公开(公告)号：US11611493B2

公开(公告)日：2023-03-21

申请号：US17443228

申请日：2021-07-22

Applicant: Splunk Inc.

Inventor： Qianjie Zhong ,  Geng Qin ,  Ting Wang ,  Min Zhang ,  Micah Delfino ,  Jef Bekes ,  D. Randall Young ,  Cary Noel ,  Feng Shao ,  Dritan Bitincka

IPC: H04L43/045 ,  H04L41/22 ,  H04L41/12 ,  H04L43/0817

Abstract: Techniques and mechanisms are disclosed that enable collection of various types of data from cloud computing services and the generation of various dashboards and visualizations to view information about collections of cloud computing resources. A user can configure collection of data from one or more cloud computing services and view visualizations using an application platform referred to herein as a cloud computing management application. A cloud computing management application further may be configured to generate and cause display of interactive topology map representations of cloud computing resources based on the collected data, where an interactive topology map enables users to view an intuitive visualization of a collection of computing resources, efficiently cause performance of actions with respect to various resources displayed in the topology map, and analyze the collection of resources in ways that are not possible using conventional cloud computing service management consoles.

公开(公告)号：US11609913B1

公开(公告)日：2023-03-21

申请号：US17162536

申请日：2021-01-29

Applicant: Splunk Inc.

Inventor： Tameem Anwar ,  Alexandros Batsakis ,  Tianyi Gou ,  Mehul Goyal ,  Ashish Mathew ,  Douglas Rapp ,  Sai Krishna Sajja ,  Anish Shrigondekar ,  Igor Stojanovski ,  Eric Woo ,  Zhenghui Xie ,  Ruochen Zhang ,  Sophia Rui Zhu

IPC: G06F16/00 ,  G06F16/2455 ,  G06F16/248 ,  G06F16/2458

Abstract: A data intake and query system can manage the search of large amounts of data using one or more processing nodes. When a new processing node is added or becomes available, the node coordinator can reassign duties from one or more processing nodes to the new processing node. The node coordinator can initially assign the new processing node one or more groups of data for backup purposes. At a later time, the node coordinator can reassign the new processing node to the one or more groups of data for searching purposes.

公开(公告)号：US11606384B2

公开(公告)日：2023-03-14

申请号：US17386989

申请日：2021-07-28

Applicant: Splunk Inc.

Inventor： Munawar Monzy Merza

IPC: H04L29/06 ,  H04L9/40 ,  A61G17/04 ,  H04L61/4511 ,  A61G17/007 ,  G06F21/50 ,  G06T11/20 ,  H04L67/02

Abstract: Domain names are determined for each computational event in a set, each event detailing requests or posts of webpages. A number of events or accesses associated with each domain name within a time period is determined. A registrar is further queried to determine when the domain name was registered. An object is generated that includes a representation of the access count and an age since registration for each domain names. A client can interact with the object to explore representations of domain names associated with high access counts and recent registrations. Upon determining that a given domain name is suspicious, a rule can be generated to block access to the domain name.

公开(公告)号：US11604795B2

公开(公告)日：2023-03-14

申请号：US16051304

申请日：2018-07-31

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Arindam Bhattacharjee

IPC: G06F17/00 ,  G06F16/2453 ,  G06F16/25 ,  G06F16/21 ,  G06F16/28 ,  G06F16/2455 ,  G06F16/2458 ,  G06F40/205

Abstract: Systems and methods are disclosed for executing a query that includes an indication to process data managed by an external data system. The system identifies the external data system that manages the data to be processed and generates a subquery for the external data system indicating that the results of the subquery are to be sent to one worker node of multiple worker nodes. The system instructs the one worker node to distribute the results received from the external data system to multiple worker nodes for processing.

公开(公告)号：US11599396B2

公开(公告)日：2023-03-07

申请号：US17237904

申请日：2021-04-22

Applicant: SPLUNK INC.

Inventor： Jag Kerai ,  Anish Shrigondekar ,  Mitchell Blank, Jr. ,  Hasan Alayli

IPC: G06F9/50 ,  G06F3/06

Abstract: Resegmenting chunks of data for load balancing is disclosed. A plurality of first chunks of data is received. The plurality of first chunks of data includes one or more entries that include raw data produced by a component of an information technology environment and that reflects activity in the information technology environment. The plurality of first chunks of data is resegmented into a plurality of second chunks of data based on a source type of the plurality of first chunks. A first subset of the plurality of second chunks of data is distributed to a first indexer of a set of indexers. An occurrence of a trigger event is determined, and in response to the trigger event, a second subset of the plurality of second chunks of data is distributed to a second indexer of the set of indexers.

公开(公告)号：US11588678B2

公开(公告)日：2023-02-21

申请号：US17407738

申请日：2021-08-20

Applicant: Splunk Inc.

Inventor： Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas ,  Sourabh Satish

IPC: H04L41/0631 ,  H04L41/0654 ,  H04L41/14 ,  H04L9/40 ,  H04L41/22 ,  H04L41/5074 ,  G06F21/55 ,  H04L41/08

Abstract: Described herein are systems, methods, and software to enhance the management of responses to incidents. In one example, a method of improving incident response comprises identifying an incident in an information technology (IT) environment associated with a first entity of a plurality of entities, and identifying action implementation information related to the incident. The method further anonymizes the action implementation information for the incident, and determines action suggestions based at least on the anonymized action implementation information.

公开(公告)号：US11586729B2

公开(公告)日：2023-02-21

申请号：US17332804

申请日：2021-05-27

Applicant: Splunk Inc.

Inventor： Zhuxuan Jin ,  George Apostolopoulos

IPC: G06F21/55 ,  G06F16/245 ,  G06F21/56 ,  H04L9/40

Abstract: A method is disclosed that includes receiving, at a computing device, an event log including multiple events, where the events are derived from machine data, determining a first score associated with a first granularity level by comparing an event from the event log with a first frequent patterns generated for the first granularity level, and determining a second score associated with a second granularity level by comparing the event with a second frequent patterns generated for the second granularity level. The method further includes determining an aggregate score for the event based on the first score and the second score, and comparing the aggregate score for the event with an anomaly score threshold. Further, the method includes issuing an alert identifying the event as an anomaly based on the aggregate score exceeding the anomaly score threshold.

公开(公告)号：US11586722B2

公开(公告)日：2023-02-21

申请号：US17106001

申请日：2020-11-27

Applicant: Splunk Inc.

Inventor： Govind Salinas ,  Sourabh Satish ,  Robert John Truesdell

IPC: G06F21/45 ,  G06F21/60 ,  H04L9/40 ,  G06F21/44

Abstract: Described herein are improvements for responding to incidents in an information technology (IT) environment. In one example, a method includes, in an incident response system, receiving authentication information for use by a first component for responding to an incident in an information technology (IT) environment. The method further includes encrypting the authentication information and storing the authentication information in the incident response system along with encrypted parameters for operating the first component. In the incident response system, upon determining that the first component requires the authentication information for an interaction, the method provides retrieving the authentication information and providing the authentication information to the first component.

公开(公告)号：US11579860B2

公开(公告)日：2023-02-14

申请号：US17563598

申请日：2021-12-28

Applicant: Splunk Inc.

Inventor： Yanpei Chen ,  Archana Ganapathi

IPC: G06F8/61 ,  G06F8/65 ,  G06K9/62 ,  G06F9/445

Abstract: Disclosed are embodiments of a installed software program that receive a model from a product management system. The model is trained to select one of a plurality of predefined states based on operational parameter values of the installation of the software program. Each of the plurality of predefined states define configuration values of the installation of the software program. The defined configuration values indicate, in some embodiments, updates to operational parameter values of the installation of the software program.

公开(公告)号：US11579764B1

公开(公告)日：2023-02-14

申请号：US16945477

申请日：2020-07-31

Applicant: SPLUNK INC.

Inventor： Nathan Argroves ,  Christopher Chan ,  Bruce McLaren ,  Benjamin Weaver

IPC: G06F3/0486 ,  G06F3/0482 ,  H04L65/1066 ,  G06F16/903 ,  G06F16/242 ,  G06F9/451 ,  G06F16/9038

Abstract: A computing device is coupled to a display device, and includes a data monitoring software application program executing on a processor within a data monitoring system. Via the data monitoring software application program, various techniques are performed for generating user interfaces for data monitoring and event response. In a first technique, the data monitoring software application program displays a user interface that includes a first region including a data visualization and a second region including one or more images of a video stream. In a second technique, the data monitoring software application program generates a user interface associated with an event, receive an input corresponding to interaction with a user interface element in the user interface, and initiates an event channel associated with the event in response to the input.