公开(公告)号：US20180089328A1

公开(公告)日：2018-03-29

申请号：US15339886

申请日：2016-10-31

Applicant: Splunk Inc.

Inventor： Amrittpal Singh Bath ,  Pratiksha Shah ,  Murugan Kandaswamy ,  Vishal Patel

IPC: G06F17/30

CPC classification number: G06F16/248 ,  G06F3/0481 ,  G06F16/22 ,  G06F16/2228 ,  G06F16/2255 ,  G06F16/2425 ,  G06F16/2455 ,  G06F16/24568 ,  G06F16/2462 ,  G06F16/2477 ,  G06F16/25 ,  G06F16/285 ,  G06F16/8373 ,  G06F16/901 ,  G06F16/90335 ,  G06F16/9038 ,  G06F16/951 ,  G06F16/9535 ,  G06T11/206 ,  G06T2200/24 ,  H04L43/08 ,  H04L67/02 ,  H04L67/025

Abstract: The disclosed embodiments include a method performed by a data intake and query system. The method includes ingesting collected data including metrics data including key values and numerical values, where each numerical value is indicative of a measured characteristic of a computing resource (e.g., device), and populating a first portion of a metric-series index (msidx) file with the key values and a second portion of the msidx file with the numerical values. The first portion is distinct from the second portion. The method further includes generating metrics from the metrics data, where each metric has dimensions populated with at least some of the key values and has one of the numerical values. The method further includes indexing the metrics by at least one of the dimensions.

公开(公告)号：US20180089258A1

公开(公告)日：2018-03-29

申请号：US15665187

申请日：2017-07-31

Applicant: Splunk Inc.

Inventor： Arindam Bhattacharjee ,  Sourav Pal ,  Christopher Pride

IPC: G06F17/30

CPC classification number: G06F16/2425 ,  G06F16/2272 ,  G06F16/24535

Abstract: Systems and methods are disclosed for processing queries against multiple dataset sources. One dataset source can include indexers that index and store data. The system can receive a query that identifies a set of data to be processed and a manner of processing the set of data. The set of data can include a first dataset that is accessible by one or more indexers and a second dataset that is accessible by one or more other dataset sources. A query coordinator can define a query processing scheme for obtaining and processing the set of data that includes a dynamic allocation of multiple layers of partitions. The partitions can operate on multiple worker nodes. The query can then be executed based on the query processing scheme.

公开(公告)号：US09922099B2

公开(公告)日：2018-03-20

申请号：US14528951

申请日：2014-10-30

Applicant: Splunk, Inc.

Inventor： Divanny I. Lamas ,  Marc Vincent Robichaud ,  Carl Sterling Yestrau

IPC: G06F17/30 ,  G06F3/0484 ,  G06F3/0482 ,  G06F3/0481

CPC classification number: G06F17/30557 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/04842 ,  G06F17/30383 ,  G06F17/30477 ,  G06F17/30551 ,  G06F17/30572 ,  G06F17/30991

Abstract: An event limited field picker for a search user interface is described. In one or more implementations, a service may operate to collect and store data as events each of which includes a portion of the data correlated with a point in time. Clients may use a search user interface perform searches by input of search criteria. Responsive to receiving search criteria, the service may operate to apply a late binding schema to extract events that match the search criteria and provide search results for display via the search user interface. The search user interface exposes an event limited field picker operable to make selections of fields with respect to individual events in a view of the search results. In response to receiving an indication of a fields selected via the picker, visibility of selected fields may be updated to control which field and values are included in different views.

公开(公告)号：US09916385B2

公开(公告)日：2018-03-13

申请号：US15339951

申请日：2016-11-01

Applicant: Splunk Inc.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F17/30

CPC classification number: G06F17/30864 ,  G06F17/30477 ,  G06F17/30516 ,  G06F17/30545 ,  G06F17/30979

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing real-time search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.

公开(公告)号：US20180060185A1

公开(公告)日：2018-03-01

申请号：US15799662

申请日：2017-10-31

Applicant: SPLUNK INC.

Inventor： IOANNIS VLACHOGIANNIS ,  PANAGIOTIS PAPADOMITSOS

IPC: G06F11/14 ,  G06F17/30

CPC classification number: G06F11/1466 ,  G06F16/185

Abstract: A computer-implemented method, system, and computer-readable media are disclosed herein. In embodiments, the computer-implemented method may entail receiving, by a data service, live data associated with an entity. The entity may be, for example, a customer of the data service. The method may then route the live data to a dual-queue system. The live data may then be loaded into a live data queue for processing of the live data. In addition, the live data may be stored as a persistent backup of the live data in a stale data queue. A remote data store may periodically establish a connection with the dual-queue system, after which, at least a portion of the stale data may be transmitted to the remote data store. Additional embodiments are described and/or claimed.

公开(公告)号：US20180054377A1

公开(公告)日：2018-02-22

申请号：US15799804

申请日：2017-10-31

Applicant: SPLUNK INC.

Inventor： Konstantinos Polychronis

IPC: H04L12/26

Abstract: Various methods and systems for facilitating network traffic monitoring in association with an application running on a client device are provided. In this regard, aspects of the invention facilitate monitoring network traffic being transmitted to and/or from a client device, such as a mobile device, so that network performance can be analyzed. In various implementations, packet headers of data packets are read to obtain or extract desired network metrics that indicate network performance. Packet headers are generally read to the extent necessary to identify various network data. As such, by avoiding examination of a packet payload and, in some cases, examination of the entire header, the efficiency of monitoring network traffic at a client device is improved.

公开(公告)号：US09900332B2

公开(公告)日：2018-02-20

申请号：US15616889

申请日：2017-06-07

Applicant: Splunk Inc.

Inventor： Sudhakar Muddu ,  Christos Tryfonas ,  Ravi Prasad Bulusu

IPC: G06F21/00 ,  H04L29/06 ,  G06F17/30 ,  G06N99/00 ,  G06N7/00 ,  G06F3/0484 ,  G06F3/0482 ,  G06F17/22 ,  H04L12/24 ,  G06N5/04 ,  G06K9/20 ,  H04L12/26

CPC classification number: H04L63/1416 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F17/2235 ,  G06F17/30061 ,  G06F17/3053 ,  G06F17/30563 ,  G06F17/30598 ,  G06F17/30958 ,  G06K9/2063 ,  G06N5/04 ,  G06N7/005 ,  G06N99/005 ,  H04L41/0893 ,  H04L41/145 ,  H04L41/22 ,  H04L43/00 ,  H04L43/045 ,  H04L43/062 ,  H04L43/08 ,  H04L63/06 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20 ,  H04L2463/121

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

公开(公告)号：US20180032915A1

公开(公告)日：2018-02-01

申请号：US15660897

申请日：2017-07-26

Applicant: Splunk Inc.

Inventor： Pradeep Baliganapalli NAGARAJU ,  Steve ZHANG ,  Jiahan WANG ,  Adam Jamison OLINER ,  Erick Anthony DEAN

IPC: G06N99/00 ,  G06N3/04 ,  G06N3/08 ,  G06F15/18 ,  G06K9/00

CPC classification number: G06N20/00 ,  G06K9/00973 ,  G06K9/00979 ,  G06K9/6262 ,  G06N3/04 ,  G06N3/08

Abstract: Disclosed is a technique that can be performed by a server computer system. The technique can include executing a machine learning process to generate a machine learning model based on global data collected from one or more electronic devices, wherein the machine learning model is described by model data. The technique can further include encapsulating the model data in a markup language document. The technique can further include sending, over a network, the markup language document to at least one electronic device of the one or more electronic devices to cause the at least one electronic device to update a local device machine learning model.

公开(公告)号：US20180032908A1

公开(公告)日：2018-02-01

申请号：US15224439

申请日：2016-07-29

Applicant: Splunk Inc.

Inventor： Pradeep B. Nagaraju ,  Adam Jamison Oliner ,  Brian Matthew Gilmore ,  Erick Anthony Dean ,  Jiahan Wang

IPC: G06N99/00 ,  G06F17/30

CPC classification number: G06N20/00 ,  G06F11/30

Abstract: Disclosed is a technique that can be performed by an electronic device. The technique can include generating raw data based on inputs to the electronic device, and sending the raw data or data items over a network to a server computer system. The sent raw data or the data items can include training data. The technique can further include receiving global model data from the server computer system over the network. The global model data may have been derived from the training data in accordance with a machine learning process. The technique can further include generating an updated local model by updating a local model associated with the electronic device based on the received global model data, and processing local data based on the updated local model to generate output data. The local data can include raw data or data items generated based on inputs to the electronic device.

公开(公告)号：US20180032861A1

公开(公告)日：2018-02-01

申请号：US15224489

申请日：2016-07-29

Applicant: Splunk, Inc.

Inventor： Adam Oliner ,  Zidong Yang ,  Sinduja Sreshta

IPC: G06N3/08

CPC classification number: G06N3/0445 ,  G06F17/276 ,  G06Q10/0637

Abstract: Described herein is a technology that facilitates the production of and the use of automated datagens for event-based. A datagen (i.e., data-generator or data generation system) is a component, module, or subsystem of computer systems that searches, monitors, and analyzes machine data. A datagen produces events that are further processed in various ways for subsequent use (such as searching, monitoring, and analysis).