公开(公告)号：US20160092282A1

公开(公告)日：2016-03-31

申请号：US14962970

申请日：2015-12-08

Applicant: Splunk Inc.

Inventor： Itay A. Neeman

IPC: G06F9/54 ,  G06F9/445

CPC classification number: G06F9/542 ,  G06F8/65 ,  G06F8/71 ,  G06F9/44521 ,  G06F9/54 ,  G06F17/30477 ,  G06F2209/545

Abstract: A first feature (e.g., chart or table) includes a reference to a dynamic pointer. Independently, the pointer is defined to point to a second feature (e.g., a query). The first feature is automatically updated to reflect a current value of the second feature. The reference to the pointer and pointer definition are recorded in a central registry, and changes to the pointer or second feature automatically cause the first feature to be updated to reflect the change. A mapping between features can be generated using the registry and can identify interrelationships to a developer. Further, changes in the registry can be tracked, such that a developer can view changes pertaining to a particular time period and/or feature of interest (e.g., corresponding to an operation problem).

公开(公告)号：US09286413B1

公开(公告)日：2016-03-15

申请号：US14528882

申请日：2014-10-30

Applicant: Splunk Inc.

Inventor： John Robert Coates ,  Poorva Malviya ,  Brian John Bingham ,  Cary Glen Noel

IPC: G06F7/00 ,  G06F17/30 ,  G06F3/0484

CPC classification number: H04L43/16 ,  G06F3/0481 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/542 ,  G06F17/30424 ,  G06F17/30463 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30572 ,  G06F17/30675 ,  G06F17/30864 ,  G06F17/30867 ,  G06F17/30958 ,  G06F17/30964 ,  G06F17/30979 ,  G06F17/30991 ,  G06Q10/06393 ,  G06T11/206 ,  G06T2200/24 ,  H04L29/08072 ,  H04L41/0213 ,  H04L41/0806 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/5032 ,  H04L41/5035 ,  H04L41/5038 ,  H04L43/04 ,  H04L43/045 ,  H04L67/10 ,  H04L67/16

Abstract: One or more processing devices cause display of a service-monitoring dashboard that includes one or more key performance indicator (KPI) widgets. Each KPI widget provides a numerical or graphical representation of one or more values for a corresponding KPI indicating how a service provided by one or more entities is performing at one or more points in time. Each entity of the one or more entities is associated with machine data. A KPI is defined by a search query that derives the one or more values represented by the corresponding KPI widget from the machine data associated with the one or more entities that provide the service whose performance is reflected by the KPI.

Abstract translation: 一个或多个处理设备引起显示包括一个或多个关键性能指标（KPI）小部件的服务监视仪表板。 每个KPI小部件提供用于对应的KPI的一个或多个值的数字或图形表示，其指示由一个或多个实体提供的服务如何在一个或多个时间点执行。 一个或多个实体的每个实体与机器数据相关联。 KPI由搜索查询定义，该搜索查询从与提供其性能由KPI反映的服务的一个或多个实体相关联的机器数据中导出由相应的KPI小部件表示的一个或多个值。

公开(公告)号：US09251221B1

公开(公告)日：2016-02-02

申请号：US14447995

申请日：2014-07-31

Applicant: Splunk Inc.

Inventor： Lucas Murphey ,  David Hazekamp

IPC: G06F15/173 ,  G06F17/30

CPC classification number: G06F17/3053 ,  G06F17/30303 ,  G06F17/30312 ,  G06F17/30368 ,  G06F17/3051 ,  G06F17/30551 ,  G06F17/30864

Abstract: Systems and methods for assigning scores to objects based on evaluating triggering conditions applied to datasets produced by search queries in data aggregation and analysis systems. An example method may comprise: executing, by one or more processing devices, a search query to produce a dataset comprising one or more data items derived from source data; and responsive to determining that at least a portion of the dataset satisfies a triggering condition, modifying a score assigned to an object to which the portion of the dataset pertains.

Abstract translation: 根据对数据汇总和分析系统中搜索查询产生的数据集的触发条件进行评估，为对象分配分数的系统和方法。 示例性方法可以包括：由一个或多个处理设备执行搜索查询以产生包括从源数据导出的一个或多个数据项的数据集; 并且响应于确定所述数据集的至少一部分满足触发条件，修改分配给所述数据集的所述部分所属对象的得分。

公开(公告)号：US09229985B2

公开(公告)日：2016-01-05

申请号：US14266840

申请日：2014-05-01

Applicant: Splunk Inc.

Inventor： Itay A. Neeman

IPC: G06F3/00 ,  G06F9/44 ,  G06F9/46 ,  G06F13/00 ,  G06F17/30 ,  G06F9/54 ,  G06F9/445

CPC classification number: G06F9/542 ,  G06F8/65 ,  G06F8/71 ,  G06F9/44521 ,  G06F9/54 ,  G06F17/30477 ,  G06F2209/545

Abstract: A first feature (e.g., chart or table) includes a reference to a dynamic pointer. Independently, the pointer is defined to point to a second feature (e.g., a query). The first feature is automatically updated to reflect a current value of the second feature. The reference to the pointer and pointer definition are recorded in a central registry, and changes to the pointer or second feature automatically cause the first feature to be updated to reflect the change. A mapping between features can be generated using the registry and can identify interrelationships to a developer. Further, changes in the registry can be tracked, such that a developer can view changes pertaining to a particular time period and/or feature of interest (e.g., corresponding to an operation problem).

Abstract translation: 第一特征（例如，图表或表）包括对动态指针的引用。 独立地，指针被定义为指向第二特征（例如，查询）。 第一个功能会自动更新，以反映第二个功能的当前值。 对指针和指针定义的引用被记录在中央注册表中，并且对指针或第二特征的改变自动地使第一特征被更新以反映该变化。 功能之间的映射可以使用注册表生成，并且可以识别开发人员的相互关系。 此外，可以跟踪注册表中的更改，使得开发者可以查看与特定时间段和/或感兴趣的特征相关的改变（例如，对应于操作问题）。

公开(公告)号：US20150339344A1

公开(公告)日：2015-11-26

申请号：US14815884

申请日：2015-07-31

Applicant: Splunk Inc.

Inventor： Alice Emily Neels ,  Archana Sulochana Ganapathi ,  Marc Vincent Robichaud ,  Stephen Phillip Sorkin ,  Steve Yu Zhang

IPC: G06F17/30

CPC classification number: G06F17/30395 ,  G06F3/0482 ,  G06F17/248 ,  G06F17/30283 ,  G06F17/30424 ,  G06F17/30528 ,  G06F17/30554 ,  G06F17/30867

Abstract: Embodiments include generating data models that may give semantic meaning for unstructured or structured data that may include data generated and/or received by search engines, including a time series engine. A method includes generating a data model for data stored in a repository. Generating the data model includes generating an initial query string, executing the initial query string on the data, generating an initial result set based on the initial query string being executed on the data, determining one or more candidate fields from one or results of the initial result set, generating a candidate data model based on the one or more candidate fields, iteratively modifying the candidate data model until the candidate data model models the data, and using the candidate data model as the data model.

Abstract translation: 实施例包括生成可以给非结构化或结构化数据赋予语义意义的数据模型，其可以包括由搜索引擎（包括时间序列引擎）生成和/或接收的数据。 一种方法包括为存储在存储库中的数据生成数据模型。 生成数据模型包括生成初始查询字符串，对数据执行初始查询字符串，基于对数据执行的初始查询字符串生成初始结果集，从一个或多个初始查询字符串的结果确定一个或多个候选字段 生成基于一个或多个候选字段的候选数据模型，迭代地修改候选数据模型，直到候选数据模型对数据建模，并使用候选数据模型作为数据模型。

公开(公告)号：US20150295779A1

公开(公告)日：2015-10-15

申请号：US14610438

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Nishant Teredesai ,  Matthew S. Zises

IPC: H04L12/24 ,  H04L29/06

CPC classification number: G06F16/26 ,  H04L41/22 ,  H04L43/022 ,  H04L43/045 ,  H04L63/1433

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements comprising event stream information for one or more ephemeral event streams used to temporarily generate the time-series event data from the network packets. The system then causes for display, in the GUI, a mechanism for navigating between the event stream information and creation information for one or more creators of the one or more ephemeral event streams.

Abstract translation: 所公开的实施例提供了有助于网络数据的处理的系统。 在操作期间，系统使得显示图形用户界面（GUI），用于获得用于配置从一个或多个远程捕获代理捕获的网络分组生成时间序列事件数据的配置信息。 接下来，系统导致在GUI中显示第一组用户界面元素，其包括用于从网络分组临时生成时间序列事件数据的一个或多个临时事件流的事件流信息。 然后，系统在GUI中显示用于在事件流信息和用于一个或多个临时事件流的一个或多个创建者的创建信息之间导航的机制。

公开(公告)号：US09146962B1

公开(公告)日：2015-09-29

申请号：US14611213

申请日：2015-01-31

Applicant: Splunk Inc.

Inventor： Brent Boe ,  Alok Anant Bhide ,  Sonal Maheshwari

IPC: G06F15/16 ,  G06F17/30 ,  G06F9/54 ,  H04L12/24 ,  G06F12/00

CPC classification number: G06F17/30321 ,  G06F3/0484 ,  G06F9/542 ,  G06F17/30126 ,  G06F17/30353 ,  G06F17/30424 ,  H04L41/0213 ,  H04L41/22 ,  H04L41/5012 ,  H04L41/5032 ,  H04L41/5045

Abstract: A computer system determines if events in a machine data store satisfy event selection criteria, the event selection criteria including a first field-value pair. To determine if one of the events satisfies the event selection criteria, the computer system compares the first field-value pair of the event selection criteria with a second field-value pair from an entity definition associated with the event by using a third field-value pair from data corresponding to the event in the machine data store.

Abstract translation: 计算机系统确定机器数据存储器中的事件是否满足事件选择标准，事件选择标准包括第一字段值对。 为了确定事件中的一个是否满足事件选择标准，计算机系统通过使用第三字段值将事件选择标准的第一字段值对与来自与事件相关联的实体定义的第二字段值对进行比较 从与机器数据存储中的事件相对应的数据对。

公开(公告)号：US09129041B1

公开(公告)日：2015-09-08

申请号：US14448215

申请日：2014-07-31

Applicant: Splunk Inc.

Inventor： Michael E. Cormier ,  William E. Thackrey ,  Earl D. Cox

IPC: G06F17/30

CPC classification number: G06F17/30469 ,  G06F17/30454 ,  G06F17/30528 ,  G06F17/30542 ,  G06F17/30731 ,  G06F17/30979

Abstract: The disclosed embodiments relate to a system that updates a context that facilitates evaluating qualitative search terms for an attribute during query processing. During operation, the system extracts a value for the attribute from each data item in a set of data items. Next, the system updates the context based on the extracted attribute values, wherein the context includes a concept-mapping for one or more qualitative search terms applied to the attribute, and wherein each concept-mapping associates a given attribute value with a numerical compatibility index that indicates a compatibility between the given attribute value and a corresponding qualitative search term.

Abstract translation: 所公开的实施例涉及在查询处理期间更新便于评估属性的定性搜索项的上下文的系统。 在操作期间，系统从一组数据项中的每个数据项中提取属性值。 接下来，系统基于所提取的属性值来更新上下文，其中上下文包括应用于属性的一个或多个定性搜索项的概念映射，并且其中每个概念映射将给定属性值与数字兼容性索引相关联 这表示给定属性值与相应的定性搜索项之间的兼容性。

公开(公告)号：US20150180891A1

公开(公告)日：2015-06-25

申请号：US14135427

申请日：2013-12-19

Applicant: Splunk Inc.

Inventor： Mark SEWARD ,  John Robert COATES

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  G06F16/212 ,  G06F16/951 ,  H04L63/1425

Abstract: Systems and methods are provided for identifying network addresses and/or IDs of a deduplicated list among network data, machine data, and/or events derived from network data and/or machine data, and for identifying notable events by searching for the presence of network addresses and/or network IDs that are deduplicated across lists received from multiple external sources. One method includes receiving a plurality of lists of network locations, wherein each list is received from over a network, wherein each of the network locations includes a domain name or an IP address, and wherein at least two of the plurality of lists each include a same network location; aggregating the plurality of lists of network locations into a deduplicated list of unique network locations; and searching network data or machine data for a network location included in the deduplicated list of unique network locations.

Abstract translation: 系统和方法被提供用于识别网络数据，机器数据和/或从网络数据和/或机器数据导出的事件中的重复数据删除的列表的网络地址和/或ID，并且通过搜索网络的存在来识别显着的事件 在从多个外部源接收到的列表中进行重复数据删除的地址和/或网络ID。 一种方法包括接收多个网络位置列表，其中每个列表通过网络接收，其中每个网络位置包括域名或IP地址，并且其中多个列表中的至少两个列表包括 同一网络位置; 将多个网络位置列表聚合成唯一网络位置的重复数据删除列表; 以及搜索包含在唯一网络位置的重复数据删除列表中的网络位置的网络数据或机器数据。

公开(公告)号：US20150149879A1

公开(公告)日：2015-05-28

申请号：US14610668

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  Catherine Anne Hanson ,  David Carasso

IPC: G06F17/24

CPC classification number: G06F17/243 ,  G06F17/30551

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

Abstract translation: 所公开的技术涉及制定和提炼在查询时使用具有后期绑定模式的原始数据的字段提取规则。 字段提取规则识别原始数据的部分，以及它们的数据类型和层次关系。 这些提取规则是针对未组织成尚未通过标准提取或转换方法处理的关系结构的非常大的数据集执行的。 通过使用示例事件，关注主要和次要示例事件有助于制定跨多个数据格式的单个提取规则，或者针对不同格式的多个规则。 选择工具标记示例事件以指示提取规则的正例，并确定负面示例以避免错误的值选择。 提取规则可以保存以供查询时间使用，并且可以被并入事件数据的集合和子集的数据模型中。