公开(公告)号：US11892996B1

公开(公告)日：2024-02-06

申请号：US16513365

申请日：2019-07-16

Applicant: Splunk Inc.

Inventor： Tameem Anwar ,  Alexandros Batsakis ,  Sai Krishna Sajja ,  Igor Stojanovski ,  Eric Woo

IPC: G06F16/22 ,  G06F16/23 ,  G06F16/245 ,  G06F9/50 ,  G06F11/34

CPC classification number: G06F16/2255 ,  G06F9/50 ,  G06F16/2379 ,  G06F16/245 ,  G06F11/34

Abstract: Systems and methods are described for monitoring indexing nodes, populating and maintaining a resource catalog with relevant information, receiving requests for indexing node availability or assignments, identifying indexing nodes that are available to process data, and/or communicating information relating to available indexing nodes. The system can maintain the resource catalog based on communications with each of the containerized indexing nodes. The system can receive, from a partition manager of a data intake and query system, a request for a containerized indexing node that the partition manager can assign to process data received by the partition manager. The system can identify an available containerized indexing node to process the data. The system can communicate, to the partition manager, an indexing node identifier associated with the available containerized indexing node.

公开(公告)号：US11886844B1

公开(公告)日：2024-01-30

申请号：US17950848

申请日：2022-09-22

Applicant: Splunk Inc.

Inventor： Matthew Hanson ,  Sydney Flak ,  Colin Fagan ,  Jeffery Roberts ,  Govinda Salinas ,  Philip Royer

IPC: G06F9/44 ,  G06F8/36 ,  G06F9/445 ,  G06F8/658 ,  G06F8/71

CPC classification number: G06F8/36 ,  G06F8/658 ,  G06F8/71 ,  G06F9/44521

Abstract: Techniques are described for enabling users of an information technology (IT) and security operations application to create highly reusable custom functions for playbooks. The creation and execution of playbooks using an IT and security operations application generally enables users to automate operations related to an IT environment responsive to the identification of various types of incidents or other triggering conditions. Users can create playbooks to automate operations such as, for example, modifying firewall settings, quarantining devices, restarting servers, etc., to improve users' ability to efficiently respond to various types of incidents operational issues that arise from time to time in IT environments.

公开(公告)号：US11886451B2

公开(公告)日：2024-01-30

申请号：US17515140

申请日：2021-10-29

Applicant: SPLUNK Inc.

Inventor： Sunil Kittinakere Nagesh Koundinya ,  Ramakrishnan Hariharan Chandrasekharapuram ,  Paul Ingram ,  Joseph Ari Ross

IPC: G06F16/2458

CPC classification number: G06F16/2462 ,  G06F16/2474 ,  G06F16/2477

Abstract: Described are systems, methods, and techniques for collecting, analyzing, processing, and storing time series data and for evaluating and determining whether and how to include late or delayed data points for inclusion when publishing or storing the time series data. Maximum delay values can identify a duration for waiting for late or delayed data, such as prior to publication. In some examples, maximum delay values can be dynamically adjustable based on a statistical evaluation process. For late or delayed data points that are received after the maximum delay elapses, some data points can be included in the stored time series data, such as if they are received in the same order that they are generated.

公开(公告)号：US11876821B1

公开(公告)日：2024-01-16

申请号：US18167040

申请日：2023-02-09

Applicant: Splunk Inc.

Inventor： Robert Winslow Pratt ,  Ravi Prasad Bulusu

IPC: H04L29/06 ,  H04L29/08 ,  H04L9/14 ,  H04L9/40 ,  G06N20/00

CPC classification number: H04L63/1425 ,  G06N20/00 ,  H04L63/1416 ,  H04L63/1433 ,  H04L63/20 ,  H04L2463/121

Abstract: First event data, indicative of a first activity on a computer network and second event data indicative of a second activity on the computer network, is received. A first machine learning anomaly detection model is applied to the first event data, by a real-time analysis engine operated by the threat indicator detection system in real time, to detect first anomaly data. A second machine learning anomaly detection model is applied to the first anomaly data and the second event data, by a batch analysis engine operated by the threat indicator detection system in a batch mode, to detect second anomaly data. A third anomaly is detected using an anomaly detection rule. The threat indictor system processes the first anomaly data, the second anomaly data, and the third anomaly data using a threat indicator model to identify a threat indicator associated with a potential security threat to the computer network.

公开(公告)号：US11870802B1

公开(公告)日：2024-01-09

申请号：US17710523

申请日：2022-03-31

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L9/40 ,  G06F21/55 ,  G06F16/28 ,  H04L47/2425

CPC classification number: H04L63/1441 ,  G06F16/285 ,  G06F21/554 ,  H04L63/0236 ,  H04L63/1416 ,  H04L63/1425 ,  H04L63/1433 ,  H04L63/20 ,  H04L47/2425

Abstract: Systems, methods, and software described herein provide security actions based on related security threat communications. In one example, a method of operating an advisement system includes identifying a security threat within the computing environment, wherein the computing environment comprises a plurality of computing assets. The method further provides obtaining descriptor information for the security threat, and retrieving related communication interactions based on the descriptor information. The method also includes generating a response to the security threat based on the related communication interactions.

公开(公告)号：US11868234B1

公开(公告)日：2024-01-09

申请号：US17698851

申请日：2022-03-18

Applicant: SPLUNK INC.

Inventor： Mayank Agarwal ,  Steven Karis ,  Justin Smith

IPC: G06F11/36

CPC classification number: G06F11/3616 ,  G06F11/3612 ,  G06F11/3636 ,  G06F11/3664

Abstract: Monitoring and troubleshooting tools provide the capability to visualize different levels of a client's application that is deployed as a suite of independent but cooperating services (e.g., an application that includes a monolithic application and a microservices-based application), collect values of monitored or tracked metrics at those different levels, and visualize values of the metrics at those levels. For example, metrics values can be generated for components of the monolithic application and/or for components of a microservice of the microservice-based application.

公开(公告)号：US11863583B2

公开(公告)日：2024-01-02

申请号：US17327098

申请日：2021-05-21

Applicant: Splunk Inc.

Inventor： Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC: H04L29/06 ,  H04L9/40 ,  H04L9/00 ,  G06F21/55

CPC classification number: H04L63/1441 ,  G06F21/55 ,  H04L9/002 ,  H04L63/029 ,  H04L63/1491

Abstract: Described herein are systems and methods for enhancing an interface for an information technology (IT) environment. In one implementation, an incident service causes display of a first version of a course of action and obtains input indicative of a request for a new action in the course of action. The incident service further determines suggested actions based at least one the input and causes display of the suggested actions. Once displayed, the incident service obtains input indicative of a selection of at least one action from the suggested actions, and causes display input indicative of a selection of at least one action from the suggested actions.

公开(公告)号：US11860821B2

公开(公告)日：2024-01-02

申请号：US17451138

申请日：2021-10-15

Applicant: SPLUNK INC.

Inventor： Grigori Melnik ,  David Searle Noble ,  Itay Alfred Neeman ,  Cecelia Campbell

IPC: G06F16/16 ,  G06F8/60

CPC classification number: G06F16/16 ,  G06F8/60

Abstract: An application development and deployment system allows an application developer to develop applications for a distributed data intake and query system. The application may include information that associates portions of the application with particular server groups of the distributed data intake and query system. The application may be partitioned to generate target application packages for each of the server groups of the data intake and query system.

公开(公告)号：US11860717B1

公开(公告)日：2024-01-02

申请号：US17963637

申请日：2022-10-11

Applicant: Splunk Inc.

Inventor： Konstantinos Polychronis

IPC: G06F11/07

CPC classification number: G06F11/0769 ,  G06F11/079 ,  G06F11/0742

Abstract: Various methods and systems for tracking incomplete purchases in correlation with application performance, such as application errors or crashes, are provided. In this regard, aspects of the invention facilitate monitoring transaction and application error events and analyzing data associated therewith to identify data indicating an impact of incomplete purchases in relation to an error(s) such that application performance can be improved. In various implementations, application data associated with an application installed on a mobile device is received. The application data is used to determine that an error that occurred in association with the application installed on the mobile device correlates with an incomplete monetary transaction initiated via the application. Based on the error correlating with the incomplete monetary transaction, a transaction attribute associated with the error is determined.

公开(公告)号：US11847732B1

公开(公告)日：2023-12-19

申请号：US17515345

申请日：2021-10-29

Applicant: SPLUNK INC.

Inventor： Devin Bhushan ,  Caelin Thomas Jackson-King ,  Stanislav Yazhenskikh ,  Jim Jiaming Zhu

IPC: G06T15/04 ,  G06T7/00 ,  G06T17/05 ,  G06T17/20

CPC classification number: G06T15/04 ,  G06T7/0002 ,  G06T17/05 ,  G06T17/20 ,  G06T2200/08 ,  G06T2207/30168

Abstract: Various implementations set forth a computer-implemented method for scanning a three-dimensional (3D) environment. The method includes generating, in a first time interval, a first extended reality (XR) stream based on a first set of meshes representing a 3D environment, transmitting, to a remote device, the first XR stream for rendering a 3D representation of a first portion of the 3D environment in a remote XR environment, determining that the 3D environment has changed based on a second set of meshes representing the 3D environment and generated subsequent to the first time interval, generating a second XR stream based on the second set of meshes, and transmitting, to the remote device, the second XR stream for rendering a 3D representation of at least a portion of the changed 3D environment in the remote XR environment.