公开(公告)号：US12038926B1

公开(公告)日：2024-07-16

申请号：US17163220

申请日：2021-01-29

Applicant: SPLUNK INC.

Inventor： Jay A. Pathak ,  Steve Yu Zhang

IPC: G06F16/2455 ,  G06F16/22

CPC classification number: G06F16/2455 ,  G06F16/2228

Abstract: A computer-implemented method of determining indexed fields at query time comprises mapping data from a first source type to indexed fields in batch form using a wildcard specifier. The method also comprises receiving a query to execute on a data set comprising data from the first source type and data from a second source type. Further, the method comprises transforming the query to execute on the data from the first source type separately from the data from the second source type. Additionally, the method comprises executing the query to operate on the data from the first source type using information associated with the indexed fields and to separately operate on the data from the second source type.

公开(公告)号：US20240232219A9

公开(公告)日：2024-07-11

申请号：US18494312

申请日：2023-10-25

Applicant: Splunk Inc.

Inventor： Glenn Block ,  Patrick Ogdin

IPC: G06F16/26 ,  G06F16/22 ,  G06F16/248 ,  G06F16/25 ,  G06F16/951

CPC classification number: G06F16/26 ,  G06F16/2228 ,  G06F16/248 ,  G06F16/254 ,  G06F16/951

Abstract: A data intake and query system processes and stores events, which are associated with token identifiers for tokens corresponding to data sources for the messages that the events are generated from. Thus, the data intake and query system can receive a request to provide analyses and visualizations regarding stored events associated with a particular component associated with a plurality of events, such as a data source for the messages from which the plurality of events are generated from. These requests and the resulting visualizations can be customized based on selected tokens and selected components.

公开(公告)号：US12034759B2

公开(公告)日：2024-07-09

申请号：US17507698

申请日：2021-10-21

Applicant: SPLUNK INC.

Inventor： John Coates ,  Lucas Murphey ,  David Hazekamp ,  James Hansen

IPC: H04L9/40 ,  G06F16/28 ,  G06F21/55

CPC classification number: H04L63/1433 ,  G06F16/285 ,  G06F21/554 ,  H04L63/14 ,  H04L63/1408 ,  H04L63/1416 ,  G06F2221/034 ,  G06F2221/2151 ,  H04L63/20

Abstract: A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.

公开(公告)号：US12028226B1

公开(公告)日：2024-07-02

申请号：US17974011

申请日：2022-10-26

Applicant: SPLUNK Inc.

Inventor： Abhijit Bhave ,  Jiani Chen ,  Ananta Krishna Vijay Kumar Gampaa ,  Everett Kotler ,  Rehan Salman Mulla ,  Tapan Manojkumar Shah ,  Ian Edward Torbett ,  Bixia Yan

IPC: H04L43/045 ,  H04L43/00 ,  H04L43/08

CPC classification number: H04L43/045 ,  H04L43/08 ,  H04L43/14

Abstract: An example method of content pack management by a service monitoring system includes: receiving a plurality of object identifiers, each object identifier referencing a corresponding object installed in an instance of a service monitoring system; performing a partial backup of the instance of a service monitoring system, wherein the partial backup comprises a plurality of objects referenced by the plurality of object identifiers; converting the partial backup into a plurality of object definitions in a predefined format; and packaging the plurality of object definitions into a content pack.

公开(公告)号：US12028222B1

公开(公告)日：2024-07-02

申请号：US17560747

申请日：2021-12-23

Applicant: Splunk Inc.

Inventor： Atif Mahadik ,  Ryan Connor Means ,  Govind Salinas ,  Sourabh Satish

IPC: H04L41/14 ,  H04L41/0631 ,  H04L41/0654 ,  H04L41/22

CPC classification number: H04L41/145 ,  H04L41/0636 ,  H04L41/0645 ,  H04L41/0654 ,  H04L41/22

Abstract: Described herein are improvements for generating courses of action for an information technology (IT) environment. In one example, a method includes identifying a first course of action for responding to an incident type in an information technology environment and generating a simulated incident associated with the incident type. The method further includes initiating performance of the first course of action based on the generation of the simulated incident. The method also includes, upon reaching a particular step of the first course of action that prevents the performance of the first course of action from proceeding, providing a first simulated result that allows the performance of the first course of action to proceed.

公开(公告)号：US12026176B2

公开(公告)日：2024-07-02

申请号：US18313240

申请日：2023-05-05

Applicant: SPLUNK INC.

Inventor： Da Xu ,  Sundar Vasan ,  Dhruva Kumar Bhagi

IPC: G06F16/27 ,  G06F3/06 ,  G06F11/20 ,  G06F11/30 ,  G06F11/32 ,  G06F11/34 ,  G06F16/22 ,  H04L67/1097

CPC classification number: G06F16/27 ,  G06F11/2094 ,  G06F11/3006 ,  G06F11/3072 ,  G06F11/32 ,  G06F11/3409 ,  G06F11/3476 ,  G06F16/2272 ,  H04L67/1097 ,  G06F3/0617 ,  G06F2201/86

Abstract: A method for performing disaster recovery in a clustered environment comprises identifying, at a master device, a first indexer from a set of indexers to serve as a primary indexer for responding to queries pertaining to a subset of data. The method also comprises assigning, at the master device, a generation identifier indicating that the first indexer is the primary indexer for the subset of data. Responsive to an event prompting a change in a primary indexer designation for the subset of data, the method comprises identifying, at the master device, a second indexer from the set of indexers to serve as the primary indexer for responding to queries pertaining to the subset of data. Further, the method comprises assigning, at the master device, a new generation identifier indicating that the second indexer is the primary indexer for the subset of data.

公开(公告)号：US12021698B1

公开(公告)日：2024-06-25

申请号：US18115822

申请日：2023-03-01

Applicant: SPLUNK Inc.

Inventor： Ankur Ashok Kath ,  Ayyappa Muthusami ,  Jeffrey Wen-Young Shih ,  Ian Edward Torbett ,  Peter Wu

IPC: H04L41/0893 ,  G06F11/34 ,  H04L41/0604 ,  H04L41/0894 ,  H04L41/22 ,  H04L41/5009 ,  H04L43/065 ,  H04L43/0805

CPC classification number: H04L41/0893 ,  G06F11/3428 ,  H04L41/0613 ,  H04L41/0894 ,  H04L41/22 ,  H04L41/5012 ,  H04L43/065 ,  H04L43/0805

Abstract: An example method of entity lifecycle management in a service monitoring system includes: receiving, by a software application of a service monitoring system, a policy definition specifying an entity lifecycle management policy, wherein the entity lifecycle management policy defines management rules for a plurality of entities in a network environment, wherein each entity of the plurality of entities is represented by one of: a device, an application, a service, or a user account; identifying, by applying the entity lifecycle management policy, one or more candidate entities for retirement; identifying, as retired entities, at least a subset of the one or more candidate entities; and excluding the retired entities from a plurality of active entities, thus preventing the retired entities from interacting with other components of the service monitoring system; and determining a value of a key performance indicator (KPI) reflecting an aspect of performance of the service, wherein the KPI is defined by a search query that derives the value of the KPI from machine data associated with one or more entities of the plurality of active entities.

公开(公告)号：US12014255B1

公开(公告)日：2024-06-18

申请号：US18334996

申请日：2023-06-14

Applicant: Splunk Inc.

Inventor： Iryna Vogler-Ivashchanka ,  Iman Makaremi

IPC: G06N20/00 ,  G06F16/9038 ,  G06F17/18

CPC classification number: G06N20/00 ,  G06F16/9038 ,  G06F17/18

Abstract: Techniques are described for providing a machine learning (ML) data analytics application including guided ML workflows that facilitate the end-to-end training and use of various types of ML models, where such guided workflows may also be referred to as ML “experiments.” One such model is an outlier detection model to assist in the monitoring of computer network traffic and computer performance. For example, the ML data analytics application may generate an outlier detection model using user-identified data from a data source and parameter information. The generates outlier detection model can include distribution functions of distribution types selected from a plurality of distribution types by a distribution fitting algorithm.

公开(公告)号：US12013880B2

公开(公告)日：2024-06-18

申请号：US17721251

申请日：2022-04-14

Applicant: SPLUNK Inc.

Inventor： Nishant Agarwal ,  Houwu Bai ,  Darshan Patel ,  Rajesh Raman ,  Joseph Ari Ross

IPC: G06F16/28 ,  G06F16/2455 ,  G06F16/2458 ,  H04L43/08

CPC classification number: G06F16/287 ,  G06F16/24568 ,  G06F16/2477 ,  H04L43/08

Abstract: Described are systems, methods, and techniques for collecting, analyzing, processing, and storing time series data and for evaluating and dynamically estimating a resolution of one or more streams of data points and updating an output resolution. Responsive to receiving a stream of data points, a data resolution can be derived and an output resolution can be set to a first value. When a change to the data resolution is detected, the output resolution can be changed, modifying a frequency at which output data points are generated and/or transmitted. In some instances, a detector can be implemented to trigger an alert responsive to ingested data points corresponding with triggering parameters. An output resolution for the detector can be dynamically modified based on dynamically detecting a change to the data resolution of the stream of data.

公开(公告)号：US12001426B1

公开(公告)日：2024-06-04

申请号：US18295567

申请日：2023-04-04

Applicant: Splunk Inc.

Inventor： Chandrashekar Basavaiah ,  Elizabeth Li ,  Eric Tschetter ,  Joshua Walters

IPC: G06F9/44 ,  G06F8/77 ,  G06F16/21 ,  G06F16/2452

CPC classification number: G06F16/24526 ,  G06F8/77 ,  G06F16/212

Abstract: Systems and methods are disclosed for supporting transformations of a graph generated from a query to event data. The event data may be unstructured event data, from which instances of a journey can be identified that represent sequences of related events describing actions performed in a computing environment. When evaluating journey instances, it can be helpful to visualize the instances as a graph. Depending on the instances viewed, a user may desire different modifications to the graph. While such modifications can be made when initially building instances from the unstructured event data, this can limit reuse of the resulting instances (since the modification would also be present when evaluating other subsets). To address this, embodiments of the present disclosure enable graph modifications to be applied to subsets of journey instances after building those instances from unstructured event data, increasing reuse of instances built from a query against the unstructured data.