公开(公告)号：US20210357362A1

公开(公告)日：2021-11-18

申请号：US17443436

申请日：2021-07-26

Applicant: Splunk Inc.

Inventor： Alexander D. Munk ,  Jesse Miller

IPC: G06F16/13 ,  G06F3/0482 ,  G06F16/14 ,  G06F16/16 ,  G06F16/951

Abstract: A data intake and query system provides interfaces that enable users to configure source type definitions used by the system. A data intake and query system generally refers to a system for collecting and analyzing data including machine-generated data. Such a system may be configured to consume many different types of machine data generated by any number of different data sources including various servers, network devices, applications, etc. At a high level, a source type definition comprises one or more properties that define how various components of a data intake and query system collect, index, store, search and otherwise interact with particular types of data consumed by the system. The interfaces provided by the system generally comprise one or more interface components for configuring various attributes of a source type definition.

公开(公告)号：US11106713B2

公开(公告)日：2021-08-31

申请号：US15479852

申请日：2017-04-05

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Jason Szeto ,  Jose Solis ,  Jindrich Dinga ,  David Marquardt

IPC: G06F16/335 ,  G06F16/31 ,  G06F16/338 ,  G06F16/34 ,  G06F16/35 ,  G06T11/20

Abstract: Systems and methods are disclosed for sampling a set of data using inverted indexes in response to a user interaction with a user interface. Based on the user interaction with a displayed grouping of a summarization of a set of data, the system uses filter criteria corresponding to the grouping to review one or more inverted indexes and identify a sample of events for analysis. The system then accesses the sample of events and provides the results for display to a user.

公开(公告)号：US11074216B2

公开(公告)日：2021-07-27

申请号：US16013381

申请日：2018-06-20

Applicant: Splunk Inc.

Inventor： Alexander D. Munk ,  Jesse Miller

IPC: G06F16/13 ,  G06F16/14 ,  G06F16/16 ,  G06F16/951 ,  G06F3/0482

Abstract: A data intake and query system provides interfaces that enable users to configure source type definitions used by the system. A data intake and query system generally refers to a system for collecting and analyzing data including machine-generated data. Such a system may be configured to consume many different types of machine data generated by any number of different data sources including various servers, network devices, applications, etc. At a high level, a source type definition comprises one or more properties that define how various components of a data intake and query system collect, index, store, search and otherwise interact with particular types of data consumed by the system. The interfaces provided by the system generally comprise one or more interface components for configuring various attributes of a source type definition.

公开(公告)号：US10430505B2

公开(公告)日：2019-10-01

申请号：US15417430

申请日：2017-01-27

Applicant: Splunk, Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F3/048 ,  G06F17/24 ,  G06F7/24 ,  G06F3/0484 ,  G06F16/248 ,  G06F16/904 ,  G06F16/2458

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US20180293304A1

公开(公告)日：2018-10-11

申请号：US15479852

申请日：2017-04-05

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Jason Szeto ,  Jose Solis ,  Jindrich Dinga ,  David Marquardt

IPC: G06F17/30

Abstract: Systems and methods are disclosed for sampling a set of data using inverted indexes in response to a user interaction with a user interface. Based on the user interaction with a displayed grouping of a summarization of a set of data, the system uses filter criteria corresponding to the grouping to review one or more inverted indexes and identify a sample of events for analysis. The system then accesses the sample of events and provides the results for display to a user.

公开(公告)号：US20180267947A1

公开(公告)日：2018-09-20

申请号：US15694654

申请日：2017-09-01

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  Catherine Anne Hanson ,  David Carasso

IPC: G06F17/24 ,  G06F17/30

CPC classification number: G06F17/243 ,  G06F16/2477

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US09836501B2

公开(公告)日：2017-12-05

申请号：US14815923

申请日：2015-07-31

Applicant: SPLUNK INC.

Inventor： Marc V. Robichaud ,  Jesse Miller ,  Cory Burke ,  Alexander James ,  Jeffrey Thomas Lloyd

IPC: G06F17/30

CPC classification number: G06F17/245 ,  G06F3/0484 ,  G06F17/30 ,  G06F17/30365 ,  G06F17/30374 ,  G06F17/30392 ,  G06F17/30466 ,  G06F17/30507 ,  G06F17/30551 ,  G06F17/30572 ,  G06F17/30634 ,  G06F17/30663 ,  G06F21/6227 ,  G06Q10/10

Abstract: A method includes causing display of events that correspond to search results of a search query in a table. The table includes rows representing events comprising data items of event attributes, columns forming cells with the row, the columns representing respective event attributes, and interactive regions corresponding to one or more data items of the displayed data items. The method also includes in response to the user selecting a designated interactive region, causing display of a list of options, each displayed option corresponding to an interface template for composing query commands, and based on the user selecting an option in the displayed list of options, causing one or more commands to be added to the search query, the one or more commands composed based on the one or more data items that corresponds to the designated interactive region according to instructions of the interface template of the selected option.

公开(公告)号：US09753909B2

公开(公告)日：2017-09-05

申请号：US14610668

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  Catherine Anne Hanson ,  David Carasso

IPC: G06F3/048 ,  G06F17/24 ,  G06F17/30

CPC classification number: G06F17/243 ,  G06F17/30551

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US09594814B2

公开(公告)日：2017-03-14

申请号：US14611089

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F3/048 ,  G06F17/30 ,  G06F7/24 ,  G06F3/0484

CPC classification number: G06F17/24 ,  G06F3/04842 ,  G06F7/24 ,  G06F17/241 ,  G06F17/245 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/30994

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

Abstract translation: 所公开的技术涉及制定和提炼在查询时使用具有后期绑定模式的原始数据的字段提取规则。 字段提取规则识别原始数据的部分，以及它们的数据类型和层次关系。 这些提取规则是针对未组织成尚未通过标准提取或转换方法处理的关系结构的非常大的数据集执行的。 通过使用示例事件，关注主要和次要示例事件有助于制定跨多个数据格式的单个提取规则，或者针对不同格式的多个规则。 选择工具标记示例事件以指示提取规则的正例，并确定负面示例以避免错误的值选择。 提取规则可以保存以供查询时间使用，并且可以被并入事件数据的集合和子集的数据模型中。

公开(公告)号：US20160224577A1

公开(公告)日：2016-08-04

申请号：US14611118

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Jesse Miller

IPC: G06F17/30 ,  G06F17/27

CPC classification number: G06F17/30091 ,  G06F11/30 ,  G06F11/323 ,  G06F11/3495 ,  G06F17/30106 ,  G06F17/30967 ,  G06F2201/86

Abstract: A graphical user interface allows a customer to specify delimiters and/or patterns that occur in event data and indicate the presence of a particular field. The graphical user interface applies a customer's delimiter specifications directly to event data and displays the resulting event data in real time. Delimiter specifications may be saved as configuration settings and systems in a distributed setting may use the delimiter specifications to extract field values as the systems process raw data into event data. Extracted field values are used to accelerate search queries that a system receives.

Abstract translation: 图形用户界面允许客户指定在事件数据中发生的分隔符和/或模式，并指示特定字段的存在。 图形用户界面将客户的分隔符规范直接应用于事件数据，并实时显示生成的事件数据。 分隔符规范可以保存为配置设置，分布式设置中的系统可以使用分隔符规范来提取字段值，因为系统将原始数据处理为事件数据。 提取的字段值用于加速系统接收的搜索查询。