公开(公告)号：US10482493B2

公开(公告)日：2019-11-19

申请号：US16126294

申请日：2018-09-10

Applicant: Splunk, Inc.

Inventor： Brian Gabriel Nash ,  Andrew Hoy Stein

IPC: H04W4/02 ,  G06Q30/02 ,  G01S5/02 ,  G06Q20/32 ,  H04L29/08

Abstract: Embodiments are disclosed for a method that may include accessing events in a field-searchable data store. The events may include raw machine data associated with a timestamp. The raw machine data may represent interactions between a mobile device and one or more network devices at a locale. The method may further include determining, based on the interactions, one or more geographic positions of the mobile device, and calculating a metric for the locale using the geographic positions.

公开(公告)号：US10467263B2

公开(公告)日：2019-11-05

申请号：US15665247

申请日：2017-07-31

Applicant: SPLUNK, Inc.

Inventor： Geoffrey R. Hendrey

IPC: G06F16/29 ,  G09G5/00 ,  G09G5/02

Abstract: A system that displays geographic data is disclosed. The system obtains polygons that define a set of geographic regions. Then, the system projects rays from endpoints of the line segments that define the polygons onto a reference line to form intersection points. For each interval between pairs of consecutive intersection points on the reference line, the system keeps track of open line segments that project onto the interval. For each data point in a set of data points, the system identifies a relevant interval on the reference line that the data point projects onto, and performs a crossing number operation to identify polygons that the data point falls into, and the system increments a count for each polygon that the data point falls into. Finally, the system displays the set of geographic regions in a manner that indicates a number of data points that fall into each geographic region.

公开(公告)号：US10462169B2

公开(公告)日：2019-10-29

申请号：US15582645

申请日：2017-04-29

Applicant: Splunk Inc.

Inventor： Satheesh Kumar Joseph Durairaj ,  Stanislav Miskovic ,  Georgios Apostolopoulos

IPC: G08B23/00 ,  G06F12/16 ,  G06F12/14 ,  G06F11/00 ,  H04L29/06 ,  G06N20/00 ,  G06F16/901

Abstract: A lateral movement application identifies lateral movement (LM) candidates that potentially represent a security threat. Security platforms generate event data when performing security-related functions, such as authenticating a user account. The disclosed technology enables greatly increased accuracy identification of lateral movement (LM) candidates by, for example, refining a population of LM candidates based on an analysis of a time constrained graph in which nodes represent entities, and edges between nodes represent a time sequence of login or other association activities between the entities. The graph is created based on an analysis of the event data, including time sequences of the event data.

公开(公告)号：US10462004B2

公开(公告)日：2019-10-29

申请号：US14699807

申请日：2015-04-29

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Wei Jiang ,  Vladimir A. Shcherbakov ,  Ramkumar Chandrasekharan ,  Clayton S. Ching

IPC: G06F16/00 ,  H04L12/24 ,  G06F3/0482 ,  G06F3/0484 ,  G06F16/26 ,  G06F3/0481 ,  H04L29/08

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements containing a set of statistics associated with one or more event streams that comprise the time-series event data. The system then causes for display, in the GUI, one or more graphs comprising one or more values from the set of statistics. Finally, the system causes for display, in the GUI, a value of a statistic from the set of statistics based on a position of a cursor over the one or more graphs.

公开(公告)号：US10459939B1

公开(公告)日：2019-10-29

申请号：US15224618

申请日：2016-07-31

Applicant: Splunk Inc.

Inventor： Marshall Chalmers Agnew ,  Michael Porath ,  Patrick Wied ,  Clark Eugene Mullen

IPC: G06F16/30 ,  G06F16/248 ,  G06T11/20 ,  G06F16/26 ,  G06F16/22

Abstract: Disclosed are a system and a method for providing user-interactive parallel coordinates charts. In an embodiment, a machine data search and analysis system retrieves search results including a plurality of events, each of the events containing time-stamped data in response to a search query. The system identifies a plurality of characteristics from the data corresponding to the events. The system causes display of a multiple-dimensional chart (e.g., a parallel coordinates chart) depicting the data corresponding to the events. The multiple-dimensional chart includes a plurality of axes. Each of the axes corresponds to one of the identified characteristics. The multiple-dimensional chart further includes a plurality of polylines representing the events. Each of the polylines includes a plurality of vertices on the axes.

公开(公告)号：US10459819B2

公开(公告)日：2019-10-29

申请号：US15011517

申请日：2016-01-30

Applicant: Splunk Inc.

Inventor： Peter Chen ,  Min Zhang ,  Feng Shao ,  Qianjie Zhong ,  Geng Qin ,  D. Randall Young ,  Roy Zhang ,  Aaron Zhang

IPC: G06F16/248 ,  G06F11/34 ,  G06F11/30 ,  G06F11/32

Abstract: Techniques and mechanisms are disclosed that enable a data intake and query system to generate and cause display of circular timelines of timestamped event data. As used herein, a circular timeline generally refers to a graphical display of timestamped events stored by a data intake and query system, wherein the timestamped events may be displayed as arcs of one or more concentric circles and located in a circular timeline area according to a chronological ordering associated with the events. One or more display attributes of each arc may further depend on other data associated with the corresponding events. For example, each arc of a circular time may be displayed at a particular radial distance, with a particular thickness, using a particular shading and/or color, etc., depending on various data values associated with the one or more events represented by the arc.

公开(公告)号：US20190303385A1

公开(公告)日：2019-10-03

申请号：US16442338

申请日：2019-06-14

Applicant: Splunk Inc.

Inventor： Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Nishant Teredesai ,  Matthew S. Zises

IPC: G06F16/26 ,  H04L12/26 ,  H04L12/24 ,  H04L29/06

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements comprising event stream information for one or more ephemeral event streams used to temporarily generate the time-series event data from the network packets. The system then causes for display, in the GUI, a mechanism for navigating between the event stream information and creation information for one or more creators of the one or more ephemeral event streams.

公开(公告)号：US10419462B2

公开(公告)日：2019-09-17

申请号：US15860049

申请日：2018-01-02

Applicant: SPLUNK INC.

Inventor： Sudhakar Muddu ,  Christos Tryfonas ,  Ravi Prasad Bulusu

IPC: H04L29/06 ,  G06N20/00 ,  G06F16/25 ,  G06F16/28 ,  G06F16/44 ,  G06F16/901 ,  G06F16/2457 ,  G06N7/00 ,  G06F3/0482 ,  G06K9/20 ,  G06F3/0484 ,  H04L12/24 ,  H04L12/26 ,  G06F17/22 ,  G06N5/04 ,  G06N5/02

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

公开(公告)号：US10419450B2

公开(公告)日：2019-09-17

申请号：US14929037

申请日：2015-10-30

Applicant: Splunk Inc.

Inventor： Sudhakar Muddu ,  Christos Tryfonas

IPC: H04L9/00 ,  H04L29/06 ,  G06N20/00 ,  G06F16/25 ,  G06F16/28 ,  G06F16/44 ,  G06F16/901 ,  G06F16/2457 ,  G06N7/00 ,  G06F3/0482 ,  G06K9/20 ,  G06F3/0484 ,  H04L12/24 ,  H04L12/26 ,  G06F17/22 ,  G06N5/04 ,  G06N5/02

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

公开(公告)号：US10409668B2

公开(公告)日：2019-09-10

申请号：US15663513

申请日：2017-07-28

Applicant: Splunk Inc.

Inventor： Konstantinos Polychronis

IPC: G06F11/07 ,  G06Q20/32 ,  G06Q20/38 ,  G06Q20/40

Abstract: Various methods and systems for tracking incomplete purchases in correlation with application performance, such as application errors or crashes, are provided. In this regard, aspects of the invention facilitate monitoring transaction and application error events and analyzing data associated therewith to identify data indicating an impact of incomplete purchases in relation to an error(s) such that application performance can be improved. In various implementations, application data associated with an application installed on a mobile device is received. The application data is used to determine that an error that occurred in association with the application installed on the mobile device correlates with an incomplete monetary transaction initiated via the application. Based on the error correlating with the incomplete monetary transaction, a transaction attribute associated with the error is determined.