公开(公告)号：US20180293327A1

公开(公告)日：2018-10-11

申请号：US15479823

申请日：2017-04-05

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Jason Szeto ,  Jose Solis ,  Jindrich Dinga ,  David Marquardt

IPC: G06F17/30

Abstract: Systems and methods are disclosed for locating data and categorizing a set of data using inverted indexes. The inverted indexes include token entries and field-value pair entries, as well as event references that correspond to events that include raw machine data. Using filter criteria, the inverted indexes are identified. In turn, the inverted indexes are used to identify a set of events that satisfy the filter criteria. The identified set of events are categorized based on categorization criteria and provided for display to a user.

公开(公告)号：US20170270132A1

公开(公告)日：2017-09-21

申请号：US14611227

申请日：2015-01-31

Applicant: Splunk Inc.

Inventor： Clint Sharp ,  Jesse Miller ,  Jason Szeto ,  Nima Haddadkaveh

IPC: G06F17/30

CPC classification number: G06F16/134 ,  G06F16/148 ,  G06F16/168 ,  G06F16/182

Abstract: A search support system allows a customer to browse data contained in files stored on an external storage system. The search support system allows a customer to specify data processing tasks to be performed on raw data retrieved from a file stored on the external storage system. The customer specifies each data processing task and the search support system performs each task as it is selected by the customer on raw data retrieved from the file. The search support system concurrently displays the results of each data processing task in real time in a graphical user interface. The search support system saves the customer's settings as a late binding schema that can be applied to raw data retrieved from the external storage system in order to parse the raw data and to create, index, and search timestamped events derived from the raw data.

公开(公告)号：US12007989B1

公开(公告)日：2024-06-11

申请号：US17237422

申请日：2021-04-22

Applicant: SPLUNK Inc.

Inventor： Alexander James ,  Jesse Miller

IPC: G06F16/2452 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F16/00 ,  G06F16/22 ,  G06F16/23 ,  G06F16/242 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/26 ,  G06F16/33 ,  G06F21/62 ,  G06F40/177 ,  G06Q10/00 ,  G06T11/20 ,  G06Q10/10

CPC classification number: G06F16/24524 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F16/00 ,  G06F16/22 ,  G06F16/23 ,  G06F16/235 ,  G06F16/2372 ,  G06F16/2423 ,  G06F16/24544 ,  G06F16/2455 ,  G06F16/24564 ,  G06F16/2477 ,  G06F16/26 ,  G06F16/33 ,  G06F16/3334 ,  G06F21/6227 ,  G06F40/177 ,  G06Q10/00 ,  G06T11/206 ,  G06Q10/10 ,  G06T2200/24

Abstract: A method includes assigning an access permission of a first user to a query object that represents a first query, the access permission granting the first user access rights to one or more data sources of the first query the access permission being assigned as a runtime permission of the first query, granting a request from a second user to execute a second query, the first query being a subquery of the second query, and allowing the second user to execute the first query on the one or more data sources of the first query using the runtime permission assigned to the first query in executing the second query using the first query as the subquery.

公开(公告)号：US11940989B1

公开(公告)日：2024-03-26

申请号：US17806151

申请日：2022-06-09

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Marc V. Robichaud ,  Cory Burke ,  Jeffrey Thomas Lloyd ,  Alexander James ,  Andrew Robbins

IPC: G06F16/23 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F16/00 ,  G06F16/242 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/26 ,  G06F16/33 ,  G06F21/62 ,  G06F40/174 ,  G06F40/177 ,  G06F40/186 ,  G06Q10/00 ,  G06T11/20 ,  G06Q10/10

CPC classification number: G06F16/2372 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F16/00 ,  G06F16/23 ,  G06F16/235 ,  G06F16/2423 ,  G06F16/24544 ,  G06F16/24564 ,  G06F16/2477 ,  G06F16/26 ,  G06F16/33 ,  G06F16/3334 ,  G06F21/6227 ,  G06F40/174 ,  G06F40/177 ,  G06F40/186 ,  G06Q10/00 ,  G06T11/206 ,  G06Q10/10 ,  G06T2200/24

Abstract: In some embodiments, a method may include display of a data summary view of a set of events that correspond to query results of a query. Each event of the set of events may include data items of a plurality of event attributes. In embodiments, the data summary view can include various summary reports. Each summary report can include summary entries and a summary graph that each present a summary of data items of a selected event attribute, of the plurality of event attributes. At least one summary report can include summary entries that are selectable by a user. The method may further include filtering the set of event, in response to, and based on, selection of one or more of the selectable summary entries by the user and updating of at least the first and second summary graphs to correspond to the filtered set of events.

公开(公告)号：US11789901B2

公开(公告)日：2023-10-17

申请号：US17443436

申请日：2021-07-26

Applicant: Splunk Inc.

Inventor： Alexander D. Munk ,  Jesse Miller

IPC: G06F16/13 ,  G06F16/14 ,  G06F16/16 ,  G06F16/951 ,  G06F3/0482

CPC classification number: G06F16/13 ,  G06F3/0482 ,  G06F16/148 ,  G06F16/168 ,  G06F16/951

Abstract: A data intake and query system provides interfaces that enable users to configure source type definitions used by the system. A data intake and query system generally refers to a system for collecting and analyzing data including machine-generated data. Such a system may be configured to consume many different types of machine data generated by any number of different data sources including various servers, network devices, applications, etc. At a high level, a source type definition comprises one or more properties that define how various components of a data intake and query system collect, index, store, search and otherwise interact with particular types of data consumed by the system. The interfaces provided by the system generally comprise one or more interface components for configuring various attributes of a source type definition.

公开(公告)号：US11604763B2

公开(公告)日：2023-03-14

申请号：US17589799

申请日：2022-01-31

Applicant: Splunk Inc.

Inventor： Jesse Miller

IPC: G06F16/13 ,  G06F16/14 ,  G06F11/30 ,  G06F11/32 ,  G06F16/9032 ,  G06F11/34

Abstract: A graphical user interface allows a customer to specify delimiters and/or patterns that occur in event data and indicate the presence of a particular field. The graphical user interface applies a customer's delimiter specifications directly to event data and displays the resulting event data in real time. Delimiter specifications may be saved as configuration settings and systems in a distributed setting may use the delimiter specifications to extract field values as the systems process raw data into event data. Extracted field values may be used to accelerate search queries that a system receives.

公开(公告)号：US11573959B2

公开(公告)日：2023-02-07

申请号：US16042989

申请日：2018-07-23

Applicant: Splunk Inc.

Inventor： Marc Vincent Robichaud ,  Cory Eugene Burke ,  Jeffrey Thomas Lloyd ,  Jesse Miller

IPC: G06F16/2452 ,  G06F16/00 ,  G06F16/26 ,  G06F16/33 ,  G06F16/23 ,  G06F16/242 ,  G06F16/2458 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/22 ,  G06F3/0484 ,  G06F21/62 ,  G06F40/177 ,  G06T11/20 ,  G06Q10/00 ,  G06F3/0482 ,  G06F3/04842 ,  G06Q10/10

Abstract: A search interface is displayed in a table format that includes one or more columns, each column including data items of an event attribute, the data items being of a set of events, and a plurality of rows forming cells with the one or more columns, each cell including one or more of the data items of the event attribute of a corresponding column. Based on a user selecting one or more of the cells, a list of options if displayed corresponding to the selection, and one or more commands are added to a search query that corresponds to the set of events, the one or more commands being based on at least an option that is selected from the list of options and the event attribute for each of the one or more of the data items of each of the selected one or more cells.

公开(公告)号：US11442924B2

公开(公告)日：2022-09-13

申请号：US16260985

申请日：2019-01-29

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Marc V. Robichaud ,  Cory Burke ,  Jeffrey Thomas Lloyd ,  Alexander James ,  Andrew Robbins

IPC: G06F16/23 ,  G06F16/33 ,  G06F16/2458 ,  G06F16/242 ,  G06F16/26 ,  G06F16/00 ,  G06F16/2453 ,  G06F16/2455 ,  G06F3/0484 ,  G06F21/62 ,  G06T11/20 ,  G06F3/04842 ,  G06F3/0482 ,  G06Q10/00 ,  G06F40/174 ,  G06F40/177 ,  G06F40/186 ,  G06Q10/10

Abstract: In some embodiments, a method may include display of a data summary view of a set of events that correspond to query results of a query. Each event of the set of events may include data items of a plurality of event attributes. In embodiments, the data summary view can include various summary reports. Each summary report can include summary entries and a summary graph that each present a summary of data items of a selected event attribute, of the plurality of event attributes. At least one summary report can include summary entries that are selectable by a user. The method may further include filtering the set of event, in response to, and based on, selection of one or more of the selectable summary entries by the user and updating of at least the first and second summary graphs to correspond to the filtered set of events.

公开(公告)号：US11423216B2

公开(公告)日：2022-08-23

申请号：US17169254

申请日：2021-02-05

Applicant: SPLUNK Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F3/048 ,  G06F40/174 ,  G06F16/2458

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US10726030B2

公开(公告)日：2020-07-28

申请号：US14815954

申请日：2015-07-31

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Jacob Barton Leverich ,  Jeffrey Thomas Lloyd ,  Adam Jamison Oliner ,  Marc Vincent Robichaud ,  Jesse Miller

IPC: G06F16/248 ,  G06F11/30 ,  G06F11/34 ,  G06F16/242 ,  G06F16/245

Abstract: A facility for defining an event subtype using examples is described. The facility displays events identified among machine-generated data. The facility receives user input selecting a first subset of the events as examples of an event subtype. In response to receiving the user input, the facility displays a second subset of the events predicted to belong to the event subtype on the basis of the examples of the event subtype.