公开(公告)号：US20230102389A1

公开(公告)日：2023-03-30

申请号：US17954320

申请日：2022-09-27

Applicant: Splunk Inc.

Inventor： Anupadmaja Raghavan ,  George Daloukov ,  Alok Anant Bhide ,  Ross Andrew Lazerowitz ,  Tristan Antonio Fletcher ,  Alan Vincent Hardin

IPC: G06Q10/06 ,  G06Q10/00 ,  H04L41/5009 ,  H04L41/5006

Abstract: An automatic service monitor in an information technology environment has its operation controlled by information that, in part, defines entities that perform services and defines key performance indicators (KPIs) that indicate measures of performance of the services. Additional information controls the operation of the service monitor with respect to identifying and adapting for KPIs based on the non-normal data caused by maintenance work or other causes. Such adaptation may include changes in how reported information appears to the user.

公开(公告)号：US11615082B1

公开(公告)日：2023-03-28

申请号：US16945631

申请日：2020-07-31

Applicant: Splunk Inc.

Inventor： Anish Shrigondekar ,  Ruochen Zhang ,  Zhenghui Xie ,  Shalabh Goyal ,  Bhavin Thaker

IPC: G06F16/24 ,  G06F16/245 ,  G06F13/20 ,  H04L43/16 ,  H04L41/0896

Abstract: A data intake and query system can ingest and index large amounts of data using one or more ingestors and indexers. The ingestors can ingest incoming data and use it to generate events. The ingestor can group the events and prepare them for communication to a message bus. The ingestor can determine a size of the group of events. If the size of the group of events satisfies a message size threshold, the ingestor can store the group of events to a data store, obtain a reference to the group of events, and communicate the reference to the group of events to a message queue. An indexer can obtained the reference from the message queue and use the reference to obtain the group of events from the data store.

公开(公告)号：USD981433S1

公开(公告)日：2023-03-21

申请号：US29848729

申请日：2022-08-04

Applicant: SPLUNK Inc.

Designer： Uladzimir Bahatyrevich ,  Anthony Barbato

公开(公告)号：US11611493B2

公开(公告)日：2023-03-21

申请号：US17443228

申请日：2021-07-22

Applicant: Splunk Inc.

Inventor： Qianjie Zhong ,  Geng Qin ,  Ting Wang ,  Min Zhang ,  Micah Delfino ,  Jef Bekes ,  D. Randall Young ,  Cary Noel ,  Feng Shao ,  Dritan Bitincka

IPC: H04L43/045 ,  H04L41/22 ,  H04L41/12 ,  H04L43/0817

Abstract: Techniques and mechanisms are disclosed that enable collection of various types of data from cloud computing services and the generation of various dashboards and visualizations to view information about collections of cloud computing resources. A user can configure collection of data from one or more cloud computing services and view visualizations using an application platform referred to herein as a cloud computing management application. A cloud computing management application further may be configured to generate and cause display of interactive topology map representations of cloud computing resources based on the collected data, where an interactive topology map enables users to view an intuitive visualization of a collection of computing resources, efficiently cause performance of actions with respect to various resources displayed in the topology map, and analyze the collection of resources in ways that are not possible using conventional cloud computing service management consoles.

公开(公告)号：US11609913B1

公开(公告)日：2023-03-21

申请号：US17162536

申请日：2021-01-29

Applicant: Splunk Inc.

Inventor： Tameem Anwar ,  Alexandros Batsakis ,  Tianyi Gou ,  Mehul Goyal ,  Ashish Mathew ,  Douglas Rapp ,  Sai Krishna Sajja ,  Anish Shrigondekar ,  Igor Stojanovski ,  Eric Woo ,  Zhenghui Xie ,  Ruochen Zhang ,  Sophia Rui Zhu

IPC: G06F16/00 ,  G06F16/2455 ,  G06F16/248 ,  G06F16/2458

Abstract: A data intake and query system can manage the search of large amounts of data using one or more processing nodes. When a new processing node is added or becomes available, the node coordinator can reassign duties from one or more processing nodes to the new processing node. The node coordinator can initially assign the new processing node one or more groups of data for backup purposes. At a later time, the node coordinator can reassign the new processing node to the one or more groups of data for searching purposes.

公开(公告)号：US11606384B2

公开(公告)日：2023-03-14

申请号：US17386989

申请日：2021-07-28

Applicant: Splunk Inc.

Inventor： Munawar Monzy Merza

IPC: H04L29/06 ,  H04L9/40 ,  A61G17/04 ,  H04L61/4511 ,  A61G17/007 ,  G06F21/50 ,  G06T11/20 ,  H04L67/02

Abstract: Domain names are determined for each computational event in a set, each event detailing requests or posts of webpages. A number of events or accesses associated with each domain name within a time period is determined. A registrar is further queried to determine when the domain name was registered. An object is generated that includes a representation of the access count and an age since registration for each domain names. A client can interact with the object to explore representations of domain names associated with high access counts and recent registrations. Upon determining that a given domain name is suspicious, a rule can be generated to block access to the domain name.

公开(公告)号：US11604795B2

公开(公告)日：2023-03-14

申请号：US16051304

申请日：2018-07-31

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Arindam Bhattacharjee

IPC: G06F17/00 ,  G06F16/2453 ,  G06F16/25 ,  G06F16/21 ,  G06F16/28 ,  G06F16/2455 ,  G06F16/2458 ,  G06F40/205

Abstract: Systems and methods are disclosed for executing a query that includes an indication to process data managed by an external data system. The system identifies the external data system that manages the data to be processed and generates a subquery for the external data system indicating that the results of the subquery are to be sent to one worker node of multiple worker nodes. The system instructs the one worker node to distribute the results received from the external data system to multiple worker nodes for processing.

公开(公告)号：US11599396B2

公开(公告)日：2023-03-07

申请号：US17237904

申请日：2021-04-22

Applicant: SPLUNK INC.

Inventor： Jag Kerai ,  Anish Shrigondekar ,  Mitchell Blank, Jr. ,  Hasan Alayli

IPC: G06F9/50 ,  G06F3/06

Abstract: Resegmenting chunks of data for load balancing is disclosed. A plurality of first chunks of data is received. The plurality of first chunks of data includes one or more entries that include raw data produced by a component of an information technology environment and that reflects activity in the information technology environment. The plurality of first chunks of data is resegmented into a plurality of second chunks of data based on a source type of the plurality of first chunks. A first subset of the plurality of second chunks of data is distributed to a first indexer of a set of indexers. An occurrence of a trigger event is determined, and in response to the trigger event, a second subset of the plurality of second chunks of data is distributed to a second indexer of the set of indexers.

公开(公告)号：US11588678B2

公开(公告)日：2023-02-21

申请号：US17407738

申请日：2021-08-20

Applicant: Splunk Inc.

Inventor： Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC: H04L41/0631 ,  H04L41/0654 ,  H04L41/14 ,  H04L9/40 ,  H04L41/22 ,  H04L41/5074 ,  G06F21/55 ,  H04L41/08

Abstract: Described herein are systems, methods, and software to enhance the management of responses to incidents. In one example, a method of improving incident response comprises identifying an incident in an information technology (IT) environment associated with a first entity of a plurality of entities, and identifying action implementation information related to the incident. The method further anonymizes the action implementation information for the incident, and determines action suggestions based at least on the anonymized action implementation information.

公开(公告)号：US11586729B2

公开(公告)日：2023-02-21

申请号：US17332804

申请日：2021-05-27

Applicant: Splunk Inc.

Inventor： Zhuxuan Jin ,  George Apostolopoulos

IPC: G06F21/55 ,  G06F16/245 ,  G06F21/56 ,  H04L9/40

Abstract: A method is disclosed that includes receiving, at a computing device, an event log including multiple events, where the events are derived from machine data, determining a first score associated with a first granularity level by comparing an event from the event log with a first frequent patterns generated for the first granularity level, and determining a second score associated with a second granularity level by comparing the event with a second frequent patterns generated for the second granularity level. The method further includes determining an aggregate score for the event based on the first score and the second score, and comparing the aggregate score for the event with an anomaly score threshold. Further, the method includes issuing an alert identifying the event as an anomaly based on the aggregate score exceeding the anomaly score threshold.