公开(公告)号：US11348294B2

公开(公告)日：2022-05-31

申请号：US17013115

申请日：2020-09-04

Applicant: Splunk Inc

Inventor： Nicholas Filippi ,  Simon Fishel ,  Siegfried Puchbauer-Schnabel ,  Mathew Elting ,  Carl Yestrau

IPC: G06T11/20 ,  G06F16/9038

Abstract: Embodiments of the disclosure are systems and methods for updating third party visualizations in response to a query. In one embodiment, a method is provided that includes receiving input data comprising events, where the events comprise time-stamped machine-generated data. The method also comprises receiving a modular visualization that includes a variable field associated with a visualization and instructions for rendering the visualization using the input data and the variable field. Further, the method comprises rendering the visualization based on the input data and a value associated with the variable field. Additionally, the method comprises updating the value of the variable field and obtaining updated input data using a search query that is generated using the updated value. The visualization is re-rendered based on the updated input data and the updated value.

公开(公告)号：US11341129B2

公开(公告)日：2022-05-24

申请号：US16216021

申请日：2018-12-11

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Marc V. Robichaud ,  Cory Burke ,  Jeffrey Thomas Lloyd

IPC: G06F16/2452 ,  G06F16/00 ,  G06F16/26 ,  G06F16/33 ,  G06F16/23 ,  G06F16/242 ,  G06F16/2458 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/22 ,  G06F3/0484 ,  G06F21/62 ,  G06F40/177 ,  G06T11/20 ,  G06Q10/00 ,  G06F3/0482 ,  G06F3/04842 ,  G06Q10/10

Abstract: Embodiments of the present invention provide methods, computer-readable media, and systems directed at providing a data summary view. In some embodiments, a method may include receiving a request to display a data summary view of search results of a search query. The request may be received while the search results are displayed in a table format. The method may further include causing display of the data summary view. The data summary view can include a summary report for a selected event attribute of a plurality of event attributes that are represented in the table format. The summary report can include summary entries that present a summary of data items of the selected event attribute and a summary graph of the data items. The summary graph may depict a distribution of at least a subset of the data items of the selected event attribute over a period of time.

公开(公告)号：US11340774B1

公开(公告)日：2022-05-24

申请号：US16542774

申请日：2019-08-16

Applicant: Splunk Inc.

Inventor： Manish Sainani ,  Adam Jamison Oliner ,  Jacob Barton Leverich ,  Leonid Alekseyev ,  Sonal Maheshwari

IPC: G06F15/16 ,  G06F3/0488

Abstract: Techniques are disclosed for anomaly detection based on a predicted value. A search query can be executed over a period of time to produce values for a key performance indicator (KPI), the search query defining the KPI and deriving a value indicative of the performance of a service at a point in time or during a period of time, the value derived from machine data pertaining to one or more entities that provide the service. A graphical user interface (GUI) enabling a user to indicate a sensitivity setting can be displayed. A user input indicating the sensitivity setting can be received via the GUI. Zero or more of the values as anomalies can be identified in consideration of the sensitivity setting indicated by the user input.

公开(公告)号：US20220156335A1

公开(公告)日：2022-05-19

申请号：US17589764

申请日：2022-01-31

Applicant: Splunk Inc.

Inventor： Arindam Bhattacharjee ,  Alexander Douglas James ,  Sourav Pal

IPC: G06F16/9535 ,  G06F9/54 ,  G06F9/50 ,  G06F16/903 ,  G06F16/2458

Abstract: Systems and methods are disclosed for processing streaming data. The data can come from various sources. Worker nodes can be configured to process the streaming data, without delays that may be caused by indexing the data. The data can be filtered and/or transformed as it is processed. In some cases, data can be stored in a data store without transformation. The data in the data store can be accessed and processed at a later time.

公开(公告)号：US20220141188A1

公开(公告)日：2022-05-05

申请号：US17213864

申请日：2021-03-26

Applicant: Splunk Inc.

Inventor： James Apger ,  Kyle Champlin

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/26

Abstract: Described herein, is a technique of data reduction and focusing for system and network security. Anomaly alerts pertain to specific risk objects that are network devices or users that triggered the associated anomaly. Threat objects are entities used by the risk object that include the specific activity of the risk object that triggered the anomaly. Once identified, threat objects are linked to the risk objects that they respectively pertain to. The link between a risk object and a threat object is generated via searchable metadata. Through linking, relationships are built between threat objects and risk objects. Links are between a number (N) risk objects and a number (M) of threat objects. The relationships are surfaced to a user based on satisfaction of predetermined thresholds. Examples of display to the user may include generation of a threat report, anomaly alerts, or graphical presentations depicting the links in the relationship(s). Where alerts are limited (via searches or reports) to relationships between threat objects and risk objects that are of a predetermined character, the excessive amount of data is reduced to a manageable number of notices.

公开(公告)号：US11316749B1

公开(公告)日：2022-04-26

申请号：US17076740

申请日：2020-10-21

Applicant: Splunk Inc.

Inventor： Horst Werner

IPC: G06T17/05 ,  H04L41/14 ,  G06T11/20 ,  H04L67/10 ,  H04L41/12

Abstract: In accordance with various embodiments of the present disclosure, topology data, machine performance data, and service performance data of at least one stack of a cloud computing system are received by a cityscape generator. The cityscape generator may then generate a three-dimensional cityscape including at least one neighborhood that represents the at least one stack of the cloud computing system, the at least one neighborhood includes a cluster of first nodes associated with compute resources of a frontend of the at least one stack, a cluster of second nodes associated with compute resources of a backend of the at least one stack, and a cluster of third nodes associated with compute resources of a database cluster of the at least one stack, the generation of the three-dimensional cityscape being based the topology data, the machine performance data, and the service performance data. The cityscape generator may then cause the display of the three-dimensional cityscape.

公开(公告)号：US11314753B2

公开(公告)日：2022-04-26

申请号：US16051310

申请日：2018-07-31

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Arindam Bhattacharjee

IPC: G06F7/00 ,  G06F16/2458 ,  G06F16/27 ,  G06F16/21 ,  G06F16/22

Abstract: Systems and methods are disclosed for receiving and executing a query received from a data intake and query system and providing results to a first group of worker nodes in a distributed execution environment. The query identifies a set of data to be processed and a manner of processing the set of data. Based on the query, the system defines a query processing scheme, and generates instructions for a second group of worker nodes to obtain the set of data from one or more dataset sources and to process the set of data. The system communicates results of the query to the first group of worker nodes.

公开(公告)号：US11314744B2

公开(公告)日：2022-04-26

申请号：US16450845

申请日：2019-06-24

Applicant: Splunk Inc.

Inventor： Eric Woo

IPC: G06F17/30 ,  G06F16/2455 ,  G06F16/248 ,  G06F16/2458

Abstract: Embodiments of the present disclosure are directed to an interactive development environment (IDE) interface that provides historical visualization of queries and query result information iteratively and intuitively. According to an embodiment of the present disclosure, a process is provided to generate visualizations of queries and processed query result information in a single, persistent, integrated display. Each query and resultant search data information is presented iteratively in chronological order, and maintain a persistent, viewable history of a search data exploration session.

公开(公告)号：US11314737B2

公开(公告)日：2022-04-26

申请号：US16134778

申请日：2018-09-18

Applicant: Splunk Inc.

Inventor： Michael Dickey

IPC: G06F16/245 ,  G06F16/2455

Abstract: The disclosed embodiments provide a method and system for processing network data. During operation, the system obtains one or more event streams from one or more remote capture agents over one or more networks, wherein the one or more event streams include event data generated from network packets captured by the one or more remote capture agents. Next, the system applies one or more transformations to the one or more event streams to obtain transformed event data from the event data. The system then enables querying of the transformed event data.

公开(公告)号：US11314613B2

公开(公告)日：2022-04-26

申请号：US16716042

申请日：2019-12-16

Applicant: SPLUNK, INC.

Inventor： Alok A. Bhide ,  Poorva Malviya ,  Leonid V. Alekseyev

IPC: G06F9/455 ,  G06F11/32 ,  G06F9/50 ,  G06F11/34 ,  G06F11/30 ,  G06F3/06 ,  G06F3/048

Abstract: The disclosed embodiments include a method for identifying a performance metric to diagnose a cause of a performance issues of virtual machine. The method includes obtaining data of a virtual machine, an indication that a storage volume contains data of the virtual machine, data about the storage volume, and an identification of the storage volume. The data of the virtual machine is correlated with the data about the storage volume based on the indication that the storage volume contains data of the virtual machine and the identification of the storage volume. A performance metric is identified based at least in part on an outcome of the correlating. The performance metric indicates that the storage volume is a cause of a performance issue of the virtual machine. A state related to the storage volume is changed to mitigate the cause of the performance issue of the virtual machine.