公开(公告)号：US20210117232A1

公开(公告)日：2021-04-22

申请号：US16670789

申请日：2019-10-31

Applicant: Splunk Inc.

Inventor： Ram Sriharsha ,  Mark Huang ,  Abhinav Mishra ,  Harsha Wasalathanthrige Don

IPC: G06F9/48 ,  G06F9/38 ,  G06F16/17 ,  G06F17/18

Abstract: Systems and methods are described for processing ingested pipeline metrics and ingested logs in an asynchronous manner as the data is being ingested to explain anomalies detected in the pipeline metrics using the ingested logs. For example, one or more streaming data processors can convert data as the data is ingested into a comparable data structure, determine whether the comparable data structure should be assigned to an existing data pattern or a new data pattern, and determine whether the logs corresponding to the comparable data structure is anomalous. Separately, the streaming data processor(s) can perform an outlier detection on the pipeline metrics to detect outliers. The streaming data processor(s) can then window the anomalous logs and the pipeline metric outliers to surface explanations for the pipeline metric outliers using the anomalous logs.

公开(公告)号：US20210110062A1

公开(公告)日：2021-04-15

申请号：US17128522

申请日：2020-12-21

Applicant: SPLUNK Inc.

Inventor： ADAM OLINER ,  Nghi Nguyen

IPC: G06F21/62 ,  G06F16/2458

Abstract: Implementations include receiving a user provided example value of personally identifiable information (PII). Occurrences of the received example value are automatically identified in a dataset of events, wherein each occurrence is identified in a portion of raw machine data of a respective event of the events. For each occurrence of the identified occurrences, an extraction rule is generated, which defines a pattern of the occurrence of the example value and is executable to identify PII values in portions of raw machine data of the events using the pattern. Values of the PII are identified in a set of events using a set of extraction rules comprising the extraction rule of a plurality of the occurrences.

公开(公告)号：US10956834B2

公开(公告)日：2021-03-23

申请号：US16707845

申请日：2019-12-09

Applicant: Splunk Inc.

Inventor： Manish Sainani ,  Sergey Slepian ,  Iman Makaremi ,  Adam Jamison Oliner ,  Jacob Leverich ,  Di Lu

IPC: G06N20/00 ,  H04L12/24 ,  G06N5/02

Abstract: Disclosed herein is a computer-implemented tool that facilitates data analysis by use of machine learning (ML) techniques. The tool cooperates with a data intake and query system and provides a graphical user interface (GUI) that enables a user to train and apply a variety of different ML models on user-selected datasets of stored machine data. The tool can provide active guidance to the user, to help the user choose data analysis paths that are likely to produce useful results and to avoid data analysis paths that are less likely to produce useful results.

公开(公告)号：US10956278B2

公开(公告)日：2021-03-23

申请号：US15582441

申请日：2017-04-28

Applicant: SPLUNK INC.

Inventor： Ankit Jain ,  Manu Jose, Jr. ,  Bharath Aleti ,  Amritpal Singh Bath ,  Yuan Xu

IPC: G06F16/00 ,  G06F11/14 ,  G06F16/21 ,  G06F11/34 ,  H04L12/26 ,  H04L12/24 ,  G06F11/30 ,  G06F16/27

Abstract: Embodiments of the present disclosure provide solutions for determining an elected search head captain is unqualified for the position, identifying a more qualified search head, and transferring the captain position to the more qualified search head. A method is provided that includes referencing qualification parameters in an elected search head captain, determining whether the newly elected search head captain is qualified for the position based on the parameters, identifying a more qualified search head to be the search head captain if the newly elected search head captain is determined to be unqualified for the position, and transferring the position of captain to the more qualified search head. The qualification parameters may include, for example, a pre-determined static flag set by an administrator of the search environment, and configuration replication status that corresponds to the most recent configuration state of the search head as recorded by the previous search head captain.

公开(公告)号：US10942960B2

公开(公告)日：2021-03-09

申请号：US16049748

申请日：2018-07-30

Applicant: Splunk Inc.

Inventor： Adam Jamison Oliner ,  Kristal Curtis ,  Iman Makaremi ,  Ross Andrew Lazerowitz

IPC: G06F16/338 ,  G06F9/451 ,  G06F16/38 ,  G06F16/33 ,  G06F9/54 ,  H04L12/24 ,  G06Q10/06 ,  G06Q10/00 ,  G06F16/903

Abstract: Network connections are established between machines of an operating environment to be monitored and a server group of a data intake and query system (DIQS). Data reflecting machine and component operations of the environment is conveyed via the network to the DIQS where it is reflected as timestamped entries in a field-searchable datastore. Monitoring components may search the datastore and identify and record instances of notable events. Triaging models are selectively applied against the notable event instances to produce an enhanced notable event instance representation with modeled results effective to automatically perform or assist in triaging the notable events so they are dispatched in an optimal, effective, and efficient, manner.

公开(公告)号：US10942946B2

公开(公告)日：2021-03-09

申请号：US16049757

申请日：2018-07-30

Applicant: Splunk Inc.

Inventor： Adam Jamison Oliner ,  Kristal Curtis ,  Iman Makaremi ,  Ross Andrew Lazerowitz

IPC: H04L12/24 ,  G06F16/28 ,  G06F16/21 ,  G06F9/54 ,  G06Q10/06 ,  G06Q10/00 ,  G06F16/903 ,  G06Q10/10 ,  H04L29/08

Abstract: Machine data of an operating environment is conveyed by a network to a data intake and query system (DIQS) which reflects the machine data as timestamped entries of a field-searchable datastore. Monitoring functionality may search the machine data to identify notable event instances. A notable event processing system correlates the notable event instance to one or more triaging models which are executed against the notable event to produce a modeled result. Information of the received notable event and the modeled results are combined into an enhanced representation of a notable event instance. The enhanced representation conditions downstream processing to automatically perform or assist triaging of notable event instances to optimize application of computing resources to highest priority conditions in the operating environment.

公开(公告)号：US10938634B1

公开(公告)日：2021-03-02

申请号：US16264526

申请日：2019-01-31

Applicant: SPLUNK INC.

Inventor： Alexander William Cruise ,  Daniel Ferstay

IPC: H04L12/24 ,  G06F16/953

Abstract: The computerized method is shown and includes obtaining input from a data stream at an electronic device, wherein the input includes machine data, wherein the electronic device has stored thereon a first query, evaluating the query by processing the input according to the first query, responsive to detecting a failure during evaluation of the query resulting from a lack of enrichment data stored on the electronic device, recording a first identifier corresponding to the enrichment data, transmitting the first identifier to a remote server computer system, receiving a communication from the remote server computer system, wherein the communication includes the enrichment data, and evaluating the query by processing second input from the data stream according to the first query and the enrichment data. In some instances the enrichment data includes contextual information for parsing the data stream and converting extracted data into an alternative format.

公开(公告)号：US10936488B1

公开(公告)日：2021-03-02

申请号：US16119773

申请日：2018-08-31

Applicant: Splunk Inc.

Inventor： Brian Robert Earle ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC: G06F11/07 ,  G06F12/0804

Abstract: Described herein are systems, methods, and software to improve incident response in an information technology (IT) environment. In one example, an incident service executes a course of action with one or more actions to respond to an incident in the IT environment. During execution, the incident service identifies a request to obtain data from an external service outside of the IT environment and determines whether the data is cached in a data store for the IT environment. If cached, the incident service obtains the data for the action from the data store. In contrast, if the data is not cached, the incident service obtains the data for the action from the external service.

公开(公告)号：US10911346B1

公开(公告)日：2021-02-02

申请号：US16174243

申请日：2018-10-29

Applicant: Splunk Inc.

Inventor： Hemendra Singh Choudhary ,  Tristan Antonio Fletcher ,  Brian Bingham ,  Fang I. Hsiao ,  Brian C. Reyes

IPC: H04L12/26 ,  H04L12/24 ,  H04L29/08 ,  G06Q10/06 ,  G06F11/32 ,  G06F11/34 ,  G06F3/0484 ,  G06F3/0482 ,  G06F3/0481 ,  G06F9/54 ,  G06F16/26 ,  G06F16/248 ,  G06F16/25 ,  G06F16/33 ,  G06F16/903 ,  G06F16/951 ,  G06F16/2455 ,  G06F16/901 ,  G06F16/9038 ,  G06F16/9535 ,  G06F16/2453 ,  G06T11/20

Abstract: A service monitoring system executing on one or more processors may have operations that are determined by control information. Control over the operation of the service monitoring system can be exerted through the use of a graphical interface. The graphical interface may present the control information of a new or existing correlation search definition for user interaction. The service monitoring system may maintain a data store of key performance indicator (KPI) data, where a KPI value in the data store is produced by a KPI-defining search query that derives the value from machine data associated with one or more entities that perform a monitored service. A correlation search definition of the service monitoring system determines how a search of the KPI data is conducted, how its data is evaluated to determine whether a triggering condition has been met, and, if so, determines what triggered action is to be initiated.

公开(公告)号：US20210027458A1

公开(公告)日：2021-01-28

申请号：US16993167

申请日：2020-08-13

Applicant: Splunk Inc.

Inventor： Jesse CHOR ,  Michael EMERY ,  Christopher CHAN ,  Glen WONG ,  Devin BHUSHAN

IPC: G06T7/00 ,  H04L29/06 ,  H04W4/38 ,  G06N7/00 ,  G06F16/583 ,  H04W4/021

Abstract: A mobile device that includes a camera and an extended reality software application program is employed by a user in an operating environment, such as an industrial environment. One or more objects within a geofence may be identified. A device crosses within the geofence and acquires sensor data associated with an object within the geofence. The sensor data may include image data and/or audio data. The device or a server system may then determine an object identifier associated with the object based on a comparison of the sensor data with data associated with object identifiers corresponding to objects within the geofence. Based on the object identifier, data associated with the object are obtained. The data associated with the object may be presented via the device, such as an extended reality overlay over a view of the object in the device.