公开(公告)号：US12197908B1

公开(公告)日：2025-01-14

申请号：US18517485

申请日：2023-11-22

Applicant: Splunk Inc.

Inventor： Akash Dwivedi ,  Simon Foster Fishel ,  Isabelle Park ,  Vivian Shen ,  Eric Tschetter ,  Joshua Walters

IPC: G06F8/65 ,  G06F3/0482 ,  G06F8/71 ,  G06F16/903 ,  G06F16/9038 ,  H04L67/025

Abstract: Systems and methods are disclosed for providing a multi-component application, including a first and second component, and a first and second server. The first component may be implemented at the first server, while a second component may be implemented at a client device. An end user of a client device may request access to metadata stored on the second server that is utilized by the second component to implement the multi-component application. The end user may authenticate with the first component. The first component may then communicate with the second server to authenticate the end user to the second server, thereby granting the end user access to the second server without having to reauthenticate to the second server.

公开(公告)号：US12197442B1

公开(公告)日：2025-01-14

申请号：US17937902

申请日：2022-10-04

Applicant: Splunk Inc.

Inventor： Kyle Champlin ,  Cory Chen ,  Patrick Schulz ,  Jason Szeto

IPC: G06F16/24 ,  G06F3/14 ,  G06F16/2455 ,  G06F16/248

Abstract: A software module ingests data into a data intake and query system. At least a portion of the data is cloud data. The software module includes an event type definition that specifies a type of data to be ingested by the software module, a first tag that associates ingested data of the event type with a data model, and a second tag that designates ingested data of the event type as cloud data. The ingested data is stored in a data repository, and subsequently a search query that includes the first tag and the second tag is executed against the data repository, to identify ingested cloud data that satisfies the search query and a first search constraint specified in the data model. A display device is caused to display a visualization based on the identified ingested cloud data that satisfies the search query.

公开(公告)号：US12153481B1

公开(公告)日：2024-11-26

申请号：US18456455

申请日：2023-08-25

Applicant: SPLUNK INC.

Inventor： Matteo Merli ,  Karthikeyan Ramasamy ,  Ram Sriharsha ,  Aungon Nag Radon

IPC: G06F1/26 ,  G06F1/3296 ,  G06N20/00 ,  H04L67/12

Abstract: Various implementations of the present application set forth a computer-implemented method comprising obtaining, by a low-power hub device, a first set of data published by an edge device, where the low-power hub device subscribes to at least a subset of data published by the edge device, generating, by the low-power hub device, a second set of data from the first set of data by inputting the first set of data into a machine learning (ML) model executing on the low-power hub device, and transmitting the second set of data to a remote server computer system.

公开(公告)号：US12141047B1

公开(公告)日：2024-11-12

申请号：US17589637

申请日：2022-01-31

Applicant: Splunk Inc.

Inventor： Gergely Danyi ,  Sakshi Garg ,  Maxime Petazzoni ,  Sahinaz Safari Sanjani ,  Timothy Matthew Robin Williamson ,  Eric Wohlstadter

IPC: G06F9/44 ,  G06F11/36

Abstract: A method of computing real-time metrics for automated workflows includes aggregating a set of ingested spans into a set of traces. The method further includes executing a set of rules to determine a set of workflows associated with the set of traces, wherein each workflow of the set of workflows is associated with a respective trace of the set of traces, and wherein each workflow is operable to group together activity associated with a client process within a respective trace. The method also includes assigning a name to each workflow based on the rules and computing real-time metrics for each of the workflows.

公开(公告)号：US12135788B1

公开(公告)日：2024-11-05

申请号：US17390290

申请日：2021-07-30

Applicant: Splunk Inc.

Inventor： Namratha Sreekanta ,  Nikesh Padakanti

IPC: G06F16/2457 ,  G06F16/245 ,  G06F21/57 ,  G06F40/56

Abstract: Techniques are described for enabling an application to automatically generate text narratives explaining risk scores assigned to risk objects. The application uses natural language generation (NLG) techniques to enable the automatic create text narratives providing context and explanation for risk scores. The described approaches use data from a variety of data sources (e.g., risk event indexes, correlation search data, attack framework data, etc.) to create compelling and useful explanations of the risk analysis associated with identified risk objects. These automatically generated text narratives can be readily presented in any number of different interfaces without the need for complex visualizations or user effort to derive the same information. The automatically created text narratives enable users to better understand the risk analysis for particular risk objects, obtain storylines detailing risk objects' activity patterns over time, and to better analyze, triage, and mitigate IT environment risks based on such information.

公开(公告)号：US12135710B2

公开(公告)日：2024-11-05

申请号：US17586634

申请日：2022-01-27

Applicant: Splunk Inc.

Inventor： Jagmohan Singh ,  Michael Bach Soohoo ,  Hongxun Liu ,  Manu Jose, Jr.

IPC: G06F16/23 ,  G06F16/2458

Abstract: Artifact life tracking storage techniques include performing an artifact request of an artifact at an artifact storage node. A current time to live (TTL) value is identified. A determination is made whether to increment a TTL flag of the artifact. Responsive to determining that the TTL tag should be incremented, the TTL flag is incremented to a subsequent value in a TTL extender list. Responsive to incrementing the TTL tag, the TTL modified tag value is set to the current time value.

公开(公告)号：US20240362252A1

公开(公告)日：2024-10-31

申请号：US18675896

申请日：2024-05-28

Applicant: SPLUNK INC.

Inventor： Da XU ,  Sundar VASAN ,  Dhruva Kumar BHAGI

IPC: G06F16/27 ,  G06F3/06 ,  G06F11/20 ,  G06F11/30 ,  G06F11/32 ,  G06F11/34 ,  G06F16/22 ,  H04L67/1097

CPC classification number: G06F16/27 ,  G06F11/2094 ,  G06F11/3006 ,  G06F11/3072 ,  G06F11/32 ,  G06F11/3409 ,  G06F11/3476 ,  G06F16/2272 ,  H04L67/1097 ,  G06F3/0617 ,  G06F2201/86

Abstract: A method for performing disaster recovery in a clustered environment comprises identifying, at a master device, a first indexer from a set of indexers to serve as a primary indexer for responding to queries pertaining to a subset of data. The method also comprises assigning, at the master device, a generation identifier indicating that the first indexer is the primary indexer for the subset of data. Responsive to an event prompting a change in a primary indexer designation for the subset of data, the method comprises identifying, at the master device, a second indexer from the set of indexers to serve as the primary indexer for responding to queries pertaining to the subset of data. Further, the method comprises assigning, at the master device, a new generation identifier indicating that the second indexer is the primary indexer for the subset of data.

公开(公告)号：US12131233B1

公开(公告)日：2024-10-29

申请号：US17074407

申请日：2020-10-19

Applicant: SPLUNK Inc.

Inventor： Chinmay Madhav Kulkarni ,  Lin Ma ,  Amir Malekpour ,  Mohan Rajagopalan ,  John C. Reed ,  Ram Sriharsha

IPC: G06N20/00 ,  G06F16/245 ,  G06F18/214 ,  G06N3/08 ,  G06N5/025 ,  G06N5/04

CPC classification number: G06N20/00 ,  G06F16/245 ,  G06F18/2148 ,  G06N3/08 ,  G06N5/025 ,  G06N5/04

Abstract: A method for deployment of machine-learning based operators within a query is described. For this embodiment, a sequence of operators associated with a query is identified, which includes at least a first operator and at least a second operator. The second operator is configured to perform operations, in accordance with a machine learning (ML) component, on data received as input from execution of the first operator. Schemas associated with the machine learning component is retrieved along with schemas associated with other operators within the sequence. Compatibility between at least an output schema associated with the first operator and an input schema associated with the second operator associated with the ML component is determined. Thereafter, a portion of the sequence of operators including at least the second operator and another operator of the sequence of operators successive to the second operator may be stored within a data store for subsequent use.

公开(公告)号：US12130866B1

公开(公告)日：2024-10-29

申请号：US17114423

申请日：2020-12-07

Applicant: Splunk Inc.

Inventor： Lucas Murphey ,  David Hazekamp

IPC: G06F16/30 ,  G06F16/903 ,  G06F16/9032 ,  G06F16/906 ,  G06F16/907

CPC classification number: G06F16/90335 ,  G06F16/9032 ,  G06F16/906 ,  G06F16/907

Abstract: One or more processing devices receive a definition of a search query for a correlation search of a data store, the data store comprising time-stamped events that each include raw machine data reflecting activity in an information technology environment and produced by a component of the information technology environment, receive a definition of a triggering condition to be evaluated based on aggregated statistics of values of one or more fields of a dataset produced by the search query, receive a definition of one or more actions to be performed when the triggering condition is satisfied, generate, using search processing language, a statement to define the search query and the triggering condition, and in view of the results of the execution of the search processing language, cause generation of the correlation search using the defined search query, the triggering condition, and the one or more actions, the correlation search comprising updated search processing language having the search query and a processing command for criteria on which the triggering condition is based.

公开(公告)号：US12130829B2

公开(公告)日：2024-10-29

申请号：US18051458

申请日：2022-10-31

Applicant: Splunk Inc.

Inventor： Nasim Bigdelu ,  Margaret Kelley ,  Mirjana Tesic ,  Rebecca Tortell ,  Rajesh Raman

IPC: G06F16/00 ,  G06F16/242 ,  G06F16/248

CPC classification number: G06F16/248 ,  G06F16/2425

Abstract: Systems and methods are described for generation and execution of modified queries. An input can be received via a visualization of a user interface. The input may identify a first field value and a first field for execution of a query. A set of data for execution of the query can be identified based on the input. Alias data may identify a second field that is associated with the first field. Using the alias data, a modified query can be generated based on the query and the second field. The modified query can be executed to generate query results. The query results can be displayed via a visualization of the user interface based on the first field.