公开(公告)号：US20200344113A1

公开(公告)日：2020-10-29

申请号：US16926907

申请日：2020-07-13

Applicant: Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

Inventor： Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC: H04L12/24 ,  H04L29/06

Abstract: Described herein are systems, methods, and software to enhance the management of responses to incidents. In one example, a method of improving incident response comprises identifying an incident in an information technology (IT) environment associated with a first entity of a plurality of entities, and identifying action implementation information related to the incident. The method further anonymizes the action implementation information for the incident, and determines action suggestions based at least on the anonymized action implementation information.

公开(公告)号：US10812514B2

公开(公告)日：2020-10-20

申请号：US16228509

申请日：2018-12-20

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Devendra M. Badhani ,  Luke K. Murphey ,  David Hazekamp

IPC: H04L29/06

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network. Next, the system provides a capture trigger for generating additional time-series event data from the network packets on the one or more remote capture agents based on the security risk, wherein the additional time-series event data includes one or more event attributes.

公开(公告)号：US10776194B2

公开(公告)日：2020-09-15

申请号：US15885640

申请日：2018-01-31

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Bharath Kishore Reddy Aleti ,  Octavio Enrique Di Sciullo ,  Tingjin Xu ,  Jason Andrew Beyers ,  Kartheek Babu Kolla ,  Chaithra Nataraj ,  Clara Elizabeth Lee

IPC: G06F11/07 ,  G06F16/2455

Abstract: Systems and methods are disclosed for monitoring features of a computing device of a distributed computing system using a self-monitoring module. The self-monitoring module can include multiple feature-specific monitoring modules and one or more parent nodes for the feature-specific monitoring modules. A feature-specific monitoring module can identify or detect a fault status change, such as a fault condition or fault resolution, for one or more features. Based on the identified fault conditions or fault resolutions, the feature-specific monitoring module can determine an internal status and communicate an updated status to a parent node.

公开(公告)号：US10748330B2

公开(公告)日：2020-08-18

申请号：US16256783

申请日：2019-01-24

Applicant: SPLUNK INC.

Inventor： Geoffrey R. Hendrey

IPC: G06T15/00 ,  G06T15/30

Abstract: A system that displays a set of polygons is described. This system obtains a set of line segments that defines the set of polygons. The system forms a horizontal index that keeps track of where line segments vertically project onto a horizontal reference line and similarly forms a vertical index for horizontal projections onto a vertical reference line. The system obtains a clip rectangle that defines a view into the set of polygons and uses the horizontal and vertical indexes to determine intersections between borders of the clip rectangle and line segments in the set of line segments. Next, the system uses the determined intersections to clip polygons in the set of polygons that intersect the clip rectangle. Finally, the system transfers the clipped polygons, and also unclipped polygons that fit completely within the clip rectangle, to a display device that displays the view into the set of polygons.

公开(公告)号：US10735296B2

公开(公告)日：2020-08-04

申请号：US15799804

申请日：2017-10-31

Applicant: SPLUNK INC.

Inventor： Konstantinos Polychronis

IPC: H04L12/26 ,  H04L29/06

Abstract: Various methods and systems for facilitating network traffic monitoring in association with an application running on a client device are provided. In this regard, aspects of the invention facilitate monitoring network traffic being transmitted to and/or from a client device, such as a mobile device, so that network performance can be analyzed. In various implementations, packet headers of data packets are read to obtain or extract desired network metrics that indicate network performance. Packet headers are generally read to the extent necessary to identify various network data. As such, by avoiding examination of a packet payload and, in some cases, examination of the entire header, the efficiency of monitoring network traffic at a client device is improved.

公开(公告)号：US10726354B2

公开(公告)日：2020-07-28

申请号：US15143335

申请日：2016-04-29

Applicant: Splunk Inc.

Inventor： Manish Sainani ,  Nghi Huu Nguyen ,  Zidong Yang

IPC: G06N20/20 ,  G06N20/00 ,  G06F16/242 ,  G06F16/22 ,  G06F16/2458 ,  G06F16/248

Abstract: Embodiments of the present invention are directed to facilitating concurrent forecasting associating with multiple time series data sets. In accordance with aspects of the present disclosure, a request to perform a predictive analysis in association with multiple time series data sets is received. Thereafter, the request is parsed to identify each of the time series data sets to use in predictive analysis. For each time series data set, an object is initiated to perform the predictive analysis for the corresponding time series data set. Generally, the predictive analysis predicts expected outcomes based on the corresponding time series data set. Each object is concurrently executed to generate expected outcomes associated with the corresponding time series data set, and the expected outcomes associated with each of the corresponding time series data sets are provided for display.

公开(公告)号：US10726080B2

公开(公告)日：2020-07-28

申请号：US15885629

申请日：2018-01-31

Applicant: SPLUNK INC.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F17/30 ,  G06F16/951 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/903

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing real-time search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.

公开(公告)号：US10719525B2

公开(公告)日：2020-07-21

申请号：US15630166

申请日：2017-06-22

Applicant: SPLUNK, INC.

Inventor： Divanny I. Lamas ,  Marc Vincent Robichaud ,  Carl Sterling Yestrau

IPC: G06F16/25 ,  G06F16/23 ,  G06F16/2455 ,  G06F16/2458 ,  G06F3/0484 ,  G06F3/0482 ,  G06F16/26 ,  G06F16/9038 ,  G06F3/0481

Abstract: An event limited field picker for a search user interface is described. In one or more implementations, a service may operate to collect and store data as events each of which includes a portion of the data correlated with a point in time. Clients may use a search user interface perform searches by input of search criteria. Responsive to receiving search criteria, the service may operate to apply a late binding schema to extract events that match the search criteria and provide search results for display via the search user interface. The search user interface exposes an event limited field picker operable to make selections of fields with respect to individual events in a view of the search results. In response to receiving an indication of a fields selected via the picker, visibility of selected fields may be updated to control which field and values are included in different views.

公开(公告)号：US10719332B1

公开(公告)日：2020-07-21

申请号：US16398125

申请日：2019-04-29

Applicant: Splunk Inc.

Inventor： Akash Dwivedi ,  Simon Foster Fishel ,  Eric Tschetter ,  Joshua Walters

IPC: G06F9/445 ,  G06F8/60 ,  G06F8/65 ,  H04L29/08 ,  G06F16/245 ,  G06F16/248 ,  H04L29/06

Abstract: Systems and methods are disclosed for providing a multi-component application, including a first and second component. A client device may be provisioned with the application in a manner that, from the point of view of an end user, is similar to access a single component application. A user may use a client device to attempt to access a second component to provide the application. The second component can instruct the client device to first obtain a first component from a different network location. The client device can obtain the first component and execute the first component to use the second component, thereby providing the multi-component application. Other than submission of an initial request to access the application, provisioning of the multi-component application may be programmatic and potentially invisible to an end user, thereby providing an experience similar to accessing a single component application.

公开(公告)号：US10698900B2

公开(公告)日：2020-06-30

申请号：US15714424

申请日：2017-09-25

Applicant: Splunk Inc.

Inventor： Arindam Bhattacharjee ,  Sourav Pal ,  Alexander Douglas James

IPC: G06F16/00 ,  G06F16/2455 ,  G06F16/13 ,  G06F16/23 ,  G06F16/242 ,  G06F16/903 ,  G06F16/901 ,  H04W12/10 ,  H04L29/06

Abstract: Systems and methods are disclosed for generating a distributed execution model with untrusted commands. The system can receive a query, and process the query to identify the untrusted commands. The system can use data associated with the untrusted command to identify one or more files associated with the untrusted command. Based on the files, the system can generate a data structure and include one or more identifiers associated with the data structure in the distributed execution model. The system can distribute the distributed execution model to one or more nodes in a distributed computing environment for execution.