公开(公告)号：US12204536B2

公开(公告)日：2025-01-21

申请号：US17658792

申请日：2022-04-11

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Arindam Bhattacharjee ,  Nikhil Roy

IPC: G06F16/00 ,  G06F16/17 ,  G06F16/22 ,  G06F16/242 ,  G06F16/2453 ,  G06F16/2458 ,  G06F16/25

Abstract: Systems and methods are described for scheduling a query for execution. The system receives and parses a query to identify one or more portions of the query. The system determines a resource allocation for each portion of the query, and determines an availability of compute resources for the different portions of the query. Based on the resource allocation and the availability of compute resources, the system schedules the query.

公开(公告)号：US12199997B1

公开(公告)日：2025-01-14

申请号：US17573335

申请日：2022-01-11

Applicant: SPLUNK Inc.

Inventor： Cui Lin ,  Stanislav Miskovic

IPC: H04L9/40 ,  G06N20/00 ,  H04L41/16 ,  H04L41/22

Abstract: A computerized method is disclosed that includes operations of obtaining network traffic data between a source device and a destination device, applying a set of one or more security rules to a plurality of metrics of the network traffic data to obtain a subset of network traffic metrics, applying a first trained machine learning model to the subset of network traffic metrics to generate a feature vector through feature extraction of the subset of network traffic metrics, and evaluate the feature vector for a presence of beaconing and classify the subset of network traffic metrics, and responsive to the classifying of the subset of network traffic metrics, generating a flag for a system administrator. The plurality of metrics include at least one or more of packet size, packet transmission rate, or a ratio of (i) packet size for inbound packets and (ii) packet size for outbound packets.

公开(公告)号：US12197968B1

公开(公告)日：2025-01-14

申请号：US17875172

申请日：2022-07-27

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Samat Jain ,  Isabelle Park ,  Vishal Patel ,  Siegfried Puchbauer ,  Tingjin Xu

IPC: G06F15/16 ,  G06F9/54 ,  G06F16/26 ,  G06F16/28

Abstract: A computing device receives an ingest preview request to preview events to be stored by at least one indexer. Responsive to the ingest preview request, the computing device sends a subscription request to the forwarders. The forwarders receive the subscription request and intercept the events that are being sent to at least one of the indexers. The forwarders then clone matching events to the subscription request and responds to the computing device with the matching events. When the computing device receives the matching events, the computing device adds the matching events to a dispatch directory. The user interface is then populated with events in the dispatch directory.

公开(公告)号：US12197908B1

公开(公告)日：2025-01-14

申请号：US18517485

申请日：2023-11-22

Applicant: Splunk Inc.

Inventor： Akash Dwivedi ,  Simon Foster Fishel ,  Isabelle Park ,  Vivian Shen ,  Eric Tschetter ,  Joshua Walters

IPC: G06F8/65 ,  G06F3/0482 ,  G06F8/71 ,  G06F16/903 ,  G06F16/9038 ,  H04L67/025

Abstract: Systems and methods are disclosed for providing a multi-component application, including a first and second component, and a first and second server. The first component may be implemented at the first server, while a second component may be implemented at a client device. An end user of a client device may request access to metadata stored on the second server that is utilized by the second component to implement the multi-component application. The end user may authenticate with the first component. The first component may then communicate with the second server to authenticate the end user to the second server, thereby granting the end user access to the second server without having to reauthenticate to the second server.

公开(公告)号：US12197442B1

公开(公告)日：2025-01-14

申请号：US17937902

申请日：2022-10-04

Applicant: Splunk Inc.

Inventor： Kyle Champlin ,  Cory Chen ,  Patrick Schulz ,  Jason Szeto

IPC: G06F16/24 ,  G06F3/14 ,  G06F16/2455 ,  G06F16/248

Abstract: A software module ingests data into a data intake and query system. At least a portion of the data is cloud data. The software module includes an event type definition that specifies a type of data to be ingested by the software module, a first tag that associates ingested data of the event type with a data model, and a second tag that designates ingested data of the event type as cloud data. The ingested data is stored in a data repository, and subsequently a search query that includes the first tag and the second tag is executed against the data repository, to identify ingested cloud data that satisfies the search query and a first search constraint specified in the data model. A display device is caused to display a visualization based on the identified ingested cloud data that satisfies the search query.

公开(公告)号：US12153481B1

公开(公告)日：2024-11-26

申请号：US18456455

申请日：2023-08-25

Applicant: SPLUNK INC.

Inventor： Matteo Merli ,  Karthikeyan Ramasamy ,  Ram Sriharsha ,  Aungon Nag Radon

IPC: G06F1/26 ,  G06F1/3296 ,  G06N20/00 ,  H04L67/12

Abstract: Various implementations of the present application set forth a computer-implemented method comprising obtaining, by a low-power hub device, a first set of data published by an edge device, where the low-power hub device subscribes to at least a subset of data published by the edge device, generating, by the low-power hub device, a second set of data from the first set of data by inputting the first set of data into a machine learning (ML) model executing on the low-power hub device, and transmitting the second set of data to a remote server computer system.

公开(公告)号：US12141047B1

公开(公告)日：2024-11-12

申请号：US17589637

申请日：2022-01-31

Applicant: Splunk Inc.

Inventor： Gergely Danyi ,  Sakshi Garg ,  Maxime Petazzoni ,  Sahinaz Safari Sanjani ,  Timothy Matthew Robin Williamson ,  Eric Wohlstadter

IPC: G06F9/44 ,  G06F11/36

Abstract: A method of computing real-time metrics for automated workflows includes aggregating a set of ingested spans into a set of traces. The method further includes executing a set of rules to determine a set of workflows associated with the set of traces, wherein each workflow of the set of workflows is associated with a respective trace of the set of traces, and wherein each workflow is operable to group together activity associated with a client process within a respective trace. The method also includes assigning a name to each workflow based on the rules and computing real-time metrics for each of the workflows.

公开(公告)号：US12135788B1

公开(公告)日：2024-11-05

申请号：US17390290

申请日：2021-07-30

Applicant: Splunk Inc.

Inventor： Namratha Sreekanta ,  Nikesh Padakanti

IPC: G06F16/2457 ,  G06F16/245 ,  G06F21/57 ,  G06F40/56

Abstract: Techniques are described for enabling an application to automatically generate text narratives explaining risk scores assigned to risk objects. The application uses natural language generation (NLG) techniques to enable the automatic create text narratives providing context and explanation for risk scores. The described approaches use data from a variety of data sources (e.g., risk event indexes, correlation search data, attack framework data, etc.) to create compelling and useful explanations of the risk analysis associated with identified risk objects. These automatically generated text narratives can be readily presented in any number of different interfaces without the need for complex visualizations or user effort to derive the same information. The automatically created text narratives enable users to better understand the risk analysis for particular risk objects, obtain storylines detailing risk objects' activity patterns over time, and to better analyze, triage, and mitigate IT environment risks based on such information.

公开(公告)号：US12135710B2

公开(公告)日：2024-11-05

申请号：US17586634

申请日：2022-01-27

Applicant: Splunk Inc.

Inventor： Jagmohan Singh ,  Michael Bach Soohoo ,  Hongxun Liu ,  Manu Jose, Jr.

IPC: G06F16/23 ,  G06F16/2458

Abstract: Artifact life tracking storage techniques include performing an artifact request of an artifact at an artifact storage node. A current time to live (TTL) value is identified. A determination is made whether to increment a TTL flag of the artifact. Responsive to determining that the TTL tag should be incremented, the TTL flag is incremented to a subsequent value in a TTL extender list. Responsive to incrementing the TTL tag, the TTL modified tag value is set to the current time value.

公开(公告)号：US20240362252A1

公开(公告)日：2024-10-31

申请号：US18675896

申请日：2024-05-28

Applicant: SPLUNK INC.

Inventor： Da XU ,  Sundar VASAN ,  Dhruva Kumar BHAGI

IPC: G06F16/27 ,  G06F3/06 ,  G06F11/20 ,  G06F11/30 ,  G06F11/32 ,  G06F11/34 ,  G06F16/22 ,  H04L67/1097

CPC classification number: G06F16/27 ,  G06F11/2094 ,  G06F11/3006 ,  G06F11/3072 ,  G06F11/32 ,  G06F11/3409 ,  G06F11/3476 ,  G06F16/2272 ,  H04L67/1097 ,  G06F3/0617 ,  G06F2201/86

Abstract: A method for performing disaster recovery in a clustered environment comprises identifying, at a master device, a first indexer from a set of indexers to serve as a primary indexer for responding to queries pertaining to a subset of data. The method also comprises assigning, at the master device, a generation identifier indicating that the first indexer is the primary indexer for the subset of data. Responsive to an event prompting a change in a primary indexer designation for the subset of data, the method comprises identifying, at the master device, a second indexer from the set of indexers to serve as the primary indexer for responding to queries pertaining to the subset of data. Further, the method comprises assigning, at the master device, a new generation identifier indicating that the second indexer is the primary indexer for the subset of data.