公开(公告)号：US20150295796A1

公开(公告)日：2015-10-15

申请号：US14699787

申请日：2015-04-29

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Wei Jiang ,  Vladimir A. Shcherbakov ,  Ramkumar Chandrasekharan ,  Clayton S. Ching

IPC: H04L12/26 ,  G06F3/0484

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements for managing one or more event streams containing the time-series event data, wherein managing the one or more event streams includes enabling the generation of a set of statistics from an event stream without subsequently storing and processing at least a first portion of the event stream by one or more components on a network. The GUI then updates the configuration information based on input received through the first set of user-interface elements.

Abstract translation: 所公开的实施例提供了有助于网络数据的处理的系统。 在操作期间，该系统导致显示用于从由一个或多个远程捕获代理捕获的网络分组生成时间序列事件数据的图形用户界面（GUI）。 接下来，系统导致在GUI中显示用于管理包含时间序列事件数据的一个或多个事件流的第一组用户界面元素，其中管理一个或多个事件流包括启用集合的生成 来自事件流的统计信息，而不是随后通过网络上的一个或多个组件存储和处理事件流的至少第一部分。 然后，GUI基于通过第一组用户界面元素接收的输入来更新配置信息。

公开(公告)号：US11973852B2

公开(公告)日：2024-04-30

申请号：US17466665

申请日：2021-09-03

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Clint Sharp

IPC: H04L69/22 ,  H04L43/028 ,  H04L43/0876

CPC classification number: H04L69/22 ,  H04L43/028 ,  H04L43/0876

Abstract: The disclosed embodiments provide a system for extracting custom content from network packets. During operation, the system receives a stream of packets. The system then parses packets in the stream to determine a protocol for each packet. Next, the system applies a custom-content-extraction rule to each packet associated with a target protocol to obtain the extracted content. Then, the system stores the extracted content in events in a data store to facilitate subsequent queries involving the extracted content.

公开(公告)号：US11855863B1

公开(公告)日：2023-12-26

申请号：US17528963

申请日：2021-11-17

Applicant: Splunk Inc.

Inventor： David J. Cavuto ,  Vladimir A. Shcherbakov ,  Joshua H. Mak ,  Fang I. Hsiao

IPC: H04L43/045 ,  H04L43/106 ,  H04L43/08

CPC classification number: H04L43/045 ,  H04L43/08 ,  H04L43/106

Abstract: Techniques and mechanisms are disclosed for generating visualizations which graphically depict network activity occurring between pairs of networked computing devices. The visualizations are based on data indicating the network activity, where the network activity can involve devices having any network addresses within an entire network address space (e.g., any address within the Internet Protocol version v4 (IPv4) or IPv6 network address space), or within some subset of an entire network address space. The ability to visualize high-level information related to network activity occurring across an entire network address space enables network analysts and other users to readily analyze characteristics of computer networks which otherwise might not be evident or difficult to obtain using other types of visualizations.

公开(公告)号：US11818018B1

公开(公告)日：2023-11-14

申请号：US17875170

申请日：2022-07-27

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Nishant Teredesai ,  Cary Glen Noel

IPC: H04L41/22 ,  H04L43/022 ,  H04L43/045

CPC classification number: H04L41/22 ,  H04L43/022 ,  H04L43/045

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display, on a computer system, a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements for managing one or more ephemeral event streams that contain temporarily generated time-series event data from the network packets, wherein managing the one or more ephemeral event streams comprises modifying an end time for terminating the capture of time-series event data in an ephemeral event stream. The system then updates the configuration information based on input received through the first set of user-interface elements.

公开(公告)号：US11716248B1

公开(公告)日：2023-08-01

申请号：US17578264

申请日：2022-01-18

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Wei Jiang ,  Vladimir A. Shcherbakov ,  Ramkumar Chandrasekharan ,  Clayton S. Ching

IPC: G06F16/00 ,  H04L41/0813 ,  H04L41/22 ,  G06F3/0482 ,  G06F3/04842 ,  G06F16/26 ,  G06F3/0481 ,  H04L67/12 ,  H04L67/75

CPC classification number: H04L41/0813 ,  G06F3/0481 ,  G06F3/0482 ,  G06F3/04842 ,  G06F16/26 ,  H04L41/22 ,  H04L67/12 ,  H04L67/75

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements containing a set of statistics associated with one or more event streams that comprise the time-series event data. The system then causes for display, in the GUI, one or more graphs comprising one or more values from the set of statistics. Finally, the system causes for display, in the GUI, a value of a statistic from the set of statistics based on a position of a cursor over the one or more graphs.

公开(公告)号：US11425229B2

公开(公告)日：2022-08-23

申请号：US17010685

申请日：2020-09-02

Applicant: Splunk Inc.

Inventor： Vladimir A. Shcherbakov ,  Michael R. Dickey

IPC: H04L69/22 ,  H04L67/10

Abstract: The disclosed embodiments provide a system that processes network data. During operation, the system obtains, at a remote capture agent, a first protocol classification for a first packet flow captured by the remote capture agent. Next, the system uses configuration information associated with the first protocol classification to build a first event stream from the first packet flow at the remote capture agent, wherein the first event stream comprises time-series event data generated from network packets in the first packet flow based on the first protocol classification. The system then transmits the first event stream over a network for subsequent storage and processing of the first event stream by one or more components on the network.

公开(公告)号：US11115505B2

公开(公告)日：2021-09-07

申请号：US16404644

申请日：2019-05-06

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Clint Sharp

IPC: H04L29/06 ,  H04L12/26

Abstract: The disclosed embodiments provide a system for extracting custom content from network packets. During operation, the system receives a stream of packets. The system then parses packets in the stream to determine a protocol for each packet. Next, the system applies a custom-content-extraction rule to each packet associated with a target protocol to obtain the extracted content. Then, the system stores the extracted content in events in a data store to facilitate subsequent queries involving the extracted content.

公开(公告)号：US20210224259A1

公开(公告)日：2021-07-22

申请号：US17143063

申请日：2021-01-06

Applicant: Splunk Inc.

Inventor： Vladimir A. Shcherbakov ,  Stewart Smith ,  Nicholas Matthew Tankersley ,  Junyu Wang ,  Peter Wu

IPC: G06F16/248 ,  G06F16/26

Abstract: Systems and methods are described to determine relationships between one or more components of an isolated execution environment system based on data obtained from a data intake and query system. Based on the determined relationships, an interactive visualization is generated that indicates the hierarchical relationship of the components. In some cases, to illustrate the relationship between components of the isolated execution environment system, the visualization can include one or more display objects displayed in a subordinate or superior relationship to other display objects. In certain cases, based on an interaction with a display object, the system can generate a query and/or display additional information and/or visualizations based on the results of the query.

公开(公告)号：US20200067790A1

公开(公告)日：2020-02-27

申请号：US16670816

申请日：2019-10-31

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Nishant Teredesai ,  Cary Glen Noel

IPC: H04L12/24 ,  H04L12/26

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display, on a computer system, a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements for managing one or more ephemeral event streams that contain temporarily generated time-series event data from the network packets, wherein managing the one or more ephemeral event streams comprises modifying an end time for terminating the capture of time-series event data in an ephemeral event stream. The system then updates the configuration information based on input received through the first set of user-interface elements.

公开(公告)号：US20200014593A1

公开(公告)日：2020-01-09

申请号：US16573937

申请日：2019-09-17

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Wei Jiang ,  Vladimir A. Shcherbakov ,  Ramkumar Chandrasekharan ,  Clayton S. Ching

IPC: H04L12/24 ,  G06F3/0482 ,  G06F3/0484 ,  G06F16/26

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements containing a set of statistics associated with one or more event streams that comprise the time-series event data. The system then causes for display, in the GUI, one or more graphs comprising one or more values from the set of statistics. Finally, the system causes for display, in the GUI, a value of a statistic from the set of statistics based on a position of a cursor over the one or more graphs.