公开(公告)号：US11989707B1

公开(公告)日：2024-05-21

申请号：US17329384

申请日：2021-05-25

Applicant: SPLUNK Inc.

Inventor： Alexander D. Munk

IPC: G06Q20/10 ,  G06F16/31 ,  G06Q20/08

CPC classification number: G06Q20/102 ,  G06F16/316 ,  G06Q20/08

Abstract: Provided are systems and methods for managing storage of machine data. In one embodiment, a method can be provided. The method can include receiving, from one or more data sources, raw machine data; processing the raw machine data to generate processed machine data; storing the processed machine data in a data store; and determining an allocated data size associated with the processed machine data stored in the data store, wherein the allocated data size is the size of the raw machine data corresponding to the processed machine data stored in the data store.

公开(公告)号：US11977544B2

公开(公告)日：2024-05-07

申请号：US17876404

申请日：2022-07-28

Applicant: Splunk Inc.

Inventor： David Ryan Marquardt ,  Karthikeyan Sabhanatarajan ,  Steve Yu Zhang

IPC: G06F16/20 ,  G06F16/22 ,  G06F16/2453 ,  G06F16/2458

CPC classification number: G06F16/24537 ,  G06F16/2228 ,  G06F16/2477

Abstract: Embodiments of the present disclosure provide techniques for using an inverted index in a pipelined search query. A field searchable data store is provided that comprises a plurality of event records, each event record comprising a time-stamped portion of raw machine data. Responsive to the reciept of an incoming search query, the search engine accesses an inverted index, wherein each entry in the inverted index comprises at least one field name, a corresponding at least one field value and a reference value associated with each field name and value pair that identifies a location in the data store where an associated event record is stored. Once the inverted index is accessed, it can be used to identify and search a subset of the plurality of event records, wherein the subset comprises one or more event records with corresponding reference values in the inverted index.

公开(公告)号：US20240143612A1

公开(公告)日：2024-05-02

申请号：US18051458

申请日：2022-10-31

Applicant: Splunk Inc.

Inventor： Nasim Bigdelu ,  Margaret Kelley ,  Mirjana Tesic ,  Rebecca Tortell ,  Rajesh Raman

IPC: G06F16/248 ,  G06F16/242

CPC classification number: G06F16/248 ,  G06F16/2425

Abstract: Systems and methods are described for generation and execution of modified queries. An input can be received via a visualization of a user interface. The input may identify a first field value and a first field for execution of a query. A set of data for execution of the query can be identified based on the input. Alias data may identify a second field that is associated with the first field. Using the alias data, a modified query can be generated based on the query and the second field. The modified query can be executed to generate query results. The query results can be displayed via a visualization of the user interface based on the first field.

公开(公告)号：US11954541B1

公开(公告)日：2024-04-09

申请号：US17588074

申请日：2022-01-28

Applicant: Splunk Inc.

Inventor： Craig Keith Carl

IPC: G06F9/54

CPC classification number: G06F9/546

Abstract: Techniques are described for providing a highly available data ingestion system for ingesting machine data sent from remote data sources across potentially unreliable networks. To provide for highly available delivery of such data, a data intake and query system provides users with redundant sets of ingestion endpoints to which messages sent from users' computing environments can be delivered to the data intake and query system. Users' data sources, or data forwarding components configured to obtain and send data from one or more data sources, are then configured to encapsulate obtained machine data into discrete messages and to send copies of each message to two or more of the ingestion endpoints provisioned for a user. The ingestion endpoints receiving the messages implement a deduplication technique and provide only one copy of each message to a subsequent processing component (e.g., to an indexing subsystem for event generation, event indexing, etc.).

公开(公告)号：US11954127B1

公开(公告)日：2024-04-09

申请号：US17316421

申请日：2021-05-10

Applicant: Splunk Inc.

Inventor： Nicholas J. Filippi ,  Siegfried Puchbauer ,  Ruyuan Ge

IPC: G06F16/00 ,  G06F16/2458 ,  G06F16/28

CPC classification number: G06F16/283 ,  G06F16/2465

Abstract: Systems and methods are disclosed for associating summarizations of visualizations of a data set based on affinities between the summarizations. For a data set, a number of summarizations may be created that summarizes the data set in different ways. The summarizations may be linked, such that selecting a data element of a first summarization causes display of a second summarization. To assist in linking of summarizations, suggested linkings between summarizations can be determined based on affinities of the two summarizations. Affinities can reflect similarities in the data content of the two summarizations, such as an output of a first summarization being a valid input to the second summarization.

公开(公告)号：US11949547B2

公开(公告)日：2024-04-02

申请号：US17387811

申请日：2021-07-28

Applicant: SPLUNK Inc.

Inventor： Ryan Lee Faircloth ,  Ankit Chetan Bhagat ,  Mayur Sanjaybhai Pipaliya ,  Yuan Ling

IPC: G06F15/173 ,  H04L41/0213 ,  H04L41/046 ,  H04L67/306

CPC classification number: H04L41/0213 ,  H04L41/048 ,  H04L67/306

Abstract: Techniques are described for automating the configuration of a simple network management protocol (SNMP) manager device for enabling collection of SNMP data from one or more SNMP-enabled devices. Based upon SNMP object identifiers (OIDs) received from an SNMP-enabled device, processing is performed to map the OIDs to one or more SNMP management information bases (MIBs) corresponding to the OIDs. The identification of the OIDs and mapping the OIDs to one or more MIBs is performed in an automated manner and substantially free of any human or manual intervention. The identified one or more MIBs are then used to configure the SNMP manager to enable SNMP communications between the SNMP-enabled device and the SNMP manager. In certain implementations, the identified one or more MIBs are loaded into system memory by the SNMP manager.

公开(公告)号：US11934418B2

公开(公告)日：2024-03-19

申请号：US17447620

申请日：2021-09-14

Applicant: Splunk Inc.

Inventor： Ashish Mathew ,  Ledion Bitincka ,  Igor Stojanovski ,  Dhruva Kumar Bhagi

IPC: G06F16/248 ,  G06F16/21 ,  G06F16/22 ,  G06F16/28

CPC classification number: G06F16/248 ,  G06F16/2228 ,  G06F16/285 ,  G06F16/21

Abstract: Techniques and mechanisms are disclosed to optimize the size of index files to improve use of storage space available to indexers and other components of a data intake and query system. Index files of a data intake and query system may include, among other data, a keyword portion containing mappings between keywords and location references to event data containing the keywords. Optimizing an amount of storage space used by index files may include removing, modifying and/or recreating various components of index files in response to detecting one or more storage conditions related to the event data indexed by the index files. The optimization of index files generally may attempt to manage a tradeoff between an efficiency with which search requests can be processed using the index files and an amount of storage space occupied by the index files.

公开(公告)号：US11934417B2

公开(公告)日：2024-03-19

申请号：US17373580

申请日：2021-07-12

Applicant: Splunk Inc.

Inventor： Ai-Chi Lu ,  Arun Ramani ,  Nicholas Matthew Tankersley

IPC: G06F7/00 ,  G06F3/04847 ,  G06F16/00 ,  G06F16/248 ,  G06F16/9535 ,  G06F3/04842

CPC classification number: G06F16/248 ,  G06F3/04847 ,  G06F16/9535 ,  G06F3/04842

Abstract: Data intake and query system (DIQS) instances supporting applications including lower-tier, focused, work group oriented applications, are tailored to display the metrics for the needs of the user. An interface caused by operation of an entity monitoring system (EMS) operating in conjunction with the lower-tier DIQS displays the monitored entities as individual representations. The user selects a metric and a metric threshold. The EMS causes a display of an interface having a representation for each monitored entity. Each representation includes a metric value and indicates an entity status based on the metric value and the threshold. The user can dynamically change the threshold on the interface for easy visualization of aggregation of monitored entities to determine the performance of the infrastructure. The interface also provides the user with the ability to select an entity and click through to the entity analysis workspace for more detailed information.

公开(公告)号：US11934256B1

公开(公告)日：2024-03-19

申请号：US17336013

申请日：2021-06-01

Applicant: Splunk Inc.

Inventor： Vitaly Akulov ,  Amritpal Singh Bath ,  William King Colgate ,  Sarah Harun ,  Jibang Liu ,  Vishal Patel ,  Tingjin Xu

IPC: G06F16/24 ,  G06F11/07 ,  G06F11/32 ,  G06F11/34 ,  H04L43/0852 ,  H04L43/10

CPC classification number: G06F11/0757 ,  G06F11/079 ,  G06F11/328 ,  G06F11/3452 ,  G06F11/3476 ,  G06F2201/80 ,  H04L43/0852 ,  H04L43/10

Abstract: In accordance with various embodiments of the present disclosure, a first instance of a data intake and query system (DIQS) may receive latency data that indicates latency states of second instances of the DIQS, the latency states indicative of latencies associated with processing of event data by the plurality of second instances. The first instance may then determine overall latency state of the first instance based, at least in part, on determining number or percentage of the first instance and the second instances of the DIQS having one or more particular latency states, and determining whether the number or percentage of the first instance and the f second instances of the DIQS having the one or more particular latency states is equal to or exceeds a threshold. The first instance may then present the overall latency state of the first instance.

公开(公告)号：US11922232B2

公开(公告)日：2024-03-05

申请号：US17506358

申请日：2021-10-20

Applicant: Splunk Inc.

Inventor： Maryann Cristofi ,  Jeff Roecks ,  Kavita Varadarajan

IPC: G06F3/00 ,  G06F3/0482 ,  G06F9/44 ,  G06F9/54 ,  G06F21/62

CPC classification number: G06F9/542 ,  G06F3/0482 ,  G06F9/44 ,  G06F21/62 ,  G06F2221/2113

Abstract: Techniques are described for providing an IT and security operations mobile application for managing IT and security operations instances of an IT and security operations application via a mobile device. The IT and security operations mobile application can be linked to the IT and security operations application to enable the IT and security operations application to send messages (e.g., notifications, alerts, action requests, etc.) related the occurrences of incidents/events in an IT environment, such as security-related incident, that can impact the operation of the IT environment. The IT and security operations mobile application enables a user to respond to the messages by initiating actions that are sent to the IT and security operations application for executing within the IT environment.