公开(公告)号：US11010390B2

公开(公告)日：2021-05-18

申请号：US16444593

申请日：2019-06-18

Applicant: SPLUNK, INC.

Inventor： Vishal Patel ,  Mitchell Neuman Blank, Jr. ,  Sundar Renegarajan Vasan ,  Stephen Phillip Sorkin

IPC: G06F16/2457 ,  G06F16/9537 ,  G06F16/9535 ,  G06F16/22 ,  G06F16/27 ,  G06F16/29 ,  H04L29/08 ,  G06F11/20 ,  G06F3/06

Abstract: Embodiments are directed towards managing within a cluster environment having a plurality of indexers for data storage using redundancy the data being managed using a generation identifier, such that a primary indexer is designated for a given generation of data. When a master device for the cluster fails, data may continue to be stored using redundancy, and data searches performed may still be performed.

公开(公告)号：US11003714B1

公开(公告)日：2021-05-11

申请号：US15967590

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke

IPC: G06F16/901 ,  G06F16/2458 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system uses a search node catalog to identify search nodes that are available to execute the query and uses a bucket catalog to identify buckets to be searched. The data intake and query system executes the query using the identified bucket and search nodes.

公开(公告)号：US11003687B2

公开(公告)日：2021-05-11

申请号：US16451582

申请日：2019-06-25

Applicant: SPLUNK, INC.

Inventor： Da Xu ,  Sundar Vasan ,  Dhruva Kumar Bhagi

IPC: G06F16/27 ,  G06F16/22 ,  G06F11/30 ,  G06F11/20 ,  G06F11/34 ,  H04L29/08 ,  G06F11/32 ,  G06F3/06

Abstract: Techniques and mechanisms are disclosed to execute data searches using generation identifiers. In general, a method of executing the searches comprises broadcasting, from a search head, a first query to a plurality of indexers in a cluster, wherein a portion of the first query is directed to a set of data, and wherein the set of data comprises time-stamps within a particular time frame. The method further comprises providing, with the first query, a first generation identifier for the set of data, wherein the first generation identifier identifies a first indexer from the plurality of indexers to serve as a primary indexer for responding to queries that comprise the first generation identifier and that pertain to the set of data, wherein one or more indexers in the cluster other than the first indexer are designated as secondary indexers, wherein the secondary indexers are configured to ignore queries that pertain to the set of data and that comprise the first generation identifier. Subsequently, the method comprises receiving a response to the first query from the plurality of indexers.

公开(公告)号：US11003337B2

公开(公告)日：2021-05-11

申请号：US16275207

申请日：2019-02-13

Applicant: SPLUNK INC.

Inventor： Cory Eugene Burke ,  Katherine Kyle Feeney ,  Divanny I. Lamas ,  Marc Vincent Robichaud ,  Matthew G. Ness ,  Clara E. Lee

IPC: G06F17/00 ,  G06F3/0484 ,  G06F3/0482 ,  G06F16/22 ,  G06F16/242 ,  G06F16/248 ,  G06F16/25 ,  G06F16/951 ,  G06F16/2455 ,  G06F40/18 ,  G06K9/20 ,  G06F9/451

Abstract: In embodiments of statistics value chart interface cell mode drill down, a first interface displays in a table format that includes columns each with field values of an event field, and each column having a column heading of a different one of the event fields, and includes rows each with one or more of the field values, each field value in a row associated with a different one of the event fields, and having an aggregated metric that represents a number of events with field-value pairs that match all of the field values listed in a respective row and the corresponding event fields listed in the respective columns. A cell can be emphasized that includes one of the field values in a row that corresponds to one of the different event fields in a column, and in response, a menu displays options to transition to a second interface.

公开(公告)号：US10999164B1

公开(公告)日：2021-05-04

申请号：US16863896

申请日：2020-04-30

Applicant: Splunk Inc.

Inventor： Chakravarthy Sridhar ,  Minjie Qiu ,  Atif Mahadik

IPC: H04L12/24 ,  G06F3/0482 ,  H04L12/46 ,  H04L29/06 ,  G06F8/20 ,  G06F8/34

Abstract: Techniques are described for enabling a cloud-based IT and security operations application to execute playbooks containing custom code in a manner that mitigates types of risk related to the misuse of cloud-based resources and security of user data. Users use a client application to create and modify playbooks and, upon receiving input to save a playbook, the client application determines whether the playbook includes custom code. If the client application determines that the playbook includes custom code, the client application establishes a connection with a proxy application (also referred to as an “automation broker”) running in the user's own on-premises network and sends a representation of the playbook to the proxy application. The client application further sends to the IT and security operations application an identifier of the playbook and an indication that the playbook (or the custom code portions of the playbook) is stored within the user's on-premises network.

公开(公告)号：US20210117857A1

公开(公告)日：2021-04-22

申请号：US16779456

申请日：2020-01-31

Applicant: Splunk Inc.

Inventor： Ram Sriharsha

IPC: G06N20/00 ,  G06F17/16 ,  G06F17/18

Abstract: Systems and methods are described for processing ingested data using an online machine learning algorithm as the data is being ingested. For example, the online machine learning algorithm can be an adaptive thresholding algorithm used to identify outliers in a moving window of data. As another example, the online machine learning algorithm can be a sequential outlier detector that detects anomalous sequences of logs or events. As another example, the online machine learning algorithm can be a sentiment analyzer that determines whether text has a positive, negative, or neutral sentiment. As another example, the online machine learning algorithm can be a drift detector that detects whether ingested data marks the start of a change in the distribution of a time-series.

公开(公告)号：US10986120B2

公开(公告)日：2021-04-20

申请号：US16568949

申请日：2019-09-12

Applicant: Splunk Inc.

Inventor： Sourabh Satish ,  Oliver Friedrichs ,  Atif Mahadik ,  Govind Salinas

IPC: H04L29/06 ,  G06F21/55 ,  G06F16/28 ,  H04L12/851

Abstract: Systems, methods, and software described herein provide enhancements for implementing security actions in a computing environment. In one example, a method of operating an advisement system to provide actions in a computing environment includes identifying a security incident in the computing environment, identifying a criticality rating for the asset, and obtaining enrichment information for the security incident from one or more internal or external sources. The method also provides identifying a severity rating for the security incident based on the enrichment information, and determining one or more security actions based on the enrichment information. The method further includes identifying effects of the one or more security actions on operations of the computing environment based on the criticality rating and the severity rating, and identifying a subset of the one or more security actions to respond to the security incident based on the effects.

公开(公告)号：US10984044B1

公开(公告)日：2021-04-20

申请号：US15967591

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke

IPC: G06F16/901 ,  G06F16/903 ,  G06F16/907 ,  G06F3/06

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system maintains a catalog of buckets stored in a remote shared storage system. The buckets store raw machine data associated with a timestamp. The data intake and query receives a query identifying a set of data to be processed and a manner of processing the set of data, and executes the query based on the catalog of buckets.

公开(公告)号：US10983788B2

公开(公告)日：2021-04-20

申请号：US16262793

申请日：2019-01-30

Applicant: SPLUNK INC.

Inventor： Itay A. Neeman

IPC: G06F9/44 ,  G06F8/71 ,  G06F9/54 ,  G06F8/70 ,  G06F9/445 ,  G06F9/451

Abstract: The disclosed embodiments relate to a system that facilitates developing applications in a component-based software development environment. This system provides an execution environment comprising instances of application components and a registry that maps names to instances of application components. Upon receiving a call to register a mapping between a name and an instance of an application component, the system updates the registry to include an entry for the mapping. Moreover, upon receiving a call to be notified about registry changes for a name, the system updates the registry to send a notification to a caller when a registry change occurs for the name.

公开(公告)号：US20210109928A1

公开(公告)日：2021-04-15

申请号：US17128913

申请日：2020-12-21

Applicant: SPLUNK Inc.

Inventor： MARC V. ROBICHAUD ,  JESSE MILLER ,  CORY BURKE ,  ALEXANDER JAMES ,  JEFFREY THOMAS LLOYD

IPC: G06F16/2452 ,  G06F16/00 ,  G06F16/26 ,  G06F16/33 ,  G06F16/23 ,  G06F16/242 ,  G06F16/2458 ,  G06F16/2453 ,  G06F16/2455 ,  G06F3/0484 ,  G06F21/62 ,  G06F40/177 ,  G06T11/20 ,  G06Q10/00 ,  G06F3/0482 ,  G06F16/22

Abstract: A method includes causing display of events that correspond to search results of a search query in a table. The table includes rows representing events comprising data items of event attributes, columns forming cells with the row, the columns representing respective event attributes, and interactive regions corresponding to one or more data items of the displayed data items. The method also includes in response to the user selecting a designated interactive region, causing display of a list of options, each displayed option corresponding to an interface template for composing query commands, and based on the user selecting an option in the displayed list of options, causing one or more commands to be added to the search query, the one or more commands composed based on the one or more data items that corresponds to the designated interactive region according to instructions of the interface template of the selected option.