公开(公告)号：US10783324B2

公开(公告)日：2020-09-22

申请号：US16541637

申请日：2019-08-15

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  Catherine Anne Hanson ,  David Carasso

IPC: G06F3/048 ,  G06F40/174 ,  G06F16/2458

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US10783318B2

公开(公告)日：2020-09-22

申请号：US15417430

申请日：2017-01-27

Applicant: Splunk, Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F3/048 ,  G06F40/166 ,  G06F16/904 ,  G06F16/2458 ,  G06F16/248 ,  G06F7/24 ,  G06F3/0484 ,  G06F40/169 ,  G06F40/177

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US20200151140A1

公开(公告)日：2020-05-14

申请号：US16746611

申请日：2020-01-17

Applicant: SPLUNK INC.

Inventor： Jesse Miller

IPC: G06F16/13 ,  G06F11/32 ,  G06F11/30 ,  G06F16/14 ,  G06F16/9032

Abstract: A graphical user interface allows a customer to specify delimiters and/or patterns that occur in event data and indicate the presence of a particular field. The graphical user interface applies a customer's delimiter specifications directly to event data and displays the resulting event data in real time. Delimiter specifications may be saved as configuration settings and systems in a distributed setting may use the delimiter specifications to extract field values as the systems process raw data into event data. Extracted field values are used to accelerate search queries that a system receives.

公开(公告)号：US10540321B2

公开(公告)日：2020-01-21

申请号：US15885539

申请日：2018-01-31

Applicant: SPLUNK INC.

Inventor： Jesse Miller

IPC: G06F16/00 ,  G06F16/13 ,  G06F16/14 ,  G06F11/30 ,  G06F11/32 ,  G06F11/34

Abstract: A graphical user interface allows a customer to specify delimiters and/or patterns that occur in event data and indicate the presence of a particular field. The graphical user interface applies a customer's delimiter specifications directly to event data and displays the resulting event data in real time. Delimiter specifications may be saved as configuration settings and systems in a distributed setting may use the delimiter specifications to extract field values as the systems process raw data into event data. Extracted field values are used to accelerate search queries that a system receives.

公开(公告)号：US20190155804A1

公开(公告)日：2019-05-23

申请号：US16260985

申请日：2019-01-29

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Marc V. Robichaud ,  Cory Burke ,  Jeffrey Thomas Lloyd ,  Alexander James ,  Andrew Robbins

IPC: G06F16/23 ,  G06F16/2455 ,  G06F17/24 ,  G06F16/33 ,  G06F16/2458 ,  G06F16/242 ,  G06F16/26 ,  G06F16/00 ,  G06F3/0484 ,  G06F16/2453 ,  G06F21/62 ,  G06T11/20 ,  G06F3/0482 ,  G06Q10/00

Abstract: In some embodiments, a method may include display of a data summary view of a set of events that correspond to query results of a query. Each event of the set of events may include data items of a plurality of event attributes. In embodiments, the data summary view can include various summary reports. Each summary report can include summary entries and a summary graph that each present a summary of data items of a selected event attribute, of the plurality of event attributes. At least one summary report can include summary entries that are selectable by a user. The method may further include filtering the set of event, in response to, and based on, selection of one or more of the selectable summary entries by the user and updating of at least the first and second summary graphs to correspond to the filtered set of events.

公开(公告)号：US10204132B2

公开(公告)日：2019-02-12

申请号：US14815924

申请日：2015-07-31

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Marc V. Robichaud ,  Cory Burke ,  Alexander James ,  Jeffrey Thomas Lloyd

IPC: G06F17/30 ,  G06Q10/00

Abstract: A method includes displaying events that correspond to search results of a search query, the events comprising data items of event attributes, the events displayed in a table. The table includes columns corresponding to an event attribute, rows corresponding events, cells populated data items, and interactive regions corresponding to at least one data item and selectable to add one or more commands to the search query. A reference event attribute is determined based on an analysis of a data object. A supplemental column corresponding to a supplemental event attribute is added to the table based on the reference event attribute. Supplemental interactive regions are added to the table and correspond to supplemental data items.

公开(公告)号：US10203842B2

公开(公告)日：2019-02-12

申请号：US14815927

申请日：2015-07-31

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Marc V. Robichaud ,  Cory Burke ,  Alexander James ,  Jeffrey Thomas Lloyd

IPC: G06F17/30 ,  G06F3/0482 ,  G06F3/0484 ,  G06F17/24

Abstract: A method includes receiving, in a first query interface, a query composed by the user by typing commands into a query box of the first query interface and based on the receiving of the query, causing events corresponding to query results of the query to be displayed in the first query interface with fields corresponding to the events. Based on the selection by the user of an option, a second query interface is displayed with a table that includes events that correspond to query results of a loaded query. The table includes columns corresponding to event attributes, rows corresponding to events. Cells are populated with the data items of event attributes, where one of the columns corresponds to a field of the fields displayed in the first query interface. The table also includes interactive regions selectable by the user to add one or more commands to the loaded query.

公开(公告)号：US10061824B2

公开(公告)日：2018-08-28

申请号：US14611002

申请日：2015-01-30

Applicant: SPLUNK INC.

Inventor： Marc Vincent Robichaud ,  Cory Eugene Burke ,  Jeffrey Thomas Lloyd ,  Jesse Miller

IPC: G06F17/30 ,  G06F3/0484 ,  G06F17/24

Abstract: A search interface is displayed in a table format that includes one or more columns, each column including data items of an event attribute, the data items being of a set of events, and a plurality of rows forming cells with the one or more columns, each cell including one or more of the data items of the event attribute of a corresponding column. Based on a user selecting one or more of the cells, a list of options if displayed corresponding to the selection, and one or more commands are added to a search query that corresponds to the set of events, the one or more commands being based on at least an option that is selected from the list of options and the event attribute for each of the one or more of the data items of each of the selected one or more cells.

公开(公告)号：US20180173717A1

公开(公告)日：2018-06-21

申请号：US15885539

申请日：2018-01-31

Applicant: SPLUNK INC.

Inventor： Jesse Miller

IPC: G06F17/30 ,  G06F11/32 ,  G06F11/30 ,  G06F11/34

Abstract: A graphical user interface allows a customer to specify delimiters and/or patterns that occur in event data and indicate the presence of a particular field. The graphical user interface applies a customer's delimiter specifications directly to event data and displays the resulting event data in real time. Delimiter specifications may be saved as configuration settings and systems in a distributed setting may use the delimiter specifications to extract field values as the systems process raw data into event data. Extracted field values are used to accelerate search queries that a system receives.

公开(公告)号：US20160224676A1

公开(公告)日：2016-08-04

申请号：US14815932

申请日：2015-07-31

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Marc V. Robichaud ,  Cory Burke ,  Jeffrey Thomas Lloyd ,  Alexander James ,  Andrew Robbins

IPC: G06F17/30 ,  G06F17/24

CPC classification number: G06F17/245 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F17/30 ,  G06F17/30365 ,  G06F17/30374 ,  G06F17/30392 ,  G06F17/30466 ,  G06F17/30507 ,  G06F17/30551 ,  G06F17/30572 ,  G06F17/30634 ,  G06F17/30663 ,  G06F21/6227 ,  G06Q10/10

Abstract: In some embodiments, a method may include display of a data summary view of a set of events that correspond to query results of a query. Each event of the set of events may include data items of a plurality of event attributes. In embodiments, the data summary view can include various summary reports. Each summary report can include summary entries and a summary graph that each present a summary of data items of a selected event attribute, of the plurality of event attributes. At least one summary report can include summary entries that are selectable by a user. The method may further include filtering the set of event, in response to, and based on, selection of one or more of the selectable summary entries by the user and updating of at least the first and second summary graphs to correspond to the filtered set of events.

Abstract translation: 在一些实施例中，方法可以包括显示与查询的查询结果相对应的一组事件的数据摘要视图。 事件集合的每个事件可以包括多个事件属性的数据项。 在实施例中，数据摘要视图可以包括各种总结报告。 每个总结报告可以包括摘要条目和总结图，每个摘要图表显示多个事件属性中所选事件属性的数据项的摘要。 至少一个摘要报告可以包括可由用户选择的摘要条目。 该方法可以进一步包括响应于并且基于用户对一个或多个可选择的摘要条目的选择来过滤事件集合，并且至少更新第一和第二摘要图表以对应于过滤的集合 事件