公开(公告)号：US20160098385A1

公开(公告)日：2016-04-07

申请号：US14526468

申请日：2014-10-28

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Katherine Kyle Feeney ,  Divanny I. Lamas ,  Marc Vincent Robichaud ,  Matthew G. Ness ,  Clara E. Lee

IPC: G06F17/24 ,  G06F3/0484 ,  G06K9/20 ,  G06F3/0482

CPC classification number: G06F3/04842 ,  G06F3/0482 ,  G06F3/04847 ,  G06F9/451 ,  G06F17/246 ,  G06F17/30315 ,  G06F17/30389 ,  G06F17/30395 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30864 ,  G06K9/2054

Abstract: In embodiments of statistics value chart interface cell mode drill down, a first interface displays in a table format that includes columns each with field values of an event field, and each column having a column heading of a different one of the event fields, and includes rows each with one or more of the field values, each field value in a row associated with a different one of the event fields, and having an aggregated metric that represents a number of events with field-value pairs that match all of the field values listed in a respective row and the corresponding event fields listed in the respective columns. A cell can be emphasized that includes one of the field values in a row that corresponds to one of the different event fields in a column, and in response, a menu displays options to transition to a second interface.

Abstract translation: 在统计值图表接口单元模式下拉的实施例中，第一界面以表格格式显示，其格式包括各自具有事件字段的字段值的列，并且每列具有不同的事件字段的列标题，并且包括 每个具有一个或多个字段值的行，与行事件字段中的不同一个相关联的行中的每个字段值，并且具有表示具有与所有字段值匹配的字段值对的事件的数量的聚合度量 列在相应的行中以及相应列中列出的相应事件字段。 可以强调一个单元格，其中包括与列中的不同事件字段之一相对应的行中的一个字段值，并且作为响应，菜单显示用于转换到第二接口的选项。

公开(公告)号：US20160092282A1

公开(公告)日：2016-03-31

申请号：US14962970

申请日：2015-12-08

Applicant: Splunk Inc.

Inventor： Itay A. Neeman

IPC: G06F9/54 ,  G06F9/445

CPC classification number: G06F9/542 ,  G06F8/65 ,  G06F8/71 ,  G06F9/44521 ,  G06F9/54 ,  G06F17/30477 ,  G06F2209/545

Abstract: A first feature (e.g., chart or table) includes a reference to a dynamic pointer. Independently, the pointer is defined to point to a second feature (e.g., a query). The first feature is automatically updated to reflect a current value of the second feature. The reference to the pointer and pointer definition are recorded in a central registry, and changes to the pointer or second feature automatically cause the first feature to be updated to reflect the change. A mapping between features can be generated using the registry and can identify interrelationships to a developer. Further, changes in the registry can be tracked, such that a developer can view changes pertaining to a particular time period and/or feature of interest (e.g., corresponding to an operation problem).

公开(公告)号：US20160088125A1

公开(公告)日：2016-03-24

申请号：US14524748

申请日：2014-10-27

Applicant: SPLUNK INC.

Inventor： Konstantinos Polychronis

IPC: H04L29/06 ,  H04L12/26

CPC classification number: H04L43/12 ,  H04L43/028 ,  H04L43/08 ,  H04L43/14 ,  H04L69/22

Abstract: Various methods and systems for facilitating network traffic monitoring in association with an application running on a client device are provided. In this regard, aspects of the invention facilitate monitoring network traffic being transmitted to and/or from a client device, such as a mobile device, so that network performance can be analyzed. In various implementations, packet headers of data packets are read to obtain or extract desired network metrics that indicate network performance. Packet headers are generally read to the extent necessary to identify various network data. As such, by avoiding examination of a packet payload and, in some cases, examination of the entire header, the efficiency of monitoring network traffic at a client device is improved.

Abstract translation: 提供了与在客户端设备上运行的应用相关联的用于促进网络流量监控的各种方法和系统。 在这方面，本发明的各方面便于监测正在向客户端设备（例如移动设备）发送的网络流量，从而可以分析网络性能。 在各种实现中，读取数据分组的分组报头以获得或提取指示网络性能的期望网络度量。 通常，分组报头读取到识别各种网络数据所必需的程度。 因此，通过避免对分组有效载荷的检查，并且在一些情况下，检查整个报头，提高了在客户端设备处监视网络流量的效率。

公开(公告)号：US20160085637A1

公开(公告)日：2016-03-24

申请号：US14530445

申请日：2014-10-31

Applicant: SPLUNK INC.

Inventor： IOANNIS VLACHOGIANNIS ,  PANAGIOTIS PAPADOMITSOS

IPC: G06F11/14

CPC classification number: G06F11/1469 ,  G06F11/1466 ,  G06F2201/84 ,  H04L1/16 ,  H04L47/2416

Abstract: In accordance with implementations of the present disclosure, a computer-implemented method for forwarding data includes generating a backup of received live data. The backup of the received live data may be generated on non-volatile storage. The method further includes providing the received live data to a first data buffer for forwarding of the received live data, where a portion of the received live data is dropped prior to being forwarded. Based on the portion of the received live data being dropped, the portion of the received live data is recovered from the backup and the recovered portion of the received live data is provided to a second data buffer for forwarding of the recovered portion of the received live data.

Abstract translation: 根据本公开的实现，用于转发数据的计算机实现的方法包括生成所接收的实时数据的备份。 所接收的实时数据的备份可以在非易失性存储器上生成。 该方法还包括将接收到的实况数据提供给第一数据缓冲器，用于转发所接收的实时数据，其中一部分接收到的实况数据在转发之前被丢弃。 基于所接收的实时数据被丢弃的部分，从备份恢复所接收的实况数据的部分，并将所接收的实时数据的恢复部分提供给第二数据缓冲器，用于转发所接收的直播的已恢复部分 数据。

公开(公告)号：US09286413B1

公开(公告)日：2016-03-15

申请号：US14528882

申请日：2014-10-30

Applicant: Splunk Inc.

Inventor： John Robert Coates ,  Poorva Malviya ,  Brian John Bingham ,  Cary Glen Noel

IPC: G06F7/00 ,  G06F17/30 ,  G06F3/0484

CPC classification number: H04L43/16 ,  G06F3/0481 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/542 ,  G06F17/30424 ,  G06F17/30463 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30572 ,  G06F17/30675 ,  G06F17/30864 ,  G06F17/30867 ,  G06F17/30958 ,  G06F17/30964 ,  G06F17/30979 ,  G06F17/30991 ,  G06Q10/06393 ,  G06T11/206 ,  G06T2200/24 ,  H04L29/08072 ,  H04L41/0213 ,  H04L41/0806 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/5032 ,  H04L41/5035 ,  H04L41/5038 ,  H04L43/04 ,  H04L43/045 ,  H04L67/10 ,  H04L67/16

Abstract: One or more processing devices cause display of a service-monitoring dashboard that includes one or more key performance indicator (KPI) widgets. Each KPI widget provides a numerical or graphical representation of one or more values for a corresponding KPI indicating how a service provided by one or more entities is performing at one or more points in time. Each entity of the one or more entities is associated with machine data. A KPI is defined by a search query that derives the one or more values represented by the corresponding KPI widget from the machine data associated with the one or more entities that provide the service whose performance is reflected by the KPI.

Abstract translation: 一个或多个处理设备引起显示包括一个或多个关键性能指标（KPI）小部件的服务监视仪表板。 每个KPI小部件提供用于对应的KPI的一个或多个值的数字或图形表示，其指示由一个或多个实体提供的服务如何在一个或多个时间点执行。 一个或多个实体的每个实体与机器数据相关联。 KPI由搜索查询定义，该搜索查询从与提供其性能由KPI反映的服务的一个或多个实体相关联的机器数据中导出由相应的KPI小部件表示的一个或多个值。

公开(公告)号：US20160070736A1

公开(公告)日：2016-03-10

申请号：US14929248

申请日：2015-10-30

Applicant: Splunk Inc.

Inventor： Erik M. Swan ,  R. David Carasso ,  Robin Kumar Das ,  Rory Greene ,  Bradley Hall ,  Nicholas Christian Mealy ,  Brian Philip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Michael Joseph Baum

IPC: G06F17/30

CPC classification number: G06F17/30336 ,  G06F17/30321 ,  G06F17/30342 ,  G06F17/30353 ,  G06F17/30516 ,  G06F17/30528 ,  G06F17/3053 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/30864

Abstract: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.

Abstract translation: 根据本发明的方法和设备提供了基于搜索来组织，索引，搜索和呈现时间序列数据的能力。 时间序列数据是在一个或多个通常连续的流中发生的时间戳记录的序列，表示某种类型的活动。 在一个实施例中，时间序列数据被组织成具有归一化时间戳的离散事件，并且事件由时间和关键字索引。 完全或部分地基于搜索时计算的时间索引机制，关键字索引机制或统计索引，检索相关的事件信息。

公开(公告)号：US20160055214A1

公开(公告)日：2016-02-25

申请号：US14929332

申请日：2015-10-31

Applicant: Splunk Inc.

Inventor： Mitchell Neuman Blank, JR. ,  Leonid Budchenko ,  David Carasso ,  Micah James Delfino ,  Johnvey Hwang ,  Stephen Phillip Sorkin ,  Eric Timothy Woo

IPC: G06F17/30 ,  G06F3/0482 ,  G06F17/27 ,  G06F3/0484

CPC classification number: G06F17/30867 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/0485 ,  G06F17/2705 ,  G06F17/30321 ,  G06F17/30507 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30619 ,  G06F17/30864

Abstract: Embodiments are directed towards previewing results generated from indexing data raw data before the corresponding index data is added to an index store. Raw data may be received from a preview data source. After an initial set of configuration information may be established, the preview data may be submitted to an index processing pipeline. A previewing application may generate preview results based on the preview index data and the configuration information. The preview results may enable previewing how the data is being processed by the indexing application. If the preview results are not acceptable, the configuration information may be modified. The preview application enables modification of the configuration information until the generated preview results may be acceptable. If the configuration information is acceptable, the preview data may be processed and indexed in one or more index stores.

Abstract translation: 实施例针对在将对应的索引数据添加到索引存储之前预览从索引数据原始数据生成的结果。 可以从预览数据源接收原始数据。 在可以建立一组初始配置信息之后，可以将预览数据提交给索引处理流水线。 预览应用可以基于预览索引数据和配置信息生成预览结果。 预览结果可能可以预览索引应用程序如何处理数据。 如果预览结果不可接受，则可以修改配置信息。 预览应用程序可以修改配置信息，直到生成的预览结果可以接受。 如果配置信息是可接受的，则预览数据可以在一个或多个索引存储中被处理和索引。

公开(公告)号：US20160036851A1

公开(公告)日：2016-02-04

申请号：US14815972

申请日：2015-08-01

Applicant: Splunk Inc.

Inventor： Munawar Monzy Merza

IPC: H04L29/06 ,  H04L29/12

CPC classification number: H04L63/1441 ,  A61G17/0073 ,  A61G17/04 ,  A61G17/041 ,  A61G17/042 ,  A61G17/044 ,  G06F21/50 ,  G06T11/206 ,  H04L61/1511 ,  H04L63/10 ,  H04L63/1416 ,  H04L67/02

Abstract: Domain names are determined for each computational event in a set, each event detailing requests or posts of webpages. A number of events or accesses associated with each domain name within a time period is determined. A registrar is further queried to determine when the domain name was registered. An object is generated that includes a representation of the access count and an age since registration for each domain names. A client can interact with the object to explore representations of domain names associated with high access counts and recent registrations. Upon determining that a given domain name is suspicious, a rule can be generated to block access to the domain name.

Abstract translation: 确定一组中每个计算事件的域名，每个事件详细说明网页的请求或帖子。 确定在一段时间内与每个域名相关联的一些事件或访问。 进一步查询注册商以确定何时注册域名。 生成一个对象，其中包含访问计数的表示和每个域名注册后的年龄。 客户端可以与对象进行交互，以探索与高访问次数和最近注册相关联的域名的表示。 一旦确定给定的域名是可疑的，就可以生成一个规则来阻止对域名的访问。

公开(公告)号：US20160036850A1

公开(公告)日：2016-02-04

申请号：US14815971

申请日：2015-08-01

Applicant: Splunk Inc.

Inventor： Munawar Monzy Merza

IPC: H04L29/06 ,  H04L29/08 ,  H04L29/12

CPC classification number: H04L63/1441 ,  A61G17/0073 ,  A61G17/04 ,  A61G17/041 ,  A61G17/042 ,  A61G17/044 ,  G06F21/50 ,  G06T11/206 ,  H04L61/1511 ,  H04L63/10 ,  H04L63/1416 ,  H04L67/02

Abstract: Domain names are determined for each computational event in a set, each event detailing requests or posts of webpages. A number of events or accesses associated with each domain name within a time period is determined. A registrar is further queried to determine when the domain name was registered. An object is generated that includes a representation of the access count and an age since registration for each domain names. A client can interact with the object to explore representations of domain names associated with high access counts and recent registrations. Upon determining that a given domain name is suspicious, a rule can be generated to block access to the domain name.

Abstract translation: 确定一组中每个计算事件的域名，每个事件详细说明网页的请求或帖子。 确定在一段时间内与每个域名相关联的一些事件或访问。 进一步查询注册商以确定域名何时注册。 生成一个对象，其中包含访问计数的表示和每个域名注册后的年龄。 客户端可以与对象进行交互，以探索与高访问次数和最近注册相关联的域名的表示。 一旦确定给定的域名是可疑的，就可以生成一个规则来阻止对域名的访问。

公开(公告)号：US20160034566A1

公开(公告)日：2016-02-04

申请号：US14692491

申请日：2015-04-21

Applicant: Splunk Inc.

Inventor： Anirban Rahut

IPC: G06F17/30

CPC classification number: G06F11/2005 ,  G06F11/1425 ,  G06F11/184 ,  G06F11/2007 ,  G06F11/2097

Abstract: A high availability scheduler of tasks in a cluster of server devices is provided. A server device of the cluster of server devices enters a leader state based upon the results of a consensus election process in which the server device participates with others of the cluster of server devices. Upon entering the leader state, the server device schedules one or more tasks by assigning each of the one or more tasks to a device, wherein the one or more tasks involve initiating a late-binding schema.

Abstract translation: 提供了服务器设备集群中任务的高可用性调度程序。 服务器设备集群的服务器设备基于服务器设备与服务器设备集群中的其他服务器设备参与的一致选择过程的结果进入引导者状态。 在进入领导状态时，服务器设备通过将一个或多个任务中的每一个分配给设备来调度一个或多个任务，其中所述一个或多个任务涉及启动后期绑定模式。