公开(公告)号：US11061918B2

公开(公告)日：2021-07-13

申请号：US15479823

申请日：2017-04-05

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Jason Szeto ,  Jose Solis ,  Jindrich Dinga ,  David Marquardt

IPC: G06F16/2458 ,  G06F16/26

Abstract: Systems and methods are disclosed for locating data and categorizing a set of data using inverted indexes. The inverted indexes include token entries and field-value pair entries, as well as event references that correspond to events that include raw machine data. Using filter criteria, the inverted indexes are identified. In turn, the inverted indexes are used to identify a set of events that satisfy the filter criteria. The identified set of events are categorized based on categorization criteria and provided for display to a user.

公开(公告)号：US20210209080A1

公开(公告)日：2021-07-08

申请号：US17212953

申请日：2021-03-25

Applicant: SPLUNK INC.

Inventor： MARC VINCENT ROBICHAUD ,  CORY EUGENE BURKE ,  JEFFREY THOMAS LLOYD

IPC: G06F16/22 ,  G06F16/24 ,  G06F16/2455

Abstract: A search interface is displayed in a table format that includes a plurality of columns, each column including data items of an event attribute, the data items being of a set of events, each column being selectable by a user, and a plurality of rows forming cells with the one or more columns, each cell comprising one or more of the data items of the event attribute of a corresponding column. Based on the user selecting one or more of the columns, a list of options is displayed corresponding to the selected one or more columns, and one or more commands are added to a search query that corresponds to the set of events. The one or more commands are based on at least an option that is selected from the list of options and the event attribute of each of the selected one or more columns.

公开(公告)号：US11042697B2

公开(公告)日：2021-06-22

申请号：US16589445

申请日：2019-10-01

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F3/048 ,  G06F40/174 ,  G06F16/2458

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US11037342B1

公开(公告)日：2021-06-15

申请号：US15224609

申请日：2016-07-31

Applicant: Splunk Inc.

Inventor： Marshall Chalmers Agnew ,  Michael Porath ,  Simon Foster Fishel

IPC: G06T11/20 ,  G06F3/0484 ,  G06F3/0482 ,  G06F16/22 ,  G06F16/245

Abstract: Disclosed is a technique for generating a visualization module for use within a framework for generating for display an interactive visualization of event data based on a static visualization library. In an embodiment, a computer system receives from a developer instructions for formatting event data for use with a visualization library, and rendering the formatted event data with the visualization library. The computer system then generates a visualization module including the received instructions, the visualization module being executable by another computer system to generate and cause display of an interactive visualization of received event data, the interactive visualization being dynamically modifiable in response to a user input.

公开(公告)号：US20210174009A1

公开(公告)日：2021-06-10

申请号：US17169254

申请日：2021-02-05

Applicant: SPLUNK Inc.

Inventor： Jesse MILLER ,  Micah James DELFINO ,  Marc ROBICHAUD ,  David CARASSO

IPC: G06F40/174 ,  G06F16/2458

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US11032307B2

公开(公告)日：2021-06-08

申请号：US15582739

申请日：2017-04-30

Applicant: Splunk Inc.

Inventor： George Tsironis

IPC: H04L29/06 ,  H04L12/24 ,  G06F21/55

Abstract: The disclosed embodiments include a method performed by a computer system. The method includes causing display of one or more graphical controls enabling a user to define attributes of a threat rule, the attributes including a type of computer network entity and an anomaly pattern associated with the type of computer network entity. The method further includes generating the threat rule based on interaction by a user with the one or more graphical controls, wherein the threat rule identifies a security threat to the computer network that satisfies the attributes of the threat rule based on one or more detected anomalies on the computer network.

公开(公告)号：US11030192B2

公开(公告)日：2021-06-08

申请号：US16250949

申请日：2019-01-17

Applicant: SPLUNK INC.

Inventor： Alexander James ,  Jesse Miller

IPC: G06F16/2452 ,  G06F16/00 ,  G06F16/26 ,  G06F16/33 ,  G06F16/23 ,  G06F16/242 ,  G06F16/2458 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/22 ,  G06F3/0484 ,  G06F21/62 ,  G06F40/177 ,  G06T11/20 ,  G06Q10/00 ,  G06F3/0482 ,  G06Q10/10

Abstract: A method includes assigning an access permission of a first user to a query object that represents a first query, the access permission granting the first user access rights to one or more data sources of the first query, the access permission being assigned as a runtime permission of the first query, granting a request from a second user to execute a second query, the first query being a subquery of the second query, and allowing the second user to execute the first query on the one or more data sources of the first query using the runtime permission assigned to the first query in executing the second query using the first query as the subquery.

公开(公告)号：US11030173B1

公开(公告)日：2021-06-08

申请号：US16920187

申请日：2020-07-02

Applicant: Splunk Inc.

Inventor： Ledion Bitincka ,  Stephen Phillip Sorkin ,  Steve Yu Zhang

IPC: G06F16/22 ,  G06F16/245 ,  G06F16/901 ,  G06F16/27 ,  G06F16/248

Abstract: A method and system for managing searches of a data set that is partitioned based on a plurality of events. A structure of a search query may be analyzed to determine if logical computational actions performed on the data set is reducible. Data in each partition is analyzed to determine if at least a portion of the data in the partition is reducible. In response to a subsequent or reoccurring search request, intermediate summaries of reducible data and reducible search computations may be aggregated for each partition. Next, a search result may be generated based on at least one of the aggregated intermediate summaries, the aggregated reducible search computations, and a query of adhoc non-reducible data arranged in at least one of the plurality of partitions for the data set.

公开(公告)号：US11023504B2

公开(公告)日：2021-06-01

申请号：US15920434

申请日：2018-03-13

Applicant: Splunk Inc.

Inventor： Itay Neeman ,  Bradford H. Lovering

IPC: G06F16/33 ,  G06F16/80 ,  G06F16/338 ,  G06F16/242 ,  G06F16/9032 ,  G06F16/903

Abstract: Technologies are described herein for executing queries expressed with reference to a structured query language against unstructured data. A user issues a structured query through a traditional structured data management (“SDM”) application. Upon receiving the structured query, an SDM driver analyzes the structured query and extracts a data structure from the unstructured data, if necessary. The structured query is then converted to an unstructured query based on the extracted data structure. The converted unstructured query may then be executed against the unstructured data. Results from the query are reorganized into structured data utilizing the extracted data structure and are then presented to the user through the SDM application.

公开(公告)号：US11010435B2

公开(公告)日：2021-05-18

申请号：US16264441

申请日：2019-01-31

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Christopher Pride ,  Arindam Bhattacharjee ,  Xiaowei Wang ,  James Alasdair Robert Hodge ,  Mustafa Ahamed

IPC: G06F16/00 ,  G06F16/951 ,  G06F16/21 ,  G06F16/25 ,  G06F16/904 ,  G06F16/901 ,  G06F16/9038 ,  G06F16/903 ,  G06F16/248 ,  G06F16/2458 ,  G06F16/27 ,  G06F16/2455

Abstract: Disclosed is a technique that can be performed in a distributed network. The technique can include a search service system that receives an indication of at least a portion of a search scheme to cause worker nodes to obtain search results from distributed data storage systems. The search scheme is defined by a data intake and query system. The search service system defines a search process based on the at least a portion of the search scheme and executes the search process to cause the worker nodes to obtain search results from the distributed data storage systems. The search service system receives a combination of search results based on the search results obtained by the worker nodes from the distributed data storage systems, and causes an output based on the combination of search results obtained by the data intake and query system in accordance with the search scheme.