公开(公告)号：US20220300522A1

公开(公告)日：2022-09-22

申请号：US17833816

申请日：2022-06-06

Applicant: Splunk Inc.

Inventor： Lucas Murphey ,  David Hazekamp

IPC: G06F16/2457 ,  G06F16/951 ,  G06F16/23 ,  G06F16/2458 ,  G06F16/2455 ,  G06F16/22 ,  G06F16/215

Abstract: Systems and methods for assigning scores to objects based on evaluating triggering conditions applied to datasets produced by search queries in data aggregation and analysis systems. An example method includes causing display of a user interface for generating a correlation search, the correlation search comprising a search query, a triggering condition to be applied to a dataset produced by the search query, and one or more actions to be performed when the dataset produced by the search query satisfies the triggering condition, wherein the one or more actions comprise at least modifying a score assigned to an object to which the dataset produced by the search query pertains. The example method also includes receiving, via the user interface, user input identifying the one or more actions to be performed when the dataset produced by the search query satisfies the triggering condition, the one or more actions comprising modifying the score assigned to the object, and causing generation of the correlation search based on the user input, the correlation search reflecting an association between the one or more actions and the triggering condition.

公开(公告)号：US11449464B2

公开(公告)日：2022-09-20

申请号：US16746611

申请日：2020-01-17

Applicant: SPLUNK INC.

Inventor： Jesse Miller

IPC: G06F16/13 ,  G06F16/14 ,  G06F11/30 ,  G06F11/32 ,  G06F16/9032 ,  G06F11/34

Abstract: A graphical user interface allows a customer to specify delimiters and/or patterns that occur in event data and indicate the presence of a particular field. The graphical user interface applies a customer's delimiter specifications directly to event data and displays the resulting event data in real time. Delimiter specifications may be saved as configuration settings and systems in a distributed setting may use the delimiter specifications to extract field values as the systems process raw data into event data. Extracted field values are used to accelerate search queries that a system receives.

公开(公告)号：US11429608B2

公开(公告)日：2022-08-30

申请号：US16527719

申请日：2019-07-31

Applicant: Splunk Inc.

Inventor： Karthikeyan Sabhanatarajan ,  David Ryan Marquardt ,  Steve Zhang ,  Nicholas Romito ,  Sophia Zhu

IPC: G06F16/24 ,  G06F16/2453 ,  G06F16/903

Abstract: Embodiments of the present disclosure provide techniques for emitting structured and dynamic fields from an accelerated data model. The method comprises evaluating a query to search a data model, wherein the data model is defined by a set of events and at least one structured field from fields associated with the set of events. Each event comprises a time-stamped portion of raw machine data and is stored in a field searchable data store. A summarization table is associated with the data model and comprises a plurality of entries comprising reference values, wherein a respective summarization table entry comprises: the at least one structured field; a respective field value; and a reference value. The method further comprises accessing the set of events from the field searchable data store using the reference values in the summarization table and annotating the set of events with the at least one structured field and with at least one dynamic field from the fields associated with the set of events, wherein the at least one dynamic field is not defined in the data model.

公开(公告)号：US20220269727A1

公开(公告)日：2022-08-25

申请号：US17646841

申请日：2022-01-03

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Sourav Pal ,  Sai Krishna Sajja ,  Igor Stojanovski ,  Tameem Anwar ,  Paul J. Lucas ,  Eric Woo ,  Steve Wong

IPC: G06F16/901 ,  G06F3/06 ,  G06F16/23 ,  G06F16/27 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives raw machine data at an indexing system, and stores at least a portion of the raw machine data in buckets using containerized indexing nodes instantiated in a containerized environment. The data intake and query system stores the buckets in a shared storage system.

公开(公告)号：USD961617S1

公开(公告)日：2022-08-23

申请号：US29755302

申请日：2020-10-19

Applicant: SPLUNK Inc.

Designer： Daniel Trenkner

公开(公告)号：US11422686B2

公开(公告)日：2022-08-23

申请号：US16850967

申请日：2020-04-16

Applicant: SPLUNK INC.

Inventor： Nicholas Filippi ,  Siegfried Puchbauer-Schnabel ,  Cary Noel

IPC: G06F3/04847

Abstract: Provided are systems and methods for determining and displaying automatically binned information via a graphical user interface. A graphical user interface (GUI) may include a first graphical element representing a first metric value for a first time window and a second graphical element representing a second metric value for a second time window. An indication of a selection of the first time window may be received via the GUI. An updated GUI comprising a third graphical element representing a third metric value for the third time window and a fourth graphical element representing the fourth metric value for the fourth time window may be displayed, wherein the third time window and the fourth time window may be sub-ranges of the first time window.

公开(公告)号：US11416278B2

公开(公告)日：2022-08-16

申请号：US16777495

申请日：2020-01-30

Applicant: SPLUNK INC.

Inventor： Alok A. Bhide ,  Adrian E. Hall

IPC: G06F9/44 ,  G06F9/455 ,  G06F9/445 ,  G06F11/34 ,  G06F11/30

Abstract: During operation, the system obtains hypervisor data for a set of virtual machines, wherein the hypervisor data was received from one or more hypervisors while the set of virtual machines was running on the hypervisors. The system also obtains operating system data for the set of virtual machines, wherein the operating system data was received from a set of operating systems while the set of operating systems was running on the set of virtual machines. Next, the system correlates hypervisor data for a virtual machine with corresponding operating system data for the virtual machine. Finally, the system presents the correlated hypervisor data and operating system data for the virtual machine to a user.

公开(公告)号：US11409645B1

公开(公告)日：2022-08-09

申请号：US17017124

申请日：2020-09-10

Applicant: Splunk Inc.

Inventor： Jian Zhang ,  Minghao Lu ,  Xiaolu Ye ,  Ning He

IPC: G06F9/44 ,  G06F11/36 ,  G06F17/11 ,  G06F9/48 ,  G06F9/50 ,  G06F9/54

Abstract: Systems and methods for testing a subject system with a software testing process are described. The system receives Boolean states responsive to repeatedly applying a first test case to a subject system. Each Boolean state signifies an outcome of an application of the first test case to a version of a first software feature over a span of time. The system identifies test case outcomes for the first test case that are adjacent in time and different and generates an intermittency value for the first test case. The system determines that the intermittency value for the first test case exceeds an intermittency threshold and alerts an engineering resource. Finally, the system repeats the above operations until the intermittency value for the first test case does not exceed the intermittency threshold.

公开(公告)号：US20220247784A1

公开(公告)日：2022-08-04

申请号：US17163318

申请日：2021-01-29

Applicant: Splunk Inc.

Inventor： Sourabh SATISH ,  Min XU ,  Yang LI ,  Yan LI

IPC: H04L29/06 ,  H04L12/24

Abstract: Techniques are described for providing an extension framework for an IT and security operations application. The described extension framework allows various types of users to extend the user interfaces, data content, and functionality of an IT and security operations application to enhance and enrich users' workflow and investigative experiences. Example types of extensions enabled by the extension framework include modifying or supplementing GUI elements and other components, where users can implement these extensions at pre-defined extension points of the IT and security operations application. The extension framework further includes a data integration system that provides users with mechanisms to integrate data from external applications, services, or other data sources into their plugins.

公开(公告)号：US20220245093A1

公开(公告)日：2022-08-04

申请号：US17163047

申请日：2021-01-29

Applicant: SPLUNK INC.

Inventor： Alexandros Batsakis ,  Ankit Jain ,  Manu Jose ,  Jonah Pan ,  Hailun Yan

IPC: G06F16/14 ,  G06F16/182

Abstract: Embodiments described herein facilitate enhancement of data model acceleration, including generating data model summaries and performing searches in an accelerated manner. In one implementation, obtaining a search query from a user device. A determination may be made to execute a search, in association with the search query, via an external computing service. As such, the search query, or a variant thereof, can be provided to the external computing service, wherein the external computing service executes the search using data model summaries stored in a remote data store that is separate from a set of events from which the data model summaries were generated. A set of search results are received from the external computing service, and such search results are provided to the user device.