公开(公告)号：US09807192B1

公开(公告)日：2017-10-31

申请号：US15582542

申请日：2017-04-28

Applicant: Splunk Inc.

Inventor： Tristan Fletcher ,  Brian Bingham

IPC: H04L29/08 ,  G06F9/48 ,  G06F9/50 ,  G06F17/30 ,  H04L29/06

CPC classification number: H04L67/2861 ,  G06F9/4881 ,  G06F9/5005 ,  G06F9/5011 ,  G06F9/5033 ,  G06F9/505 ,  G06F9/54 ,  G06F17/30619 ,  G06F17/30675 ,  H04L63/08

Abstract: A scheduler manages execution of a plurality of data-collection jobs, assigns individual jobs to specific forwarders in a set of forwarders, and generates and transmits tokens (e.g., pairs of data-collection tasks and target sources) to assigned forwarders. The forwarder uses the tokens, along with stored information applicable across jobs, to collect data from the target source and forward it onto an indexer for processing. For example, the indexer can then break a data stream into discrete events, extract a timestamp from each event and index (e.g., store) the event based on the timestamp. The scheduler can monitor forwarders' job performance, such that it can use the performance to influence subsequent job assignments. Thus, data-collection jobs can be efficiently assigned to and executed by a group of forwarders, where the group can potentially be diverse and dynamic in size.

公开(公告)号：US09762455B2

公开(公告)日：2017-09-12

申请号：US15296030

申请日：2016-10-17

Applicant: Splunk Inc.

Inventor： Brian John Bingham ,  Tristan Antonio Fletcher ,  Hemendra Singh Choudhary

IPC: G06F15/16 ,  H04L12/24 ,  H04L29/08 ,  G06F3/0482 ,  G06F3/0484 ,  H04L12/26 ,  G06Q10/06

CPC classification number: H04L41/5032 ,  G06F3/0482 ,  G06F3/04842 ,  G06Q10/06393 ,  H04L29/08072 ,  H04L41/0213 ,  H04L41/12 ,  H04L41/22 ,  H04L41/5006 ,  H04L41/5009 ,  H04L43/04 ,  H04L43/045 ,  H04L43/16 ,  H04L67/16 ,  H04L67/2809

Abstract: One or more processing devices derive values indicative of various aspects of how a particular service in an information technology (IT) environment is performing at a point in time or for a period of time. The values are derived by a search query over machine data associated with the one or more entities that provide the service. The one or more processing devices determine a value for an aggregate key performance indicator (KPI) for the service to indicate or characterize the service overall from values for each of the various aspects.

公开(公告)号：US09762443B2

公开(公告)日：2017-09-12

申请号：US14253753

申请日：2014-04-15

Applicant: Splunk Inc.

Inventor： Michael Dickey

IPC: G06F15/16 ,  H04L12/24

CPC classification number: H04L43/04 ,  H04L41/046 ,  H04L41/0816 ,  H04L41/0856 ,  H04L43/106

Abstract: The disclosed embodiments provide a method and system for processing network data. During operation, the system obtains, at a remote capture agent, configuration information for the remote capture agent from a configuration server over a network. Next, the system uses the configuration information to configure the generation of event data from network data obtained from network packets at the remote capture agent. The system then uses the configuration information to configure transformation of the event data or the network data into transformed event data at the remote capture agent.

公开(公告)号：US09760240B2

公开(公告)日：2017-09-12

申请号：US14859233

申请日：2015-09-18

Applicant: Splunk Inc.

Inventor： Sonal Maheshwari ,  Manish Sainani ,  Leonid Alekseyev ,  Alan Hardin ,  Jacob Barton Leverich ,  Adam Jamison Oliner ,  Brian Reyes ,  Alok Anant Bhide

IPC: G06F15/16 ,  G06F3/0481 ,  G06T11/20 ,  G06F17/30 ,  H04L29/08

CPC classification number: G06F3/0481 ,  G06F3/04812 ,  G06F17/30548 ,  G06F17/30554 ,  G06Q10/00 ,  G06T11/206 ,  H04L67/1095

Abstract: Techniques are disclosed for providing a graphical user interface (GUI) for displaying and configuring adaptive or static thresholds for Key Performance Indicators (KPIs). The GUI may include one or more presentation schedules that may display threshold information associated with time policies. Each presentation schedule may include multiple time slots and span a portion of one or more time cycles. Some of the time slots may be associated with a specific time policy and may have a unifying appearance that distinguishes the time slots from timeslots associated with other time policies. The presentation schedules may arrange the time slots in a time grid arrangement (e.g., calendar grid view) or a graph arrangement with depictions (e.g., points, lines) that may illustrate KPI values and threshold markers that may illustrate the threshold values.

公开(公告)号：US09754395B2

公开(公告)日：2017-09-05

申请号：US14801721

申请日：2015-07-16

Applicant: Splunk Inc.

Inventor： Tristan Fletcher ,  Cary Glen Noel

IPC: G06T11/20

CPC classification number: G06T11/206

Abstract: The disclosed embodiments relate to a system that displays performance data for a computing environment. During operation, the system first determines values for a performance metric for a plurality of entities that comprise the computing environment. Next, the system displays the computing environment as a set of nodes representing the plurality of entities. While displaying the nodes, the system displays a chart with a line illustrating how a value of the performance metric for the selected node varies over time, wherein the line is displayed against a background illustrating how a distribution of the performance metric for a reference subset of the set of nodes varies over time.

公开(公告)号：US09747152B2

公开(公告)日：2017-08-29

申请号：US14697427

申请日：2015-04-27

Applicant: SPLUNK INC.

Inventor： Konstantinos Polychronis

IPC: G06F11/00 ,  G06F11/07 ,  G06Q20/32 ,  G06Q20/38 ,  G06Q20/40

CPC classification number: G06F11/079 ,  G06Q20/32 ,  G06Q20/382 ,  G06Q20/4016 ,  G06Q20/407

Abstract: Various methods and systems for tracking incomplete purchases in correlation with application performance, such as application errors or crashes, are provided. In this regard, aspects of the invention facilitate monitoring transaction and application error events and analyzing data associated therewith to identify data indicating an impact of incomplete purchases in relation to an error(s) such that application performance can be improved. In various implementations, application data associated with an application installed on a mobile device is received. The application data is used to determine that an error that occurred in association with the application installed on the mobile device correlates with an incomplete monetary transaction initiated via the application. Based on the error correlating with the incomplete monetary transaction, a transaction attribute associated with the error is determined.

公开(公告)号：US09699205B2

公开(公告)日：2017-07-04

申请号：US14841634

申请日：2015-08-31

Applicant: Splunk Inc.

Inventor： Sudhakar Muddu ,  Christos Tryfonas ,  Ravi Prasad Bulusu

IPC: G06F21/00 ,  H04L29/06 ,  G06N99/00 ,  G06F17/30 ,  G06N7/00 ,  G06F3/0482 ,  G06F3/0484 ,  G06F17/22 ,  H04L12/24 ,  G06N5/04 ,  G06K9/20 ,  H04L12/26

CPC classification number: H04L63/1416 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F17/2235 ,  G06F17/30061 ,  G06F17/3053 ,  G06F17/30563 ,  G06F17/30598 ,  G06F17/30958 ,  G06K9/2063 ,  G06N5/04 ,  G06N7/005 ,  G06N99/005 ,  H04L41/0893 ,  H04L41/145 ,  H04L41/22 ,  H04L43/00 ,  H04L43/045 ,  H04L43/062 ,  H04L43/08 ,  H04L63/06 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20 ,  H04L2463/121

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

公开(公告)号：US20170139887A1

公开(公告)日：2017-05-18

申请号：US15417430

申请日：2017-01-27

Applicant: Splunk, Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F17/24 ,  G06F3/0484 ,  G06F17/30

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US09614736B2

公开(公告)日：2017-04-04

申请号：US14815919

申请日：2015-07-31

Applicant: Splunk, Inc.

Inventor： Tristan Antonio Fletcher ,  Alok Anant Bhide

IPC: G06F17/30 ,  G06F7/00 ,  H04L12/24 ,  G06Q10/06 ,  H04L29/08 ,  H04L12/26 ,  G06F3/0484 ,  G06F9/54 ,  G06F3/0481 ,  G06F3/0482

CPC classification number: H04L43/16 ,  G06F3/0481 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/542 ,  G06F17/30424 ,  G06F17/30463 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30572 ,  G06F17/30675 ,  G06F17/30864 ,  G06F17/30867 ,  G06F17/30958 ,  G06F17/30964 ,  G06F17/30979 ,  G06F17/30991 ,  G06Q10/06393 ,  G06T11/206 ,  G06T2200/24 ,  H04L29/08072 ,  H04L41/0213 ,  H04L41/0806 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/5032 ,  H04L41/5035 ,  H04L41/5038 ,  H04L43/04 ,  H04L43/045 ,  H04L67/10 ,  H04L67/16

Abstract: A service monitoring system receives a selection of key performance indicators (KPIs) that each indicate a different aspect of how a service provided by one or more entities is performing. Each entity of the one or more entities produces machine data or wherein each entity has its operation reflected in machine data not produced by the entity. Each KPI is defined by a different search query that derives one or more values from the machine data pertaining to the one or more entities providing the service, where each of the one or more values is associated with a point in time and representing the aspect of how the service is performing at the associated point in time. For each of the selected KPIs, the service monitoring system derives the one or more values and causes display of a graphical visualization of the derived one or more values for the KPI along a time-based graph lane. The graph lanes for the selected KPIs are parallel to each other and the graphical visualizations in the graph lanes are all calibrated to a same time scale.

公开(公告)号：US09596252B2

公开(公告)日：2017-03-14

申请号：US15056999

申请日：2016-02-29

Applicant: Splunk Inc.

Inventor： John Coates ,  Lucas Murphey ,  David Hazekamp ,  James Hansen

IPC: G06F11/00 ,  H04L29/06 ,  G06F21/55

CPC classification number: H04L63/1433 ,  G06F17/30598 ,  G06F21/554 ,  G06F2221/034 ,  G06F2221/2151 ,  H04L63/14 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/20

Abstract: A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.

Abstract translation: 所公开的计算机实现的方法包括接收和索引原始数据。 索引包括将原始数据划分为包含与计算机或网络安全相关的信息的时间戳搜索事件。 将索引数据存储在索引数据存储中，并使用模式从索引数据中的字段中提取值。 搜索提取的字段值以获取安全信息。 使用安全信息确定一组安全事件。 每个安全事件都包括由条件指定的字段值。 提供包括安全事件组的摘要，安全事件的其他摘要和删除元素（与摘要相关联）的图形界面（GI）。 接收与删除元素的交互相对应的输入。 与删除元素进行交互会导致摘要从GI中移除。 更新GI以从GI中删除摘要。