公开(公告)号：US11010278B2

公开(公告)日：2021-05-18

申请号：US16542318

申请日：2019-08-16

Applicant: Splunk Inc.

Inventor： Phillip Liu ,  Arijit Mukherji ,  Rajesh Raman ,  Kris Grandy ,  Jack Lindamood

IPC: G06F11/36 ,  G06F11/30 ,  G06F11/34

Abstract: A data analysis system processes data generated by instrumented software. The data analysis system receives data streams generated by instances of instrumented software executing on systems. The data analysis system also receives metadata describing data streams. The data analysis system receives an expression based on the metadata. The data analysis system receives data of data streams for each time interval and computes the result of the expression based on the received data values. The data analysis system repeats these steps for each time interval. The data analysis system may quantize data values of data streams for each time interval by generating an aggregate value for the time interval based on data received for each data stream for that time interval. The data analysis system evaluates the expression using the quantized data for the time interval.

公开(公告)号：US11010235B1

公开(公告)日：2021-05-18

申请号：US16672174

申请日：2019-11-01

Applicant: SPLUNK INC.

Inventor： Mayank Agarwal ,  Steven Flanders ,  Justin Smith ,  Gergely Danyi

IPC: G06F11/07 ,  G06F11/32

Abstract: A method of performing error analysis in a system comprising microservices comprises identifying a root cause error span from among a plurality of error spans for a trace associated with a user-request, wherein an error span is a span that returns an error to a microservice initiating a call resulting in the span, and wherein a root cause error span is an error span associated with an error originating microservice. The method further comprises determining a call path associated with the root cause error span, where the call path comprises a chain of spans starting at the root cause error span, and where each subsequent span in the chain is a parent span of a prior span. Subsequently the method comprises mapping each span in the chain to a span error frame to create an error stack and rendering an image of the error stack.

公开(公告)号：US11010214B2

公开(公告)日：2021-05-18

申请号：US16264638

申请日：2019-01-31

Applicant: Splunk Inc.

Inventor： Michael Joseph Baum ,  R. David Carasso ,  Robin Kumar Das ,  Bradley Hall ,  Brian Philip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Erik M. Swan ,  Rory Greene ,  Nicholas Christian Mealy ,  Christina Frances Regina Noren

IPC: G06F9/54

Abstract: Methods and apparatus consistent with the invention provide the ability to organize and build understandings of machine data generated by a variety of information-processing environments. Machine data is a product of information-processing systems (e.g., activity logs, configuration files, messages, database records) and represents the evidence of particular events that have taken place and been recorded in raw data format. In one embodiment, machine data is turned into a machine data web by organizing machine data into events and then linking events together.

公开(公告)号：US11003644B2

公开(公告)日：2021-05-11

申请号：US16424311

申请日：2019-05-28

Applicant: SPLUNK INC.

Inventor： David Ryan Marquardt ,  Mitchell Neuman Blank, Jr. ,  Stephen Phillip Sorkin

IPC: G06F16/00 ,  G06F16/22 ,  G06F16/2453 ,  G06F16/33 ,  G06F16/242 ,  G06F16/248 ,  G06F16/28 ,  G06F16/31 ,  G06F16/338 ,  G06F16/23 ,  G06F16/2458 ,  G06F16/2455

Abstract: Embodiments are directed towards a method for searching data. The method comprises generating an inverted index that comprises at least one record, wherein the at least one record comprises at least one field name and a corresponding at least one field value. The at least one field name and corresponding value are extracted from time-stamped searchable events that are stored in a field searchable datastore and comprise portions of raw data. The at least one record further comprises a posting value that identifies a location in the field searchable datastore where an event associated with the at least one record is stored. The method further comprises receiving an incoming search query that references a field name. Furthermore, the method comprises generating results to the incoming search query based on the field searchable datastore, wherein the field searchable datastore is directly searchable by the field name.

公开(公告)号：US11003475B2

公开(公告)日：2021-05-11

申请号：US15287708

申请日：2016-10-06

Applicant: SPLUNK INC.

Inventor： Brian Bingham ,  Tristan Fletcher

IPC: G06F9/455 ,  G06F11/32 ,  G06F3/0482 ,  G06T11/20

Abstract: Techniques promote monitoring of hypervisor systems by presenting dynamic representations of hypervisor architectures that include performance indicators. A reviewer can interact with the representation to progressively view select lower-level performance indicators. Higher level performance indicators can be determined based on lower level state assessments. A reviewer can also view historical performance metrics and indicators, which can aid in understanding which configuration changes or system usages may have led to sub-optimal performance.

公开(公告)号：US20210133014A1

公开(公告)日：2021-05-06

申请号：US16672174

申请日：2019-11-01

Applicant: SPLUNK INC.

Inventor： Mayank AGARWAL ,  Steven FLANDERS ,  Justin SMITH ,  Gergely DANYI

IPC: G06F11/07 ,  G06F11/32

Abstract: A method of performing error analysis in a system comprising microservices comprises identifying a root cause error span from among a plurality of error spans for a trace associated with a user-request, wherein an error span is a span that returns an error to a microservice initiating a call resulting in the span, and wherein a root cause error span is an error span associated with an error originating microservice. The method further comprises determining a call path associated with the root cause error span, where the call path comprises a chain of spans starting at the root cause error span, and where each subsequent span in the chain is a parent span of a prior span. Subsequently the method comprises mapping each span in the chain to a span error frame to create an error stack and rendering an image of the error stack.

公开(公告)号：US10997192B2

公开(公告)日：2021-05-04

申请号：US16264562

申请日：2019-01-31

Applicant: Splunk Inc.

Inventor： Paul Boster ,  Keith Kramer ,  Cary Noel ,  Isabelle Park

IPC: G06F16/248 ,  G06F16/25 ,  G06F3/0484

Abstract: Systems and methods are disclosed for implementing a data stream correlation user interface. The data stream correlation user interface provides workflows for selecting individual data sources from a matrix of data sources, identifying individual data fields of the data sources, establishing criteria for determining correlations between them, and reviewing and enabling user verification of correlated data sources. Correlations may be established based on the values of data fields in individual records of the data sources, and may be determined based on correspondences or associations between the values, lookup tables, formulas, user-specified criteria, or other relationships.

公开(公告)号：US20210117425A1

公开(公告)日：2021-04-22

申请号：US16657899

申请日：2019-10-18

Applicant: Splunk Inc.

Inventor： Balaji Rao ,  Jindrich Dinga ,  Kieran Cairney ,  Manuel Martinez ,  Nitilaksha Halakatti ,  Ningxuan He ,  Arindam Bhattacharjee ,  Sourav Pal ,  Alexandros Batsakis

IPC: G06F16/2453 ,  G06F16/2458 ,  H04L9/08 ,  G06F8/61 ,  H04L29/08 ,  H04L12/24

Abstract: Systems and methods are described for establishing and managing components of a distributed computing framework implemented in a data intake and query system. The distributed computing framework may include a master and a plurality of worker nodes. The master may selectively operate on a search head captain that is chosen from the search heads of the data intake and query system. The search head captain may distribute configuration information for the master and the distributed computing framework to the other search heads, which in turn, may distribute that configuration information to indexers of the data intake and query system. Worker nodes may be selectively activated for operation on the indexers based on the configuration information, and the worker nodes may additionally use the configuration information to contact the master and join the distributed computing framework. This approach may provide numerous benefits, including improved security, flexibility in the selection of worker nodes, and redundancy for failures of physical components of the data intake and query system.

公开(公告)号：US20210117416A1

公开(公告)日：2021-04-22

申请号：US16779479

申请日：2020-01-31

Applicant: Splunk Inc.

Inventor： Ram Sriharsha ,  Kristal Lyn Curtis ,  Iryna Vogler-Ivashchanka ,  Clark Eugene Mullen

IPC: G06F16/2458 ,  G06F16/23 ,  G06F16/28

Abstract: Systems and methods are described for processing ingested data in an asynchronous manner as the data is being ingested to detect potential anomalies. For example, one or more streaming data processors can convert data as the data is ingested into a comparable data structure, determine whether the comparable data structure should be assigned to an existing data pattern or a new data pattern, and optionally update a characteristic of the data pattern to which the comparable data structure is assigned. The streaming data processor(s) can perform these operations automatically in real-time or in periodic batches. Once one or more comparable data structures have been assigned to one or more data patterns, the streaming data processor(s) can analyze the comparable data structures assigned to a particular data pattern to determine whether any of the comparable data structures appear to be anomalous.

公开(公告)号：US20210117415A1

公开(公告)日：2021-04-22

申请号：US16779460

申请日：2020-01-31

Applicant: Splunk Inc.

Inventor： Ram Sriharsha

IPC: G06F16/2458 ,  G06F16/2455

Abstract: Systems and methods are described for processing ingested data, detecting anomalies in the ingested data, and providing explanations of a possible cause of the detected anomalies as the data is being ingested. For example, a token or field in the ingested data may have an anomalous value. Tokens or fields from another portion of the ingested data can be extracted and analyzed to determine whether there is any correlation between the values of the extracted tokens or fields and the anomalous token or field having an anomalous value. If a correlation is detected, this information can be surfaced to a user.