公开(公告)号：US10565220B2

公开(公告)日：2020-02-18

申请号：US15421408

申请日：2017-01-31

Applicant: Splunk Inc.

Inventor： Michael Porath ,  Marshall C. Agnew ,  Ho Lun Ng ,  Brian Reyes

IPC: G06F16/20 ,  G06F16/248 ,  G06F16/2458

Abstract: Techniques and mechanisms are disclosed for generating and causing display of graphical interfaces which enable an interactive and flexible search results visualization process. Based on results data identified in response to execution of a search query, an interface element is displayed which enables users to select a field contained in the results data, also referred to herein as a “dimension” or “facet,” and for which a “faceted” visualization of the results data can be dynamically generated and displayed. As used herein, a faceted visualization refers to a graphical interface including display of at least two separate data visualizations generated based on a selected facet data dimension, where each separate data visualization corresponds to a distinct value of the selected facet dimension.

公开(公告)号：US20200050607A1

公开(公告)日：2020-02-13

申请号：US16657894

申请日：2019-10-18

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Arindam Bhattacharjee ,  Wayne Patterson

IPC: G06F16/2453 ,  G06F16/2458 ,  G06F9/48

Abstract: Systems and methods are described for reducing execution time of a query that references external data systems. The system can determine an external data system is capable of processing one or more map or reduce phases of a map-reduce operation. When it is determined that the external data system can process a map or reduce phase, associated operations may be reassigned from the system to the external data system reducing the processing resources used by the system to response to the query and, in some cases, speeding up performance of the query.

公开(公告)号：US10560468B2

公开(公告)日：2020-02-11

申请号：US16041637

申请日：2018-07-20

Applicant: Splunk Inc.

Inventor： Sudhakar Muddu ,  Christos Tryfonas ,  Marios Iliofotou

IPC: H04L29/06 ,  G06F3/0482 ,  H04L12/26 ,  H04L12/24 ,  G06N99/00 ,  G06N7/00 ,  G06N5/04 ,  G06K9/20 ,  G06F17/30 ,  G06F17/22 ,  G06F3/0484 ,  G06N20/00 ,  G06F16/25 ,  G06F16/28 ,  G06F16/44 ,  G06F16/901 ,  G06F16/2457 ,  G06N5/02

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

公开(公告)号：US10558614B2

公开(公告)日：2020-02-11

申请号：US15884999

申请日：2018-01-31

Applicant: Splunk Inc.

Inventor： Venkata Kuruvada ,  Fang I Hsiao ,  Nicholas Matthew Tankersley

IPC: G06F16/14 ,  G06F16/22 ,  G06F16/951 ,  G06F3/06 ,  G06Q10/06

Abstract: A server group of a data intake and query system (DIQS) establishes connections with multiple source data network nodes. Data from the multiple sources comports with a variety of different data modes and may be received via the established network connections on a periodic or continuous basis for ongoing capture as modal entries of modal buckets of a common networked storage volume. Rates of data reception across the network connections influences a process to maintain a measured utilization of storage volume capacity at, near, or below a targeted level.

公开(公告)号：US10558516B2

公开(公告)日：2020-02-11

申请号：US16176186

申请日：2018-10-31

Applicant: SPLUNK INC.

Inventor： Jacob Barton Leverich ,  Shang Cai ,  Hongyang Zhang ,  Mihai Ganea ,  Alex Cruise

IPC: G06F11/00 ,  G06F11/07

Abstract: A continuous anomaly detection service receives data stream and performs continuous anomaly detection on the incoming data streams. This continuous anomaly detection is performed based on anomaly detection definitions, which define a signal used for anomaly detection and an anomaly detection configuration. These anomaly detection definitions can be modified, such that continuous anomaly detection continues to be performed for the data stream and the signal, based on the new anomaly detection definition.

公开(公告)号：US20200043244A1

公开(公告)日：2020-02-06

申请号：US16051340

申请日：2018-07-31

Applicant: Splunk Inc.

Inventor： Devin BHUSHAN ,  Jesse CHOR ,  Glen WONG

IPC: G06T19/20 ,  G06T19/00 ,  G06F3/01 ,  G06F3/0484 ,  G06F3/0346 ,  G06T3/00

Abstract: A mobile device is fitted with a camera and an extended reality (XR) software application program executing on a processor within an XR system. Via the XR software application program, various techniques are performed for manipulating virtual objects in an XR environment. In a first technique, the XR software application program facilitates the movement of a virtual object from a first location to a second location. In a second technique, the XR software application program facilitates the rotation of a virtual object. In a third technique, the XR software application program facilitates the scaling of a virtual object along one or more axes.

公开(公告)号：US20200034414A1

公开(公告)日：2020-01-30

申请号：US16589445

申请日：2019-10-01

Applicant: SPLUNK INC.

Inventor： Jesse MILLER ,  Micah James DELFINO ,  Marc ROBICHAUD ,  David CARASSO

IPC: G06F17/24 ,  G06F16/2458

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US10545964B2

公开(公告)日：2020-01-28

申请号：US15419883

申请日：2017-01-30

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Ashish Mathew ,  Xiaowei Wang ,  Christopher Pride

IPC: G06F16/2455 ,  G06F16/248 ,  G06F16/951

Abstract: The disclosed embodiments include a method performed by a data intake and query system. The method includes receiving a search query by a search head, defining a search process for applying the search query to indexers, delegating a first portion of the search process to indexers and a second portion of the search process to intermediary node(s) communicatively coupled to the search head and the indexers. The first portion can define a search scope for obtaining partial search results of the indexers and the second portion can define operations for combining the partial search results by the intermediary node(s) to produce a combination of the partial search results. The search head then receives the combination of the partial search results, and outputs final search results for the search query, where the final search results are based on the combination of the partial search results.

公开(公告)号：US10545838B2

公开(公告)日：2020-01-28

申请号：US16038683

申请日：2018-07-18

Applicant: SPLUNK INC.

Inventor： Panagiotis Papadomitsos ,  Ioannis Vlachogiannis

IPC: G06F11/14 ,  H04L1/16 ,  H04L12/853

Abstract: In accordance with implementations of the present disclosure, a backup of live data received by a data forwarder is generated at the data forwarder while the live data is provided to a real-time data pipeline for forwarding from the data forwarder. A first portion of the live data is recovered from the backup to a stale data pipeline of the data forwarder. A request to forward the live data to a destination node is received by the data forwarder. In response to the request data is forwarded to the destination node, where the first portion of the live data from the stale data pipeline is added to a second portion of the live data from the real-time data pipeline in the response based on determining headroom remains to reach an amount of the data identified to include in the response.

公开(公告)号：US20200012715A1

公开(公告)日：2020-01-09

申请号：US16541637

申请日：2019-08-15

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  Catherine Anne Hanson ,  David Carasso

IPC: G06F17/24 ,  G06F16/2458

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.