公开(公告)号：US10026204B2

公开(公告)日：2018-07-17

申请号：US14606396

申请日：2015-01-27

Applicant: Splunk Inc.

Inventor： Geoffrey R. Hendrey

IPC: G06T11/20 ,  G06F17/30 ,  G06T1/20 ,  G06T1/60

Abstract: A system that displays geographic data is disclosed. During operation, the system receives a query to be processed, wherein the query is associated with a set of geographic regions. Next, the system uses a late-binding schema generated from the query to retrieve a set of data points from a set of events containing previously gathered data. Then, for each data point in a set of data points, the system identifies zero or more geographic regions in the set of geographic regions that the data point falls into. Finally, the system displays the set of geographic regions, wherein each polygon that defines a geographic region is marked to indicate a number of data points that fall into the polygon.

公开(公告)号：US10003605B2

公开(公告)日：2018-06-19

申请号：US14929182

申请日：2015-10-30

Applicant: Splunk Inc.

Inventor： Sudhakar Muddu ,  Christos Tryfonas

IPC: H04L29/06 ,  G06N99/00 ,  G06F17/30 ,  G06N7/00 ,  G06F3/0482 ,  G06K9/20 ,  G06F3/0484 ,  H04L12/24 ,  H04L12/26

CPC classification number: H04L63/1416 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F16/24578 ,  G06F16/254 ,  G06F16/285 ,  G06F16/444 ,  G06F16/9024 ,  G06F17/2235 ,  G06K9/2063 ,  G06N5/022 ,  G06N5/04 ,  G06N7/005 ,  G06N20/00 ,  H04L41/0893 ,  H04L41/145 ,  H04L41/22 ,  H04L43/00 ,  H04L43/045 ,  H04L43/062 ,  H04L43/08 ,  H04L63/06 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20 ,  H04L2463/121 ,  H05K999/99

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

公开(公告)号：US09990423B2

公开(公告)日：2018-06-05

申请号：US14526493

申请日：2014-10-28

Applicant: Splunk Inc.

Inventor： Ledio Ago ,  Declan Gerard Shanaghy

IPC: G06F17/30

CPC classification number: G06F17/30705 ,  G06F17/30631

Abstract: Various embodiments describe multi-site cluster-based data intake and query systems, including cloud-based data intake and query systems. Using a hybrid search system that includes cloud-based data intake and query systems working in concert with so-called “on-premises” data intake and query systems can promote the scalability of search functionality. In addition, the hybrid search system can enable data isolation in a manner in which sensitive data is maintained “on premises” and information or data that is not sensitive can be moved to the cloud-based system. Further, the cloud-based system can enable efficient leveraging of data that may already exist in the cloud.

公开(公告)号：US09985863B2

公开(公告)日：2018-05-29

申请号：US14800672

申请日：2015-07-15

Applicant: Splunk Inc.

Inventor： Tristan Antonio Fletcher ,  Hemendra Singh Choudhary ,  Clint Sharp

IPC: G06F15/16 ,  H04L12/26 ,  H04L12/24 ,  G06Q10/06 ,  G06F3/0482 ,  G06F3/0484 ,  H04L29/08 ,  G06F12/00

CPC classification number: H04L43/16 ,  G06F3/0481 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/542 ,  G06F17/30424 ,  G06F17/30463 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30572 ,  G06F17/30675 ,  G06F17/30864 ,  G06F17/30867 ,  G06F17/30958 ,  G06F17/30964 ,  G06F17/30979 ,  G06F17/30991 ,  G06Q10/06393 ,  G06T11/206 ,  G06T2200/24 ,  H04L29/08072 ,  H04L41/0213 ,  H04L41/0806 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/5032 ,  H04L41/5035 ,  H04L41/5038 ,  H04L43/04 ,  H04L43/045 ,  H04L67/10 ,  H04L67/16

Abstract: Techniques are disclosed for providing an aggregate key performance indicator (KPI) that spans multiple services and for providing user adjustment to KPI factors via a GUI that enables a user to configure an aggregate KPI with feedback that better characterizes the performance of the services. The GUI may enable a user to select KPIs and to adjust weights (e.g., importance) associated with the KPIs. The weight of a KPI may affect the influence a value of the KPI has on the calculation of an aggregate KPI value (e.g., score). The GUI may provide near real-time feedback concerning the effect the weights have on the aggregate KPI value by displaying the aggregate KPI value (e.g., score) and updating the aggregate KPI value as the user adjusts the weights.

公开(公告)号：US09984128B2

公开(公告)日：2018-05-29

申请号：US14815880

申请日：2015-07-31

Applicant: Splunk Inc.

Inventor： Sundar Rengarajan Vasan ,  Mitchell Neuman Blank, Jr. ,  Vishal Patel ,  Da Xu ,  Rama Gopalan

IPC: G06F17/30 ,  H04L29/08 ,  G06F11/20 ,  G06F3/06

CPC classification number: G06F17/30528 ,  G06F3/0617 ,  G06F3/065 ,  G06F3/067 ,  G06F11/20 ,  G06F11/2094 ,  G06F17/30241 ,  G06F17/30336 ,  G06F17/30575 ,  G06F17/30581 ,  G06F17/30867 ,  G06F17/3087 ,  H04L67/1097

Abstract: Techniques are described for managing data within a multi-site clustered data intake and query system. A data intake and query system as described herein generally refers to a system for collecting, retrieving, and analyzing data. In this context, a clustered data intake and query system generally refers to a system environment that is configured to provide data redundancy and other features that improve the availability of data stored by the system. For example, a clustered data intake and query system may be configured to store multiple copies of data stored by the system across multiple components such that recovery from a failure of one or more of the components is possible by using copies of the data stored elsewhere in the cluster.

公开(公告)号：US09983954B2

公开(公告)日：2018-05-29

申请号：US14980700

申请日：2015-12-28

Applicant: Splunk Inc.

Inventor： Anirban Rahut

IPC: G06F11/00 ,  G06F11/20 ,  G06F11/14 ,  G06F11/18

CPC classification number: G06F11/2005 ,  G06F11/1425 ,  G06F11/184 ,  G06F11/2007 ,  G06F11/2097

Abstract: A high availability scheduler of tasks in a cluster of server devices is provided. A server device of the cluster of server devices enters a leader state based upon the results of a consensus election process in which the server device participates with others of the cluster of server devices. Upon entering the leader state, the server device schedules one or more tasks by assigning each of the one or more tasks to a device, wherein the one or more tasks involve initiating a search of time stamped events.

公开(公告)号：US09983912B2

公开(公告)日：2018-05-29

申请号：US14813908

申请日：2015-07-30

Applicant: Splunk Inc.

Inventor： Denis Gladkikh ,  Mitchell Blank, Jr.

IPC: G06F9/52 ,  G06F17/30 ,  H04L29/08 ,  G06F9/50 ,  H04L29/06 ,  H04L12/24

CPC classification number: G06F9/52 ,  G06F9/5011 ,  G06F17/30424 ,  G06F17/30575 ,  H04L41/0896 ,  H04L65/608 ,  H04L67/02

Abstract: A method to assist with processing distributed jobs by retrieving and/or synchronizing supplemental job data. The method includes receiving a request to perform a job and opening a first connection (e.g., persistent connection) between a primary machine and a secondary machine, and transmitting by the primary machine a request pertaining to the job to the secondary machine using a second connection, the job to be performed by the secondary machine. The method also includes receiving by the primary machine using the second connection a task request for supplemental information pertaining to the job, transmitting by the primary machine a task response including the supplemental information to the secondary machine, and receiving a job result for the job using the second connection.

公开(公告)号：US09977803B2

公开(公告)日：2018-05-22

申请号：US14611018

申请日：2015-01-30

Applicant: SPLUNK, INC.

Inventor： Marc Vincent Robichaud ,  Cory Eugene Burke ,  Jeffrey Thomas Lloyd

IPC: G06F17/30

CPC classification number: G06F17/30315 ,  G06F17/30386 ,  G06F17/30477

Abstract: A search interface is displayed in a table format that includes a plurality of columns, each column including data items of an event attribute, the data items being of a set of events, each column being selectable by a user, and a plurality of rows forming cells with the one or more columns, each cell comprising one or more of the data items of the event attribute of a corresponding column. Based on the user selecting one or more of the columns, a list of options is displayed corresponding to the selected one or more columns, and one or more commands are added to a search query that corresponds to the set of events. The one or more commands are based on at least an option that is selected from the list of options and the event attribute of each of the selected one or more columns.

公开(公告)号：US09960970B2

公开(公告)日：2018-05-01

申请号：US15418766

申请日：2017-01-29

Applicant: Splunk Inc.

Inventor： Hemendra Singh Choudhary ,  Tristan Antonio Fletcher ,  Alok Anant Bhide ,  Fang I. Hsiao

IPC: G06F15/16 ,  H04L12/24 ,  H04L12/26 ,  H04L29/08 ,  G06F17/30 ,  G06F12/00

CPC classification number: H04L41/22 ,  G06F17/3051 ,  G06F17/30551 ,  G06F17/30595 ,  G06F17/30864 ,  H04L29/08072 ,  H04L41/5009 ,  H04L41/5032 ,  H04L41/5045 ,  H04L43/045 ,  H04L43/16 ,  H04L67/02

Abstract: Services in an operating environment are represented by stored service definitions that identify entities that perform the service. Entity definitions identify machine data pertaining to the entity. A key performance indicator (KPI) of the service characterizes the service on the whole or some aspect of it. Each KPI is defined by a search query that derives a value from machine data identified in the entity definitions. Processing devices cause display of a service-monitoring page having a services summary region and a services aspects region. The summary region displays interactive summary tiles that each correspond to a service and present information about an aggregate KPI that characterizes the service. The aspects region displays interactive aspect tiles that each correspond to a KPI characterizing some aspect of an associated service. Additional information may be included in the service-monitoring page and interaction features enable a user to navigate to enhanced information displays.

公开(公告)号：US09942318B2

公开(公告)日：2018-04-10

申请号：US15334690

申请日：2016-10-26

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Christopher Madden Pride

IPC: G06F15/167 ,  H04L29/08 ,  G06F17/30 ,  H04L12/26

CPC classification number: H04L67/1087 ,  G06F15/167 ,  G06F17/30864 ,  H04L43/106 ,  H04L43/16 ,  H04L67/02 ,  H04L67/1004

Abstract: Asynchronous processing of messages that are received from multiple servers is disclosed. An example method may include transmitting, by a computer system, a search request to a plurality of search peers of a data aggregation and analysis system. The method may further include receiving a plurality of sub-application layer protocol packets from the plurality of search peers. The method may further include parsing, by a first processing thread of the computer system, one or more sub-application layer protocol packets of the plurality of sub-application layer protocol packets, to produce an application layer message representing a partial response to the search request. The method may further include processing, by a second processing thread of the computer system, the application layer message to produce a memory data structure representing an aggregated response to the search request.