公开(公告)号：US09984128B2

公开(公告)日：2018-05-29

申请号：US14815880

申请日：2015-07-31

Applicant: Splunk Inc.

Inventor： Sundar Rengarajan Vasan ,  Mitchell Neuman Blank, Jr. ,  Vishal Patel ,  Da Xu ,  Rama Gopalan

IPC: G06F17/30 ,  H04L29/08 ,  G06F11/20 ,  G06F3/06

CPC classification number: G06F17/30528 ,  G06F3/0617 ,  G06F3/065 ,  G06F3/067 ,  G06F11/20 ,  G06F11/2094 ,  G06F17/30241 ,  G06F17/30336 ,  G06F17/30575 ,  G06F17/30581 ,  G06F17/30867 ,  G06F17/3087 ,  H04L67/1097

Abstract: Techniques are described for managing data within a multi-site clustered data intake and query system. A data intake and query system as described herein generally refers to a system for collecting, retrieving, and analyzing data. In this context, a clustered data intake and query system generally refers to a system environment that is configured to provide data redundancy and other features that improve the availability of data stored by the system. For example, a clustered data intake and query system may be configured to store multiple copies of data stored by the system across multiple components such that recovery from a failure of one or more of the components is possible by using copies of the data stored elsewhere in the cluster.

公开(公告)号：US09983954B2

公开(公告)日：2018-05-29

申请号：US14980700

申请日：2015-12-28

Applicant: Splunk Inc.

Inventor： Anirban Rahut

IPC: G06F11/00 ,  G06F11/20 ,  G06F11/14 ,  G06F11/18

CPC classification number: G06F11/2005 ,  G06F11/1425 ,  G06F11/184 ,  G06F11/2007 ,  G06F11/2097

Abstract: A high availability scheduler of tasks in a cluster of server devices is provided. A server device of the cluster of server devices enters a leader state based upon the results of a consensus election process in which the server device participates with others of the cluster of server devices. Upon entering the leader state, the server device schedules one or more tasks by assigning each of the one or more tasks to a device, wherein the one or more tasks involve initiating a search of time stamped events.

公开(公告)号：US09983912B2

公开(公告)日：2018-05-29

申请号：US14813908

申请日：2015-07-30

Applicant: Splunk Inc.

Inventor： Denis Gladkikh ,  Mitchell Blank, Jr.

IPC: G06F9/52 ,  G06F17/30 ,  H04L29/08 ,  G06F9/50 ,  H04L29/06 ,  H04L12/24

CPC classification number: G06F9/52 ,  G06F9/5011 ,  G06F17/30424 ,  G06F17/30575 ,  H04L41/0896 ,  H04L65/608 ,  H04L67/02

Abstract: A method to assist with processing distributed jobs by retrieving and/or synchronizing supplemental job data. The method includes receiving a request to perform a job and opening a first connection (e.g., persistent connection) between a primary machine and a secondary machine, and transmitting by the primary machine a request pertaining to the job to the secondary machine using a second connection, the job to be performed by the secondary machine. The method also includes receiving by the primary machine using the second connection a task request for supplemental information pertaining to the job, transmitting by the primary machine a task response including the supplemental information to the secondary machine, and receiving a job result for the job using the second connection.

公开(公告)号：US20180146000A1

公开(公告)日：2018-05-24

申请号：US15860049

申请日：2018-01-02

Applicant: SPLUNK INC.

Inventor： Sudhakar Muddu ,  Christos Tryfonas ,  Ravi Prasad Bulusu

IPC: H04L29/06 ,  G06F3/0482 ,  H04L12/26 ,  H04L12/24 ,  G06N99/00 ,  G06N7/00 ,  G06N5/04 ,  G06K9/20 ,  G06F17/30 ,  G06F17/22 ,  G06F3/0484

CPC classification number: H04L63/1416 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F16/24578 ,  G06F16/254 ,  G06F16/285 ,  G06F16/444 ,  G06F16/9024 ,  G06F17/2235 ,  G06K9/2063 ,  G06N5/022 ,  G06N5/04 ,  G06N7/005 ,  G06N20/00 ,  H04L41/0893 ,  H04L41/145 ,  H04L41/22 ,  H04L43/00 ,  H04L43/045 ,  H04L43/062 ,  H04L43/08 ,  H04L63/06 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20 ,  H04L2463/121 ,  H05K999/99

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

公开(公告)号：US09977803B2

公开(公告)日：2018-05-22

申请号：US14611018

申请日：2015-01-30

Applicant: SPLUNK, INC.

Inventor： Marc Vincent Robichaud ,  Cory Eugene Burke ,  Jeffrey Thomas Lloyd

IPC: G06F17/30

CPC classification number: G06F17/30315 ,  G06F17/30386 ,  G06F17/30477

Abstract: A search interface is displayed in a table format that includes a plurality of columns, each column including data items of an event attribute, the data items being of a set of events, each column being selectable by a user, and a plurality of rows forming cells with the one or more columns, each cell comprising one or more of the data items of the event attribute of a corresponding column. Based on the user selecting one or more of the columns, a list of options is displayed corresponding to the selected one or more columns, and one or more commands are added to a search query that corresponds to the set of events. The one or more commands are based on at least an option that is selected from the list of options and the event attribute of each of the selected one or more columns.

公开(公告)号：US09960970B2

公开(公告)日：2018-05-01

申请号：US15418766

申请日：2017-01-29

Applicant: Splunk Inc.

Inventor： Hemendra Singh Choudhary ,  Tristan Antonio Fletcher ,  Alok Anant Bhide ,  Fang I. Hsiao

IPC: G06F15/16 ,  H04L12/24 ,  H04L12/26 ,  H04L29/08 ,  G06F17/30 ,  G06F12/00

CPC classification number: H04L41/22 ,  G06F17/3051 ,  G06F17/30551 ,  G06F17/30595 ,  G06F17/30864 ,  H04L29/08072 ,  H04L41/5009 ,  H04L41/5032 ,  H04L41/5045 ,  H04L43/045 ,  H04L43/16 ,  H04L67/02

Abstract: Services in an operating environment are represented by stored service definitions that identify entities that perform the service. Entity definitions identify machine data pertaining to the entity. A key performance indicator (KPI) of the service characterizes the service on the whole or some aspect of it. Each KPI is defined by a search query that derives a value from machine data identified in the entity definitions. Processing devices cause display of a service-monitoring page having a services summary region and a services aspects region. The summary region displays interactive summary tiles that each correspond to a service and present information about an aggregate KPI that characterizes the service. The aspects region displays interactive aspect tiles that each correspond to a KPI characterizing some aspect of an associated service. Additional information may be included in the service-monitoring page and interaction features enable a user to navigate to enhanced information displays.

公开(公告)号：US09942318B2

公开(公告)日：2018-04-10

申请号：US15334690

申请日：2016-10-26

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Christopher Madden Pride

IPC: G06F15/167 ,  H04L29/08 ,  G06F17/30 ,  H04L12/26

CPC classification number: H04L67/1087 ,  G06F15/167 ,  G06F17/30864 ,  H04L43/106 ,  H04L43/16 ,  H04L67/02 ,  H04L67/1004

Abstract: Asynchronous processing of messages that are received from multiple servers is disclosed. An example method may include transmitting, by a computer system, a search request to a plurality of search peers of a data aggregation and analysis system. The method may further include receiving a plurality of sub-application layer protocol packets from the plurality of search peers. The method may further include parsing, by a first processing thread of the computer system, one or more sub-application layer protocol packets of the plurality of sub-application layer protocol packets, to produce an application layer message representing a partial response to the search request. The method may further include processing, by a second processing thread of the computer system, the application layer message to produce a memory data structure representing an aggregated response to the search request.

公开(公告)号：US20180091559A1

公开(公告)日：2018-03-29

申请号：US15276761

申请日：2016-09-26

Applicant: Splunk Inc.

Inventor： Brian Luger

IPC: H04L29/06

Abstract: Techniques and mechanisms are disclosed enabling efficient collection of forensic data from client devices, also referred to herein as endpoint devices, of a networked computer system. Embodiments described herein further enable correlating forensic data with other types of non-forensic data from other data sources. A network security application described herein further enables generating various dashboards, visualizations, and other interfaces for managing forensic data collection, and displaying information related to collected forensic data and information related to identified correlations between items of forensic data and other items of non-forensic data.

公开(公告)号：US20180091529A1

公开(公告)日：2018-03-29

申请号：US15276763

申请日：2016-09-26

Applicant: Splunk Inc.

Inventor： Brian Luger

IPC: H04L29/06

Abstract: Techniques and mechanisms are disclosed enabling efficient collection of forensic data from client devices, also referred to herein as endpoint devices, of a networked computer system. Embodiments described herein further enable correlating forensic data with other types of non-forensic data from other data sources. A network security application described herein further enables generating various dashboards, visualizations, and other interfaces for managing forensic data collection, and displaying information related to collected forensic data and information related to identified correlations between items of forensic data and other items of non-forensic data.

公开(公告)号：US20180089561A1

公开(公告)日：2018-03-29

申请号：US15420754

申请日：2017-01-31

Applicant: SPLUNK INC.

Inventor： Adam Jamison Oliner ,  Nghi Huu Nguyen ,  Jacob Leverich ,  Zidong Yang

IPC: G06N3/08 ,  G06F17/30

Abstract: Systems and methods include obtaining a set of events, each event in the set of events comprising a time-stamped portion of raw machine data, the raw machine data produced by one or more components within an information technology or security environment and reflects activity within the information technology or security environment. Thereafter, a first neural network is used to automatically identify variable text to extract as a field from the set of events. An indication of the variable text is provided as a field extraction recommendation, for example, to a user device for presentation to a user.