公开(公告)号：US20180218045A1

公开(公告)日：2018-08-02

申请号：US15419883

申请日：2017-01-30

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Ashish Mathew ,  Xiaowei Wang ,  Christopher Pride

IPC: G06F17/30

Abstract: The disclosed embodiments include a method performed by a data intake and query system. The method includes receiving a search query by a search head, defining a search process for applying the search query to indexers, delegating a first portion of the search process to indexers and a second portion of the search process to intermediary node(s) communicatively coupled to the search head and the indexers. The first portion can define a search scope for obtaining partial search results of the indexers and the second portion can define operations for combining the partial search results by the intermediary node(s) to produce a combination of the partial search results. The search head then receives the combination of the partial search results, and outputs final search results for the search query, where the final search results are based on the combination of the partial search results.

公开(公告)号：US10038707B2

公开(公告)日：2018-07-31

申请号：US14929204

申请日：2015-10-30

Applicant: Splunk Inc.

Inventor： Sudhakar Muddu ,  Christos Tryfonas ,  Yijiang Li

IPC: H04L29/06 ,  G06N99/00 ,  G06F17/30 ,  G06N7/00 ,  G06F3/0482 ,  G06K9/20 ,  G06F3/0484 ,  H04L12/24 ,  H04L12/26

CPC classification number: H04L63/1416 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F16/24578 ,  G06F16/254 ,  G06F16/285 ,  G06F16/444 ,  G06F16/9024 ,  G06F17/2235 ,  G06K9/2063 ,  G06N5/022 ,  G06N5/04 ,  G06N7/005 ,  G06N20/00 ,  H04L41/0893 ,  H04L41/145 ,  H04L41/22 ,  H04L43/00 ,  H04L43/045 ,  H04L43/062 ,  H04L43/08 ,  H04L63/06 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20 ,  H04L2463/121 ,  H05K999/99

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

公开(公告)号：US10026204B2

公开(公告)日：2018-07-17

申请号：US14606396

申请日：2015-01-27

Applicant: Splunk Inc.

Inventor： Geoffrey R. Hendrey

IPC: G06T11/20 ,  G06F17/30 ,  G06T1/20 ,  G06T1/60

Abstract: A system that displays geographic data is disclosed. During operation, the system receives a query to be processed, wherein the query is associated with a set of geographic regions. Next, the system uses a late-binding schema generated from the query to retrieve a set of data points from a set of events containing previously gathered data. Then, for each data point in a set of data points, the system identifies zero or more geographic regions in the set of geographic regions that the data point falls into. Finally, the system displays the set of geographic regions, wherein each polygon that defines a geographic region is marked to indicate a number of data points that fall into the polygon.

公开(公告)号：US20180196824A1

公开(公告)日：2018-07-12

申请号：US15402119

申请日：2017-01-09

Applicant: Splunk, Inc.

Inventor： Ledion Bitincka ,  Alexandros Batsakis ,  Paul J. Lucas ,  Nicholas Robert Romito

IPC: G06F17/30

CPC classification number: G06F12/0875 ,  G06F12/0802 ,  G06F12/0862 ,  G06F12/0866 ,  G06F12/0868 ,  G06F12/0871 ,  G06F12/0873 ,  G06F17/30106 ,  G06F17/30132 ,  G06F17/30864 ,  G06F17/30902 ,  G06F2212/1021 ,  G06F2212/45 ,  G06F2212/6024 ,  G06F2212/6026 ,  G06F2212/6028

Abstract: Embodiments are disclosed for performing cache aware searching. In response to a search query, a first bucket and a second bucket in remote storage for processing the search query. A determination is made that a first file in the first bucket is present in a cache when the search query is received. In response to the search query, a search is performed using the first file based on the determination that the first file is present in the cache when the search query is received, and the search is performed using a second file from the second bucket once the second file is stored in the cache.

公开(公告)号：US10003605B2

公开(公告)日：2018-06-19

申请号：US14929182

申请日：2015-10-30

Applicant: Splunk Inc.

Inventor： Sudhakar Muddu ,  Christos Tryfonas

IPC: H04L29/06 ,  G06N99/00 ,  G06F17/30 ,  G06N7/00 ,  G06F3/0482 ,  G06K9/20 ,  G06F3/0484 ,  H04L12/24 ,  H04L12/26

CPC classification number: H04L63/1416 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F16/24578 ,  G06F16/254 ,  G06F16/285 ,  G06F16/444 ,  G06F16/9024 ,  G06F17/2235 ,  G06K9/2063 ,  G06N5/022 ,  G06N5/04 ,  G06N7/005 ,  G06N20/00 ,  H04L41/0893 ,  H04L41/145 ,  H04L41/22 ,  H04L43/00 ,  H04L43/045 ,  H04L43/062 ,  H04L43/08 ,  H04L63/06 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20 ,  H04L2463/121 ,  H05K999/99

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

公开(公告)号：US20180157755A1

公开(公告)日：2018-06-07

申请号：US15885629

申请日：2018-01-31

Applicant: SPLUNK INC.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F17/30

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing real-time search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.

公开(公告)号：US20180157705A1

公开(公告)日：2018-06-07

申请号：US15885538

申请日：2018-01-31

Applicant: SPLUNK INC.

Inventor： Marc Vincent Robichaud

IPC: G06F17/30

CPC classification number: G06F16/24534 ,  G06F16/2379 ,  G06F16/2477 ,  G06F16/313 ,  G06F16/322 ,  G06F16/338 ,  G06F16/447 ,  G06F16/9537

Abstract: A request is received to display at least a portion of a first events set and at least a portion of a second events set in an interleaved and visually distinct display format, where, in the interleaved and visually distinct display format, the at least a portion of the first events set is displayed in a visually distinct manner from the at least a portion of the second events set, and data from the at least a portion of the first events set is interleaved with data from the at least a portion of the second events set. In response to receiving the request, display is caused, on a user interface, of the at least a portion of the first events set and the at least a portion of the second events set in the interleaved and visually distinct display format.

公开(公告)号：US20180157404A1

公开(公告)日：2018-06-07

申请号：US15885799

申请日：2018-01-31

Applicant: Splunk Inc.

Inventor： Cary Noel ,  Ian Link

IPC: G06F3/0484 ,  G06F17/30 ,  G06Q10/06

CPC classification number: G06F3/04847 ,  G06F16/00 ,  G06Q10/063

Abstract: Data values for various items are visualized in real-time or near real-time using radial-based techniques to produce data visualizations bearing some resemblance to, for example, pie charts, radial charts, etc. The data values are shown using indicators that encircle, or at least partially encircle, a central point. One or more characteristics of the indicator reflect the value that corresponds to the indicator. The characteristics may include, for instance, the color of the indicator and/or the distance of the indicator (or more specifically, a given point on the indicator) from the central point. The characteristics of the indicators change over time, in accordance with changes in the current values of the data items. A variety of indicators may be used, including, without limitation, points, icons, pie “wedges,” filled or partially-filled sectors of an ellipse or semi-circle, arcs or lines that span between the sides of such sectors, and so forth.

公开(公告)号：US09990423B2

公开(公告)日：2018-06-05

申请号：US14526493

申请日：2014-10-28

Applicant: Splunk Inc.

Inventor： Ledio Ago ,  Declan Gerard Shanaghy

IPC: G06F17/30

CPC classification number: G06F17/30705 ,  G06F17/30631

Abstract: Various embodiments describe multi-site cluster-based data intake and query systems, including cloud-based data intake and query systems. Using a hybrid search system that includes cloud-based data intake and query systems working in concert with so-called “on-premises” data intake and query systems can promote the scalability of search functionality. In addition, the hybrid search system can enable data isolation in a manner in which sensitive data is maintained “on premises” and information or data that is not sensitive can be moved to the cloud-based system. Further, the cloud-based system can enable efficient leveraging of data that may already exist in the cloud.

公开(公告)号：US09985863B2

公开(公告)日：2018-05-29

申请号：US14800672

申请日：2015-07-15

Applicant: Splunk Inc.

Inventor： Tristan Antonio Fletcher ,  Hemendra Singh Choudhary ,  Clint Sharp

IPC: G06F15/16 ,  H04L12/26 ,  H04L12/24 ,  G06Q10/06 ,  G06F3/0482 ,  G06F3/0484 ,  H04L29/08 ,  G06F12/00

CPC classification number: H04L43/16 ,  G06F3/0481 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/542 ,  G06F17/30424 ,  G06F17/30463 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30572 ,  G06F17/30675 ,  G06F17/30864 ,  G06F17/30867 ,  G06F17/30958 ,  G06F17/30964 ,  G06F17/30979 ,  G06F17/30991 ,  G06Q10/06393 ,  G06T11/206 ,  G06T2200/24 ,  H04L29/08072 ,  H04L41/0213 ,  H04L41/0806 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/5032 ,  H04L41/5035 ,  H04L41/5038 ,  H04L43/04 ,  H04L43/045 ,  H04L67/10 ,  H04L67/16

Abstract: Techniques are disclosed for providing an aggregate key performance indicator (KPI) that spans multiple services and for providing user adjustment to KPI factors via a GUI that enables a user to configure an aggregate KPI with feedback that better characterizes the performance of the services. The GUI may enable a user to select KPIs and to adjust weights (e.g., importance) associated with the KPIs. The weight of a KPI may affect the influence a value of the KPI has on the calculation of an aggregate KPI value (e.g., score). The GUI may provide near real-time feedback concerning the effect the weights have on the aggregate KPI value by displaying the aggregate KPI value (e.g., score) and updating the aggregate KPI value as the user adjusts the weights.