公开(公告)号：US12118334B1

公开(公告)日：2024-10-15

申请号：US18063534

申请日：2022-12-08

Applicant: SPLUNK Inc.

Inventor： Chinmay Madhav Kulkarni ,  Lin Ma ,  Amir Malekpour ,  Mohan Rajagopalan ,  John C. Reed ,  Ram Sriharsha

IPC: G06F8/30 ,  G06F8/41 ,  G06F16/21 ,  G06F16/953 ,  G06N20/00

CPC classification number: G06F8/31 ,  G06F8/427 ,  G06F16/211 ,  G06F16/953 ,  G06N20/00

Abstract: Disclosed herein is a method that supports queries deploying operators based on multiple programming languages at least through determining schema compatibility between neighboring operators within a query. Upon receipt of a query, a sequence of operators of the query is identified, where the sequence of operators includes at least two neighboring operators including a first operator and a second operator representing a machine learning model. By determining schema compatibility between at least the first and second operators, the method either alerts a user to schema incompatibility before attempting to execute the query or determine that the schemas are compatible such that the query may be executed without the occurrence of errors due to schema incompatibility between neighboring operators. Advantageously, the method enables the integration of a machine learning model into the query while still ensuring schema compatibility.

公开(公告)号：US12079233B1

公开(公告)日：2024-09-03

申请号：US17246241

申请日：2021-04-30

Applicant: SPLUNK INC.

Inventor： Abhinav Mishra ,  Ram Sriharsha ,  Sichen Zhong

IPC: G06F16/2458

CPC classification number: G06F16/2465

Abstract: Embodiments described herein are directed to facilitating performing online data decomposition to identify multiple seasonal components. In accordance with aspects of the present disclosure, a first iterative process is performed to determine a first seasonal component associated with an incoming data point based on a set of previous data points of a time series data set and corresponding data components. In addition, a second iterative process is performed to determine a second seasonal component associated with the incoming data point based on previous data points of the time series data set and corresponding data components. The first seasonal component and the second seasonal component can then be provided for analysis of the incoming data point (e.g., for presentation, for use in determining trend and residual components, etc.).

公开(公告)号：US12056169B1

公开(公告)日：2024-08-06

申请号：US17513670

申请日：2021-10-28

Applicant: SPLUNK Inc.

Inventor： Abhinav Mishra ,  Giovanni Mola ,  Ram Sriharsha ,  Abraham Starosta ,  Zhaohui Wang

IPC: G06F7/00 ,  G06F16/33 ,  G06F16/35 ,  G06N20/00

CPC classification number: G06F16/334 ,  G06F16/35 ,  G06N20/00

Abstract: A computerized method is disclosed that includes operations of training a machine learning model using a labeled training set of data, wherein the machine learning model is configured to classify domain name server (DNS) records, obtaining DNS record data including at least a first DNS Txt record, applying the trained machine learning model to the first DNS Txt record to classify the first DNS Txt record and responsive to the classification of the first DNS Txt record, generating a flag for a system administrator. The trained machine learning model may classify the first DNS Txt record using logistic regression. In some instances, applying the trained machine learning model to the first DNS Txt record includes performing a tokenizing operation on the first DNS Txt record to generate a tokenized first DNS Txt record.

公开(公告)号：US12032629B2

公开(公告)日：2024-07-09

申请号：US17874751

申请日：2022-07-27

Applicant: Splunk Inc.

Inventor： Ram Sriharsha

IPC: G06F16/2458 ,  G06F9/38 ,  G06F9/54 ,  G06F16/14 ,  G06F16/16 ,  G06F16/22 ,  G06F16/23 ,  G06F16/242 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/28 ,  G06F16/901 ,  G06F17/16 ,  G06F17/18 ,  G06F18/21 ,  G06F18/214 ,  G06N20/00 ,  G06N20/20

CPC classification number: G06F16/901 ,  G06F9/3885 ,  G06F9/544 ,  G06F16/144 ,  G06F16/156 ,  G06F16/168 ,  G06F16/2246 ,  G06F16/23 ,  G06F16/2379 ,  G06F16/242 ,  G06F16/24534 ,  G06F16/24568 ,  G06F16/2465 ,  G06F16/285 ,  G06F17/16 ,  G06F17/18 ,  G06F18/2148 ,  G06F18/2185 ,  G06N20/00 ,  G06N20/20 ,  G06F16/22 ,  G06F16/2264 ,  G06F16/2282

Abstract: Systems and methods are described for processing ingested data, detecting anomalies in the ingested data, and providing explanations of a possible cause of the detected anomalies as the data is being ingested. For example, a token or field in the ingested data may have an anomalous value. Tokens or fields from another portion of the ingested data can be extracted and analyzed to determine whether there is any correlation between the values of the extracted tokens or fields and the anomalous token or field having an anomalous value. If a correlation is detected, this information can be surfaced to a user.

公开(公告)号：US11704490B2

公开(公告)日：2023-07-18

申请号：US16945448

申请日：2020-07-31

Applicant: Splunk Inc.

Inventor： Ram Sriharsha ,  Zhaohui Wang ,  Kristal Curtis

IPC: G06F40/284 ,  G06N20/00 ,  G06F40/242 ,  G06F16/33 ,  G06N5/04

CPC classification number: G06F40/284 ,  G06F16/3347 ,  G06F40/242 ,  G06N5/04 ,  G06N20/00

Abstract: Systems and methods are described for training an artificial intelligence model to infer a log sourcetype of a log. For example, logs may have different log sourcetypes, and logs having the same log sourcetypes may have different messagetypes. The artificial intelligence model may be a machine learning model, and can be trained using training data that includes logs with known log sourcetypes. Each log can be tokenized, filtered, converted into a vector, and applied to a machine learning model as an input to perform the training. The machine learning model may output an inferred log sourcetype, which can be compared with the known log sourcetype to update model parameters to improve the machine learning model accuracy. The trained machine learning model may be trained to infer a log sourcetype of a log regardless of the messagetype of the log.

公开(公告)号：US20230205819A1

公开(公告)日：2023-06-29

申请号：US18117319

申请日：2023-03-03

Applicant: Splunk Inc.

Inventor： Ram Sriharsha

IPC: G06F16/901 ,  G06F16/2458 ,  G06F16/28 ,  G06F16/23 ,  G06N20/20 ,  G06F9/38 ,  G06F9/54 ,  G06F16/2455 ,  G06F16/14 ,  G06F16/22 ,  G06F16/2453 ,  G06N20/00 ,  G06F16/16 ,  G06F17/16 ,  G06F17/18 ,  G06F16/242 ,  G06F18/214 ,  G06F18/21

CPC classification number: G06F16/901 ,  G06F16/2465 ,  G06F16/285 ,  G06F16/2379 ,  G06N20/20 ,  G06F9/3885 ,  G06F9/544 ,  G06F16/24568 ,  G06F16/144 ,  G06F16/2246 ,  G06F16/156 ,  G06F16/24534 ,  G06N20/00 ,  G06F16/168 ,  G06F17/16 ,  G06F17/18 ,  G06F16/242 ,  G06F16/23 ,  G06F18/2148 ,  G06F18/2185 ,  G06F16/22 ,  G06F16/2264 ,  G06F16/2282

Abstract: Systems and methods are described for providing a user interface through which a user can program operation of a data processing pipeline by specifying a graph of nodes that transform data and interconnections that designate routing of data between individual nodes within the graph. In response to a user request, a preview mode can be activated that causes the data processing pipeline to retrieve data from at least one source specified by the graph, transform the data according to the nodes of the graph, sample the transformed data, and display the sampling of the transformed data to at least one node without writing the transformed data to at least one destination specified by the graph.

公开(公告)号：US11663176B2

公开(公告)日：2023-05-30

申请号：US16945229

申请日：2020-07-31

Applicant: Splunk Inc.

Inventor： Ram Sriharsha ,  Zhaohui Wang ,  Kristal Curtis ,  Abraham Starosta

IPC: G06F16/00 ,  G06F16/21 ,  G06N3/08 ,  G06K9/62 ,  G06F16/25

CPC classification number: G06F16/213 ,  G06F16/252 ,  G06F16/258 ,  G06K9/6231 ,  G06K9/6257 ,  G06N3/08

Abstract: Systems and methods are described for training an artificial intelligence model to extract one or more data fields from a log. For example, the artificial intelligence model may be a neural network. The neural network may be trained using training data obtained by iterating through a plurality of logs using active learning, and selecting a subset of the logs in the plurality to be labeled by a user. For example, the selected subset of logs may be logs that are not similar to other logs already labeled by a user. The user may be prompted to label the selected subset of logs to identify one or more data fields to extract. Once the selected subset of logs are labeled, these labeled logs can be used as the training data to train the neural network.

公开(公告)号：US11620157B2

公开(公告)日：2023-04-04

申请号：US16670789

申请日：2019-10-31

Applicant: Splunk Inc.

Inventor： Ram Sriharsha ,  Mark Huang ,  Abhinav Mishra ,  Harsha Wasalathanthrige Don

IPC: G06F9/48 ,  G06F17/18 ,  G06F16/17 ,  G06F9/38

Abstract: Systems and methods are described for processing ingested pipeline metrics and ingested logs in an asynchronous manner as the data is being ingested to explain anomalies detected in the pipeline metrics using the ingested logs. For example, one or more streaming data processors can convert data as the data is ingested into a comparable data structure, determine whether the comparable data structure should be assigned to an existing data pattern or a new data pattern, and determine whether the logs corresponding to the comparable data structure is anomalous. Separately, the streaming data processor(s) can perform an outlier detection on the pipeline metrics to detect outliers. The streaming data processor(s) can then window the anomalous logs and the pipeline metric outliers to surface explanations for the pipeline metric outliers using the anomalous logs.

公开(公告)号：US11615101B2

公开(公告)日：2023-03-28

申请号：US16779479

申请日：2020-01-31

Applicant: Splunk Inc.

Inventor： Ram Sriharsha ,  Kristal Lyn Curtis ,  Iryna Vogler-Ivashchanka ,  Clark Eugene Mullen

IPC: G06F16/2458 ,  G06F16/28 ,  G06F16/23 ,  G06N20/20 ,  G06F9/38 ,  G06F9/54 ,  G06K9/62 ,  G06F16/2455 ,  G06F16/14 ,  G06F16/22 ,  G06F16/2453 ,  G06N20/00 ,  G06F16/16 ,  G06F17/16 ,  G06F17/18 ,  G06F16/242

Abstract: Systems and methods are described for processing ingested data in an asynchronous manner as the data is being ingested to detect potential anomalies. For example, one or more streaming data processors can convert data as the data is ingested into a comparable data structure, determine whether the comparable data structure should be assigned to an existing data pattern or a new data pattern, and optionally update a characteristic of the data pattern to which the comparable data structure is assigned. The streaming data processor(s) can perform these operations automatically in real-time or in periodic batches. Once one or more comparable data structures have been assigned to one or more data patterns, the streaming data processor(s) can analyze the comparable data structures assigned to a particular data pattern to determine whether any of the comparable data structures appear to be anomalous.

公开(公告)号：US11599549B2

公开(公告)日：2023-03-07

申请号：US16779486

申请日：2020-01-31

Applicant: Splunk Inc.

Inventor： Ram Sriharsha

IPC: G06F16/2458 ,  G06F16/28 ,  G06F16/23 ,  G06N20/20 ,  G06F16/2455 ,  G06F16/14 ,  G06F16/22 ,  G06F16/2453 ,  G06N20/00 ,  G06F16/16 ,  G06F16/242 ,  G06F9/38 ,  G06F9/54 ,  G06K9/62 ,  G06F17/16 ,  G06F17/18

Abstract: Systems and methods are described for providing a user interface through which a user can program operation of a data processing pipeline by specifying a graph of nodes that transform data and interconnections that designate routing of data between individual nodes within the graph. In response to a user request, a preview mode can be activated that causes the data processing pipeline to retrieve data from at least one source specified by the graph, transform the data according to the nodes of the graph, sample the transformed data, and display the sampling of the transformed data to at least one node without writing the transformed data to at least one destination specified by the graph.