公开(公告)号：US20180032558A1

公开(公告)日：2018-02-01

申请号：US15664991

申请日：2017-07-31

Applicant: SPLUNK, Inc.

Inventor： ADAM OLINER

IPC: G06F17/30

CPC classification number: G06F16/43 ,  G06F16/438

Abstract: Described herein are technologies that facilitate effective use (e.g., indexing and searching) of non-text machine data (e.g., audio/visual data) in an event-based machine-data intake and query system.

公开(公告)号：US09864797B2

公开(公告)日：2018-01-09

申请号：US14700110

申请日：2015-04-29

Applicant: Splunk Inc.

Inventor： Tristan Antonio Fletcher ,  Alok Anant Bhide

IPC: H04L12/24 ,  G06F17/30 ,  G06F3/0484 ,  G06Q10/06 ,  G06F3/0482 ,  H04L29/08 ,  H04L12/26 ,  H04L29/06

CPC classification number: G06F17/30675 ,  G06F3/0482 ,  G06F3/04842 ,  G06F17/30964 ,  G06Q10/06393 ,  H04L29/08072 ,  H04L41/0686 ,  H04L41/069 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/5032 ,  H04L43/04 ,  H04L63/145

Abstract: A system, method and graphical user interface (GUI) for creating a new correlation search based on a set of displayed graph lanes. The graph lanes may provide graphical visualizations of key performance indicators (KPIs) associated with one or more services and may assist a user in identifying a situation (e.g., problem or a pattern of interest) in the performance of the services. A user may adjust (e.g., add graph lanes, zooming-in) the graph lanes in order to display the situation, at which point the user may submit a request to create a new correlation search to detect if the situation reoccurs. The system may generate the new correlation search by iterating through the set of graph lanes and analyzing the fluctuations of each KPI to determine triggering criteria. The system may then run the correlation search and generate a notable event or alarm when the situation reoccurs.

公开(公告)号：US20180007180A1

公开(公告)日：2018-01-04

申请号：US15703209

申请日：2017-09-13

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Christopher Madden Pride

IPC: H04L29/08

CPC classification number: H04L69/329 ,  H04L67/02 ,  H04L67/2804 ,  H04L67/2819 ,  H04L69/326

Abstract: Systems and methods for priority-based processing of messages received from multiple servers. An example method comprises: receiving a plurality of network packets from one or more servers; processing the plurality of network packets to produce a first message associated with a first timestamp and a second message associated with a second timestamp; writing the first message to a first message queue of a plurality of message queues; writing the second message to a second message queue of the plurality of message queues; and retrieving, from the plurality of message queues, the first message and the second message in an order of their respective associated timestamps.

公开(公告)号：US09853946B2

公开(公告)日：2017-12-26

申请号：US14806510

申请日：2015-07-22

Applicant: Splunk Inc.

Inventor： Hassan Alayli ,  Jagannath Kerai

IPC: G06F9/00 ,  G06F15/16 ,  G06F17/00 ,  H04L29/06 ,  G06F17/30

CPC classification number: H04L63/029 ,  G06F17/30312 ,  G06F17/30424 ,  G06F17/30557 ,  H04L63/08

Abstract: Disclosed herein are a method, apparatus and system that authenticate a first data forwarder, of a distributed machine data acquisition and search system (MDASS), to a node that regulates traversal of a firewall that protects a protected environment within which the data forwarder operates. The authentication may be performed by using a SOCKS5 authentication process. The method further includes, only after successful completion of the SOCKS5 authentication process, establishing a first connection, through a network, between the first data forwarder and a first indexer of the distributed MDASS, where the first indexer operates outside the protected environment, and sending machine data acquired by the first data forwarder from a machine data source, to the first indexer via the first connection.

公开(公告)号：US09842432B2

公开(公告)日：2017-12-12

申请号：US15421290

申请日：2017-01-31

Applicant: SPLUNK INC.

Inventor： Geoffrey R. Hendrey

IPC: G06T15/00 ,  G06T17/20 ,  A63F13/537 ,  B64D43/00 ,  G01C21/00

CPC classification number: G06T17/20 ,  A63F13/537 ,  B64D43/00 ,  G01C21/00 ,  G06T11/20 ,  G06T19/00

Abstract: A system, a method and instructions embodied on a non-transitory computer-readable storage medium that solve a 3D point-in-polygon (PIP) problem is presented. This system projects polygons that comprise a set of polyhedra onto projected polygons in a reference plane. Next, the system projects a data point onto the reference plane, and performs a 2D PIP operation in the reference plane to determine which projected polygons the projected data point falls into. For each projected polygon the projected data point falls into, the system performs a 3D crossing number operation by counting intersections between a ray projected from the corresponding data point in a direction orthogonal to the reference plane and polyhedral faces corresponding to projected polygons, to identify polyhedra the data point falls into. The system then generates a visual representation of the set of polyhedra, wherein each polyhedron is affected by data points that fall into it.

公开(公告)号：US09838410B2

公开(公告)日：2017-12-05

申请号：US14928985

申请日：2015-10-30

Applicant: Splunk Inc.

Inventor： Sudhakar Muddu ,  Christos Tryfonas ,  Ravi Prasad Bulusu

IPC: H04L29/06 ,  G06N99/00 ,  G06F17/30 ,  G06N7/00 ,  G06F3/0482 ,  G06F3/0484 ,  G06F17/22 ,  H04L12/24 ,  G06N5/04 ,  G06K9/20 ,  H04L12/26

CPC classification number: H04L63/1416 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F17/2235 ,  G06F17/30061 ,  G06F17/3053 ,  G06F17/30563 ,  G06F17/30598 ,  G06F17/30958 ,  G06K9/2063 ,  G06N5/04 ,  G06N7/005 ,  G06N99/005 ,  H04L41/0893 ,  H04L41/145 ,  H04L41/22 ,  H04L43/00 ,  H04L43/045 ,  H04L43/062 ,  H04L43/08 ,  H04L63/06 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20 ,  H04L2463/121

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

公开(公告)号：US09836336B2

公开(公告)日：2017-12-05

申请号：US14962970

申请日：2015-12-08

Applicant: Splunk Inc.

Inventor： Itay A. Neeman

IPC: G06F3/00 ,  G06F9/44 ,  G06F9/46 ,  G06F13/00 ,  G06F9/54 ,  G06F9/445 ,  G06F17/30

CPC classification number: G06F9/542 ,  G06F8/65 ,  G06F8/71 ,  G06F9/44521 ,  G06F9/54 ,  G06F17/30477 ,  G06F2209/545

Abstract: A first feature (e.g., chart or table) includes a reference to a dynamic pointer. Independently, the pointer is defined to point to a second feature (e.g., a query). The first feature is automatically updated to reflect a current value of the second feature. The reference to the pointer and pointer definition are recorded in a central registry, and changes to the pointer or second feature automatically cause the first feature to be updated to reflect the change. A mapping between features can be generated using the registry and can identify interrelationships to a developer. Further, changes in the registry can be tracked, such that a developer can view changes pertaining to a particular time period and/or feature of interest (e.g., corresponding to an operation problem).

公开(公告)号：US20170339029A1

公开(公告)日：2017-11-23

申请号：US15663561

申请日：2017-07-28

Applicant: Splunk Inc.

Inventor： Brian John Bingham ,  Tristan Antonio Fletcher ,  Hemendra Singh Choudhary

IPC: H04L12/24 ,  G06Q10/06 ,  H04L12/26 ,  G06F3/0482 ,  G06F3/0484 ,  H04L29/08

CPC classification number: H04L41/5032 ,  G06F3/0482 ,  G06F3/04842 ,  G06Q10/06393 ,  H04L29/08072 ,  H04L41/0213 ,  H04L41/12 ,  H04L41/22 ,  H04L41/5006 ,  H04L41/5009 ,  H04L43/04 ,  H04L43/045 ,  H04L43/16 ,  H04L67/16 ,  H04L67/2809

Abstract: One or more processing devices derive values indicative of various aspects of how a particular service in an information technology (IT) environment is performing at a point in time or for a period of time. The values are derived by a search query over machine data associated with the one or more entities that provide the service. The one or more processing devices determine a value for an aggregate key performance indicator (KPI) for the service to indicate or characterize the service overall from values for each of the various aspects.

公开(公告)号：US20170329662A1

公开(公告)日：2017-11-16

申请号：US15663513

申请日：2017-07-28

Applicant: Splunk Inc.

Inventor： KONSTANTINOS POLYCHRONIS

IPC: G06F11/07 ,  G06Q20/40 ,  G06Q20/38 ,  G06Q20/32

CPC classification number: G06F11/079 ,  G06Q20/32 ,  G06Q20/382 ,  G06Q20/4016 ,  G06Q20/407

Abstract: Various methods and systems for tracking incomplete purchases in correlation with application performance, such as application errors or crashes, are provided. In this regard, aspects of the invention facilitate monitoring transaction and application error events and analyzing data associated therewith to identify data indicating an impact of incomplete purchases in relation to an error(s) such that application performance can be improved. In various implementations, application data associated with an application installed on a mobile device is received. The application data is used to determine that an error that occurred in association with the application installed on the mobile device correlates with an incomplete monetary transaction initiated via the application. Based on the error correlating with the incomplete monetary transaction, a transaction attribute associated with the error is determined.

公开(公告)号：US09817854B2

公开(公告)日：2017-11-14

申请号：US15007185

申请日：2016-01-26

Applicant: Splunk Inc.

Inventor： David Ryan Marquardt ,  Stephen Phillip Sorkin ,  Steve Yu Zhang

IPC: G06F7/00 ,  G06F17/30

CPC classification number: G06F17/30321 ,  G06F17/30 ,  G06F17/30457 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/30595 ,  G06F17/30864

Abstract: Embodiments are directed are towards the transparent summarization of events. Queries directed towards summarizing and reporting on event records may be received at a search head. Search heads may be associated with one more indexers containing event records. The search head may forward the query to the indexers the can resolve the query for concurrent execution. If a query is a collection query, indexers may generate summarization information based on event records located on the indexers. Event record fields included in the summarization information may be determined based on terms included in the collection query. If a query is a stats query, each indexer may generate a partial result set from previously generated summarization information, returning the partial result sets to the search head. Collection queries may be saved and scheduled to run and periodically update the summarization information.