公开(公告)号：US11522769B1

公开(公告)日：2022-12-06

申请号：US17141192

申请日：2021-01-04

Applicant: Splunk Inc.

Inventor： Hemendra Singh Choudhary ,  Tristan Antonio Fletcher ,  Alok Anant Bhide ,  Fang I. Hsiao

IPC: H04L41/22 ,  G06F16/28 ,  G06F16/951 ,  G06F16/2458 ,  G06F16/2455 ,  H04L41/50 ,  H04L41/5009 ,  H04L69/329 ,  H04L43/045 ,  H04L41/5041 ,  H04L67/02 ,  H04L43/16

Abstract: A method is disclosed that includes receiving a request to display a service-monitoring user interface that illustrates performance of one or more services that are each provided by one or more entities. Each service is associated with a stored service definition that identifies the one or more entities, and each entity is associated with stored entity definition information that identifies machine data produced by or about the entity from one or more sources. The method further includes causing display of the service-monitoring user interface illustrating performance of each service via an aggregate key performance indicator (KPI) that characterizes a respective service as a whole, and a plurality of aspect KPIs that each characterize an aspect of an associated service. Each KPI is defined by a search query that produces a value derived from the machine data identified by the entity definition information, the value indicative of a measure of the service at a point in time or during a period of time. The machine data is produced by one or more components within an information technology environment and reflects activity within the information technology environment.

公开(公告)号：US11372923B1

公开(公告)日：2022-06-28

申请号：US17135379

申请日：2020-12-28

Applicant: Splunk Inc.

Inventor： Hemendra Singh Choudhary ,  Tristan Antonio Fletcher ,  Brian Bingham ,  Fang I. Hsiao ,  Brian C. Reyes

IPC: G06F9/54 ,  H04L41/22 ,  H04L41/0806 ,  H04L43/04 ,  H04L67/51 ,  H04L43/16 ,  H04L67/10 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/0481 ,  G06F3/04847 ,  H04L43/091 ,  H04L43/55 ,  G06F16/903 ,  G06Q10/06 ,  H04L69/329 ,  G06F16/26 ,  G06F16/248 ,  G06F16/25 ,  G06F16/33 ,  G06F16/951 ,  G06F16/2455 ,  G06F16/901 ,  G06F16/9038 ,  G06F16/9535 ,  G06F16/2453 ,  H04L41/5009 ,  G06F11/34 ,  G06F11/32 ,  H04L41/0213 ,  H04L41/50 ,  H04L43/045 ,  G06F3/04842 ,  G06T11/20

Abstract: A service monitoring system executing on one or more processors may have operations that are determined by control information. Control over the operation of the service monitoring system can be exerted through the use of a graphical interface. The graphical interface may present the control information of a new or existing correlation search definition for user interaction. The service monitoring system may maintain a data store of key performance indicator (KPI) data, where a KPI value in the data store is produced by a KPI-defining search query that derives the value from machine data associated with one or more entities that perform a monitored service. A correlation search definition of the service monitoring system determines how a search of the KPI data is conducted, how its data is evaluated to determine whether a triggering condition has been met, and, if so, determines what triggered action is to be initiated.

公开(公告)号：US20220124183A1

公开(公告)日：2022-04-21

申请号：US17466665

申请日：2021-09-03

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Clint Sharp

IPC: H04L69/22 ,  H04L43/028

Abstract: The disclosed embodiments provide a system for extracting custom content from network packets. During operation, the system receives a stream of packets. The system then parses packets in the stream to determine a protocol for each packet. Next, the system applies a custom-content-extraction rule to each packet associated with a target protocol to obtain the extracted content. Then, the system stores the extracted content in events in a data store to facilitate subsequent queries involving the extracted content.

公开(公告)号：US11296951B2

公开(公告)日：2022-04-05

申请号：US16908564

申请日：2020-06-22

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Cary Glen Noel

IPC: H04L12/24 ,  H04L12/26 ,  H04L41/22 ,  H04L43/0894 ,  H04L43/045

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system obtains a set of event streams from one or more remote capture agents over one or more networks, wherein the set of event streams comprises time-series event data generated from network packets captured by the one or more remote capture agents. Next, the system causes for display, within a graphical user interface (GUI), a first set of user interface elements, wherein the first set of user interface elements includes event stream information for an event stream in the set of event streams and a first graph of a metric associated with the time-series event data in the event stream. The system then updates the first graph in real-time with the time-series event data from the one or more remote capture agents.

公开(公告)号：US11281643B2

公开(公告)日：2022-03-22

申请号：US16436818

申请日：2019-06-10

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Nishant Teredesai ,  Cary Glen Noel

IPC: G06F16/22 ,  G06F16/2455 ,  H04L65/60

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements for specifying a grouping of a set of event streams containing the time-series event data by an event stream attribute associated with the event streams. The system then causes for display, in the GUI, a second set of user-interface elements containing event stream information for one or more subsets of the event streams represented by the grouping of the event streams by the event stream attribute.

公开(公告)号：US11144545B1

公开(公告)日：2021-10-12

申请号：US16528137

申请日：2019-07-31

Applicant: Splunk Inc.

Inventor： Nicholas Matthew Tankersley ,  Fang I. Hsiao ,  Arun Ramani

IPC: G06F3/0484 ,  G06F16/2452 ,  G06F16/2457 ,  G06Q10/10 ,  G06F11/30 ,  G06T11/20 ,  G06Q10/06

Abstract: An automatic service monitor in an information-technology environment performs regular search queries against generated machine data to derive performance measurements. The information technology environment is defined in terms of services provided by entities, and the performance measurements are defined as key performance indicators (KPIs) of the services. Generated machine data used by the search queries pertain to the entities performing the service. Definitional information for the services, entities, and KPIs is administered by a user to control the operation of the service monitor. Various aspects of such definitional information as well as related performance measurement information may be presented in a unified console display tailored to, and organized around, a particular entity. The console display may serve as a central launch point by supporting user interaction to navigate to other specialized monitoring interfaces.

公开(公告)号：US10887191B2

公开(公告)日：2021-01-05

申请号：US15955565

申请日：2018-04-17

Applicant: Splunk Inc.

Inventor： Hemendra Singh Choudhary ,  Tristan Antonio Fletcher ,  Alok Anant Bhide ,  Fang I. Hsiao

IPC: H04L12/24 ,  H04L29/08 ,  G06F16/28 ,  G06F16/951 ,  G06F16/2458 ,  G06F16/2455 ,  H04L12/26

Abstract: Services in an operating environment are represented by stored service definitions that identify entities that perform the service. Entity definitions identify machine data pertaining to the entity. A key performance indicator (KPI) of the service characterizes the service on the whole or some aspect of it. Each KPI is defined by a search query that derives a value from machine data identified in the entity definitions. Processing devices cause display of a service-monitoring page having services summary information and services aspects information. The summary information displays interactive summary tiles that each correspond to a service and present information about an aggregate KPI that characterizes the service. The aspects information displays interactive aspect tiles that each correspond to a KPI characterizing some aspect of an associated service. Additional information may be included in the service-monitoring page and interaction features enable a user to navigate to enhanced information displays.

公开(公告)号：US20190294598A1

公开(公告)日：2019-09-26

申请号：US16436818

申请日：2019-06-10

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Nishant Teredesai ,  Cary Glen Noel

IPC: G06F16/22 ,  H04L29/06 ,  G06F16/2455

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements for specifying a grouping of a set of event streams containing the time-series event data by an event stream attribute associated with the event streams. The system then causes for display, in the GUI, a second set of user-interface elements containing event stream information for one or more subsets of the event streams represented by the grouping of the event streams by the event stream attribute.

公开(公告)号：US20180219751A1

公开(公告)日：2018-08-02

申请号：US15421389

申请日：2017-01-31

Applicant: Splunk Inc.

Inventor： David J. Cavuto ,  Vladimir A. Shcherbakov ,  Joshua H. Mak ,  Fang I. Hsiao

IPC: H04L12/26 ,  H04L29/12

CPC classification number: H04L43/045 ,  H04L43/08 ,  H04L43/106

Abstract: Techniques and mechanisms are disclosed for generating visualizations which graphically depict network activity occurring between pairs of networked computing devices. The visualizations are based on data indicating the network activity, where the network activity can involve devices having any network addresses within an entire network address space (e.g., any address within the Internet Protocol version v4 (IPv4) or IPv6 network address space), or within some subset of an entire network address space. The ability to visualize high-level information related to network activity occurring across an entire network address space enables network analysts and other users to readily analyze characteristics of computer networks which otherwise might not be evident or difficult to obtain using other types of visualizations.

公开(公告)号：US20180089601A1

公开(公告)日：2018-03-29

申请号：US15339787

申请日：2016-10-31

Applicant: Splunk Inc.

Inventor： Ian Matthew Link ,  Alexander Lynn Raitz ,  Melanie Ann Garcia Alrajhi ,  Shruti Shrivastava ,  Fang I. Hsiao

IPC: G06Q10/06 ,  G06F17/30

CPC classification number: G06Q10/067 ,  G06F16/90335 ,  G06F17/2705 ,  G06Q10/087

Abstract: Embodiments of the present invention are directed to generating augmented process models for use in process analytics. In one embodiment, a process model, search indicators, composite attributes, and relationship indicators are received. The process model defines a process and includes a plurality of components of the process. Search indicators indicate a search that, when executed, provides data related to the corresponding component. Composite attributes indicate data to be captured by machine data searches associated with the corresponding component. Relationship indicators indicate relationships between components of the process. An augmented process model is generated based on the process model, the search indicators, the composite attributes, and the relationship indicators, wherein the augmented process model is used to manage process instances associated with the process.