公开(公告)号：US08825664B2

公开(公告)日：2014-09-02

申请号：US13588939

申请日：2012-08-17

Applicant: Mitchell Neuman Blank, Jr. ,  Leonid Budchenko ,  David Carasso ,  Micah James Delfino ,  Johnvey Hwang ,  Stephen Phillip Sorkin ,  Eric Timothy Woo

Inventor： Mitchell Neuman Blank, Jr. ,  Leonid Budchenko ,  David Carasso ,  Micah James Delfino ,  Johnvey Hwang ,  Stephen Phillip Sorkin ,  Eric Timothy Woo

IPC: G06F7/00 ,  G06F17/30

CPC classification number: G06F17/30867 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/0485 ,  G06F17/2705 ,  G06F17/30321 ,  G06F17/30507 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30619 ,  G06F17/30864

Abstract: Embodiments are directed towards previewing results generated from indexing data raw data before the corresponding index data is added to an index store. Raw data may be received from a preview data source. After an initial set of configuration information may be established, the preview data may be submitted to an index processing pipeline. A previewing application may generate preview results based on the preview index data and the configuration information. The preview results may enable previewing how the data is being processed by the indexing application. If the preview results are not acceptable, the configuration information may be modified. The preview application enables modification of the configuration information until the generated preview results may be acceptable. If the configuration information is acceptable, the preview data may be processed and indexed in one or more index stores.

Abstract translation: 实施例针对在将对应的索引数据添加到索引存储之前预览从索引数据原始数据生成的结果。 可以从预览数据源接收原始数据。 在可以建立一组初始配置信息之后，可以将预览数据提交给索引处理流水线。 预览应用可以基于预览索引数据和配置信息生成预览结果。 预览结果可能可以预览索引应用程序如何处理数据。 如果预览结果不可接受，则可以修改配置信息。 预览应用程序可以修改配置信息，直到生成的预览结果可以接受。 如果配置信息是可接受的，则预览数据可以在一个或多个索引存储中被处理和索引。

公开(公告)号：US20140229490A1

公开(公告)日：2014-08-14

申请号：US14052563

申请日：2013-10-11

Applicant: Splunk Inc.

Inventor： Vishal Patel ,  Jimmy John ,  Stephen Phillip Sorkin ,  Johnathon Lee Cervelli ,  Mitchell Neuman Blank, JR. ,  Robin Kumar Das

IPC: G06F17/30

CPC classification number: G06F16/2272 ,  G06F21/121 ,  G06F2221/0775 ,  G06F2221/2101 ,  H04L2463/101

Abstract: The invention is directed towards enabling data volume and data type based licensing of software in a distributed system of a plurality of remote and/or local nodes. The invention enables measuring and optionally restricting the use of software based on one or more provided licenses that restrict the amount and type of data that may be processed by the software. New and older licenses may be added together for a single, bulk entitlement for a given volume of data processing for one or all types of data. Different users in the same enterprise may combine license entitlements too. Also, a new license can be acquired repeatedly, without requiring the issuance of combined licenses by the issuing authority and/or the revocation of prior licenses.

Abstract translation: 本发明旨在实现在多个远程和/或本地节点的分布式系统中的软件的基于数据量和数据类型的许可。 本发明能够测量和可选地限制基于限制软件可能处理的数据的数量和类型的一个或多个所提供的许可证的软件的使用。 新一代和更旧的许可证可以一起添加，用于针对一种或所有类型的数据的给定数据量处理的单个批量权利。 同一企业的不同用户也可以组合许可证授权。 此外，可以重复获得新的许可证，而不需要发证机构签发合并的许可证和/或撤销先前的许可证。

公开(公告)号：US08756262B2

公开(公告)日：2014-06-17

申请号：US13038085

申请日：2011-03-01

Applicant: Steve Yu Zhang

Inventor： Steve Yu Zhang

IPC: G06F17/18

CPC classification number: G06F17/18 ,  G06F7/22 ,  G06F7/483 ,  G06F7/544 ,  G06F17/30536 ,  G06K9/6222

Abstract: A method, system, and processor-readable storage medium are directed towards calculating approximate order statistics on a collection of real numbers. In one embodiment, the collection of real numbers is processed to create a digest comprising hierarchy of buckets. Each bucket is assigned a real number N having P digits of precision and ordinality O. The hierarchy is defined by grouping buckets into levels, where each level contains all buckets of a given ordinality. Each individual bucket in the hierarchy defines a range of numbers—all numbers that, after being truncated to that bucket's P digits of precision, are equal to that bucket's N. Each bucket additionally maintains a count of how many numbers have fallen within that bucket's range. Approximate order statistics may then be calculated by traversing the hierarchy and performing an operation on some or all of the ranges and counts associated with each bucket.

Abstract translation: 方法，系统和处理器可读存储介质被引导以计算关​​于实数集合的近似顺序统计。 在一个实施例中，处理实数的集合以创建包括桶的层次结构的摘要。 每个桶被分配一个具有精确度和序数O的P位数的实数N.层次结构通过将桶分组为级别来定义，其中每个级别包含给定序数的所有桶。 层次结构中的每个单独的桶定义了一个数字范围 - 在被截断到该桶的P位精度之后的所有数字都等于该桶的N。每个桶还维护有多少数量落在该桶的范围内的数量 。 然后可以通过遍历层级并对与每个桶相关联的一些或全部范围和计数执行操作来计算近似订单统计。

公开(公告)号：US08751499B1

公开(公告)日：2014-06-10

申请号：US13747153

申请日：2013-01-22

Applicant: Splunk Inc.

Inventor： R. David Carasso ,  Micah James Delfino

IPC: G06F17/30

CPC classification number: G06F17/30563 ,  G06F3/0482 ,  G06F3/04842 ,  G06F7/24 ,  G06F17/30601 ,  G06F17/30705

Abstract: Embodiments are directed towards generating a representative sampling as a subset from a larger dataset that includes unstructured data. A graphical user interface enables a user to provide various data selection parameters, including specifying a data source and one or more subset types desired, including one or more of latest records, earliest records, diverse records, outlier records, and/or random records. Diverse and/or outlier subset types may be obtained by generating clusters from an initial selection of records obtained from the larger dataset. An iteration analysis is performed to determine whether a sufficient number of clusters and/or cluster types have been generated that exceed at least one threshold and when not exceeded, additional clustering is performed on additional records. From the resultant clusters, and/or other subtype results, a subset of records is obtained as the representative sampling subset.

Abstract translation: 实施例旨在从包括非结构化数据的较大数据集生成代表性采样作为子集。 图形用户界面使得用户能够提供各种数据选择参数，包括指定数据源和期望的一个或多个子集类型，包括最新记录，最早记录，不同记录，离群记录和/或随机记录中的一个或多个。 可以通过从从较大数据集获得的记录的初始选择生成聚类来获得不同的和/或离群子集类型。 执行迭代分析以确定是否已经生成了超过至少一个阈值的足够数量的集群和/或集群类型，并且当不超过时，对附加记录执行附加集群。 从所得到的集群和/或其他子类型结果中，获得记录的子集作为代表性抽样子集。

公开(公告)号：US08738587B1

公开(公告)日：2014-05-27

申请号：US13951273

申请日：2013-07-25

Applicant: Splunk Inc.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F17/30

CPC classification number: G06F17/30864 ,  G06F17/30477 ,  G06F17/30516 ,  G06F17/30545 ,  G06F17/30979

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing real-time search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.

Abstract translation: 通过分析所接收的搜索请求来识别在搜索支持系统的计算机处接收的搜索请求，以识别请求参数并连接到在请求参数中引用的搜索支持系统的系统索引。 启动外部结果提供程序（ERP）进程，在搜索支持系统和搜索支持系统外部的数据源之间建立通信，为请求参数中引用的虚拟索引。 因此，ERP过程提供了搜索支持系统和外部数据源之间的接口，如第三方。 ERP流程可以以流模式运行（以最少的处理提供实时搜索结果）和/或报告模式（提供更大的延迟和处理范围的结果），并且可以在模式之间切换。 从连接的系统索引和引用的虚拟索引接收搜索请求结果。

公开(公告)号：US08682860B2

公开(公告)日：2014-03-25

申请号：US13572434

申请日：2012-08-10

Applicant: Robin Kumar Das ,  Ledio Ago ,  Declan Gerard Shanaghy ,  Gaurav Gupta

Inventor： Robin Kumar Das ,  Ledio Ago ,  Declan Gerard Shanaghy ,  Gaurav Gupta

IPC: G06F17/30

CPC classification number: H04L63/105 ,  G06F9/4887 ,  G06F9/5088 ,  G06F17/30091 ,  G06F17/30094 ,  G06F17/30117 ,  G06F17/30289 ,  G06F17/30321 ,  G06F17/30336 ,  G06F17/30864 ,  G06F17/3087 ,  G06F17/30876 ,  G06F17/30896 ,  G06F17/30946 ,  G06F21/6218 ,  G06Q20/145 ,  H04L12/1435 ,  H04L63/10 ,  H04L67/1097

Abstract: Embodiments are directed towards a system and method for a cloud-based front end that may abstract and enable access to the underlying cloud-hosted elements and objects that may be part of a multi-tenant application, such as a search application. Search objects may be employed to access indexed objects. An amount of indexed data accessible to a user may be based on an index storage limit selected by the user, such that data that exceeds the index storage limit may continue to be indexed. Also, one or more projects can be elastically scaled for a user to provide resources that may meet the specific needs of each project.

公开(公告)号：US20140074850A1

公开(公告)日：2014-03-13

申请号：US13660910

申请日：2012-10-25

Applicant: SPLUNK INC.

Inventor： Cary Glen Noel ,  Kirubakaran Pakkirisamy ,  Alex Raitz ,  Pierre Tsai

IPC: G06F17/30

CPC classification number: G06F11/079 ,  G06F9/542 ,  G06F11/0709 ,  G06F11/0712 ,  G06F11/0721 ,  G06F11/0751 ,  G06F11/0769 ,  G06F11/0787 ,  G06N5/022 ,  G06N5/048

Abstract: Embodiments are directed towards the visualization of machine data received from computing clusters. Embodiments may enable improved analysis of computing cluster performance, error detection, troubleshooting, error prediction, or the like. Individual cluster nodes may generate machine data that includes information and data regarding the operation and status of the cluster node. The machine data is received from each cluster node for indexing by one or more indexing applications. The indexed machine data including the complete data set may be stored in one or more index stores. A visualization application enables a user to select one or more analysis lenses that may be used to generate visualizations of the machine data. The visualization application employs the analysis lens to produce visualizations of the computing cluster machine data.

公开(公告)号：US20140074817A1

公开(公告)日：2014-03-13

申请号：US13662369

申请日：2012-10-26

Applicant: SPLUNK INC.

Inventor： Alice Emily Neels ,  Archara Sulochana Ganapathi ,  Marc Vincent Robichaud ,  Stephen Phillip Sorkin ,  Steve Yu Zhang

IPC: G06F17/30

CPC classification number: G06F17/30395 ,  G06F3/0482 ,  G06F17/248 ,  G06F17/30283 ,  G06F17/30424 ,  G06F17/30528 ,  G06F17/30554 ,  G06F17/30867

Abstract: Embodiments are directed towards generating data models that may give semantic meaning for unstructured data or structured data that may include data generated and/or received by search engines, including a time series engine. Data models also may be generated to provide semantic meaning to structured data. A data model may be composed of a hierarchical data model objects analogous to an object-oriented programming class hierarchy. Users may employ a data modeling application to produce reports using search objects that may be part of, or associated with the data model. The data modeling application may employ the search object and the data model to generate a query string for searching a data repository to produce a result set. A data modeling application may map the result set data to data model objects that may be used to generate reports.

Abstract translation: 实施例涉及生成可能给非结构化数据或结构化数据提供语义意义的数据模型，这些结构化数据或结构化数据可能包括由搜索引擎（包括时间序列引擎）生成和/或接收的数据。 也可以生成数据模型以为结构化数据提供语义。 数据模型可以由类似于面向对象的编程类层次结构的分层数据模型对象组成。 用户可以使用数据建模应用程序来生成使用可能是数据模型的一部分或与数据模型相关联的搜索对象的报告。 数据建模应用程序可以使用搜索对象和数据模型来生成用于搜索数据存储库以产生结果集的查询字符串。 数据建模应用程序可将结果集数据映射到可用于生成报告的数据模型对象。

公开(公告)号：US20130326620A1

公开(公告)日：2013-12-05

申请号：US13956252

申请日：2013-07-31

Applicant: Splunk Inc.

Inventor： Munawar Monzy Merza ,  John Coates ,  James Hansen ,  Lucas Murphey ,  David Hazekamp ,  Michael Kinsley ,  Alexander Raitz

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F17/30551 ,  G06F21/552 ,  G06F2221/2151 ,  H04L63/1408 ,  H04L63/1416

Abstract: A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.

Abstract translation: 为表征计算通信或对象的一组事件中的每个事件确定度量值。 例如，度量值可以包括事件中的URL或代理字符串的长度。 生成子集标准，使得子集内的度量值与群体的中心（例如，分布尾部）相对分开。 将标准应用于度量值产生一个子集。 该子集的表示呈现在交互式仪表板中。 该表示可以包括子集中的唯一值和相应事件发生的计数。 客户端可以选择表示中的特定元素，以便相对于子集中的特定值对应的各个事件来呈现更多的细节。 因此，客户可以使用他们的知识系统操作和遵守价值频率和基础事件来识别异常度量值和潜在的安全威胁。

公开(公告)号：US20130318604A1

公开(公告)日：2013-11-28

申请号：US13956285

申请日：2013-07-31

Applicant: Splunk Inc.

Inventor： John Coates ,  Lucas Murphey ,  David Hazekamp ,  James Hansen

IPC: H04L29/06

CPC classification number: H04L63/1433 ,  G06F17/30598 ,  G06F21/554 ,  G06F2221/034 ,  G06F2221/2151 ,  H04L63/14 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/20

Abstract: A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.