公开(公告)号：US10565241B2

公开(公告)日：2020-02-18

申请号：US15814320

申请日：2017-11-15

Applicant: Splunk Inc.

Inventor： Tristan Antonio Fletcher ,  Alok Anant Bhide

IPC: H04L29/06 ,  G06F16/33 ,  G06F16/903 ,  H04L12/24 ,  H04L12/26 ,  G06Q10/06 ,  G06F3/0482 ,  G06F3/0484 ,  H04L29/08

Abstract: A system, method and graphical user interface (GUI) for creating a new correlation search based on fluctuations in key performance indicators (KPIs) displayed in a set of graph lanes. The graph lanes may provide graphical visualizations of the KPIs associated with one or more services and may assist a user in identifying a situation (e.g., problem or a pattern of interest) in the performance of the services. The graph lanes can be adjusted (e.g., add graph lanes, zooming-in) in order to display the situation, at which point a new correlation search may be generated to detect if the situation reoccurs. The system may generate the new correlation search by iterating through the set of graph lanes and analyzing the fluctuations of each KPI to determine triggering criteria. The system may then run the correlation search and generate a notable event or alarm when the situation reoccurs.

公开(公告)号：US10565220B2

公开(公告)日：2020-02-18

申请号：US15421408

申请日：2017-01-31

Applicant: Splunk Inc.

Inventor： Michael Porath ,  Marshall C. Agnew ,  Ho Lun Ng ,  Brian Reyes

IPC: G06F16/20 ,  G06F16/248 ,  G06F16/2458

Abstract: Techniques and mechanisms are disclosed for generating and causing display of graphical interfaces which enable an interactive and flexible search results visualization process. Based on results data identified in response to execution of a search query, an interface element is displayed which enables users to select a field contained in the results data, also referred to herein as a “dimension” or “facet,” and for which a “faceted” visualization of the results data can be dynamically generated and displayed. As used herein, a faceted visualization refers to a graphical interface including display of at least two separate data visualizations generated based on a selected facet data dimension, where each separate data visualization corresponds to a distinct value of the selected facet dimension.

公开(公告)号：US10560468B2

公开(公告)日：2020-02-11

申请号：US16041637

申请日：2018-07-20

Applicant: Splunk Inc.

Inventor： Sudhakar Muddu ,  Christos Tryfonas ,  Marios Iliofotou

IPC: H04L29/06 ,  G06F3/0482 ,  H04L12/26 ,  H04L12/24 ,  G06N99/00 ,  G06N7/00 ,  G06N5/04 ,  G06K9/20 ,  G06F17/30 ,  G06F17/22 ,  G06F3/0484 ,  G06N20/00 ,  G06F16/25 ,  G06F16/28 ,  G06F16/44 ,  G06F16/901 ,  G06F16/2457 ,  G06N5/02

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

公开(公告)号：US10558614B2

公开(公告)日：2020-02-11

申请号：US15884999

申请日：2018-01-31

Applicant: Splunk Inc.

Inventor： Venkata Kuruvada ,  Fang I Hsiao ,  Nicholas Matthew Tankersley

IPC: G06F16/14 ,  G06F16/22 ,  G06F16/951 ,  G06F3/06 ,  G06Q10/06

Abstract: A server group of a data intake and query system (DIQS) establishes connections with multiple source data network nodes. Data from the multiple sources comports with a variety of different data modes and may be received via the established network connections on a periodic or continuous basis for ongoing capture as modal entries of modal buckets of a common networked storage volume. Rates of data reception across the network connections influences a process to maintain a measured utilization of storage volume capacity at, near, or below a targeted level.

公开(公告)号：US10558516B2

公开(公告)日：2020-02-11

申请号：US16176186

申请日：2018-10-31

Applicant: SPLUNK INC.

Inventor： Jacob Barton Leverich ,  Shang Cai ,  Hongyang Zhang ,  Mihai Ganea ,  Alex Cruise

IPC: G06F11/00 ,  G06F11/07

Abstract: A continuous anomaly detection service receives data stream and performs continuous anomaly detection on the incoming data streams. This continuous anomaly detection is performed based on anomaly detection definitions, which define a signal used for anomaly detection and an anomaly detection configuration. These anomaly detection definitions can be modified, such that continuous anomaly detection continues to be performed for the data stream and the signal, based on the new anomaly detection definition.

公开(公告)号：US10545964B2

公开(公告)日：2020-01-28

申请号：US15419883

申请日：2017-01-30

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Ashish Mathew ,  Xiaowei Wang ,  Christopher Pride

IPC: G06F16/2455 ,  G06F16/248 ,  G06F16/951

Abstract: The disclosed embodiments include a method performed by a data intake and query system. The method includes receiving a search query by a search head, defining a search process for applying the search query to indexers, delegating a first portion of the search process to indexers and a second portion of the search process to intermediary node(s) communicatively coupled to the search head and the indexers. The first portion can define a search scope for obtaining partial search results of the indexers and the second portion can define operations for combining the partial search results by the intermediary node(s) to produce a combination of the partial search results. The search head then receives the combination of the partial search results, and outputs final search results for the search query, where the final search results are based on the combination of the partial search results.

公开(公告)号：US10545838B2

公开(公告)日：2020-01-28

申请号：US16038683

申请日：2018-07-18

Applicant: SPLUNK INC.

Inventor： Panagiotis Papadomitsos ,  Ioannis Vlachogiannis

IPC: G06F11/14 ,  H04L1/16 ,  H04L12/853

Abstract: In accordance with implementations of the present disclosure, a backup of live data received by a data forwarder is generated at the data forwarder while the live data is provided to a real-time data pipeline for forwarding from the data forwarder. A first portion of the live data is recovered from the backup to a stale data pipeline of the data forwarder. A request to forward the live data to a destination node is received by the data forwarder. In response to the request data is forwarded to the destination node, where the first portion of the live data from the stale data pipeline is added to a second portion of the live data from the real-time data pipeline in the response based on determining headroom remains to reach an amount of the data identified to include in the response.

公开(公告)号：US10528607B2

公开(公告)日：2020-01-07

申请号：US15223598

申请日：2016-07-29

Applicant: SPLUNK INC.

Inventor： Jindrich Dinga ,  Yuan Xie ,  Katherine Kyle Feeney ,  Jesse Miller

IPC: G06F9/44 ,  G06F16/33 ,  G06F8/33 ,  G06F11/30

Abstract: Various approaches for automating code completion are described herein. More particularly, approaches are provided that automatically generate coded commands of a coding language (i.e., code) that function and operate as intended by the user. As the user codes the commands, such approaches assist a user in various ways. For example, such automated assistance provides the user an understanding of various coding options available in the coding language. The assistance also enforces the proper employment of the available coding options, as well as provides an understanding of the functionality of the generated code. Automating code completion provides various benefits to the user, such as decreasing the time the user spends generating code, increasing the likelihood that the generated code functions and operates on a system as intended, and reducing the number of code versions required to be executed or compiled by the system.

公开(公告)号：US10515096B1

公开(公告)日：2019-12-24

申请号：US15582689

申请日：2017-04-29

Applicant: Splunk Inc.

Inventor： Hemendra Singh Choudhary ,  Tristan Antonio Fletcher ,  Ross Andrew Lazerowitz ,  Vineetha Bettaiah

IPC: G06F16/28 ,  G06F3/0482 ,  G06F17/24 ,  G06F16/2457

Abstract: The operation of an automatic service monitoring system (SMS) is directed by stored control information. Methods and mechanisms are provided to create control information that directs operations of the SMS regarding the grouping together of related notable events for unified display and processing. The methods and mechanisms include interfacing with a user for selection of similarity scoring regimes for association with a particular field that are engaged for event grouping. The control information directs grouping operations that automatically correlate the events without requiring, for example, a set of declarative grouping rules.

公开(公告)号：US20190356676A1

公开(公告)日：2019-11-21

申请号：US16528397

申请日：2019-07-31

Applicant: Splunk Inc.

Inventor： Brian Luger

IPC: H04L29/06

Abstract: Techniques and mechanisms are disclosed enabling efficient collection of forensic data from client devices, also referred to herein as endpoint devices, of a networked computer system. Embodiments described herein further enable correlating forensic data with other types of non-forensic data from other data sources. A network security application described herein further enables generating various dashboards, visualizations, and other interfaces for managing forensic data collection, and displaying information related to collected forensic data and information related to identified correlations between items of forensic data and other items of non-forensic data.