公开(公告)号：US10698777B2

公开(公告)日：2020-06-30

申请号：US15964940

申请日：2018-04-27

Applicant: Splunk Inc.

Inventor： Anirban Rahut

IPC: G06F11/00 ,  G06F11/20 ,  G06F11/14 ,  G06F11/18

Abstract: A high availability scheduler of tasks in a cluster of server devices is provided. A server device of the cluster of server devices enters a leader state based upon the results of an election process in which the server device participates with others of the cluster of server devices. Upon entering the leader state, the server device schedules one or more tasks by assigning each of the one or more tasks to a device, wherein the one or more tasks involve initiating a search of time stamped events.

公开(公告)号：US10680914B1

公开(公告)日：2020-06-09

申请号：US16403549

申请日：2019-05-05

Applicant: Splunk Inc.

Inventor： Brian John Bingham ,  Hemendra Singh Choudhary ,  Tristan Antonio Fletcher

IPC: H04L29/06 ,  H04L12/24 ,  G06Q10/06 ,  H04L29/08 ,  H04L12/26 ,  G06F3/0484

Abstract: One or more processing devices derive values indicative of various aspects or characteristics of how a particular service in an information technology (IT) environment is existing or performing at a point in time or for a period of time. The values are derived by a search query over machine data associated with the one or more entities that provide the service. The one or more processing devices determine a value for an aggregate key performance indicator (KPI) for the service to indicate or characterize the service overall from values for each of the various aspects.

公开(公告)号：US10671540B2

公开(公告)日：2020-06-02

申请号：US16049609

申请日：2018-07-30

Applicant: Splunk, Inc.

Inventor： Ledion Bitincka ,  Alexandros Batsakis ,  Paul J. Lucas ,  Nicholas Robert Romito

IPC: G06F12/00 ,  G06F12/0875 ,  G06F16/172 ,  G06F16/951 ,  G06F16/957 ,  G06F3/06 ,  G06F12/0802

Abstract: Embodiments are disclosed for performing cache aware searching. In response to a search query, a first bucket and a second bucket in remote storage for processing the search query. A determination is made that a first file in the first bucket is present in a cache when the search query is received. In response to the search query, a search is performed using the first file based on the determination that the first file is present in the cache when the search query is received, and the search is performed using a second file from the second bucket once the second file is stored in the cache.

公开(公告)号：US10657146B2

公开(公告)日：2020-05-19

申请号：US15339889

申请日：2016-10-31

Applicant: Splunk Inc.

Inventor： Amrittpal Singh Bath ,  Pratiksha Shah ,  Murugan Kandaswamy ,  Vishal Patel

IPC: G06F16/00 ,  G06F16/248 ,  G06F16/22 ,  G06F16/25 ,  G06F16/28 ,  G06F16/901 ,  G06F16/951 ,  G06F16/242 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/835 ,  G06F16/9038 ,  G06F16/9535 ,  G06F16/903 ,  H04L29/08 ,  G06F3/0481 ,  G06T11/20 ,  H04L12/26

Abstract: The disclosed embodiments include a method performed by a data intake and query system. The method includes ingesting data including raw data obtained over a computer network from a plurality of remote computer systems, and generating events, where each event includes a segment of the raw data and a respective timestamp. The method further includes extracting field values from at least a portion of the raw data of the events, where the field values each include a numerical value, and each numerical value is indicative of a measured characteristic of a computing device. The method further includes generating structured metrics, where each structured metric has a respective numerical value, and indexing the plurality of structured metrics.

公开(公告)号：US10606810B2

公开(公告)日：2020-03-31

申请号：US15401427

申请日：2017-01-09

Applicant: Splunk Inc.

Inventor： Yuan Xu

IPC: G06F16/00 ,  G06F16/178 ,  G06F16/188

Abstract: Embodiments of the present disclosure provide techniques for efficiently and accurately performing propagation of search-head specific configuration customizations across multiple individual configuration files of search heads of a cluster for a consistent user experience. The cluster of search heads may be synchronized such that the search heads operate to receive the configuration or knowledge object customizations from one or more clients from a central or lead search head. To reduce the amount of data that is transferred during propagation, the list of configuration or knowledge object customizations maintained in each search head is filtered from the list of the lead search head until a divergence point is determined. Once determined and communicated to the lead search head, the lead search head sends the configuration and knowledge object customization data that is absent from the internal list of the member search head.

公开(公告)号：US10592694B2

公开(公告)日：2020-03-17

申请号：US15798317

申请日：2017-10-30

Applicant: Splunk Inc.

Inventor： David Carasso

IPC: G06F21/00 ,  G06F21/62 ,  G06F3/0482 ,  G06F3/0484 ,  G06F16/23 ,  G06F3/0481

Abstract: Components of a system for generating anonymized data from timestamped event data are disclosed. The generation of anonymized data is performed in accordance with an anonymization configuration. The anonymization configuration includes information regarding the source of the event data, particulars about the anonymization process that transforms the clear event data from the source into an anonymized form, and particulars about the destination and characteristics for the output dataset. A graphical user interface permits development of anonymization configurations in an interactive, iterative way. The configured anonymizer employs methods and options to produce anonymized data with superior usability as a substitute for real world data, including a mode to effectively emulate live data streams.

公开(公告)号：US10592563B2

公开(公告)日：2020-03-17

申请号：US15339853

申请日：2016-10-31

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Arindam Bhattacharjee ,  Christopher Pride

IPC: G06F16/00 ,  G06F16/951 ,  G06F16/21 ,  G06F16/25 ,  G06F16/904 ,  G06F16/901 ,  G06F16/9038 ,  G06F16/903 ,  G06F16/248 ,  G06F16/2458 ,  G06F16/27 ,  G06F16/2455

Abstract: The disclosed embodiments include a technique to obtain search results from the application of transformation operations on partial search results obtained from across internal and/or external data sources. Examples of transformation operations include arithmetic operations such as an average, mean, count, or the like. Examples of reporting transformations include join operations, statistics, sort, top head. Hence, the search results of a search query can be derived from partial search result rather than include the actual partial search results. In this case, the ordering of the search results may be nonessential. An example of a search query that requires a transformation operation is a “batch” or “reporting” search query. The related disclosed techniques involve obtaining data stored in the bid data ecosystem, and returning that data or data derived from that data.

公开(公告)号：US10592562B2

公开(公告)日：2020-03-17

申请号：US15339847

申请日：2016-10-31

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Arindam Bhattacharjee

IPC: G06F16/00 ,  G06F16/951 ,  G06F16/21 ,  G06F16/25 ,  G06F16/904 ,  G06F16/901 ,  G06F16/9038 ,  G06F16/903 ,  G06F16/248 ,  G06F16/2458 ,  G06F16/27 ,  G06F16/2455

Abstract: The performance and flexibility of a data intake and query system having capabilities extended by a fabric service (DFS) system can be improved with deployment on a cloud computing platform. The DFS system can extend the capabilities of a data intake and query system by leveraging computing assets from anywhere in a big data ecosystem to collectively execute search queries on diverse data systems regardless of whether data stores are internal of the data intake and query system and/or external data stores that are communicatively coupled to the data intake and query system over a network.

公开(公告)号：US10587633B2

公开(公告)日：2020-03-10

申请号：US16050368

申请日：2018-07-31

Applicant: Splunk Inc.

Inventor： Sudhakar Muddu ,  Christos Tryfonas ,  Marios Iliofotou

IPC: H04L9/00 ,  H04L29/06 ,  G06N20/00 ,  G06F16/25 ,  G06F16/28 ,  G06F16/44 ,  G06F16/901 ,  G06F16/2457 ,  H04L12/26 ,  G06N7/00 ,  G06F3/0482 ,  G06K9/20 ,  G06F3/0484 ,  H04L12/24 ,  G06N5/04 ,  G06N5/02

Abstract: The disclosed embodiments include a method performed by a computer system. The method includes forming groups of traffic, where each group includes a subset of detected connection requests. The method further includes determining a periodicity of connection requests for each group, identifying a particular group based on whether the periodicity of connection requests of the particular group satisfies a periodicity criterion, determining a frequency of the particular group in the traffic, and identifying the particular group as an anomaly based on whether the frequency of the particular group satisfies a frequency criterion.

公开(公告)号：US10574548B2

公开(公告)日：2020-02-25

申请号：US13956338

申请日：2013-07-31

Applicant: Splunk, Inc.

Inventor： John Coates ,  Lucas Murphey ,  James Hansen ,  David Hazekamp

IPC: H04L12/26 ,  H04L12/24

Abstract: A system and computer-implemented is provided for displaying a configurable metric relating to an environment in a graphical display along with a value of the metric calculated over a configurable time period. The metric is used to identify events of interest in the environment based on processing real time machine data from one or more sources. The configurable metric is selected and a corresponding value is calculated based on the events of interest over the configurable time period. The value of the metric may be continuously updated in real time based on receiving additional real-time machine data and displayed in a graphical interface as time progresses. Statistical trends in the value of the metric may also be determined over the configurable time period and displayed in the graphical interface as well as an indication if the value of the metric exceeds a configurable threshold value. Further, a selection of one or more thresholds for the value of the metric may be applied and an indication displayed indicating if the threshold(s) have been exceeded.