公开(公告)号：US11509706B1

公开(公告)日：2022-11-22

申请号：US17141148

申请日：2021-01-04

Applicant: SPLUNK INC.

Inventor： Marios Iliofotou ,  Ravi Bulusu ,  Ashwin Athalye ,  Sathya Kavacheri ,  Shekar Kesarimanglam

IPC: H04L67/02 ,  H04L67/306 ,  H04L67/50 ,  H04L67/1001

Abstract: A deployment manager executing in a distributed computing environment generates a user behavior analytics (UBA) deployment to process structured event data. The deployment manager configures a streaming cluster to perform streaming processing on real-time data and configures a batch cluster to perform batch processing on aggregated data. A configuration manager executing in the distributed computing environment interoperates with the deployment manager to update the UBA deployment with user-provided code and configurations that define streaming and batch models, among other things. In this manner, the deployment manager provides a scalable UBA deployment that can be customized, via the configuration manager, by a user.

公开(公告)号：US11507562B1

公开(公告)日：2022-11-22

申请号：US16419941

申请日：2019-05-22

Applicant: Splunk Inc.

Inventor： Stephen Robert Luedtke ,  Nathaniel Gerard McKervey ,  Ryan Russell Moore ,  Jeffrey Yung Wu

IPC: G06F16/23 ,  G06F16/22 ,  G06F16/2458 ,  G06F16/27

Abstract: Systems and methods are described to associate data from different nodes of a distributed ledger system. The nodes can generate transaction notifications, log data, and/or metrics data. At least some of the data generated by the nodes can be obtained by a data intake and query system via a distributed ledger system monitor. The data from the distributed ledger system can be stored in the data intake and query system and correlated. Based on an association between at least some of the data of the first node and at least some of the data of the second node, the data intake and query system can determine at least a partial history of a transaction in the distributed ledger system, relationships between components of the distributed ledger system, and/or an architecture of the distributed ledger system.

公开(公告)号：US20220365932A1

公开(公告)日：2022-11-17

申请号：US17876404

申请日：2022-07-28

Applicant: Splunk Inc.

Inventor： David Ryan Marquardt ,  Karthikeyan Sabhanatarajan ,  Steve Yu Zhang

IPC: G06F16/2453 ,  G06F16/2458 ,  G06F16/22

Abstract: Embodiments of the present disclosure provide techniques for using an inverted index in a pipelined search query. A field searchable data store is provided that comprises a plurality of event records, each event record comprising a time-stamped portion of raw machine data. Responsive to the reciept of an incoming search query, the search engine accesses an inverted index, wherein each entry in the inverted index comprises at least one field name, a corresponding at least one field value and a reference value associated with each field name and value pair that identifies a location in the data store where an associated event record is stored. Once the inverted index is accessed, it can be used to identify and search a subset of the plurality of event records, wherein the subset comprises one or more event records with corresponding reference values in the inverted index.

公开(公告)号：US11501184B1

公开(公告)日：2022-11-15

申请号：US16119322

申请日：2018-08-31

Applicant: Splunk Inc.

Inventor： Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC: G06Q10/06 ,  G06F8/34 ,  G06N5/04 ,  G06N5/02

Abstract: Described herein are improvements for generating courses of action for an information technology (IT) environment. In one example, a method includes determining that a decision step occurs between a one step and two or more other steps of a first course of action associated with an incident type in the information technology environment. The method further includes determining possible outputs of the one step that, when used as input to the decision step, cause the first course of action to proceed from the decision step to respective steps of the two or more other steps. The method also includes incorporating logic into the decision step to direct the course of action to respective steps of the two or more other steps based on one or more of the possible outputs.

公开(公告)号：US11500875B2

公开(公告)日：2022-11-15

申请号：US17086043

申请日：2020-10-30

Applicant: Splunk Inc.

Inventor： Arindam Bhattacharjee ,  Sourav Pal ,  Christopher Pride

IPC: G06F16/00 ,  G06F16/2455 ,  G06F11/30 ,  G06F7/53 ,  G06F16/27 ,  G06F11/34

Abstract: Systems and methods are disclosed for processing and executing queries against one or more dataset. As part of processing the query, the system determines whether the query is susceptible to a significantly imbalanced partition. In the event, the query is susceptible to an imbalanced partition, the system monitors the query and determines whether to perform a multi-partitioning determination to avoid a significantly imbalanced partition.

公开(公告)号：US11500783B1

公开(公告)日：2022-11-15

申请号：US17382043

申请日：2021-07-21

Applicant: Splunk Inc.

Inventor： Bharath Aleti ,  Alexandros Batsakis ,  Paul J. Lucas ,  Igor Stojanovski

IPC: G06F12/121 ,  G06F16/22 ,  G06F16/2455

Abstract: Systems and methods are disclosed for making space available in a local storage of a data intake and query system. A cache manager of the data intake and query system may determine an amount of storage space of a local data store that is available for use to perform a query. The cache manager may then use one or more eviction policies associated with content stored at the local data store to purge content items to evict from the local storage. The system may then retrieve content for performing the query from a remote storage and store the retrieved content at the local storage.

公开(公告)号：US11477161B1

公开(公告)日：2022-10-18

申请号：US17514814

申请日：2021-10-29

Applicant: SPLUNK Inc.

Inventor： Abhinav Mishra ,  Giovanni Mola ,  Ram Sriharsha ,  Zhaohui Wang

IPC: H04L61/4511 ,  H04L67/141 ,  H04L43/067 ,  H04L47/28 ,  G06F40/205

Abstract: A computerized method is disclosed that includes accessing domain name server (DNS) record data including a plurality of DNS records spanning a first time period, performing a time-to-live (TTL) analysis to determine a TTL run length distribution for the DNS record data, wherein the TTL analysis includes: generating a vector of the TTL values of each DNS record ordered sequentially in time, parsing the vector of the TTL values into segments, where a segment consists of one or more TTL values where a current TTL value is less than an immediately preceding TTL value, and determining the TTL run length distribution, determining whether DNS beaconing is present based on a result of the TTL analysis and in response to determining that DNS beaconing is present, generating an alert for a system administrator.

公开(公告)号：US11461408B1

公开(公告)日：2022-10-04

申请号：US16399986

申请日：2019-04-30

Applicant: SPLUNK INC.

Inventor： Devin Bhushan ,  Jesse Chor ,  Glen Wong

IPC: G06F16/909 ,  H04W4/021 ,  G06F16/9038 ,  H04W4/02

Abstract: A mobile device is fitted with a receiver, a location sensor, and optionally a camera. The mobile device may be further fitted with a data visualization software application program, which may include extended reality (XR) functionality, executing on a processor within a system. Via the data visualization software application program, various techniques are performed for displaying data visualizations based on any number of geofences and beacon devices in proximity to the mobile device.

公开(公告)号：US11461378B1

公开(公告)日：2022-10-04

申请号：US16399993

申请日：2019-04-30

Applicant: SPLUNK INC.

Inventor： Devin Bhushan ,  Jesse Chor ,  Glen Wong

IPC: G06F7/00 ,  G06F16/34 ,  G06F16/31 ,  G06F16/387 ,  G06F16/335

Abstract: Various embodiments of the present application set forth a computer-implemented method that includes determining a first set of criteria associated with at least a first user or a first client device, transmitting, by the first client device, a first request for data to a data source, wherein the first request includes the first set of criteria, receiving a first dashboard that includes a first set of visualizations, wherein each visualization in the first set of visualizations is generated by filtering a set of field values based on the first set of criteria, and wherein the set of field values is determined by the data source based on executing a query on raw machine data, and displaying, by the first client device, at least a portion of the first dashboard.

公开(公告)号：US11461350B1

公开(公告)日：2022-10-04

申请号：US17190150

申请日：2021-03-02

Applicant: Splunk Inc.

Inventor： Dharmalingam Madheswaran

IPC: G06F16/248 ,  G06F16/22 ,  H04L41/22 ,  G06F16/245 ,  G06F16/28 ,  G06F9/451 ,  G06F16/25

Abstract: An asset monitoring and reporting system (AMRS) implements decoupled update cycle and disparate search frequency dispatch for dynamic elements of an asset monitoring and reporting system. The AMRS identifies occurrence of an update to a visualization of a client dashboarding component of an AMRS, the visualization of the client dashboarding component comprising dynamic elements that each correspond to a search query to be submitted for execution to identify a value of a metric of an asset node associated with a respective dynamic component. The AMRS further sends a request indicative of the dynamic elements to the server component, receives dynamic element objects for the dynamic elements, the dynamic element objects specifying search queries corresponding to the dynamic elements, modifies dynamic element searches of the dashboarding component in accordance with the search queries, and stores a definition of the visualization as control information.