公开(公告)号：US12271428B1

公开(公告)日：2025-04-08

申请号：US17816337

申请日：2022-07-29

Applicant: Splunk Inc.

Inventor： Christopher Bolognese ,  Finlay Cannon ,  Eli Clein ,  Umesh Dinkar ,  Thomas Haggie ,  Barbara Janczer ,  Elizabeth Li ,  Clark Eugene Mullen ,  Viet Quoc Nguyen ,  Faya Peng ,  Ioan Popa ,  Abid Salahi ,  Keng-Ming Sheu ,  Tulika Thakur ,  Justin Lew ,  Jonathan Ng ,  Jacob Sebastian Stark

IPC: G06F16/904 ,  G06F3/04845 ,  G06F16/903

Abstract: A system generates a user interface that enables a user to interact with an interactive chart associated with a statement of a data processing package. Via one or more user interactions with the user interface, the system may receive one or more chart parameters for the chart. Using a statement from the data processing package and the one or more chart parameters, the system may generate an additional statement and append the generated statement to the data processing package to form an enriched data processing package. The system may communicate the enriched data processing package to a search service for execution. The system may display the results in the chart.

公开(公告)号：US12265525B2

公开(公告)日：2025-04-01

申请号：US18428428

申请日：2024-01-31

Applicant: Splunk Inc.

Inventor： Brent Davis ,  David Johns DeWitt ,  Derek Feriancek ,  Venkatasubramanian Jayaraman ,  Vinay Manivel ,  Christopher Ogle ,  Balaji Rao

IPC: G06F16/22 ,  G06F16/24 ,  G06F16/242 ,  G06F16/245 ,  G06F16/2453 ,  G06F16/2458

Abstract: A query coordinator can receive a query and identify a first portion of the query to be processed by a first data processing system and a second portion of the query to be processed by a second data processing system. The query coordinator can obtain a modified query based on identifying the first portion and the second portion of the query. The query coordinator can define a query processing scheme according to the modified query and provide the query processing scheme to the second data processing system. Based on providing the query processing scheme, the query coordinator can obtain an output of the second data processing system. The query coordinator can identify a second query based on the output and provide the second query to a component of the first data processing system.

公开(公告)号：US12254019B2

公开(公告)日：2025-03-18

申请号：US18160972

申请日：2023-01-27

Applicant: Splunk Inc.

Inventor： Vladimir A. Shcherbakov ,  Stewart Smith ,  Nicholas Matthew Tankersley ,  Junyu Wang ,  Peter Wu

IPC: G06F16/30 ,  G06F16/248 ,  G06F16/26 ,  G06F3/04817 ,  G06F3/0482

Abstract: Systems and methods are described to determine relationships between one or more components of an isolated execution environment system based on data obtained from a data intake and query system. Based on the determined relationships, an interactive visualization is generated that indicates the hierarchical relationship of the components. In some cases, to illustrate the relationship between components of the isolated execution environment system, the visualization can include one or more display objects displayed in a subordinate or superior relationship to other display objects. In certain cases, based on an interaction with a display object, the system can generate a query and/or display additional information and/or visualizations based on the results of the query.

公开(公告)号：US12242892B1

公开(公告)日：2025-03-04

申请号：US17444157

申请日：2021-07-30

Applicant: Splunk Inc.

Inventor： Ricky Burnett

IPC: G06F9/50 ,  G06F9/38 ,  G06F9/455 ,  G06F9/48

Abstract: Systems and methods are described for a implementing a streaming data processing system that includes a pool of pre-configured resources and a pool of dedicated resources. The streaming data processing system can implement a processing pipeline using compute resources. The pool of pre-configured resources can support previews of processing pipelines for a plurality of users and the pool of dedicated resources can support full deployments of processing pipelines for a particular user. The streaming data processing system can implement a preview of a processing pipeline using a pre-configured resource of the pool of pre-configured resources. Further, the streaming data processing system can implement the processing pipeline using a dedicated resource of the pool of dedicated resources. The streaming data processing system can provision the dedicated resource and deploy the processing pipeline using the dedicated resource.

公开(公告)号：US12242495B1

公开(公告)日：2025-03-04

申请号：US17816357

申请日：2022-07-29

Applicant: Splunk Inc.

Inventor： Christopher Bolognese ,  Finlay Cannon ,  Eli Clein ,  Umesh Dinkar ,  Thomas Haggie ,  Barbara Janczer ,  Elizabeth Li ,  Clark Eugene Mullen ,  Viet Quoc Nguyen ,  Faya Peng ,  Ioan Popa ,  Abid Salahi ,  Keng-Ming Sheu ,  Tulika Thakur ,  Justin Lew ,  Jonathan Ng ,  Jacob Sebastian Stark

IPC: G06F16/248 ,  G06F3/0481 ,  G06F3/04842 ,  G06F3/04847

Abstract: A system generates a user interface that enables a user to generate a chart from one or more statements of a data processing package. Via one or more user interactions with the user interface, the system may receive one or more chart parameters for a chart. Using a statement from the data processing package and the one or more chart parameters, the system may generate an additional statement and append the generated statement to the data processing package to form an enriched data processing package. The system may communicate the enriched data processing package to a search service for execution. The system may display the results in an interactive chart.

公开(公告)号：US12237988B1

公开(公告)日：2025-02-25

申请号：US17879694

申请日：2022-08-02

Applicant: Splunk Inc.

Inventor： Adrian Hall ,  Kenneth M. Sternberg ,  Anupadmaja Raghavan ,  Brian C. Reyes

IPC: H04L43/16 ,  G06F16/2457 ,  G06F16/28 ,  G06F16/904 ,  H04L41/0631 ,  H04L41/0677 ,  H04L41/22 ,  H04L43/0817 ,  H04L67/02

Abstract: Provided are systems and methods for determining and displaying service performance information via a graphical user interface. A method can include visually rendering a service-level dashboard reflecting performance of a service and presenting a visual indication of health of each component service and a list of events each corresponding to a change in performance of one of the component services. The method can further include responsive to receiving, via a graphical user interface (GUI), a selection of a component service, visually rendering a system-level dashboard reflecting performance of the selected component-level service, wherein the component service is performed by one or more machines, and wherein the system-level dashboard presents the machines and one or more events each corresponding to a change in performance of one of the machines.

公开(公告)号：US12217075B1

公开(公告)日：2025-02-04

申请号：US17240878

申请日：2021-04-26

Applicant: Splunk Inc.

Inventor： Brian Bingham ,  Tristan Fletcher

IPC: G06F9/455 ,  G06F3/0482 ,  G06F11/32 ,  G06T11/20

Abstract: Techniques promote monitoring of hypervisor systems by presenting dynamic representations of hypervisor architectures that include performance indicators. A reviewer can interact with the representation to progressively view select lower-level performance indicators. Higher level performance indicators can be determined based on lower level state assessments. A reviewer can also view historical performance metrics and indicators, which can aid in understanding which configuration changes or system usages may have led to sub-optimal performance.

公开(公告)号：US20250028712A1

公开(公告)日：2025-01-23

申请号：US18428428

申请日：2024-01-31

Applicant: Splunk Inc.

Inventor： Brent Davis ,  David Johns DeWitt ,  Derek Feriancek ,  Venkatasubramanian Jayaraman ,  Vinay Manivel ,  Christopher Ogle ,  Balaji Rao

IPC: G06F16/242 ,  G06F11/34 ,  G06F16/22 ,  G06F16/2453 ,  G06F16/2458

Abstract: A query coordinator can receive a query and identify a first portion of the query to be processed by a first data processing system and a second portion of the query to be processed by a second data processing system. The query coordinator can obtain a modified query based on identifying the first portion and the second portion of the query. The query coordinator can define a query processing scheme according to the modified query and provide the query processing scheme to the second data processing system. Based on providing the query processing scheme, the query coordinator can obtain an output of the second data processing system. The query coordinator can identify a second query based on the output and provide the second query to a component of the first data processing system.

公开(公告)号：US20250028618A1

公开(公告)日：2025-01-23

申请号：US18222870

申请日：2023-07-17

Applicant: Splunk Inc.

Inventor： Houwu Bai ,  Kristal Curtis ,  William Deaderick ,  Tanner Gilligan ,  Poonam Yadav ,  Om Rajyaguru

IPC: G06F11/34 ,  G06F11/30 ,  G06F16/23 ,  G06F16/2458

Abstract: Computerized methodologies are disclosed that are directed to detecting anomalies within a time-series data set. A first aspect of the anomaly detection process includes analyzing the regularity of the data points of the time-series data set and determining whether a data aggregation process is to be performed based on the regularity of the data points, which results in a time-series data set having data points occurring at regular intervals. A seasonality pattern may be determined for the time-series data set, where a silhouette score is computed to measure the quality of the fit of the seasonality pattern to the time-series data. The silhouette score may be compared to a threshold and based on the comparison, the seasonality pattern or a set of heuristics may be utilized in an anomaly detection process. When the seasonality pattern is utilized, the seasonality pattern may be utilized to generate thresholds indicating anomalous behavior.

公开(公告)号：US12206693B1

公开(公告)日：2025-01-21

申请号：US17745482

申请日：2022-05-16

Applicant: Splunk Inc.

Inventor： Georgios Apostolopoulos

IPC: H04L29/06 ,  G06F16/901 ,  H04L9/40

Abstract: The disclosed techniques relate to a graph-based network security analytic framework to combine multiple sources of information and security knowledge in order to detect risky behaviors and potential threats. In some examples, the input can be anomaly events or simply regular events. The entities associated with the activities can be grouped into smaller time units, e.g., per day. The riskiest days of activity can be found by computing a risk score for each day and according to the features in the day. A graph can be built with links between the time units. The links can also receive scoring based on a number of factors. The resulting graph can be compared with known security knowledge for adjustments. Threats can be detected based on the adjusted risk score for a component (i.e., a group of linked entities) as well as a number of other factors.