公开(公告)号：US20150149480A1

公开(公告)日：2015-05-28

申请号：US14611170

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Erik M. SWAN ,  R. David CARASSO ,  Robin Kumar DAS ,  Rory GREENE ,  Bradley HALL ,  Nicholas Christian MEALY ,  Brian Philip MURPHY ,  Stephen Phillip SORKIN ,  Andre David STECHERT ,  Michael Joseph BAUM

IPC: G06F17/30

CPC classification number: G06F17/30336 ,  G06F17/30321 ,  G06F17/30342 ,  G06F17/30353 ,  G06F17/30516 ,  G06F17/30528 ,  G06F17/3053 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/30864

Abstract: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.

Abstract translation: 根据本发明的方法和设备提供了基于搜索来组织，索引，搜索和呈现时间序列数据的能力。 时间序列数据是在一个或多个通常连续的流中发生的时间戳记录的序列，表示某种类型的活动。 在一个实施例中，时间序列数据被组织成具有归一化时间戳的离散事件，并且事件由时间和关键字索引。 完全或部分地基于搜索时计算的时间索引机制，关键字索引机制或统计索引，检索相关的事件信息。

公开(公告)号：US20150143220A1

公开(公告)日：2015-05-21

申请号：US14611093

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： R. David CARASSO ,  Micah James DELFINO ,  Johnvey HWANG

IPC: G06F17/24 ,  H04L29/08

CPC classification number: G06F16/34 ,  G06F3/0484 ,  G06F3/04842 ,  G06F16/242 ,  G06F16/2423 ,  G06F16/2477 ,  G06F17/24 ,  G06F17/243 ,  G06F17/28 ,  H04L67/10

Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.

Abstract translation: 实施例涉及基于诸如正则表达式的至少一个提取规则来实时显示事件记录和提取的值。 可以使用用户界面来使用户能够自动生成提取规则和/或手动输入提取规则。 可以使用户手动编辑先前提供的提取规则，这可以导致更新的提取值的实时显示。 提取规则可以用于从多个记录中的每一个提取值，包括非结构化机器数据的事件记录。 可以针对每个唯一提取的值确定统计量，并且可以实时地向用户显示。 用户界面还可以使用户能够选择至少一个唯一的提取值来显示包括与所选择的值匹配的提取值的那些事件记录。

公开(公告)号：US20150142847A1

公开(公告)日：2015-05-21

申请号：US14611232

申请日：2015-01-31

Applicant: Splunk Inc.

Inventor： Alice Emily NEELS ,  Archana Sulochana GANAPATHI ,  Marc Robichaud ,  Stephen Phillip SORKIN ,  Steve Yu ZHANG

IPC: G06F17/30 ,  G06F17/24

CPC classification number: G06F17/30395 ,  G06F3/0482 ,  G06F17/248 ,  G06F17/30283 ,  G06F17/30424 ,  G06F17/30528 ,  G06F17/30554 ,  G06F17/30867

Abstract: Embodiments include generating data models that may give semantic meaning for unstructured or structured data that may include data generated and/or received by search engines, including a time series engine. A method includes generating a data model for data stored in a repository. Generating the data model includes generating an initial query string, executing the initial query string on the data, generating an initial result set based on the initial query string being executed on the data, determining one or more candidate fields from one or results of the initial result set, generating a candidate data model based on the one or more candidate fields, iteratively modifying the candidate data model until the candidate data model models the data, and using the candidate data model as the data model.

Abstract translation: 实施例包括生成可以给非结构化或结构化数据赋予语义意义的数据模型，其可以包括由搜索引擎（包括时间序列引擎）生成和/或接收的数据。 一种方法包括为存储在存储库中的数据生成数据模型。 生成数据模型包括生成初始查询字符串，对数据执行初始查询字符串，基于对数据执行的初始查询字符串生成初始结果集，从一个或多个初始查询字符串的结果确定一个或多个候选字段 生成基于一个或多个候选字段的候选数据模型，迭代地修改候选数据模型，直到候选数据模型对数据建模，并使用候选数据模型作为数据模型。

公开(公告)号：US09037562B2

公开(公告)日：2015-05-19

申请号：US14303596

申请日：2014-06-12

Applicant: Splunk Inc.

Inventor： Robin Kumar Das ,  Ledio Ago ,  Declan Gerard Shanaghy ,  Gaurav Gupta

IPC: G06F17/30 ,  H04L29/06 ,  G06Q20/14

CPC classification number: H04L63/105 ,  G06F9/4887 ,  G06F9/5088 ,  G06F17/30091 ,  G06F17/30094 ,  G06F17/30117 ,  G06F17/30289 ,  G06F17/30321 ,  G06F17/30336 ,  G06F17/30864 ,  G06F17/3087 ,  G06F17/30876 ,  G06F17/30896 ,  G06F17/30946 ,  G06F21/6218 ,  G06Q20/145 ,  H04L12/1435 ,  H04L63/10 ,  H04L67/1097

Abstract: Embodiments are directed towards a system and method for a cloud-based front end that may abstract and enable access to the underlying cloud-hosted elements and objects that may be part of a multi-tenant application, such as a search application. Search objects may be employed to access indexed objects. An amount of indexed data accessible to a user may be based on an index storage limit selected by the user, such that data that exceeds the index storage limit may continue to be indexed. Also, one or more projects can be elastically scaled for a user to provide resources that may meet the specific needs of each project.

Abstract translation: 实施例涉及用于基于云的前端的系统和方法，该系统和方法可以抽象并使得能够访问可能是诸如搜索应用的多租户应用的一部分的基于云托管的元素和对象。 可以使用搜索对象来访问索引对象。 用户可访问的索引数据量可以基于用户选择的索引存储限制，使得超过索引存储限制的数据可以继续被索引。 此外，一个或多个项目可以弹性地缩放以供用户提供可满足每个项目的特定需求的资源。

公开(公告)号：US09036979B2

公开(公告)日：2015-05-19

申请号：US13859620

申请日：2013-04-09

Applicant: TiVo Inc.

Inventor： Amir H Gharaat ,  James Barton ,  Mukesh K Patel

IPC: H04N9/80 ,  H04N21/435 ,  G06Q30/02 ,  G06Q30/04 ,  G06Q30/06 ,  G06Q50/00 ,  G11B27/32 ,  G06F3/14 ,  H04N9/79 ,  H04N21/422 ,  H04N5/765 ,  H04N21/8358

CPC classification number: H04N21/435 ,  G06F3/1454 ,  G06F17/3002 ,  G06Q30/0244 ,  G06Q30/0255 ,  G06Q30/04 ,  G06Q30/0631 ,  G06Q50/01 ,  G11B27/322 ,  H04M3/4938 ,  H04N5/765 ,  H04N5/782 ,  H04N9/79 ,  H04N21/422 ,  H04N21/42201 ,  H04N21/4415 ,  H04N21/442 ,  H04N21/8358

Abstract: In an embodiment, the playing of an advertisement may be detected by identifying the persons associated with the faces in the advertisement portion of the media content and determining that the identified persons are not actors listed for the media content. In an embodiment, the advertisement may be enhanced with additional content pertaining to the product or service being advertised. In an embodiment, the advertisement may be automatically fast-forwarded, muted, or replaced with an alternate advertisement. In an embodiment, only a non-advertisement portion of the media content may be recorded by skipping over the detected advertisement portion of the media content.

Abstract translation: 在一个实施例中，可以通过识别与媒体内容的广告部分中的面部相关联的人并且确定所标识的人不是为媒体内容列出的演员来检测广告的播放。 在一个实施例中，可以通过与被广告的产品或服务相关的附加内容来增强广告。 在一个实施例中，广告可以被自动快速转发，静音或替换为替代广告。 在一个实施例中，可以通过跳过检测到的媒体内容的广告部分来仅记录媒体内容的非广告部分。

公开(公告)号：US09031955B2

公开(公告)日：2015-05-12

申请号：US14168888

申请日：2014-01-30

Applicant: Splunk Inc.

Inventor： R. David Carasso ,  Micah James Delfino

IPC: G06F17/30 ,  G06F7/24

CPC classification number: G06F17/30563 ,  G06F3/0482 ,  G06F3/04842 ,  G06F7/24 ,  G06F17/30601 ,  G06F17/30705

Abstract: Embodiments are directed towards generating a representative sampling as a subset from a larger dataset that includes unstructured data. A graphical user interface enables a user to provide various data selection parameters, including specifying a data source and one or more subset types desired, including one or more of latest records, earliest records, diverse records, outlier records, and/or random records. Diverse and/or outlier subset types may be obtained by generating clusters from an initial selection of records obtained from the larger dataset. An iteration analysis is performed to determine whether a sufficient number of clusters and/or cluster types have been generated that exceed at least one threshold and when not exceeded, additional clustering is performed on additional records. From the resultant clusters, and/or other subtype results, a subset of records is obtained as the representative sampling subset.

Abstract translation: 实施例旨在从包括非结构化数据的较大数据集生成代表性采样作为子集。 图形用户界面使得用户能够提供各种数据选择参数，包括指定数据源和期望的一个或多个子集类型，包括最新记录，最早记录，不同记录，离群记录和/或随机记录中的一个或多个。 可以通过从从较大数据集获得的记录的初始选择生成聚类来获得不同的和/或离群子集类型。 执行迭代分析以确定是否已经生成了超过至少一个阈值的足够数量的集群和/或集群类型，并且当不超过时，对附加记录执行附加集群。 从所得到的集群和/或其他子类型结果中，获得记录的子集作为代表性抽样子集。

公开(公告)号：US08904389B2

公开(公告)日：2014-12-02

申请号：US13874423

申请日：2013-04-30

Applicant: Splunk Inc.

Inventor： Brian Bingham ,  Tristan Fletcher

IPC: G06F9/455 ,  G06F9/46 ,  G06F15/173 ,  G09G5/22 ,  G06F15/177 ,  G06F11/32 ,  G06F11/34

CPC classification number: G06F9/45533 ,  G06F11/323 ,  G06F11/328 ,  G06F11/3409 ,  G06F2009/45591 ,  G06F2201/815

Abstract: Techniques promote monitoring of hypervisor systems by presenting dynamic representations of hypervisor architectures that include performance indicators. A reviewer can interact with the representation to progressively view select lower-level performance indicators. Higher level performance indicators can be determined based on tower level state assessments. A reviewer can also view historical performance metrics and indicators, which can aid in understanding which configuration changes or system usages may have led to sub-optimal performance.

Abstract translation: 技术通过呈现包含性能指标的虚拟机监控程序架构的动态表示来促进对管理程序系统的监视。 评论者可以与表示进行交互，以逐步查看选择的较低级别的绩效指标。 可以根据塔级状态评估来确定更高层次的绩效指标。 审阅者还可以查看历史绩效指标和指标，这有助于了解哪些配置更改或系统使用可能导致次优性能。

公开(公告)号：US20140330815A1

公开(公告)日：2014-11-06

申请号：US14266832

申请日：2014-05-01

Applicant: Splunk Inc.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F17/30

CPC classification number: G06F17/30864 ,  G06F17/30477 ,  G06F17/30516 ,  G06F17/30545 ,  G06F17/30979

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing real-time search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.

Abstract translation: 通过分析所接收的搜索请求来识别在搜索支持系统的计算机处接收的搜索请求，以识别请求参数并连接到在请求参数中引用的搜索支持系统的系统索引。 启动外部结果提供程序（ERP）进程，在搜索支持系统和搜索支持系统外部的数据源之间建立通信，为请求参数中引用的虚拟索引。 因此，ERP过程提供了搜索支持系统和外部数据源之间的接口，如第三方。 ERP流程可以以流模式运行（以最少的处理提供实时搜索结果）和/或报告模式（提供更大的延迟和处理范围的结果），并且可以在模式之间切换。 从连接的系统索引和引用的虚拟索引接收搜索请求结果。

公开(公告)号：US20140324862A1

公开(公告)日：2014-10-30

申请号：US14167316

申请日：2014-01-29

Applicant: Splunk Inc.

Inventor： Brian BINGHAM ,  Tristan FLETCHER ,  Alok BHIDE

IPC: G06F17/30 ,  G06F9/455

CPC classification number: G06F16/26 ,  G06F9/45533 ,  G06F11/323 ,  G06F11/3409 ,  G06F2201/815

Abstract: Methods and computer-program products are provided for storing a set of performance measurements relating to performance of a component in an IT environment, and associating with the performance measurement a time at which the performance measurement was obtained for each performance measurement in the set of performance measurements. The methods and computer-program products include storing portions of log data produced by the IT environment, wherein each portion of log data has an associated time; providing a graphical user interface enabling selection of a time range; and receiving through the graphical user interface a selection of a time range. The methods and computer-program products further comprise retrieving one or more performance measurements, wherein each of the retrieved performance measurements has an associated time in the selected time range; retrieving one or more portions of log data, wherein each of the retrieved portions of log data has an associated time in the selected time range; displaying an indication of the retrieved performance measurements having their associated times in the selected time range; and displaying an indication of the retrieved portions of log data having their associated times in the selected time range.

Abstract translation: 提供了方法和计算机程序产品，用于存储与IT环境中的组件的性能有关的一组性能测量，并且在性能测量中与在该组性能中的每个性能测量获得性能测量的时间相关联 测量。 方法和计算机程序产品包括存储由IT环境产生的日志数据的部分，其中日志数据的每个部分具有相关联的时间; 提供能够选择时间范围的图形用户界面; 并通过图形用户界面接收时间范围的选择。 所述方法和计算机程序产品进一步包括检索一个或多个性能测量值，其中每个所检索的性能测量值在所选择的时间范围内具有相关联的时间; 检索日志数据的一个或多个部分，其中每个检索到的日志数据部分在所选择的时间范围内具有相关联的时间; 在所选择的时间范围内显示所检索的具有其相关联时间的性能测量的指示; 以及在所选择的时间范围内显示具有其相关联时间的日志数据的检索部分的指示。

公开(公告)号：US20140317111A1

公开(公告)日：2014-10-23

申请号：US14266838

申请日：2014-05-01

Applicant: Splunk Inc.

Inventor： Steve Yu Zhang ,  Stephen Phillip Sorkin

IPC: G06F17/30

CPC classification number: G06F17/3053 ,  G06F17/30194 ,  G06F17/30312 ,  G06F17/30353 ,  G06F17/30386 ,  G06F17/30477 ,  G06F17/30483 ,  G06F17/30486 ,  G06F17/30528 ,  G06F17/30545 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/30675 ,  G06F17/30864 ,  G06F17/30867 ,  G06F17/30973 ,  G06F17/30991 ,  H04L41/0604 ,  H04L41/22 ,  H04L67/1097

Abstract: A method, system, and processor-readable storage medium are directed towards generating a report derived from data, such as event data, stored on a plurality of distributed nodes. In one embodiment the analysis is generated using a “divide and conquer” algorithm, such that each distributed node analyzes locally stored event data while an aggregating node combines these analysis results to generate the report. In one embodiment, each distributed node also transmits a list of event data references associated with the analysis result to the aggregating node. The aggregating node may then generate a global ordered list of data references based on the list of event data references received from each distributed node. Subsequently, in response to a user selection of a range of global event data, the report may dynamically retrieve event data from one or more distributed nodes for display according to the global order.

Abstract translation: 方法，系统和处理器可读存储介质被引导为生成从存储在多个分布式节点上的诸如事件数据的数据导出的报告。 在一个实施例中，使用“分割和征服”算法生成分析，使得每个分布式节点分析本地存储的事件数据，而聚合节点组合这些分析结果以生成报告。 在一个实施例中，每个分布式节点还将与分析结果相关联的事件数据引用的列表发送到聚合节点。 然后，聚合节点可以基于从每个分布式节点接收的事件数据参考的列表来生成数据引用的全局有序列表。 随后，响应于用户选择一系列全局事件数据，报告可以动态地从一个或多个分布式节点检索事件数据，以便根据全局顺序进行显示。