公开(公告)号：US10831804B2

公开(公告)日：2020-11-10

申请号：US15582671

申请日：2017-04-29

Applicant: SPLUNK, Inc.

Inventor： R. David Carasso ,  Micah James Delfino ,  Johnvey Hwang

IPC: G06F16/34 ,  G06F16/242 ,  G06F16/2458 ,  G06F3/0484 ,  H04L29/08 ,  G06F40/40 ,  G06F40/166 ,  G06F40/174 ,  G06F17/24 ,  G06F17/28

Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.

公开(公告)号：US20200342068A1

公开(公告)日：2020-10-29

申请号：US16455455

申请日：2019-06-27

Applicant: SPLUNK INC.

Inventor： Jie Cai ,  Yang Cao ,  Ning He ,  Bing Pei ,  Xiaolu Ye ,  Chong Yu ,  Aiping Zhang ,  Zhou Zhou

IPC: G06F17/50 ,  G06F9/455 ,  G06F8/77

Abstract: Computing devices, computer-readable storage media, and computer-implemented methods are disclosed for prediction of capacity. In a central tier, central-tier benchmark values are generated from benchmark testing performed on different test configurations in a reference execution environment. In a deployment tier, deployment-tier benchmark values are generated from benchmark testing performed on a baseline deployed configuration in many execution environments. A sizing model is learned from the central-tier benchmark values to predict execution platform requirements given a set of workload input parameters. A performance model is learned from the deployment-tier and the central-tier benchmark values to predict a performance delta value reflecting relative performance between a particular execution environment and the reference execution environment. The performance delta value is used to adjust predicted execution platform requirements to tailor the prediction to a particular execution environment. The predicted execution platform requirements can be deployed and tested to validate or tune the performance model.

公开(公告)号：US20200336532A1

公开(公告)日：2020-10-22

申请号：US16920911

申请日：2020-07-06

Applicant: SPLUNK INC.

Inventor： Vijay Chauhan ,  Liu-Yuan Lai ,  Wenhui Yu ,  Luke Murphey ,  David Hazekamp

IPC: H04L29/08 ,  G06F8/60 ,  G06F8/61

Abstract: Provided are systems and methods for indicating deployment of application features. In one embodiment, a method is provided that includes determining available features of a current deployment of an application for receiving machine-generated data from one or more data sources of a data system, determining un-deployed features of the current deployment of the application, wherein the un-deployed features comprise one or more of the available features that is configured to use input data from a data source and wherein the input data is not available to the feature in the current deployment of the application, and causing display of a deployment graphical user interface (GUI) that comprises an indication of the un-deployed features.

公开(公告)号：US10812514B2

公开(公告)日：2020-10-20

申请号：US16228509

申请日：2018-12-20

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Devendra M. Badhani ,  Luke K. Murphey ,  David Hazekamp

IPC: H04L29/06

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network. Next, the system provides a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data includes one or more event attributes.

公开(公告)号：US10776194B2

公开(公告)日：2020-09-15

申请号：US15885640

申请日：2018-01-31

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Bharath Kishore Reddy Aleti ,  Octavio Enrique Di Sciullo ,  Tingjin Xu ,  Jason Andrew Beyers ,  Kartheek Babu Kolla ,  Chaithra Nataraj ,  Clara Elizabeth Lee

IPC: G06F11/07 ,  G06F16/2455

Abstract: Systems and methods are disclosed for monitoring features of a computing device of a distributed computing system using a self-monitoring module. The self-monitoring module can include multiple feature-specific monitoring modules and one or more parent nodes for the feature-specific monitoring modules. A feature-specific monitoring module can identify or detect a fault status change, such as a fault condition or fault resolution, for one or more features. Based on the identified fault conditions or fault resolutions, the feature-specific monitoring module can determine an internal status and communicate an updated status to a parent node.

公开(公告)号：US10748330B2

公开(公告)日：2020-08-18

申请号：US16256783

申请日：2019-01-24

Applicant: SPLUNK INC.

Inventor： Geoffrey R. Hendrey

IPC: G06T15/00 ,  G06T15/30

Abstract: A system that displays a set of polygons is described. This system obtains a set of line segments that defines the set of polygons. The system forms a horizontal index that keeps track of where line segments vertically project onto a horizontal reference line and similarly forms a vertical index for horizontal projections onto a vertical reference line. The system obtains a clip rectangle that defines a view into the set of polygons and uses the horizontal and vertical indexes to determine intersections between borders of the clip rectangle and line segments in the set of line segments. Next, the system uses the determined intersections to clip polygons in the set of polygons that intersect the clip rectangle. Finally, the system transfers the clipped polygons, and also unclipped polygons that fit completely within the clip rectangle, to a display device that displays the view into the set of polygons.

公开(公告)号：US10735296B2

公开(公告)日：2020-08-04

申请号：US15799804

申请日：2017-10-31

Applicant: SPLUNK INC.

Inventor： Konstantinos Polychronis

IPC: H04L12/26 ,  H04L29/06

Abstract: Various methods and systems for facilitating network traffic monitoring in association with an application running on a client device are provided. In this regard, aspects of the invention facilitate monitoring network traffic being transmitted to and/or from a client device, such as a mobile device, so that network performance can be analyzed. In various implementations, packet headers of data packets are read to obtain or extract desired network metrics that indicate network performance. Packet headers are generally read to the extent necessary to identify various network data. As such, by avoiding examination of a packet payload and, in some cases, examination of the entire header, the efficiency of monitoring network traffic at a client device is improved.

公开(公告)号：US10726354B2

公开(公告)日：2020-07-28

申请号：US15143335

申请日：2016-04-29

Applicant: Splunk Inc.

Inventor： Manish Sainani ,  Nghi Huu Nguyen ,  Zidong Yang

IPC: G06N20/20 ,  G06N20/00 ,  G06F16/242 ,  G06F16/22 ,  G06F16/2458 ,  G06F16/248

Abstract: Embodiments of the present invention are directed to facilitating concurrent forecasting associating with multiple time series data sets. In accordance with aspects of the present disclosure, a request to perform a predictive analysis in association with multiple time series data sets is received. Thereafter, the request is parsed to identify each of the time series data sets to use in predictive analysis. For each time series data set, an object is initiated to perform the predictive analysis for the corresponding time series data set. Generally, the predictive analysis predicts expected outcomes based on the corresponding time series data set. Each object is concurrently executed to generate expected outcomes associated with the corresponding time series data set, and the expected outcomes associated with each of the corresponding time series data sets are provided for display.

公开(公告)号：US10726080B2

公开(公告)日：2020-07-28

申请号：US15885629

申请日：2018-01-31

Applicant: SPLUNK INC.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F17/30 ,  G06F16/951 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/903

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing real-time search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.

公开(公告)号：US10719525B2

公开(公告)日：2020-07-21

申请号：US15630166

申请日：2017-06-22

Applicant: SPLUNK, INC.

Inventor： Divanny I. Lamas ,  Marc Vincent Robichaud ,  Carl Sterling Yestrau

IPC: G06F16/25 ,  G06F16/23 ,  G06F16/2455 ,  G06F16/2458 ,  G06F3/0484 ,  G06F3/0482 ,  G06F16/26 ,  G06F16/9038 ,  G06F3/0481

Abstract: An event limited field picker for a search user interface is described. In one or more implementations, a service may operate to collect and store data as events each of which includes a portion of the data correlated with a point in time. Clients may use a search user interface perform searches by input of search criteria. Responsive to receiving search criteria, the service may operate to apply a late binding schema to extract events that match the search criteria and provide search results for display via the search user interface. The search user interface exposes an event limited field picker operable to make selections of fields with respect to individual events in a view of the search results. In response to receiving an indication of a fields selected via the picker, visibility of selected fields may be updated to control which field and values are included in different views.