公开(公告)号：US12072913B1

公开(公告)日：2024-08-27

申请号：US18162639

申请日：2023-01-31

Applicant: Splunk Inc.

Inventor： Alexander D. James ,  Vinayak Bhakta ,  Venkatasubramanian Jayaraman ,  Ganesh Jothikumar ,  Andrew John Peters ,  Amy Sutedja

IPC: G06F16/28 ,  G06F16/248

CPC classification number: G06F16/285 ,  G06F16/248

Abstract: Systems and methods are described for implementing programmatic input/output (I/O) routing to datasets with user-defined partitions while providing unhandled data protection. As disclosed herein, a user may define a dataset as including one or more partitions, each partition including criteria for storing data objects written to the partitioned dataset in the individual partitions. Data objects written to the dataset can then be evaluated according to the criteria, and routed to an appropriate partition. To provide unhandled data protection, a dataset definition can include a default partition to which data objects are routed when the data object fails to satisfy the criteria of any of the set of user-defined partitions identified in the specification. Processing I/O operations according to a user-defined partitioning schema can enable data objects to be arranged according to any partitioning schema without tethering the partitioning to a particular underlying storage system.

公开(公告)号：US12066995B2

公开(公告)日：2024-08-20

申请号：US17482781

申请日：2021-09-23

Applicant: SPLUNK INC.

Inventor： David Ryan Marquardt ,  Stephen Phillip Sorkin ,  Steve Yu Zhang

IPC: G06F7/00 ,  G06F16/00 ,  G06F16/22 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/248 ,  G06F16/28 ,  G06F16/951

CPC classification number: G06F16/2228 ,  G06F16/00 ,  G06F16/24539 ,  G06F16/2455 ,  G06F16/248 ,  G06F16/284 ,  G06F16/951

Abstract: Embodiments are directed are towards a method for generating a query response, which comprises creating two or more partitions of event records from raw data stored in a data store, wherein each event record in the two or more partitions of event records includes a portion of the raw data and is associated with a time stamp derived from the raw data. The method also comprises generating a summarization table for each partition of the two or more partitions that: (a) identifies a field value comprising a value that corresponds to an associated field extracted from a respective event record; and (b) for the field value, includes a posting value to the respective event record within a respective partition. The method further comprises generating partial results for a received query using summarization tables in the partitions and generating a response to the query by combining the partial results.

公开(公告)号：US12047407B2

公开(公告)日：2024-07-23

申请号：US18228982

申请日：2023-08-01

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L9/40 ,  G06F16/28 ,  G06F21/55 ,  H04L47/2425

CPC classification number: H04L63/1441 ,  G06F16/285 ,  G06F21/554 ,  H04L63/0236 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20 ,  H04L47/2425

Abstract: Systems, methods, and software described herein provide security actions based on the current state of a security threat. In one example, a method of operating an advisement system in a computing environment with a plurality of computing assets includes identifying a security threat within the computing environment. The method further includes, in response to identifying the security threat, obtaining state information for the security threat within the computing environment, and determining a current state for the security threat within the computing environment. The method also provides obtaining enrichment information for the security threat and determining one or more security actions for the security threat based on the enrichment information and the current state for the security threat.

公开(公告)号：US20240244126A1

公开(公告)日：2024-07-18

申请号：US18621019

申请日：2024-03-28

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Clayton S. CHING ,  Michael R. DICKEY ,  Vladimir A. SHCHERBAKOV ,  Clint SHARP

IPC: H04L69/22 ,  H04L43/028 ,  H04L43/0876

CPC classification number: H04L69/22 ,  H04L43/028 ,  H04L43/0876

Abstract: In the disclosed embodiments, a remote capture agent monitors network packets traversing a network interface of a computing device in an information technology environment. Network data is obtained from the network packets. The network data is modified based on configuration information obtained by the remote capture agent from a configuration server to obtain modified network data. Timestamped events are generated based on the modified network data, and the timestamped events are sent to another component on the network for subsequent processing.

公开(公告)号：US12039310B1

公开(公告)日：2024-07-16

申请号：US17445683

申请日：2021-08-23

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Ai-chi Lu ,  Nicholas Matthew Tankersley

IPC: G06F7/00 ,  G06F8/61 ,  G06F16/00 ,  G06F16/26 ,  G06F16/951 ,  G06F3/0483 ,  G06F3/04847

CPC classification number: G06F8/61 ,  G06F16/26 ,  G06F16/951 ,  G06F3/0483 ,  G06F3/04847

Abstract: Data intake and query system (DIQS) instances supporting applications including lower-tier, focused, work group oriented applications may be tailored to meet the specific needs of the users. Rather than offer pre-configured options, the DIQS-based application offers the user the ability to customize data collection before deploying the collectors for specified host entities within an IT environment. Once the user selects the metrics and/or log sources for data collection at a custom interface, the lower-tier DIQS generates custom script operable to establish collection of the source data having the selected metrics and events associated with selected log sources from the specified host entities. The user can display and analyze the collected data.

公开(公告)号：US12038993B1

公开(公告)日：2024-07-16

申请号：US18104218

申请日：2023-01-31

Applicant: SPLUNK Inc.

Inventor： Umang Agarwal ,  Gergely Danyi ,  Khawar Deen ,  Joshua Johnson ,  Anusha Konatala ,  Rashmi Kalyani Vasudevan ,  John Bennett Wundes

IPC: G06F15/173 ,  G06F11/34 ,  G06F16/955 ,  G06F16/958

CPC classification number: G06F16/9566 ,  G06F11/3409 ,  G06F16/958

Abstract: A performance monitoring system (PMS 102) displays a list of example URLs that matched a URL grouping rule used to group URLs. For a rule configured for a customer of the PMS, the example matched URLs are selected by the PMS from a candidate set of URLs identified from data associated with that customer. The PMS receives information identifying a Uniform Resource Locator (URL) grouping rule displayed in a graphical user interface (GUI). The PMS identified a list of candidate URLs occurring in the stored data. The PMS then identifies, from the list of candidate URLs, a set of matched URLs, the set of matched URLs including one or more URLs from the list of candidate URLs that matched the URL grouping rule. The PMS then causes at least one URL from the set of matched URLs to be displayed on the GUI.

公开(公告)号：US12038926B1

公开(公告)日：2024-07-16

申请号：US17163220

申请日：2021-01-29

Applicant: SPLUNK INC.

Inventor： Jay A. Pathak ,  Steve Yu Zhang

IPC: G06F16/2455 ,  G06F16/22

CPC classification number: G06F16/2455 ,  G06F16/2228

Abstract: A computer-implemented method of determining indexed fields at query time comprises mapping data from a first source type to indexed fields in batch form using a wildcard specifier. The method also comprises receiving a query to execute on a data set comprising data from the first source type and data from a second source type. Further, the method comprises transforming the query to execute on the data from the first source type separately from the data from the second source type. Additionally, the method comprises executing the query to operate on the data from the first source type using information associated with the indexed fields and to separately operate on the data from the second source type.

公开(公告)号：US20240232219A9

公开(公告)日：2024-07-11

申请号：US18494312

申请日：2023-10-25

Applicant: Splunk Inc.

Inventor： Glenn Block ,  Patrick Ogdin

IPC: G06F16/26 ,  G06F16/22 ,  G06F16/248 ,  G06F16/25 ,  G06F16/951

CPC classification number: G06F16/26 ,  G06F16/2228 ,  G06F16/248 ,  G06F16/254 ,  G06F16/951

Abstract: A data intake and query system processes and stores events, which are associated with token identifiers for tokens corresponding to data sources for the messages that the events are generated from. Thus, the data intake and query system can receive a request to provide analyses and visualizations regarding stored events associated with a particular component associated with a plurality of events, such as a data source for the messages from which the plurality of events are generated from. These requests and the resulting visualizations can be customized based on selected tokens and selected components.

公开(公告)号：US12034759B2

公开(公告)日：2024-07-09

申请号：US17507698

申请日：2021-10-21

Applicant: SPLUNK INC.

Inventor： John Coates ,  Lucas Murphey ,  David Hazekamp ,  James Hansen

IPC: H04L9/40 ,  G06F16/28 ,  G06F21/55

CPC classification number: H04L63/1433 ,  G06F16/285 ,  G06F21/554 ,  H04L63/14 ,  H04L63/1408 ,  H04L63/1416 ,  G06F2221/034 ,  G06F2221/2151 ,  H04L63/20

Abstract: A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.

公开(公告)号：US12028226B1

公开(公告)日：2024-07-02

申请号：US17974011

申请日：2022-10-26

Applicant: SPLUNK Inc.

Inventor： Abhijit Bhave ,  Jiani Chen ,  Ananta Krishna Vijay Kumar Gampaa ,  Everett Kotler ,  Rehan Salman Mulla ,  Tapan Manojkumar Shah ,  Ian Edward Torbett ,  Bixia Yan

IPC: H04L43/045 ,  H04L43/00 ,  H04L43/08

CPC classification number: H04L43/045 ,  H04L43/08 ,  H04L43/14

Abstract: An example method of content pack management by a service monitoring system includes: receiving a plurality of object identifiers, each object identifier referencing a corresponding object installed in an instance of a service monitoring system; performing a partial backup of the instance of a service monitoring system, wherein the partial backup comprises a plurality of objects referenced by the plurality of object identifiers; converting the partial backup into a plurality of object definitions in a predefined format; and packaging the plurality of object definitions into a content pack.