公开(公告)号：US20160154832A1

公开(公告)日：2016-06-02

申请号：US15007185

申请日：2016-01-26

Applicant: Splunk Inc.

Inventor： David Ryan Marquardt ,  Stephen Phillip Sorkin ,  Steve Yu Zhang

IPC: G06F17/30

CPC classification number: G06F17/30321 ,  G06F17/30 ,  G06F17/30457 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/30595 ,  G06F17/30864

Abstract: Embodiments are directed are towards the transparent summarization of events. Queries directed towards summarizing and reporting on event records may be received at a search head. Search heads may be associated with one more indexers containing event records. The search head may forward the query to the indexers the can resolve the query for concurrent execution. If a query is a collection query, indexers may generate summarization information based on event records located on the indexers. Event record fields included in the summarization information may be determined based on terms included in the collection query. If a query is a stats query, each indexer may generate a partial result set from previously generated summarization information, returning the partial result sets to the search head. Collection queries may be saved and scheduled to run and periodically update the summarization information.

Abstract translation: 实施例针对事件的透明总结。 可以在搜索头收到针对事件记录的总结和报告的查询。 搜索头可能与一个包含事件记录的索引器相关联。 搜索头可以将查询转发给索引器，可以解析用于并发执行的查询。 如果查询是集合查询，则索引器可以基于位于索引器上的事件记录生成摘要信息。 包含在汇总信息中的事件记录字段可以基于收集查询中包含的项来确定。 如果查询是统计查询，则每个索引器可以从先前生成的摘要信息生成部分结果集，将部分结果集返回到搜索头。 收集查询可以保存并计划运行，并定期更新摘要信息。

公开(公告)号：US09355006B2

公开(公告)日：2016-05-31

申请号：US14929290

申请日：2015-10-31

Applicant: Splunk Inc.

Inventor： Ioannis Vlachogiannis ,  Vasileios Karampinas

IPC: G06F11/00 ,  G06F11/34 ,  G06F11/07 ,  G06F9/54 ,  G06F11/30 ,  G06F9/44

CPC classification number: G06F11/3495 ,  G06F8/77 ,  G06F9/542 ,  G06F11/0709 ,  G06F11/0715 ,  G06F11/0742 ,  G06F11/0775 ,  G06F11/3003 ,  G06F11/3013 ,  G06F11/302 ,  G06F11/3082 ,  G06F11/3093 ,  G06F11/34 ,  G06F11/3409 ,  G06F11/3466 ,  G06F11/3476 ,  G06F2201/86 ,  G06F2201/865 ,  G06F2201/88

Abstract: A quality score for a computer application release is determined using a first number of unique users who have launched the computer application release on user devices and a second number of unique users who have encountered at least once an abnormal termination with the computer application release on user devices. Additionally or optionally, an application quality score can be computed for a computer application based on quality scores of computer application releases that represent different versions of the computer application. Additionally or optionally, a weighted application quality score can be computed for a computer application by further taking into consideration the average application quality score and popularity of a plurality of computer applications.

Abstract translation: 计算机应用程序版本的质量得分使用第一数量的在用户设备上启动计算机应用程序版本的第一数量的唯一用户以及第二数量的唯一用户，其中至少一次遇到异常终止与用户上的计算机应用程序释放 设备。 另外或可选地，可以基于表示计算机应用程序的不同版本的计算机应用程序版本的质量得分，为计算机应用程序计算应用程序质量得分。 另外或可选地，可以通过进一步考虑多个计算机应用的平均应用质量得分和普及度来计算计算机应用的加权应用质量得分。

公开(公告)号：US20160140238A1

公开(公告)日：2016-05-19

申请号：US15007176

申请日：2016-01-26

Applicant: Splunk Inc.

Inventor： Erik M. Swan ,  R. David Carasso ,  Robin Kumar Das ,  Rory Greene ,  Bradley Hall ,  Nicholas Christian Mealy ,  Brian Philip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Michael Joseph Baum

IPC: G06F17/30

CPC classification number: G06F17/30336 ,  G06F17/30321 ,  G06F17/30342 ,  G06F17/30353 ,  G06F17/30516 ,  G06F17/30528 ,  G06F17/3053 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/30864

Abstract: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.

Abstract translation: 根据本发明的方法和设备提供了基于搜索来组织，索引，搜索和呈现时间序列数据的能力。 时间序列数据是在一个或多个通常连续的流中发生的时间戳记录的序列，表示某种类型的活动。 在一个实施例中，时间序列数据被组织成具有归一化时间戳的离散事件，并且事件由时间和关键字索引。 完全或部分地基于搜索时计算的时间索引机制，关键字索引机制或统计索引，检索相关的事件信息。

公开(公告)号：US20160127180A1

公开(公告)日：2016-05-05

申请号：US14528932

申请日：2014-10-30

Applicant: Splunk Inc.

Inventor： Vladimir A. Shcherbakov ,  Michael R. Dickey ,  Cary Glen Noel ,  Kishore R. Ramasayam ,  Mignon L. Belongie

IPC: H04L12/24 ,  G06F3/0481 ,  G06F3/0482 ,  G06F3/0484

CPC classification number: G06F3/0482 ,  H04L41/0613 ,  H04L41/0622 ,  H04L41/0681 ,  H04L41/0686 ,  H04L41/22 ,  H04L43/026 ,  H04L43/045 ,  H04L43/12

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system provides, in the GUI, a first set of user-interface elements for including one or more event attributes in the time-series event data of an event stream associated with a protocol classification of the network packets. The system then includes the one or more event attributes specified through the first set of user-interface elements in the configuration information.

Abstract translation: 所公开的实施例提供了有助于网络数据的处理的系统。 在操作期间，系统提供图形用户界面（GUI），用于获得用于配置由一个或多个远程捕获代理捕获的网络分组生成时间序列事件数据的配置信息。 接下来，系统在GUI中提供用于在与网络分组的协议分类相关联的事件流的时间序列事件数据中包括一个或多个事件属性的第一组用户界面元素。 然后，该系统包括通过配置信息中的第一组用户界面元素指定的一个或多个事件属性。

公开(公告)号：US20160105330A1

公开(公告)日：2016-04-14

申请号：US14611200

申请日：2015-01-31

Applicant: Splunk Inc.

Inventor： Hemendra Singh Choudhary ,  Tristan Antonio Fletcher ,  Brian Bingham ,  Fang I. Hsiao ,  Brian C. Reyes

IPC: H04L12/24 ,  G06F3/0484 ,  G06F3/0482 ,  H04L12/26 ,  G06F17/30

CPC classification number: H04L43/16 ,  G06F3/0481 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/542 ,  G06F17/30424 ,  G06F17/30463 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30572 ,  G06F17/30675 ,  G06F17/30864 ,  G06F17/30867 ,  G06F17/30958 ,  G06F17/30964 ,  G06F17/30979 ,  G06F17/30991 ,  G06Q10/06393 ,  G06T11/206 ,  G06T2200/24 ,  H04L29/08072 ,  H04L41/0213 ,  H04L41/0806 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/5032 ,  H04L41/5035 ,  H04L41/5038 ,  H04L43/04 ,  H04L43/045 ,  H04L67/10 ,  H04L67/16

Abstract: One or more processing devices cause display of a graphical user interface (GUI) that includes a correlation search portion that enables a user to specify information for a key performance indicator (KPI) correlation search definition. The KPI correlation search definition includes search information and trigger determination information. The search information identifies KPI values, indicative of the KPI states, in a data store. The trigger determination information includes trigger criteria. The trigger determination evaluates the identified KPI values using the trigger criteria to determine whether to cause a defined action. A contribution threshold for a particular KPI definition is received via the GUI. The contribution threshold corresponds to a particular KPI state. The contribution threshold is stored as trigger criteria information. Each of the KPI values is derived from machine data pertaining to entities identified in a service definition using a search query specified by a KPI definition for the service.

Abstract translation: 一个或多个处理设备引起显示图形用户界面（GUI），该图形用户界面（GUI）包括能够使用户指定关键性能指标（KPI）相关搜索定义的信息的相关搜索部分。 KPI相关搜索定义包括搜索信息和触发确定信息。 搜索信息在数据存储中标识表示KPI状态的KPI值。 触发判定信息包括触发准则。 触发确定使用触发条件来评估所识别的KPI值，以确定是否导致定义的动作。 通过GUI接收特定KPI定义的贡献阈值。 贡献阈值对应于特定的KPI状态。 贡献阈值被存储为触发条件信息。 每个KPI值都是从使用由服务的KPI定义指定的搜索查询在服务定义中标识的实体的机器数据中导出的。

公开(公告)号：US20160105329A1

公开(公告)日：2016-04-14

申请号：US14528926

申请日：2014-10-30

Applicant: Splunk Inc.

Inventor： John Robert Coates ,  Poorva Malviya ,  Brian John Bingham

IPC: H04L12/24 ,  G06F3/0481 ,  G06F3/0482 ,  G06F3/0484

Abstract: Processing device(s) cause display of a dashboard-creation graphical interface that includes a modifiable dashboard template and a key performance indicator (KPI)-selection interface for selecting a KPI indicating how a service provided by one or more entities is performing at one or more points in time. Each entity is associated with machine data. A KPI is defined by a search query that derives value(s) for the KPI from the machine data associated with the entities that provide the service. The processing device(s) receive through the KPI-selection interface a selection of a particular KPI and a selection of a location in the dashboard template corresponding to a location for displaying a KPI widget in a dashboard based on the dashboard template. The KPI widget provides a representation of value(s) for the particular KPI. The processing device(s) cause display of an identifier for the particular KPI at the location in the dashboard template.

Abstract translation: 处理设备引起显示仪表板创建图形界面，其包括可修改的仪表板模板和关键性能指标（KPI）选择界面，用于选择指示如何由一个或多个实体提供的服务在一个或多个实体上执行的KPI 更多时间点 每个实体与机器数据相关联。 KPI由搜索查询定义，该搜索查询从与提供服务的实体相关联的机器数据中获取KPI的值。 处理设备通过KPI选择界面接收对基于仪表板模板在仪表板中显示KPI小部件的位置的对应于仪表板模板中的特定KPI的选择和选择。 KPI小部件提供特定KPI的值的表示。 处理设备导致在仪表板模板中的位置显示特定KPI的标识符。

公开(公告)号：US20160103909A1

公开(公告)日：2016-04-14

申请号：US14934126

申请日：2015-11-05

Applicant: Splunk Inc.

Inventor： Alok Anant Bhide ,  Brian John Bingham ,  Tristan Antonio Fletcher ,  Brian Reyes

IPC: G06F17/30 ,  G06F3/0481 ,  G06F3/0482 ,  G06F3/0484

CPC classification number: H04L43/16 ,  G06F3/0481 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/542 ,  G06F17/30424 ,  G06F17/30463 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30572 ,  G06F17/30675 ,  G06F17/30864 ,  G06F17/30867 ,  G06F17/30958 ,  G06F17/30964 ,  G06F17/30979 ,  G06F17/30991 ,  G06Q10/06393 ,  G06T11/206 ,  G06T2200/24 ,  H04L29/08072 ,  H04L41/0213 ,  H04L41/0806 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/5032 ,  H04L41/5035 ,  H04L41/5038 ,  H04L43/04 ,  H04L43/045 ,  H04L67/10 ,  H04L67/16

Abstract: One or more processing devices access a service definition for a service provided by one or more entities that each produce machine data or about which machine data is generated. The service definition identifies the entities that provide the service and, for each entity, identifying information for locating machine data pertaining to that entity. The processing devices access a key performance indicator (KPI) for the service that is defined by a search query that produces a value derived from the machine data pertaining to the entities identified in the service definition. The value indicates how the service is performing at a point in time or during a period of time and indicates a state of the KPI. A graphical interface is displayed and an indication of at least one threshold, which defines an end of a range of values representing a state of the KPI, for the KPI is received.

Abstract translation: 一个或多个处理设备访问由一个或多个实体提供的服务的服务定义，每个实体产生机器数据或关于哪个机器数据被生成。 服务定义识别提供服务的实体，并且为每个实体标识用于定位与该实体有关的机器数据的信息。 处理设备访问由搜索查询定义的服务的关键性能指标（KPI），该搜索查询产生从与服务定义中标识的实体相关的机器数据导出的值。 该值指示服务在某个时间点或一段时间内的运行情况，并指示KPI的状态。 显示图形界面，并且接收至少一个阈值的指示，其定义表示KPI的KPI的状态的范围的范围的结束。

公开(公告)号：US20160103878A1

公开(公告)日：2016-04-14

申请号：US14815888

申请日：2015-07-31

Applicant: Splunk, Inc.

Inventor： Brent Boe ,  Brian Bingham ,  John Robert Coates ,  Tristan Antonio Fletcher

IPC: G06F17/30 ,  G06F9/54

CPC classification number: H04L43/16 ,  G06F3/0481 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/542 ,  G06F17/30424 ,  G06F17/30463 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30572 ,  G06F17/30675 ,  G06F17/30864 ,  G06F17/30867 ,  G06F17/30958 ,  G06F17/30964 ,  G06F17/30979 ,  G06F17/30991 ,  G06Q10/06393 ,  G06T11/206 ,  G06T2200/24 ,  H04L29/08072 ,  H04L41/0213 ,  H04L41/0806 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/5032 ,  H04L41/5035 ,  H04L41/5038 ,  H04L43/04 ,  H04L43/045 ,  H04L67/10 ,  H04L67/16

Abstract: One or more processing devices create one or more entity definitions that each associate an entity with machine data pertaining to that entity and create a service definition for a service provided by one or more entities. The service definition includes an entity definition for each of the one or more entities. The one or more processing devices create one or more key performance indicators (KPIs). Each KPI is defined by a search query that produces a value derived from the machine data identified in one or more of the entity definitions included in the service definition. Each value is indicative of how the service is performing at a point in time or during a period of time.

Abstract translation: 一个或多个处理设备创建一个或多个实体定义，每个实体定义使实体与与该实体有关的机器数据关联，并为由一个或多个实体提供的服务创建服务定义。 服务定义包括一个或多个实体中的每一个的实体定义。 一个或多个处理设备创建一个或多个关键性能指标（KPI）。 每个KPI由搜索查询定义，该搜索查询产生从在服务定义中包括的一个或多个实体定义中标识的机器数据导出的值。 每个值都表示服务在某个时间点或某段时间内的表现。

公开(公告)号：US20160098463A1

公开(公告)日：2016-04-07

申请号：US14526380

申请日：2014-10-28

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Katherine Kyle Feeney ,  Divanny I. Lamas ,  Marc Vincent Robichaud ,  Matthew G. Ness ,  Clara E. Lee

IPC: G06F17/30 ,  G06F3/0484

CPC classification number: G06F3/04842 ,  G06F3/0482 ,  G06F3/04847 ,  G06F9/451 ,  G06F16/221 ,  G06F16/242 ,  G06F16/2425 ,  G06F16/2455 ,  G06F16/248 ,  G06F16/252 ,  G06F16/951 ,  G06F17/246 ,  G06K9/2054

Abstract: In embodiments of event segment search drill down, a search system exposes a search interface that displays multiple events returned as a search result set. A segment can be emphasized in event raw data of an event that is one of multiple events displayed in the search interface, and a menu is displayed with search options that are selectable to operate on the emphasized segment. The menu includes the search options to add the emphasized segment as a keyword to a search command in a search bar of the search interface, exclude the keyword that represents the emphasized segment from a search, or create a new data search based on the highlighted segment. A selection of one of the search options in the menu can be received, and the search command in the search bar is updated based on the search option that is selected.

Abstract translation: 在事件段搜索向下钻取的实施例中，搜索系统公开了显示作为搜索结果集返回的多个事件的搜索界面。 可以在事件的原始数据中突出显示分段，该事件是在搜索界面中显示的多个事件中的一个，并且显示具有可选择以在被强调的段上操作的搜索选项的菜单。 该菜单包括搜索选项，将强调段作为关键字添加到搜索接口的搜索栏中的搜索命令，从搜索中排除表示强调段的关键字，或者基于突出显示的段创建新的数据搜索 。 可以接收菜单中的一个搜索选项的选择，并且基于所选择的搜索选项来更新搜索栏中的搜索命令。

公开(公告)号：US20160098402A1

公开(公告)日：2016-04-07

申请号：US14528905

申请日：2014-10-30

Applicant: Splunk Inc.

Inventor： Nicholas John Filippi ,  Katherine Kyle Feeney ,  Cory Eugene Burke ,  Abhinav Prasad Nekkanti ,  Marc Vincent Robichaud ,  Irina Korobova

IPC: G06F17/30 ,  G06F9/54

CPC classification number: G06F17/3051 ,  G06F11/00 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/0766 ,  G06F17/30 ,  G06F17/30563 ,  G06Q10/00 ,  H04L41/00 ,  H04L41/0631

Abstract: Custom communication alert techniques are described. In one or more implementations, a triggering condition is detected by one or more computing devices that is found by searching data using one or more extraction rules of a late-binding schema. Responsive to the detection of the triggering condition of the alert, a communication is formed by the one or more computing devices that corresponds to the alert and that includes one or more tokens based on one or more values of the data taken from fields defined by the one or more extraction rules. The communication is caused to be transmitted by the one or more computing device via a network for receipt by at least one computing device of an intended recipient of the communication.

Abstract translation: 描述自定义通信警报技术。 在一个或多个实现中，通过使用后期绑定模式的一个或多个提取规则通过搜索数据而发现的一个或多个计算设备来检测触发条件。 响应于警报的触发条件的检测，由与警报对应的一个或多个计算设备形成通信，并且基于从由所述警报定义的字段取得的数据的一个或多个值来包括一个或多个令牌 一个或多个提取规则。 该通信被一个或多个计算设备经由网络发送，以由通信的预期接收者的至少一个计算设备接收。