公开(公告)号：US20150154269A1

公开(公告)日：2015-06-04

申请号：US14611089

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F17/30 ,  G06F3/0484 ,  G06F7/24

CPC classification number: G06F17/24 ,  G06F3/04842 ,  G06F7/24 ,  G06F17/241 ,  G06F17/245 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/30994

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

Abstract translation: 所公开的技术涉及制定和提炼在查询时使用具有后期绑定模式的原始数据的字段提取规则。 字段提取规则识别原始数据的部分，以及它们的数据类型和层次关系。 这些提取规则是针对未组织成尚未通过标准提取或转换方法处理的关系结构的非常大的数据集执行的。 通过使用示例事件，关注主要和次要示例事件有助于制定跨多个数据格式的单个提取规则，或者针对不同格式的多个规则。 选择工具标记示例事件以指示提取规则的正例，并确定负面示例以避免错误的值选择。 提取规则可以保存以供查询时间使用，并且可以被并入事件数据的集合和子集的数据模型中。

公开(公告)号：US11983167B1

公开(公告)日：2024-05-14

申请号：US17969582

申请日：2022-10-19

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Marc V. Robichaud ,  Cory Burke ,  Alexander James ,  Jeffrey Thomas Lloyd

IPC: G06F16/33 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F16/00 ,  G06F16/23 ,  G06F16/242 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/26 ,  G06F21/62 ,  G06F40/134 ,  G06F40/174 ,  G06F40/177 ,  G06F40/186 ,  G06Q10/00 ,  G06T11/20 ,  G06Q10/10

CPC classification number: G06F16/2372 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F16/00 ,  G06F16/23 ,  G06F16/235 ,  G06F16/2423 ,  G06F16/24544 ,  G06F16/24564 ,  G06F16/2477 ,  G06F16/26 ,  G06F16/33 ,  G06F16/3334 ,  G06F21/6227 ,  G06F40/134 ,  G06F40/174 ,  G06F40/177 ,  G06F40/186 ,  G06Q10/00 ,  G06T11/206 ,  G06Q10/10 ,  G06T2200/24

Abstract: A method includes receiving, in a first query interface, a query composed by the user by typing commands into a query box of the first query interface and based on the receiving of the query, causing events corresponding to query results of the query to be displayed in the first query interface with fields corresponding to the events. Based on the selection by the user of an option, a second query interface is displayed with a table that includes events that correspond to query results of a loaded query. The table includes columns corresponding to event attributes, rows corresponding to events. Cells are populated with the data items of event attributes, where one of the columns corresponds to a field of the fields displayed in the first query interface. The table also includes interactive regions selectable by the user to add one or more commands to the loaded query.

公开(公告)号：US11983166B1

公开(公告)日：2024-05-14

申请号：US17806151

申请日：2022-06-09

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Marc V. Robichaud ,  Cory Burke ,  Jeffrey Thomas Lloyd ,  Alexander James ,  Andrew Robbins

IPC: G06F16/23 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F16/00 ,  G06F16/242 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/26 ,  G06F16/33 ,  G06F21/62 ,  G06F40/174 ,  G06F40/177 ,  G06F40/186 ,  G06Q10/00 ,  G06T11/20 ,  G06Q10/10

CPC classification number: G06F16/2372 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F16/00 ,  G06F16/23 ,  G06F16/235 ,  G06F16/2423 ,  G06F16/24544 ,  G06F16/24564 ,  G06F16/2477 ,  G06F16/26 ,  G06F16/33 ,  G06F16/3334 ,  G06F21/6227 ,  G06F40/174 ,  G06F40/177 ,  G06F40/186 ,  G06Q10/00 ,  G06T11/206 ,  G06Q10/10 ,  G06T2200/24

Abstract: In some embodiments, a method may include display of a data summary view of a set of events that correspond to query results of a query. Each event of the set of events may include data items of a plurality of event attributes. In embodiments, the data summary view can include various summary reports. Each summary report can include summary entries and a summary graph that each present a summary of data items of a selected event attribute, of the plurality of event attributes. At least one summary report can include summary entries that are selectable by a user. The method may further include filtering the set of event, in response to, and based on, selection of one or more of the selectable summary entries by the user and updating of at least the first and second summary graphs to correspond to the filtered set of events.

公开(公告)号：US11651012B1

公开(公告)日：2023-05-16

申请号：US17322239

申请日：2021-05-17

Applicant: SPLUNK Inc.

Inventor： Jindrich Dinga ,  Yuan Xie ,  Katherine Kyle Feeney ,  Jesse Miller

IPC: G06F8/33 ,  G06F16/33 ,  G06F11/34 ,  G06F11/30

CPC classification number: G06F16/334 ,  G06F8/33 ,  G06F11/30 ,  G06F11/3476 ,  G06F11/3006 ,  G06F11/3447 ,  G06F2201/815

Abstract: A method includes in response to a user selection of a command of a coding language, causing display of a set of argument blocks in a text input region based on syntax of the command Each argument block allows the user to input a value of an argument of the command to the argument block. In response to a user selection to modify the set of argument blocks, an argument block is added to the set of argument blocks displayed in the text input region based on the syntax of the command. In response to receiving from the user the input of the value of the argument to the added argument block, the command is caused to be coded in the text input region with at least the argument having the value from the input to the added argument block.

公开(公告)号：US11615073B2

公开(公告)日：2023-03-28

申请号：US16260962

申请日：2019-01-29

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Marc V. Robichaud ,  Cory Burke ,  Alexander James ,  Jeffrey Thomas Lloyd

IPC: G06F16/23 ,  G06F16/33 ,  G06F16/2458 ,  G06F16/242 ,  G06F16/26 ,  G06F16/00 ,  G06F16/2453 ,  G06F16/2455 ,  G06F3/0484 ,  G06F21/62 ,  G06T11/20 ,  G06F3/04842 ,  G06F3/0482 ,  G06Q10/00 ,  G06F40/18 ,  G06F40/134 ,  G06F40/174 ,  G06F40/177 ,  G06Q10/10

Abstract: A method includes displaying events that correspond to search results of a search query, the events comprising data items of event attributes, the events displayed in a table. The table includes columns corresponding to an event attribute, rows corresponding events, cells populated data items, and interactive regions corresponding to at least one data item and selectable to add one or more commands to the search query. A reference event attribute is determined based on an analysis of a data object. A supplemental column corresponding to a supplemental event attribute is added to the table based on the reference event attribute. Supplemental interactive regions are added to the table and correspond to supplemental data items.

公开(公告)号：US11500866B2

公开(公告)日：2022-11-15

申请号：US17128913

申请日：2020-12-21

Applicant: SPLUNK Inc.

Inventor： Marc V. Robichaud ,  Jesse Miller ,  Cory Burke ,  Alexander James ,  Jeffrey Thomas Lloyd

IPC: G06F16/2452 ,  G06F16/00 ,  G06F16/26 ,  G06F16/33 ,  G06F16/23 ,  G06F16/242 ,  G06F16/2458 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/22 ,  G06F3/0484 ,  G06F21/62 ,  G06F40/177 ,  G06T11/20 ,  G06Q10/00 ,  G06F3/0482 ,  G06F3/04842 ,  G06Q10/10

Abstract: A method includes causing display of events that correspond to search results of a search query in a table. The table includes rows representing events comprising data items of event attributes, columns forming cells with the row, the columns representing respective event attributes, and interactive regions corresponding to one or more data items of the displayed data items. The method also includes in response to the user selecting a designated interactive region, causing display of a list of options, each displayed option corresponding to an interface template for composing query commands, and based on the user selecting an option in the displayed list of options, causing one or more commands to be added to the search query, the one or more commands composed based on the one or more data items that corresponds to the designated interactive region according to instructions of the interface template of the selected option.

公开(公告)号：US20220229808A1

公开(公告)日：2022-07-21

申请号：US17589799

申请日：2022-01-31

Applicant: Splunk Inc.

Inventor： Jesse Miller

IPC: G06F16/13 ,  G06F16/14 ,  G06F11/30 ,  G06F11/32 ,  G06F16/9032

Abstract: A graphical user interface allows a customer to specify delimiters and/or patterns that occur in event data and indicate the presence of a particular field. The graphical user interface applies a customer's delimiter specifications directly to event data and displays the resulting event data in real time. Delimiter specifications may be saved as configuration settings and systems in a distributed setting may use the delimiter specifications to extract field values as the systems process raw data into event data. Extracted field values may be used to accelerate search queries that a system receives.

公开(公告)号：US11010412B2

公开(公告)日：2021-05-18

申请号：US16735055

申请日：2020-01-06

Applicant: SPLUNK INC.

Inventor： Jindrich Dinga ,  Yuan Xie ,  Katherine Kyle Feeney ,  Jesse Miller

IPC: G06F9/44 ,  G06F16/33 ,  G06F8/33 ,  G06F11/34 ,  G06F11/30

Abstract: A method includes in response to a user selection of a command of a coding language, causing display of a set of argument blocks in a text input region based on syntax of the command. Each argument block allows the user to input a value of an argument of the command to the argument block. In response to a user selection to modify the set of argument blocks, an argument block is added to the set of argument blocks displayed in the text input region based on the syntax of the command. In response to receiving from the user the input of the value of the argument to the added argument block, the command is caused to be coded in the text input region with at least the argument having the value from the input to the added argument block.

公开(公告)号：US20210042341A1

公开(公告)日：2021-02-11

申请号：US17079121

申请日：2020-10-23

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Jason Szeto ,  Jose Solis ,  Jindrich Dinga ,  David Marquardt

IPC: G06F16/34 ,  G06T11/20 ,  G06F16/335 ,  G06F16/35

Abstract: Systems and methods are disclosed involving user interface (UI) search tools for locating data, including tools for summarizing indexed raw machine data that organize and present results to enable expansion and exploration of initial summarizations. The initial summarizations may be explored and refined to help users determine how to identify and best focus a search on data subsets of greater interest.

公开(公告)号：US10853399B2

公开(公告)日：2020-12-01

申请号：US15479804

申请日：2017-04-05

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Jason Szeto ,  Jose Solis ,  Jindrich Dinga ,  David Marquardt

IPC: G06F16/34 ,  G06T11/20 ,  G06F16/335 ,  G06F16/35

Abstract: Systems and methods are disclosed involving user interface (UI) search tools for locating data, including tools for summarizing indexed raw machine data that organize and present results to enable expansion and exploration of initial summarizations. The initial summarizations may be explored and refined to help users determine how to identify and best focus a search on data subsets of greater interest.