公开(公告)号：US20160034534A1

公开(公告)日：2016-02-04

申请号：US14729964

申请日：2015-06-03

Applicant: Splunk Inc.

Inventor： Michael E. Cormier ,  William E. Thackrey ,  Earl D. Cox

IPC: G06F17/30

CPC classification number: G06F17/30469 ,  G06F17/30454 ,  G06F17/30528 ,  G06F17/30542 ,  G06F17/30731 ,  G06F17/30979

Abstract: The disclosed embodiments relate to a system that updates a context that facilitates evaluating qualitative search terms for an attribute during query processing. During operation, the system extracts a value for the attribute from each data item in a set of data items. Next, the system updates the context based on the extracted attribute values, wherein the context includes a concept-mapping for one or more qualitative search terms applied to the attribute, and wherein each concept-mapping associates a given attribute value with a numerical compatibility index that indicates a compatibility between the given attribute value and a corresponding qualitative search term.

Abstract translation: 所公开的实施例涉及在查询处理期间更新便于评估属性的定性搜索项的上下文的系统。 在操作期间，系统从一组数据项中的每个数据项中提取属性值。 接下来，系统基于所提取的属性值来更新上下文，其中上下文包括应用于属性的一个或多个定性搜索项的概念映射，并且其中每个概念映射将给定属性值与数字兼容性索引相关联 这表示给定属性值与相应的定性搜索项之间的兼容性。

公开(公告)号：US09251221B1

公开(公告)日：2016-02-02

申请号：US14447995

申请日：2014-07-31

Applicant: Splunk Inc.

Inventor： Lucas Murphey ,  David Hazekamp

IPC: G06F15/173 ,  G06F17/30

CPC classification number: G06F17/3053 ,  G06F17/30303 ,  G06F17/30312 ,  G06F17/30368 ,  G06F17/3051 ,  G06F17/30551 ,  G06F17/30864

Abstract: Systems and methods for assigning scores to objects based on evaluating triggering conditions applied to datasets produced by search queries in data aggregation and analysis systems. An example method may comprise: executing, by one or more processing devices, a search query to produce a dataset comprising one or more data items derived from source data; and responsive to determining that at least a portion of the dataset satisfies a triggering condition, modifying a score assigned to an object to which the portion of the dataset pertains.

Abstract translation: 根据对数据汇总和分析系统中搜索查询产生的数据集的触发条件进行评估，为对象分配分数的系统和方法。 示例性方法可以包括：由一个或多个处理设备执行搜索查询以产生包括从源数据导出的一个或多个数据项的数据集; 并且响应于确定所述数据集的至少一部分满足触发条件，修改分配给所述数据集的所述部分所属对象的得分。

公开(公告)号：US09229985B2

公开(公告)日：2016-01-05

申请号：US14266840

申请日：2014-05-01

Applicant: Splunk Inc.

Inventor： Itay A. Neeman

IPC: G06F3/00 ,  G06F9/44 ,  G06F9/46 ,  G06F13/00 ,  G06F17/30 ,  G06F9/54 ,  G06F9/445

CPC classification number: G06F9/542 ,  G06F8/65 ,  G06F8/71 ,  G06F9/44521 ,  G06F9/54 ,  G06F17/30477 ,  G06F2209/545

Abstract: A first feature (e.g., chart or table) includes a reference to a dynamic pointer. Independently, the pointer is defined to point to a second feature (e.g., a query). The first feature is automatically updated to reflect a current value of the second feature. The reference to the pointer and pointer definition are recorded in a central registry, and changes to the pointer or second feature automatically cause the first feature to be updated to reflect the change. A mapping between features can be generated using the registry and can identify interrelationships to a developer. Further, changes in the registry can be tracked, such that a developer can view changes pertaining to a particular time period and/or feature of interest (e.g., corresponding to an operation problem).

Abstract translation: 第一特征（例如，图表或表）包括对动态指针的引用。 独立地，指针被定义为指向第二特征（例如，查询）。 第一个功能会自动更新，以反映第二个功能的当前值。 对指针和指针定义的引用被记录在中央注册表中，并且对指针或第二特征的改变自动地使第一特征被更新以反映该变化。 功能之间的映射可以使用注册表生成，并且可以识别开发人员的相互关系。 此外，可以跟踪注册表中的更改，使得开发者可以查看与特定时间段和/或感兴趣的特征相关的改变（例如，对应于操作问题）。

公开(公告)号：US20150339351A1

公开(公告)日：2015-11-26

申请号：US14815980

申请日：2015-08-01

Applicant: Splunk Inc.

Inventor： Erik M. SWAN ,  R. David CARASSO ,  Robin Kumar DAS ,  Rory GREENE ,  Bradley HALL ,  Nicholas Christian MEALY ,  Brian Philip MURPHY ,  Stephen Phillip SORKIN ,  Andre David STECHERT ,  Michael Joseph BAUM

IPC: G06F17/30

Abstract: Methods and apparatus consistent with the invention provide the ability to search and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.

Abstract translation: 与本发明一致的方法和装置提供了基于搜索搜索和呈现时间序列数据的能力。 时间序列数据是在一个或多个通常连续的流中发生的时间戳记录的序列，表示某种类型的活动。 在一个实施例中，时间序列数据被组织成具有归一化时间戳的离散事件，并且事件由时间和关键字索引。 完全或部分地基于搜索时计算的时间索引机制，关键字索引机制或统计索引，检索相关的事件信息。

公开(公告)号：US20150339344A1

公开(公告)日：2015-11-26

申请号：US14815884

申请日：2015-07-31

Applicant: Splunk Inc.

Inventor： Alice Emily Neels ,  Archana Sulochana Ganapathi ,  Marc Vincent Robichaud ,  Stephen Phillip Sorkin ,  Steve Yu Zhang

IPC: G06F17/30

CPC classification number: G06F17/30395 ,  G06F3/0482 ,  G06F17/248 ,  G06F17/30283 ,  G06F17/30424 ,  G06F17/30528 ,  G06F17/30554 ,  G06F17/30867

Abstract: Embodiments include generating data models that may give semantic meaning for unstructured or structured data that may include data generated and/or received by search engines, including a time series engine. A method includes generating a data model for data stored in a repository. Generating the data model includes generating an initial query string, executing the initial query string on the data, generating an initial result set based on the initial query string being executed on the data, determining one or more candidate fields from one or results of the initial result set, generating a candidate data model based on the one or more candidate fields, iteratively modifying the candidate data model until the candidate data model models the data, and using the candidate data model as the data model.

Abstract translation: 实施例包括生成可以给非结构化或结构化数据赋予语义意义的数据模型，其可以包括由搜索引擎（包括时间序列引擎）生成和/或接收的数据。 一种方法包括为存储在存储库中的数据生成数据模型。 生成数据模型包括生成初始查询字符串，对数据执行初始查询字符串，基于对数据执行的初始查询字符串生成初始结果集，从一个或多个初始查询字符串的结果确定一个或多个候选字段 生成基于一个或多个候选字段的候选数据模型，迭代地修改候选数据模型，直到候选数据模型对数据建模，并使用候选数据模型作为数据模型。

公开(公告)号：US20150317377A1

公开(公告)日：2015-11-05

申请号：US14530686

申请日：2014-10-31

Applicant: Splunk Inc.

Inventor： Michael Joseph Baum ,  R. David Carasso ,  Robin Kumar Das ,  Bradley Hall ,  Brian Philip Murphy ,  Stephen Philip Sorkin ,  Andre David Stechert ,  Erik M. Swan ,  Rory Greene ,  Nicholas Christian Mealy ,  Christina Frances Regina Noren

IPC: G06F17/30

CPC classification number: G06F17/30604 ,  G06F11/3476 ,  G06F17/2785 ,  G06F17/30368 ,  G06F17/30477 ,  G06F17/30507 ,  G06F17/30525 ,  G06F17/30551 ,  G06F17/30598 ,  G06F17/30619 ,  G06F17/30657 ,  G06F17/30705 ,  G06K9/6217 ,  H04L63/1425 ,  H04L63/20

Abstract: Methods and apparatus consistent with the invention provide the ability to organize and build understandings of machine data generated by a variety of information-processing environments. Machine data is a product of information-processing systems (e.g., activity logs, configuration files, messages, database records) and represents the evidence of particular events that have taken place and been recorded in raw data format. In one embodiment, machine data is turned into a machine data web by organizing machine data into events and then linking events together.

Abstract translation: 与本发明一致的方法和设备提供组织和构建由各种信息处理环境生成的机器数据的理解的能力。 机器数据是信息处理系统（例如，活动日志，配置文件，消息，数据库记录）的产物，并且表示已经发生并以原始数据格式记录的特定事件的证据。 在一个实施例中，机器数据通过将机器数据组织到事件中并将事件链接在一起而变成机器数据网。

公开(公告)号：US20150295779A1

公开(公告)日：2015-10-15

申请号：US14610438

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Nishant Teredesai ,  Matthew S. Zises

IPC: H04L12/24 ,  H04L29/06

CPC classification number: G06F16/26 ,  H04L41/22 ,  H04L43/022 ,  H04L43/045 ,  H04L63/1433

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements comprising event stream information for one or more ephemeral event streams used to temporarily generate the time-series event data from the network packets. The system then causes for display, in the GUI, a mechanism for navigating between the event stream information and creation information for one or more creators of the one or more ephemeral event streams.

Abstract translation: 所公开的实施例提供了有助于网络数据的处理的系统。 在操作期间，系统使得显示图形用户界面（GUI），用于获得用于配置从一个或多个远程捕获代理捕获的网络分组生成时间序列事件数据的配置信息。 接下来，系统导致在GUI中显示第一组用户界面元素，其包括用于从网络分组临时生成时间序列事件数据的一个或多个临时事件流的事件流信息。 然后，系统在GUI中显示用于在事件流信息和用于一个或多个临时事件流的一个或多个创建者的创建信息之间导航的机制。

公开(公告)号：US09146962B1

公开(公告)日：2015-09-29

申请号：US14611213

申请日：2015-01-31

Applicant: Splunk Inc.

Inventor： Brent Boe ,  Alok Anant Bhide ,  Sonal Maheshwari

IPC: G06F15/16 ,  G06F17/30 ,  G06F9/54 ,  H04L12/24 ,  G06F12/00

CPC classification number: G06F17/30321 ,  G06F3/0484 ,  G06F9/542 ,  G06F17/30126 ,  G06F17/30353 ,  G06F17/30424 ,  H04L41/0213 ,  H04L41/22 ,  H04L41/5012 ,  H04L41/5032 ,  H04L41/5045

Abstract: A computer system determines if events in a machine data store satisfy event selection criteria, the event selection criteria including a first field-value pair. To determine if one of the events satisfies the event selection criteria, the computer system compares the first field-value pair of the event selection criteria with a second field-value pair from an entity definition associated with the event by using a third field-value pair from data corresponding to the event in the machine data store.

Abstract translation: 计算机系统确定机器数据存储器中的事件是否满足事件选择标准，事件选择标准包括第一字段值对。 为了确定事件中的一个是否满足事件选择标准，计算机系统通过使用第三字段值将事件选择标准的第一字段值对与来自与事件相关联的实体定义的第二字段值对进行比较 从与机器数据存储中的事件相对应的数据对。

公开(公告)号：US20150264152A1

公开(公告)日：2015-09-17

申请号：US14699984

申请日：2015-04-29

Applicant: SPLUNK INC.

Inventor： IOANNIS VLACHOGIANNIS ,  PANAGIOTIS PAPADOMITSOS

IPC: H04L29/08

CPC classification number: H04L67/10 ,  G06F9/46 ,  G06F11/00 ,  G06F11/3409 ,  G06F11/3442 ,  G06F11/3452 ,  G06F17/30 ,  G06F2201/81 ,  G06F2201/86 ,  G06F2201/87

Abstract: A computer-implemented method, system, and computer-readable media are disclosed herein. In embodiments, the computer-implemented method may entail receiving, by a data service, live data associated with an entity. The entity may be, for example, a customer of the data service. The method may further include determining that a dual-queue node assigned to the entity is uninstantiated on the data service. As a result, a dual-queue node associated with the entity may be instantiated on the data service. The dual-queue node may be instantiated by initializing a live data queue, of the dual-queue node, in which to place the live data for processing and a stale data queue, of the dual-queue node, in which to store a persistent backup of the live data. The method may then route the live data to the dual-queue node. The dual-queue node may then process the live data. Additional embodiments are described and/or claimed.

Abstract translation: 本文公开了计算机实现的方法，系统和计算机可读介质。 在实施例中，计算机实现的方法可能需要由数据服务接收与实体相关联的实时数据。 实体可以是例如数据服务的客户。 所述方法还可以包括确定分配给所述实体的双队列节点在所述数据服务上未被证实。 结果，可以在数据服务上实例化与实体相关联的双队列节点。 可以通过初始化双队列节点的实时数据队列来实例化双队列节点，双队列节点将要存储的双队列节点的实时数据放置在其中以存储持久性 备份实时数据。 该方法然后可以将实况数据路由到双队列节点。 双队列节点可以处理实况数据。 描述和/或要求保护附加实施例。

公开(公告)号：US09129041B1

公开(公告)日：2015-09-08

申请号：US14448215

申请日：2014-07-31

Applicant: Splunk Inc.

Inventor： Michael E. Cormier ,  William E. Thackrey ,  Earl D. Cox

IPC: G06F17/30

CPC classification number: G06F17/30469 ,  G06F17/30454 ,  G06F17/30528 ,  G06F17/30542 ,  G06F17/30731 ,  G06F17/30979

Abstract: The disclosed embodiments relate to a system that updates a context that facilitates evaluating qualitative search terms for an attribute during query processing. During operation, the system extracts a value for the attribute from each data item in a set of data items. Next, the system updates the context based on the extracted attribute values, wherein the context includes a concept-mapping for one or more qualitative search terms applied to the attribute, and wherein each concept-mapping associates a given attribute value with a numerical compatibility index that indicates a compatibility between the given attribute value and a corresponding qualitative search term.

Abstract translation: 所公开的实施例涉及在查询处理期间更新便于评估属性的定性搜索项的上下文的系统。 在操作期间，系统从一组数据项中的每个数据项中提取属性值。 接下来，系统基于所提取的属性值来更新上下文，其中上下文包括应用于属性的一个或多个定性搜索项的概念映射，并且其中每个概念映射将给定属性值与数字兼容性索引相关联 这表示给定属性值与相应的定性搜索项之间的兼容性。