公开(公告)号：US20170220685A1

公开(公告)日：2017-08-03

申请号：US15011361

申请日：2016-01-29

Applicant: Splunk Inc.

Inventor： Hailun Yan ,  Ledion Bitincka ,  Kishore Reddy Ramasayam ,  Elizabeth Lin ,  David Ryan Marquardt

IPC: G06F17/30

Abstract: Embodiments of the present invention are directed to facilitating data model acceleration in association with an external data system. In accordance with aspects of the present disclosure, at a core engine, a search request associated with a data model is received. The data model generally designates one or more fields, from among a plurality of fields, that are of interest for subsequent searches. Thereafter, it is determined that an accelerated data model summary associated with the data model is stored at an external data system remote from the core engine that received the search request. The accelerated data model summary includes field values associated with the one or more fields designated in the data model. A search for the received search request is initiated using the accelerated data model summary at the external data. A set of search results relevant to the search request is obtained and provided to a user device for display to a user.

公开(公告)号：US20170220633A1

公开(公告)日：2017-08-03

申请号：US15012757

申请日：2016-02-01

Applicant: Splunk Inc.

Inventor： Michael Porath ,  Simon Foster Fishel ,  Adam Jamison Oliner ,  Clark Eugene Mullen ,  Siegfried Puchbauer-Schnabel ,  Marshall Chalmers Agnew

IPC: G06F17/30 ,  G06F3/0482

CPC classification number: G06F16/248 ,  G06F9/452 ,  G06F9/542

Abstract: A modular visualization framework registers definitions for a variety of visualization types. The definitions are tagged with visualization characteristics. During a working session, likely interactive, a user identifies a search query used to produce data to be visualized. The working context, including the search query and data produced by its execution, is tagged for its visualization characteristics. Information about the working context, including its visualization characteristics, is then used to produce a customized list of candidates suited for the working context from which the user may select a visualization type.

公开(公告)号：US20170208089A1

公开(公告)日：2017-07-20

申请号：US15475120

申请日：2017-03-30

Applicant: Splunk Inc.

Inventor： Munawar Monzy Merza

IPC: H04L29/06 ,  H04L29/12

CPC classification number: H04L63/1441 ,  A61G17/0073 ,  A61G17/04 ,  A61G17/041 ,  A61G17/042 ,  A61G17/044 ,  G06F21/50 ,  G06T11/206 ,  H04L61/1511 ,  H04L63/10 ,  H04L63/1416 ,  H04L67/02

Abstract: Domain names are determined for each computational event in a set, each event detailing requests or posts of webpages. A number of events or accesses associated with each domain name within a time period is determined. A registrar is further queried to determine when the domain name was registered. An object is generated that includes a representation of the access count and an age since registration for each domain names. A client can interact with the object to explore representations of domain names associated with high access counts and recent registrations. Upon determining that a given domain name is suspicious, a rule can be generated to block access to the domain name.

公开(公告)号：US09699205B2

公开(公告)日：2017-07-04

申请号：US14841634

申请日：2015-08-31

Applicant: Splunk Inc.

Inventor： Sudhakar Muddu ,  Christos Tryfonas ,  Ravi Prasad Bulusu

IPC: G06F21/00 ,  H04L29/06 ,  G06N99/00 ,  G06F17/30 ,  G06N7/00 ,  G06F3/0482 ,  G06F3/0484 ,  G06F17/22 ,  H04L12/24 ,  G06N5/04 ,  G06K9/20 ,  H04L12/26

CPC classification number: H04L63/1416 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F17/2235 ,  G06F17/30061 ,  G06F17/3053 ,  G06F17/30563 ,  G06F17/30598 ,  G06F17/30958 ,  G06K9/2063 ,  G06N5/04 ,  G06N7/005 ,  G06N99/005 ,  H04L41/0893 ,  H04L41/145 ,  H04L41/22 ,  H04L43/00 ,  H04L43/045 ,  H04L43/062 ,  H04L43/08 ,  H04L63/06 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20 ,  H04L2463/121

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

公开(公告)号：US20170142149A1

公开(公告)日：2017-05-18

申请号：US15421420

申请日：2017-01-31

Applicant: Splunk Inc.

Inventor： John Coates ,  Lucas Murphey ,  David Hazekamp ,  James Hansen

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/1433 ,  G06F17/30598 ,  G06F21/554 ,  G06F2221/034 ,  G06F2221/2151 ,  H04L63/14 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/20

Abstract: A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.

公开(公告)号：US20170142140A1

公开(公告)日：2017-05-18

申请号：US15418546

申请日：2017-01-27

Applicant: Splunk Inc.

Inventor： Sudhakar Muddu ,  Christos Tryfonas ,  Ravi Prasad Bulusu

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F17/2235 ,  G06F17/30061 ,  G06F17/3053 ,  G06F17/30563 ,  G06F17/30598 ,  G06F17/30958 ,  G06K9/2063 ,  G06N5/04 ,  G06N7/005 ,  G06N99/005 ,  H04L41/0893 ,  H04L41/145 ,  H04L41/22 ,  H04L43/00 ,  H04L43/045 ,  H04L43/062 ,  H04L43/08 ,  H04L63/06 ,  H04L63/1408 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/1441 ,  H04L63/20 ,  H04L2463/121 ,  H05K999/99

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

公开(公告)号：US20170140013A1

公开(公告)日：2017-05-18

申请号：US15421297

申请日：2017-01-31

Applicant: Splunk Inc.

Inventor： David Ryan Marquardt ,  Mitchell Neuman Blank, Jr. ,  Stephen Phillip Sorkin

IPC: G06F17/30

CPC classification number: G06F16/221 ,  G06F16/2228 ,  G06F16/2322 ,  G06F16/243 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/2477 ,  G06F16/248 ,  G06F16/282 ,  G06F16/319 ,  G06F16/33 ,  G06F16/338

Abstract: Embodiments are directed towards a method for searching data. The method comprises generating an inverted index that comprises at least one record, wherein the at least one record comprises at least one field name and a corresponding at least one field value. The at least one field name and corresponding value are extracted from time-stamped searchable events that are stored in a field searchable datastore and comprise portions of raw data. The at least one record further comprises a posting value that identifies a location in the field searchable datastore where an event associated with the at least one record is stored. The method further comprises receiving an incoming search query that references a field name. Furthermore, the method comprises generating results to the incoming search query based on the field searchable datastore, wherein the field searchable datastore is directly searchable by the field name.

公开(公告)号：US20170139963A1

公开(公告)日：2017-05-18

申请号：US15421068

申请日：2017-01-31

Applicant: Splunk Inc.

Inventor： Michael Joseph Baum ,  R. David Carasso ,  Robin Kumar Das ,  Rory Greene ,  Bradley Hall ,  Nicholas Christian Mealy ,  Brian Philip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Erik M. Swan

IPC: G06F17/30

CPC classification number: G06F16/2272 ,  G06F16/2228 ,  G06F16/2291 ,  G06F16/2322 ,  G06F16/24568 ,  G06F16/24575 ,  G06F16/24578 ,  G06F16/2477 ,  G06F16/248 ,  G06F16/951

Abstract: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.

公开(公告)号：US20170139887A1

公开(公告)日：2017-05-18

申请号：US15417430

申请日：2017-01-27

Applicant: Splunk, Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F17/24 ,  G06F3/0484 ,  G06F17/30

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US09614736B2

公开(公告)日：2017-04-04

申请号：US14815919

申请日：2015-07-31

Applicant: Splunk, Inc.

Inventor： Tristan Antonio Fletcher ,  Alok Anant Bhide

IPC: G06F17/30 ,  G06F7/00 ,  H04L12/24 ,  G06Q10/06 ,  H04L29/08 ,  H04L12/26 ,  G06F3/0484 ,  G06F9/54 ,  G06F3/0481 ,  G06F3/0482

CPC classification number: H04L43/16 ,  G06F3/0481 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/542 ,  G06F17/30424 ,  G06F17/30463 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30572 ,  G06F17/30675 ,  G06F17/30864 ,  G06F17/30867 ,  G06F17/30958 ,  G06F17/30964 ,  G06F17/30979 ,  G06F17/30991 ,  G06Q10/06393 ,  G06T11/206 ,  G06T2200/24 ,  H04L29/08072 ,  H04L41/0213 ,  H04L41/0806 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/5032 ,  H04L41/5035 ,  H04L41/5038 ,  H04L43/04 ,  H04L43/045 ,  H04L67/10 ,  H04L67/16

Abstract: A service monitoring system receives a selection of key performance indicators (KPIs) that each indicate a different aspect of how a service provided by one or more entities is performing. Each entity of the one or more entities produces machine data or wherein each entity has its operation reflected in machine data not produced by the entity. Each KPI is defined by a different search query that derives one or more values from the machine data pertaining to the one or more entities providing the service, where each of the one or more values is associated with a point in time and representing the aspect of how the service is performing at the associated point in time. For each of the selected KPIs, the service monitoring system derives the one or more values and causes display of a graphical visualization of the derived one or more values for the KPI along a time-based graph lane. The graph lanes for the selected KPIs are parallel to each other and the graphical visualizations in the graph lanes are all calibrated to a same time scale.