公开(公告)号：US12028222B1

公开(公告)日：2024-07-02

申请号：US17560747

申请日：2021-12-23

Applicant: Splunk Inc.

Inventor： Atif Mahadik ,  Ryan Connor Means ,  Govind Salinas ,  Sourabh Satish

IPC: H04L41/14 ,  H04L41/0631 ,  H04L41/0654 ,  H04L41/22

CPC classification number: H04L41/145 ,  H04L41/0636 ,  H04L41/0645 ,  H04L41/0654 ,  H04L41/22

Abstract: Described herein are improvements for generating courses of action for an information technology (IT) environment. In one example, a method includes identifying a first course of action for responding to an incident type in an information technology environment and generating a simulated incident associated with the incident type. The method further includes initiating performance of the first course of action based on the generation of the simulated incident. The method also includes, upon reaching a particular step of the first course of action that prevents the performance of the first course of action from proceeding, providing a first simulated result that allows the performance of the first course of action to proceed.

公开(公告)号：US12026176B2

公开(公告)日：2024-07-02

申请号：US18313240

申请日：2023-05-05

Applicant: SPLUNK INC.

Inventor： Da Xu ,  Sundar Vasan ,  Dhruva Kumar Bhagi

IPC: G06F16/27 ,  G06F3/06 ,  G06F11/20 ,  G06F11/30 ,  G06F11/32 ,  G06F11/34 ,  G06F16/22 ,  H04L67/1097

CPC classification number: G06F16/27 ,  G06F11/2094 ,  G06F11/3006 ,  G06F11/3072 ,  G06F11/32 ,  G06F11/3409 ,  G06F11/3476 ,  G06F16/2272 ,  H04L67/1097 ,  G06F3/0617 ,  G06F2201/86

Abstract: A method for performing disaster recovery in a clustered environment comprises identifying, at a master device, a first indexer from a set of indexers to serve as a primary indexer for responding to queries pertaining to a subset of data. The method also comprises assigning, at the master device, a generation identifier indicating that the first indexer is the primary indexer for the subset of data. Responsive to an event prompting a change in a primary indexer designation for the subset of data, the method comprises identifying, at the master device, a second indexer from the set of indexers to serve as the primary indexer for responding to queries pertaining to the subset of data. Further, the method comprises assigning, at the master device, a new generation identifier indicating that the second indexer is the primary indexer for the subset of data.

公开(公告)号：US12021698B1

公开(公告)日：2024-06-25

申请号：US18115822

申请日：2023-03-01

Applicant: SPLUNK Inc.

Inventor： Ankur Ashok Kath ,  Ayyappa Muthusami ,  Jeffrey Wen-Young Shih ,  Ian Edward Torbett ,  Peter Wu

IPC: H04L41/0893 ,  G06F11/34 ,  H04L41/0604 ,  H04L41/0894 ,  H04L41/22 ,  H04L41/5009 ,  H04L43/065 ,  H04L43/0805

CPC classification number: H04L41/0893 ,  G06F11/3428 ,  H04L41/0613 ,  H04L41/0894 ,  H04L41/22 ,  H04L41/5012 ,  H04L43/065 ,  H04L43/0805

Abstract: An example method of entity lifecycle management in a service monitoring system includes: receiving, by a software application of a service monitoring system, a policy definition specifying an entity lifecycle management policy, wherein the entity lifecycle management policy defines management rules for a plurality of entities in a network environment, wherein each entity of the plurality of entities is represented by one of: a device, an application, a service, or a user account; identifying, by applying the entity lifecycle management policy, one or more candidate entities for retirement; identifying, as retired entities, at least a subset of the one or more candidate entities; and excluding the retired entities from a plurality of active entities, thus preventing the retired entities from interacting with other components of the service monitoring system; and determining a value of a key performance indicator (KPI) reflecting an aspect of performance of the service, wherein the KPI is defined by a search query that derives the value of the KPI from machine data associated with one or more entities of the plurality of active entities.

公开(公告)号：US12014255B1

公开(公告)日：2024-06-18

申请号：US18334996

申请日：2023-06-14

Applicant: Splunk Inc.

Inventor： Iryna Vogler-Ivashchanka ,  Iman Makaremi

IPC: G06N20/00 ,  G06F16/9038 ,  G06F17/18

CPC classification number: G06N20/00 ,  G06F16/9038 ,  G06F17/18

Abstract: Techniques are described for providing a machine learning (ML) data analytics application including guided ML workflows that facilitate the end-to-end training and use of various types of ML models, where such guided workflows may also be referred to as ML “experiments.” One such model is an outlier detection model to assist in the monitoring of computer network traffic and computer performance. For example, the ML data analytics application may generate an outlier detection model using user-identified data from a data source and parameter information. The generates outlier detection model can include distribution functions of distribution types selected from a plurality of distribution types by a distribution fitting algorithm.

公开(公告)号：US12013880B2

公开(公告)日：2024-06-18

申请号：US17721251

申请日：2022-04-14

Applicant: SPLUNK Inc.

Inventor： Nishant Agarwal ,  Houwu Bai ,  Darshan Patel ,  Rajesh Raman ,  Joseph Ari Ross

IPC: G06F16/28 ,  G06F16/2455 ,  G06F16/2458 ,  H04L43/08

CPC classification number: G06F16/287 ,  G06F16/24568 ,  G06F16/2477 ,  H04L43/08

Abstract: Described are systems, methods, and techniques for collecting, analyzing, processing, and storing time series data and for evaluating and dynamically estimating a resolution of one or more streams of data points and updating an output resolution. Responsive to receiving a stream of data points, a data resolution can be derived and an output resolution can be set to a first value. When a change to the data resolution is detected, the output resolution can be changed, modifying a frequency at which output data points are generated and/or transmitted. In some instances, a detector can be implemented to trigger an alert responsive to ingested data points corresponding with triggering parameters. An output resolution for the detector can be dynamically modified based on dynamically detecting a change to the data resolution of the stream of data.

公开(公告)号：US12001426B1

公开(公告)日：2024-06-04

申请号：US18295567

申请日：2023-04-04

Applicant: Splunk Inc.

Inventor： Chandrashekar Basavaiah ,  Elizabeth Li ,  Eric Tschetter ,  Joshua Walters

IPC: G06F9/44 ,  G06F8/77 ,  G06F16/21 ,  G06F16/2452

CPC classification number: G06F16/24526 ,  G06F8/77 ,  G06F16/212

Abstract: Systems and methods are disclosed for supporting transformations of a graph generated from a query to event data. The event data may be unstructured event data, from which instances of a journey can be identified that represent sequences of related events describing actions performed in a computing environment. When evaluating journey instances, it can be helpful to visualize the instances as a graph. Depending on the instances viewed, a user may desire different modifications to the graph. While such modifications can be made when initially building instances from the unstructured event data, this can limit reuse of the resulting instances (since the modification would also be present when evaluating other subsets). To address this, embodiments of the present disclosure enable graph modifications to be applied to subsets of journey instances after building those instances from unstructured event data, increasing reuse of instances built from a query against the unstructured data.

公开(公告)号：US11989707B1

公开(公告)日：2024-05-21

申请号：US17329384

申请日：2021-05-25

Applicant: SPLUNK Inc.

Inventor： Alexander D. Munk

IPC: G06Q20/10 ,  G06F16/31 ,  G06Q20/08

CPC classification number: G06Q20/102 ,  G06F16/316 ,  G06Q20/08

Abstract: Provided are systems and methods for managing storage of machine data. In one embodiment, a method can be provided. The method can include receiving, from one or more data sources, raw machine data; processing the raw machine data to generate processed machine data; storing the processed machine data in a data store; and determining an allocated data size associated with the processed machine data stored in the data store, wherein the allocated data size is the size of the raw machine data corresponding to the processed machine data stored in the data store.

公开(公告)号：US11977544B2

公开(公告)日：2024-05-07

申请号：US17876404

申请日：2022-07-28

Applicant: Splunk Inc.

Inventor： David Ryan Marquardt ,  Karthikeyan Sabhanatarajan ,  Steve Yu Zhang

IPC: G06F16/20 ,  G06F16/22 ,  G06F16/2453 ,  G06F16/2458

CPC classification number: G06F16/24537 ,  G06F16/2228 ,  G06F16/2477

Abstract: Embodiments of the present disclosure provide techniques for using an inverted index in a pipelined search query. A field searchable data store is provided that comprises a plurality of event records, each event record comprising a time-stamped portion of raw machine data. Responsive to the reciept of an incoming search query, the search engine accesses an inverted index, wherein each entry in the inverted index comprises at least one field name, a corresponding at least one field value and a reference value associated with each field name and value pair that identifies a location in the data store where an associated event record is stored. Once the inverted index is accessed, it can be used to identify and search a subset of the plurality of event records, wherein the subset comprises one or more event records with corresponding reference values in the inverted index.

公开(公告)号：US20240143612A1

公开(公告)日：2024-05-02

申请号：US18051458

申请日：2022-10-31

Applicant: Splunk Inc.

Inventor： Nasim Bigdelu ,  Margaret Kelley ,  Mirjana Tesic ,  Rebecca Tortell ,  Rajesh Raman

IPC: G06F16/248 ,  G06F16/242

CPC classification number: G06F16/248 ,  G06F16/2425

Abstract: Systems and methods are described for generation and execution of modified queries. An input can be received via a visualization of a user interface. The input may identify a first field value and a first field for execution of a query. A set of data for execution of the query can be identified based on the input. Alias data may identify a second field that is associated with the first field. Using the alias data, a modified query can be generated based on the query and the second field. The modified query can be executed to generate query results. The query results can be displayed via a visualization of the user interface based on the first field.

公开(公告)号：US11954541B1

公开(公告)日：2024-04-09

申请号：US17588074

申请日：2022-01-28

Applicant: Splunk Inc.

Inventor： Craig Keith Carl

IPC: G06F9/54

CPC classification number: G06F9/546

Abstract: Techniques are described for providing a highly available data ingestion system for ingesting machine data sent from remote data sources across potentially unreliable networks. To provide for highly available delivery of such data, a data intake and query system provides users with redundant sets of ingestion endpoints to which messages sent from users' computing environments can be delivered to the data intake and query system. Users' data sources, or data forwarding components configured to obtain and send data from one or more data sources, are then configured to encapsulate obtained machine data into discrete messages and to send copies of each message to two or more of the ingestion endpoints provisioned for a user. The ingestion endpoints receiving the messages implement a deduplication technique and provide only one copy of each message to a subsequent processing component (e.g., to an indexing subsystem for event generation, event indexing, etc.).