公开(公告)号：US20140074850A1

公开(公告)日：2014-03-13

申请号：US13660910

申请日：2012-10-25

Applicant: SPLUNK INC.

Inventor： Cary Glen Noel ,  Kirubakaran Pakkirisamy ,  Alex Raitz ,  Pierre Tsai

IPC: G06F17/30

CPC classification number: G06F11/079 ,  G06F9/542 ,  G06F11/0709 ,  G06F11/0712 ,  G06F11/0721 ,  G06F11/0751 ,  G06F11/0769 ,  G06F11/0787 ,  G06N5/022 ,  G06N5/048

Abstract: Embodiments are directed towards the visualization of machine data received from computing clusters. Embodiments may enable improved analysis of computing cluster performance, error detection, troubleshooting, error prediction, or the like. Individual cluster nodes may generate machine data that includes information and data regarding the operation and status of the cluster node. The machine data is received from each cluster node for indexing by one or more indexing applications. The indexed machine data including the complete data set may be stored in one or more index stores. A visualization application enables a user to select one or more analysis lenses that may be used to generate visualizations of the machine data. The visualization application employs the analysis lens to produce visualizations of the computing cluster machine data.

公开(公告)号：US20140074817A1

公开(公告)日：2014-03-13

申请号：US13662369

申请日：2012-10-26

Applicant: SPLUNK INC.

Inventor： Alice Emily Neels ,  Archara Sulochana Ganapathi ,  Marc Vincent Robichaud ,  Stephen Phillip Sorkin ,  Steve Yu Zhang

IPC: G06F17/30

CPC classification number: G06F17/30395 ,  G06F3/0482 ,  G06F17/248 ,  G06F17/30283 ,  G06F17/30424 ,  G06F17/30528 ,  G06F17/30554 ,  G06F17/30867

Abstract: Embodiments are directed towards generating data models that may give semantic meaning for unstructured data or structured data that may include data generated and/or received by search engines, including a time series engine. Data models also may be generated to provide semantic meaning to structured data. A data model may be composed of a hierarchical data model objects analogous to an object-oriented programming class hierarchy. Users may employ a data modeling application to produce reports using search objects that may be part of, or associated with the data model. The data modeling application may employ the search object and the data model to generate a query string for searching a data repository to produce a result set. A data modeling application may map the result set data to data model objects that may be used to generate reports.

Abstract translation: 实施例涉及生成可能给非结构化数据或结构化数据提供语义意义的数据模型，这些结构化数据或结构化数据可能包括由搜索引擎（包括时间序列引擎）生成和/或接收的数据。 也可以生成数据模型以为结构化数据提供语义。 数据模型可以由类似于面向对象的编程类层次结构的分层数据模型对象组成。 用户可以使用数据建模应用程序来生成使用可能是数据模型的一部分或与数据模型相关联的搜索对象的报告。 数据建模应用程序可以使用搜索对象和数据模型来生成用于搜索数据存储库以产生结果集的查询字符串。 数据建模应用程序可将结果集数据映射到可用于生成报告的数据模型对象。

公开(公告)号：US20130326620A1

公开(公告)日：2013-12-05

申请号：US13956252

申请日：2013-07-31

Applicant: Splunk Inc.

Inventor： Munawar Monzy Merza ,  John Coates ,  James Hansen ,  Lucas Murphey ,  David Hazekamp ,  Michael Kinsley ,  Alexander Raitz

IPC: H04L29/06

CPC classification number: H04L63/1425 ,  G06F17/30551 ,  G06F21/552 ,  G06F2221/2151 ,  H04L63/1408 ,  H04L63/1416

Abstract: A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.

Abstract translation: 为表征计算通信或对象的一组事件中的每个事件确定度量值。 例如，度量值可以包括事件中的URL或代理字符串的长度。 生成子集标准，使得子集内的度量值与群体的中心（例如，分布尾部）相对分开。 将标准应用于度量值产生一个子集。 该子集的表示呈现在交互式仪表板中。 该表示可以包括子集中的唯一值和相应事件发生的计数。 客户端可以选择表示中的特定元素，以便相对于子集中的特定值对应的各个事件来呈现更多的细节。 因此，客户可以使用他们的知识系统操作和遵守价值频率和基础事件来识别异常度量值和潜在的安全威胁。

公开(公告)号：US20130318604A1

公开(公告)日：2013-11-28

申请号：US13956285

申请日：2013-07-31

Applicant: Splunk Inc.

Inventor： John Coates ,  Lucas Murphey ,  David Hazekamp ,  James Hansen

IPC: H04L29/06

CPC classification number: H04L63/1433 ,  G06F17/30598 ,  G06F21/554 ,  G06F2221/034 ,  G06F2221/2151 ,  H04L63/14 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/20

Abstract: A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.

公开(公告)号：US20130311427A1

公开(公告)日：2013-11-21

申请号：US13648116

申请日：2012-10-09

Applicant: SPLUNK INC.

Inventor： Vishal Patel ,  Mitchell Neuman Blank, JR. ,  Sundar Rengarajan Vasan ,  Stephen Phillip Sorkin

IPC: G06F17/30

CPC classification number: H04L67/1097 ,  G06F11/2097 ,  G06F17/30312

Abstract: Embodiments are directed towards managing within a cluster environment having a plurality of indexers for data storage using redundancy the data being managed using a generation identifier, such that a primary indexer is designated for a given generation of data. When a master device for the cluster fails, data may continue to be stored using redundancy, and data searches performed may still be performed.

Abstract translation: 实施例旨在在具有多个索引器的集群环境内管理，用于使用生成标识符来管理数据的冗余来进行数据存储，从而为指定的生成数据指定主索引器。 当集群的主设备发生故障时，可以继续使用冗余来存储数据，并且仍然可以执行数据搜索。

公开(公告)号：US08589876B1

公开(公告)日：2013-11-19

申请号：US13910858

申请日：2013-06-05

Applicant: Splunk, Inc.

Inventor： Itay A. Neeman

IPC: G06F9/44

CPC classification number: G06F8/70 ,  G06F8/54

Abstract: A first feature (e.g., chart or table) includes a reference to a dynamic pointer. Independently, the pointer is defined to point to a second feature (e.g., a query). The first feature is automatically updated to reflect a current value of the second feature. The reference to the pointer and pointer definition are recorded in a central registry, and changes to the pointer or second feature automatically cause the first feature to be updated to reflect the change. A mapping between features can be generated using the registry and can identify interrelationships to a developer. Further, changes in the registry can be tracked, such that a developer can view changes pertaining to a particular time period and/or feature of interest (e.g., corresponding to an operation problem).

Abstract translation: 第一特征（例如，图表或表）包括对动态指针的引用。 独立地，指针被定义为指向第二特征（例如，查询）。 第一个功能会自动更新，以反映第二个功能的当前值。 对指针和指针定义的引用被记录在中央注册表中，并且对指针或第二特征的改变自动地使第一特征被更新以反映该变化。 功能之间的映射可以使用注册表生成，并且可以识别开发人员的相互关系。 此外，可以跟踪注册表中的更改，使得开发者可以查看与特定时间段和/或感兴趣的特征相关的改变（例如，对应于操作问题）。

公开(公告)号：US20130276000A1

公开(公告)日：2013-10-17

申请号：US13910811

申请日：2013-06-05

Applicant: Splunk Inc.

Inventor： Itay A. Neeman

IPC: G06F9/54

CPC classification number: G06F9/542 ,  G06F8/65 ,  G06F8/71 ,  G06F9/44521 ,  G06F9/54 ,  G06F17/30477 ,  G06F2209/545

Abstract: A first feature (e.g., chart or table) includes a reference to a dynamic pointer. Independently, the pointer is defined to point to a second feature (e.g., a query). The first feature is automatically updated to reflect a current value of the second feature. The reference to the pointer and pointer definition are recorded in a central registry, and changes to the pointer or second feature automatically cause the first feature to be updated to reflect the change. A mapping between features can be generated using the registry and can identify interrelationships to a developer. Further, changes in the registry can be tracked, such that a developer can view changes pertaining to a particular time period and/or feature of interest (e.g., corresponding to an operation problem).

Abstract translation: 第一特征（例如，图表或表）包括对动态指针的引用。 独立地，指针被定义为指向第二特征（例如，查询）。 第一个功能会自动更新，以反映第二个功能的当前值。 对指针和指针定义的引用被记录在中央注册表中，并且对指针或第二特征的改变自动地使第一特征被更新以反映该变化。 功能之间的映射可以使用注册表生成，并且可以识别开发人员的相互关系。 此外，可以跟踪注册表中的更改，使得开发者可以查看与特定时间段和/或感兴趣的特征相关的改变（例如，对应于操作问题）。

公开(公告)号：US20130247044A1

公开(公告)日：2013-09-19

申请号：US13874448

申请日：2013-04-30

Applicant: SPLUNK INC.

Inventor： Brian Bingham ,  Tristan Fletcher

IPC: G06F9/455

CPC classification number: G06F9/45558 ,  G06F3/0482 ,  G06F9/45533 ,  G06F11/327 ,  G06F2009/45591 ,  G06T11/206 ,  G06T2200/24

Abstract: Techniques promote monitoring of hypervisor systems by presenting dynamic representations of hypervisor architectures that include performance indicators. A reviewer can interact with the representation to progressively view select lower-levet performance indicators. Higher level performance indicators can be determined based on tower level state assessments. A reviewer can also view historical performance metrics and indicators, which can aid in understanding which configuration changes or system usages may have led to sub-optimal performance.

Abstract translation: 技术通过呈现包含性能指标的虚拟机监控程序架构的动态表示来促进对管理程序系统的监视。 评论者可以与表示进行交互，以逐步查看选择的低级性能指标。 可以根据塔级状态评估来确定更高层次的绩效指标。 审阅者还可以查看历史绩效指标和指标，这有助于了解哪些配置更改或系统使用可能导致次优性能。

公开(公告)号：US20130060937A1

公开(公告)日：2013-03-07

申请号：US13662315

申请日：2012-10-26

Applicant: SPLUNK INC.

Inventor： Amritpal Singh Bath ,  Mitchell Neuman Blank, JR. ,  Vishal Patel ,  Stephen Phillip Sorkin

IPC: G06F11/30

CPC classification number: G06F16/21 ,  G06F16/1734

Abstract: Embodiments are directed towards a dynamic change evaluation mechanism, whereby items having a detected possible change are scheduled for re-evaluation for possible changes at a higher frequency than items detected to not have previously changed, while those items detected as not to have changed are dynamically scheduled for re-evaluation based on an evaluation backlog that may be in turn based, in part, on a time from when an item is assigned an expiration time to when the item is evaluated. In one embodiment, a possibly changed item may be assigned a new expiration time independent of the evaluation backlog. In another embodiment, if no change is detected, then the item may be assigned a new expiration time as a function of a previous expiration time and on the evaluation backlog.

Abstract translation: 实施例针对动态变化评估机制，由此调度具有检测到的可能变化的项目，以便以比检测到的未被改变的项目更高的频率重新评估可能的改变，而被检测为未改变的那些项目是动态的 计划根据评估积压进行重新评估，该评估积压部分可以部分地基于从物品被分配到期时间到评估物品的时间。 在一个实施例中，可以为可能改变的项目分配与评估积压无关的新的期满时间。 在另一个实施例中，如果没有检测到改变，则可以将该项目分配为作为先前的到期时间的函数的新的期满时间，以及评估积压。

公开(公告)号：US20130054660A1

公开(公告)日：2013-02-28

申请号：US13660874

申请日：2012-10-25

Applicant: Splunk Inc.

Inventor： Steve Yu Zhang

IPC: G06F17/18

CPC classification number: G06F17/18 ,  G06F7/22 ,  G06F7/483 ,  G06F7/544 ,  G06F17/30536 ,  G06K9/6222

Abstract: A method, system, and processor-readable storage medium are directed towards calculating approximate order statistics on a collection of real numbers. In one embodiment, the collection of real numbers is processed to create a digest comprising hierarchy of buckets. Each bucket is assigned a real number N having P digits of precision and ordinality O. The hierarchy is defined by grouping buckets into levels, where each level contains all buckets of a given ordinality. Each individual bucket in the hierarchy defines a range of numbers—all numbers that, after being truncated to that bucket's P digits of precision, are equal to that bucket's N. Each bucket additionally maintains a count of how many numbers have fallen within that bucket's range. Approximate order statistics may then be calculated by traversing the hierarchy and performing an operation on some or all of the ranges and counts associated with each bucket.

Abstract translation: 方法，系统和处理器可读存储介质被引导以计算关​​于实数集合的近似顺序统计。 在一个实施例中，处理实数的集合以创建包括桶的层次结构的摘要。 每个桶被分配一个具有精确度和序数O的P位数的实数N.层次结构通过将桶分组为级别来定义，其中每个级别包含给定序数的所有桶。 层次结构中的每个单独的桶定义了一个数字范围 - 所有数字在被截断到该桶的P位精度之后都等于该桶的N。每个桶还保留有多少数量落在该桶的范围内的数量 。 然后可以通过遍历层级并对与每个桶相关联的一些或全部范围和计数执行操作来计算近似订单统计。