公开(公告)号：US09747351B2

公开(公告)日：2017-08-29

申请号：US14815951

申请日：2015-07-31

Applicant: Splunk, Inc.

Inventor： Brent Boe ,  Alan Hardin ,  Fang I. Hsiao ,  Brian C. Reyes

IPC: G06F15/16 ,  G06F17/30 ,  H04L12/24 ,  H04L12/26 ,  G06F12/00

CPC classification number: G06F17/30554 ,  G06F17/30389 ,  G06F17/30867 ,  H04L41/0213 ,  H04L41/0813 ,  H04L41/22 ,  H04L41/5032 ,  H04L43/045 ,  H04L43/16

Abstract: A processing device performs a search query to produce a search result set having entries having data items. Each data item has an ordinal position. A table, having rows and columns, is displayed in a graphical user interface. Each data item of a particular entry appears in a respective column of the same row of the table. Each column corresponds to the ordinal position of its respective data item. User input is received designating, for each respective column, a field name and an entity definition component type to which the respective column pertains, and stores for each data item of the particular entry an element value of an entity definition. The element has the element name designated for the respective column in which the data item appeared, and is associated with an entity definition component having the type designated for the respective column in which the data item appeared.

公开(公告)号：US20160226944A1

公开(公告)日：2016-08-04

申请号：US14609292

申请日：2015-01-29

Applicant: SPLUNK INC.

Inventor： Fang I. Hsiao ,  Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Clint Sharp

IPC: H04L29/06 ,  H04L12/26

CPC classification number: H04L69/22 ,  H04L43/028 ,  H04L43/0876

Abstract: The disclosed embodiments provide a system for extracting custom content from network packets. During operation, the system receives a stream of packets. The system then parses packets in the stream to determine a protocol for each packet. Next, the system applies a custom-content-extraction rule to each packet associated with a target protocol to obtain the extracted content. Then, the system stores the extracted content in events in a data store to facilitate subsequent queries involving the extracted content.

Abstract translation: 所公开的实施例提供了一种用于从网络分组中提取定制内容的系统。 在操作过程中，系统接收到一个数据包流。 然后系统解析流中的数据包，以确定每个数据包的协议。 接下来，系统对与目标协议相关联的每个分组应用自定义内容提取规则以获得提取的内容。 然后，系统将所提取的内容存储在数据存储器中的事件中，以便于涉及提取的内容的后续查询。

公开(公告)号：US20160105335A1

公开(公告)日：2016-04-14

申请号：US14933919

申请日：2015-11-05

Applicant: Splunk Inc.

Inventor： Hemendra Singh Choudhary ,  Tristan Antonio Fletcher ,  Alok Anant Bhide ,  Fang I. Hsiao

IPC: H04L12/26 ,  G06F17/30 ,  H04L12/24

CPC classification number: H04L41/22 ,  G06F17/3051 ,  G06F17/30551 ,  G06F17/30595 ,  G06F17/30864 ,  H04L29/08072 ,  H04L41/5009 ,  H04L41/5032 ,  H04L41/5045 ,  H04L43/045 ,  H04L43/16 ,  H04L67/02

Abstract: Services in an operating environment are represented by stored service definitions that identify entities that perform the service. Entity definitions identify machine data pertaining to the entity. A key performance indicator (KPI) of the service characterizes the service on the whole or some aspect of it. Each KPI is defined by a search query that derives a value from machine data identified in the entity definitions. Processing devices cause display of a service-monitoring page having a services summary region and a services aspects region. The summary region displays interactive summary tiles that each correspond to a service and present information about an aggregate KPI that characterizes the service. The aspects region displays interactive aspect tiles that each correspond to a KPI characterizing some aspect of an associated service. Additional information may be included in the service-monitoring page and interaction features enable a user to navigate to enhanced information displays.

Abstract translation: 操作环境中的服务由标识执行服务的实体的存储的服务定义来表示。 实体定义识别与实体有关的机器数据。 该服务的关键性能指标（KPI）表示服务的整体或某个方面。 每个KPI由搜索查询定义，该搜索查询从实体定义中标识的机器数据中导出值。 处理设备导致显示具有服务摘要区域和服务方面区域的服务监视页面。 摘要区域显示每个对应于服务的交互式摘要图块，并显示关于表征服务的聚合KPI的信息。 方面区域显示交互式方面图块，其各自对应于表征相关联服务的某些方面的KPI。 附加信息可能包含在服务监控页面中，交互功能使用户能够浏览到增强的信息显示。

公开(公告)号：US20160105334A1

公开(公告)日：2016-04-14

申请号：US14815942

申请日：2015-07-31

Applicant: Splunk, Inc.

Inventor： Brent Boe ,  Alan Hardin ,  Brian C. Reyes ,  Fang I. Hsiao

IPC: H04L12/26 ,  H04L12/24 ,  G06F17/30

CPC classification number: H04L43/045 ,  G06F17/30315 ,  G06F17/30339 ,  G06F17/30386 ,  G06F17/30604 ,  H04L29/08072 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/5045 ,  H04L41/5083 ,  H04L43/08 ,  H04L43/0817 ,  H04L63/0227

Abstract: Processing devices receive a file having entries having data items separated by delimiters. Each data item has an ordinal position. The processing device(s) cause display of a table, having rows and columns, in a graphical user interface. Each data items of a particular entry appears in a respective column of the same row. Each column corresponds to the ordinal position of its respective data item. User input is received designating, for each respective column, a field name and an entity definition component type to which the respective column pertains, and stores for each of the data items of the particular entry a value of an element of an entity definition. The element has the element name designated for the respective column in which the data item appeared, and is associated with an entity definition component having the type designated for the respective column in which the data item appeared.

Abstract translation: 处理设备接收具有由分隔符分隔的数据项的条目的文件。 每个数据项都有一个序数位置。 处理设备使得在图形用户界面中显示具有行和列的表。 特定条目的每个数据项出现在同一行的相应列中。 每列对应于其相应数据项的序数位置。 接收到用户输入，为每个相应列指定相应列所属的字段名称和实体定义组件类型，并且为特定条目的每个数据项存储实体定义的元素的值。 元素具有为数据项出现的相应列指定的元素名称，并且与具有指定数据项出现的相应列的类型的实体定义组件相关联。

公开(公告)号：US20160103890A1

公开(公告)日：2016-04-14

申请号：US14815951

申请日：2015-07-31

Applicant: Splunk, Inc.

Inventor： Brent Boe ,  Alan Hardin ,  Fang I. Hsiao ,  Brian C. Reyes

IPC: G06F17/30

CPC classification number: G06F17/30554 ,  G06F17/30389 ,  G06F17/30867 ,  H04L41/0213 ,  H04L41/0813 ,  H04L41/22 ,  H04L41/5032 ,  H04L43/045 ,  H04L43/16

Abstract: A processing device performs a search query to produce a search result set having entries having data items. Each data item has an ordinal position. A table, having rows and columns, is displayed in a graphical user interface. Each data item of a particular entry appears in a respective column of the same row of the table. Each column corresponds to the ordinal position of its respective data item. User input is received designating, for each respective column, a field name and an entity definition component type to which the respective column pertains, and stores for each data item of the particular entry an element value of an entity definition. The element has the element name designated for the respective column in which the data item appeared, and is associated with an entity definition component having the type designated for the respective column in which the data item appeared.

Abstract translation: 处理装置执行搜索查询以产生具有具有数据项的条目的搜索结果集。 每个数据项都有一个序数位置。 具有行和列的表格显示在图形用户界面中。 特定条目的每个数据项出现在表的同一行的相应列中。 每列对应于其相应数据项的序数位置。 接收到用户输入，为每个相应列指定相应列所属的字段名称和实体定义组件类型，并且为特定条目的每个数据项存储实体定义的元素值。 元素具有为数据项出现的相应列指定的元素名称，并且与具有指定数据项出现的相应列的类型的实体定义组件相关联。

公开(公告)号：US20150293954A1

公开(公告)日：2015-10-15

申请号：US14610408

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Nishant Teredesai ,  Cary Glen Noel

IPC: G06F17/30 ,  G06F3/0481 ,  H04L29/06

CPC classification number: G06F16/22 ,  G06F16/24568 ,  H04L65/60

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements for specifying a grouping of a set of event streams containing the time-series event data by an event stream attribute associated with the event streams. The system then causes for display, in the GUI, a second set of user-interface elements containing event stream information for one or more subsets of the event streams represented by the grouping of the event streams by the event stream attribute.

Abstract translation: 所公开的实施例提供了有助于网络数据的处理的系统。 在操作期间，该系统导致显示用于从由一个或多个远程捕获代理捕获的网络分组生成时间序列事件数据的图形用户界面（GUI）。 接下来，系统导致在GUI中显示第一组用户界面元素，用于通过与事件流相关联的事件流属性来指定包含时间序列事件数据的一组事件流的分组。 然后，系统在GUI中显示第二组用户界面元素，其包含由事件流属性对事件流的分组表示的事件流的一个或多个子集的事件流信息。