公开(公告)号：US12061691B2

公开(公告)日：2024-08-13

申请号：US17515328

申请日：2021-10-29

Applicant: Splunk Inc.

Inventor： James Apger ,  Allison Lindsey Drake ,  James Irwin Ebeling ,  Orville Esoy ,  Bhooshan Kulkarni ,  Marquis L. Montgomery ,  Daniel Trenkner

IPC: G06F21/55 ,  G06F3/0482 ,  G06F21/57

CPC classification number: G06F21/552 ,  G06F3/0482 ,  G06F21/577 ,  G06F2221/2101

Abstract: A graphical user interface (GUI) for presentation of network security risk and threat information is disclosed. A listing is generated of incidents identified by use of event data obtained from a networked computing environment. A particular incident is determined to be associated with a risk object, wherein a risk object is a component of the networked computing environment. The listing is populated with a name associated with the risk object. Risk events associated with the incident are determined, wherein each risk event contributes to a risk score for the incident. The risk score indicates a potential security issue associated with the risk object. The listing is populated with the risk score and a summary of the events. An action is associated with the listing, for triggering display of additional information associated with the risk object. The listing can be displayed in a first display screen of the GUI.

公开(公告)号：US12061533B1

公开(公告)日：2024-08-13

申请号：US17877725

申请日：2022-07-29

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Samat Jain ,  Felix Jiang ,  Shanmugam Kailasam ,  Jibang Liu ,  Isabelle Park ,  Vishal Patel ,  Divya Vijayan ,  Jiahan Wang ,  Tingjin Xu

IPC: G06F11/34 ,  G06F3/06

CPC classification number: G06F11/3476 ,  G06F3/0619 ,  G06F2201/81

Abstract: Ingest health monitoring includes receiving an event stream of events in a data intake and query system to store on at least one storage system and obtaining an event from the event stream. Ingest health monitoring further includes transmitting the event to a selected ingest module queue for the event, updating an output rate indicator counter for the selected ingest module queue when failure to store the event in the ingest module queue occurs, obtaining the event from the selected ingest module queue, processing the event to generate a file for the event, and transmitting the file to the at least one storage system. Ingest health monitoring further includes updating the write failure indicator counter for a storage system of the at least one storage system when failure to transmit to the storage system occurs and updating the user interface based on the output rate indicator counter and the write failure indicator counter.

公开(公告)号：US20240256545A1

公开(公告)日：2024-08-01

申请号：US18309596

申请日：2023-04-28

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  Vinayak Bhakta ,  Ganesh Jothikumar ,  Bei Li ,  Jengie Shau

IPC: G06F16/2453 ,  G06F16/22 ,  G06F16/23 ,  G06F16/242

CPC classification number: G06F16/24549 ,  G06F16/2228 ,  G06F16/2358 ,  G06F16/2433 ,  G06F16/24542

Abstract: Systems and methods are disclosed for receiving, at query coordinator, a search query. The query coordinator parses the search query and generates tasks for different runtime systems. The query coordinator configures an interface enabling inter system communication between the runtime systems. The generated tasks are distributed to the runtime systems and partial results of a runtime system are communicated to the interface. The query coordinator retrieves the partial results from the interface, finalizes the partial results, and sends finalized results them to the requestor of the search query.

公开(公告)号：US12050597B2

公开(公告)日：2024-07-30

申请号：US18078876

申请日：2022-12-09

Applicant: Splunk Inc.

Inventor： Amin Moshgabadi ,  Baibhav Gautam ,  Hema Krishnamurthy Mohan ,  Joshua Vertes

IPC: G06F16/00 ,  A61K39/245 ,  C12N7/00 ,  C12N9/10 ,  C12N9/12 ,  C12N9/16 ,  G06F3/0482 ,  G06F16/242 ,  G06F16/245 ,  G06F16/25 ,  A61K39/00

CPC classification number: G06F16/2428 ,  A61K39/245 ,  C12N7/00 ,  C12N9/1007 ,  C12N9/1241 ,  C12N9/16 ,  C12Y201/01056 ,  C12Y207/0705 ,  C12Y301/03033 ,  G06F3/0482 ,  G06F16/245 ,  G06F16/252 ,  A61K2039/53 ,  C07K2319/21 ,  C12N2710/16134

Abstract: An improved data intake and query system that can perform and display ingest-time and search-time field extraction, redaction, copy, and/or categorization is described herein. As described herein, ingest-time field extraction, redaction, copy, and/or categorization may refer to field or field value extraction, redaction, copy, and/or categorization that is performed by a log observer system of the data intake and query system on raw machine data as the raw machine data is ingested or received from a publisher. As described herein, search-time field extraction, redaction, copy, and/or categorization may refer to field or field value extraction, redaction, copy, and/or categorization that is performed by the log observer system and/or other components of the improved data intake and query system on historical raw machine data that has already been ingested and indexed by the improved data intake and query system.

公开(公告)号：US12050507B1

公开(公告)日：2024-07-30

申请号：US17582995

申请日：2022-01-24

Applicant: Splunk, Inc.

Inventor： Abraham Starosta ,  Francis Beckert ,  Chandrima Sarkar

IPC: G06F11/07 ,  G06F16/2455 ,  G06F16/2458

CPC classification number: G06F11/0781 ,  G06F16/24561 ,  G06F16/2471

Abstract: A computerized method is disclosed for automated handling of data ingestion anomalies. The method features training a data model based on a first volume of data associated with a first time period. Thereafter, using the data model, a predictive analysis is conducted on a second volume of data associated with a second time period subsequent to the first time period to produce a predicted data ingestion volume. After, a correlative analysis between the predicted data ingestion volume and an actual data ingestion volume during the second time period is conducted to produce a prediction error. A notification is generated based on the prediction error.

公开(公告)号：US12039046B1

公开(公告)日：2024-07-16

申请号：US18311799

申请日：2023-05-03

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Trenton John Beals ,  Glenn Gallien ,  Govind Salinas

IPC: G06F21/55 ,  G06F9/451 ,  G06F11/07 ,  G06F11/34 ,  H04L9/40 ,  H04L41/0631

CPC classification number: G06F21/554 ,  G06F9/453 ,  G06F11/0793 ,  G06F11/3438 ,  H04L41/0631 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1441

Abstract: The technology presented herein improves incident handling in an IT environment. In a particular example, a method provides identifying a first incident in the IT environment. From incident handling information that indicates how a plurality of previous incidents were handled by one or more users, the method provides identifying first information of the incident handling information corresponding to one or more first previous incidents of the plurality of previous incidents that are similar to the first incident. The method further provides determining a suggested course of action from the first information and presenting the suggested course of action to a user of the information technology environment.

公开(公告)号：US20240220497A1

公开(公告)日：2024-07-04

申请号：US18609798

申请日：2024-03-19

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Arindam Bhattacharjee

IPC: G06F16/2453 ,  G06F16/21 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/25 ,  G06F16/28 ,  G06F40/205

CPC classification number: G06F16/24535 ,  G06F16/219 ,  G06F16/24554 ,  G06F16/24568 ,  G06F16/2471 ,  G06F16/25 ,  G06F16/288 ,  G06F40/205

Abstract: Systems and methods are disclosed for executing a query that includes an indication to process data managed by an external data system. The system identifies the external data system that manages the data to be processed and generates a subquery for the external data system indicating that the results of the subquery are to be sent to one worker node of multiple worker nodes. The system instructs the one worker node to distribute the results received from the external data system to multiple worker nodes for processing.

公开(公告)号：US12019939B1

公开(公告)日：2024-06-25

申请号：US17347289

申请日：2021-06-14

Applicant: SPLUNK INC.

Inventor： Jesse Chor ,  Varun Gupta ,  Tuba Rafi ,  Benjamin Weaver ,  Glen Wong

IPC: G09G3/30 ,  G06F3/14 ,  G06F16/9038 ,  G09G3/36

CPC classification number: G06F3/1446 ,  G06F3/1438 ,  G06F16/9038

Abstract: Various embodiments set forth a computer-implemented method of displaying content of a visualization environment, comprising receiving, by a display controller coupled to a display device included in a plurality of display devices, a configuration that includes a display mode and identifies a dashboard to be displayed, determining a position of the display device relative to positions of other display devices, retrieving a set of values associated with the dashboard, where the set of values is provided by a remote data source based on a query executed on raw machine data associated with the dashboard, determining, based on the position, at least a portion of the dashboard to display in the display device, and causing, by the display controller, the display device to display at least a portion of the set of values within at least the portion of the dashboard.

公开(公告)号：US12007996B2

公开(公告)日：2024-06-11

申请号：US18051481

申请日：2022-10-31

Applicant: Splunk Inc.

Inventor： Balaji Rao ,  Jindrich Dinga ,  Kieran Cairney ,  Manuel Martinez ,  Nitilaksha Halakatti ,  Ningxuan He ,  Arindam Bhattacharjee ,  Sourav Pal ,  Alexandros Batsakis

IPC: G06F15/16 ,  G06F8/61 ,  G06F16/2453 ,  G06F16/2458 ,  H04L9/08 ,  H04L41/0806 ,  H04L67/10 ,  H04L67/52

CPC classification number: G06F16/24547 ,  G06F8/61 ,  G06F16/2465 ,  H04L9/0866 ,  H04L41/0806 ,  H04L67/10 ,  H04L67/52

Abstract: Systems and methods are described for establishing and managing components of a distributed computing framework implemented in a data intake and query system. The distributed computing framework may include a master and a plurality of worker nodes. The master may selectively operate on a search head captain that is chosen from the search heads of the data intake and query system. The search head captain may distribute configuration information for the master and the distributed computing framework to the other search heads, which in turn, may distribute that configuration information to indexers of the data intake and query system. Worker nodes may be selectively activated for operation on the indexers based on the configuration information, and the worker nodes may additionally use the configuration information to contact the master and join the distributed computing framework. This approach may provide numerous benefits, including improved security, flexibility in the selection of worker nodes, and redundancy for failures of physical components of the data intake and query system.

公开(公告)号：US11995571B1

公开(公告)日：2024-05-28

申请号：US17961533

申请日：2022-10-06

Applicant: Splunk Inc.

Inventor： Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC: G06Q10/0631 ,  G06F8/34 ,  G06N5/02 ,  G06N5/04

CPC classification number: G06N5/04 ,  G06N5/02 ,  G06Q10/06316 ,  G06F8/34

Abstract: Described herein are improvements for generating courses of action for an information technology (IT) environment. In one example, a method includes determining that a decision step occurs between a one step and two or more other steps of a first course of action associated with an incident type in the information technology environment. The method further includes determining possible outputs of the one step that, when used as input to the decision step, cause the first course of action to proceed from the decision step to respective steps of the two or more other steps. The method also includes incorporating logic into the decision step to direct the course of action to respective steps of the two or more other steps based on one or more of the possible outputs.