1

公开(公告)日：2021-08-10

申请号：US16177256

申请日：2018-10-31

Applicant: Splunk Inc.

Inventor： Bharath Kishore Reddy Aleti ,  Alexandros Batsakis ,  Joseph Gabriel Echeverria ,  Alexander Douglas James ,  Sourav Pal ,  Christopher Madden Pride ,  Sai Krishna Sajja ,  Eric Sammer

IPC: G06F16/00 ,  G06F16/2453 ,  G06F16/242 ,  G06F16/9535 ,  G06F40/205 ,  G06F9/54

Abstract: Systems and methods are disclosed for interfacing with one or more components of a data intake and query system. The data intake and query system includes a gateway that interfaces between one or more computer-executable applications and one or more components of the data intake and query system. The data intake and query system can include an intake system configured to ingest data, an indexing system configured to generate and store one or more events based on the data, and a query system configured to execute one or more queries. The intake system can include a streaming data processor and at least one ingestion buffer. The indexing system can include at least one containerized indexing node, and the query system can include at least one containerized search node.

公开(公告)号：US11086289B2

公开(公告)日：2021-08-10

申请号：US16743549

申请日：2020-01-15

Applicant: Splunk Inc.

Inventor： Erick Anthony Dean ,  Jindrich Dinga ,  Marvin Herville Green

IPC: G05B19/4063 ,  G06F16/26 ,  G06F16/901 ,  G06F16/9535

Abstract: An example method of implementing a control interface for metric definition specification for asset-driven hierarchy includes: causing display of a user interface for configuring a metric definition for a metric of an asset node of the asset hierarchy; receiving, via the user interface, a metric determination specification comprising an identification of a metric component, an identification of an operation to apply to the metric component, and metric time factors corresponding to time-related aspects of the metric definition; and reflecting, in a computer storage, the metric definition comprising an association of the metric determination specification with the metric.

公开(公告)号：US11074152B2

公开(公告)日：2021-07-27

申请号：US16888771

申请日：2020-05-31

Applicant: Splunk Inc.

Inventor： Ioannis Vlachogiannis ,  Vasileios Karampinas

IPC: G06F11/00 ,  G06F11/34 ,  G06F11/07 ,  G06F11/30 ,  G06F9/54 ,  G06F8/77

Abstract: A quality score for a computer application release is determined using a first number of unique users who have launched the computer application release on user devices and a second number of unique users who have encountered at least once an abnormal termination with the computer application release on user devices. Additionally or optionally, an application quality score can be computed for a computer application based on quality scores of computer application releases that represent different versions of the computer application. Additionally or optionally, a weighted application quality score can be computed for a computer application by further taking into consideration the average application quality score and popularity of a plurality of computer applications.

公开(公告)号：US11062042B1

公开(公告)日：2021-07-13

申请号：US16142973

申请日：2018-09-26

Applicant: Splunk Inc.

Inventor： Nathaniel Gerard McKervey ,  Ryan Russell Moore

IPC: H04L29/06 ,  G06F21/62 ,  H04L9/06 ,  G06F16/13 ,  G06F16/245

Abstract: Systems and methods are disclosed for authenticating a chunk of data identified in a query received by a data intake and query system. The data intake and query system receives a query that identifies a set of data and manner for processing the set of data, and identifies a chunk of data that is part of the set of data. The system generates a content identifier, such as a hash, of the chunk of data. The system further authenticates the chunk of data based on the generated content identifier and a content identifier stored by a distributed ledger system.

公开(公告)号：US11061548B1

公开(公告)日：2021-07-13

申请号：US16657995

申请日：2019-10-18

Applicant: Splunk Inc.

Inventor： Timur Catakli ,  Sourabh Satish

IPC: G06F3/048 ,  G06F3/0484 ,  G06F3/0482 ,  G06F16/25 ,  G06F9/451

Abstract: An information technology (IT) and security operations application is described that stores data reflecting customizations that users make to GUIs displaying information about various types of incidents, and further uses such data to generate “popular” interface profiles indicating popular GUI modifications. The analysis of the GUI customizations data is performed using data associated with multiple tenants of the IT and security operations application to develop profiles that may represent a general consensus on a collection and arrangement of interface elements that enable analysts to efficiently respond to certain types of incidents. Users of the IT and security operations application can then optionally apply these popular interface profiles to various GUIs during their use of the application. Among other benefits, the ability to generate and provide popular interface profiles can help analysts and other users more efficiently investigate and respond to a wide variety of incidents within IT environments, thereby improving the operation and security of those environments.