公开(公告)号：US11777945B1

公开(公告)日：2023-10-03

申请号：US17586086

申请日：2022-01-27

申请人： SPLUNK Inc.

发明人： George Apostolopoulos ,  Ignacio Nicolas Bermudez Corrales

IPC分类号： G06N20/00 ,  G06N7/00 ,  H04L9/40 ,  G06F16/28

CPC分类号： H04L63/102 ,  G06F16/288 ,  G06N7/00 ,  G06N20/00 ,  H04L63/1425

摘要： Embodiments of the present invention are directed to facilitating detection of suspicious access to resources. In accordance with aspects of the present disclosure, an access graph is generated. The access graph contains access data that includes observed accesses between entities and resources. Access scores can be determined for entity-resource pairs in the access graph by applying a set of access rules to the entity-resource pairs in the access graph. The access scores indicate an extent of relatedness between the corresponding entity and resource. Thereafter, the access scores can be used to train a probabilistic prediction model that predicts suspiciousness of accesses between entities and resources.

公开(公告)号：US11768836B2

公开(公告)日：2023-09-26

申请号：US16582205

申请日：2019-09-25

申请人： Splunk Inc.

发明人： Arun Ramani ,  Anupadmaja Raghavan ,  Tristan Antonio Fletcher ,  Marc Chene

IPC分类号： G06F15/16 ,  G06F16/2457 ,  G06Q10/00

CPC分类号： G06F16/24573 ,  G06Q10/00

摘要： A service monitoring system (SMS) produces key performance indicator (KPI) scores that indicate the performance of a service. To produce the KPI scores, the SMS may process the data for a large number of machine entities that perform the service. This data can be processed on a per-entity basis to produce a per-entity KPI score representing the contribution of a particular machine to the overall KPI. The per-entity KPI scores can be transformed to statistical representations which can be visualized as a distribution stream graph. The visualization may be presented with interactive aspects. Automatic entity definitions may also be generated based on content derived from the processed data.

公开(公告)号：US11768776B1

公开(公告)日：2023-09-26

申请号：US18045421

申请日：2022-10-10

申请人： Splunk Inc.

发明人： Bharath Aleti ,  Alexandros Batsakis ,  Paul J. Lucas ,  Igor Stojanovski

IPC分类号： G06F12/121 ,  G06F16/22 ,  G06F16/2455

CPC分类号： G06F12/121 ,  G06F16/2282 ,  G06F16/24553 ,  G06F2212/1044

摘要： Systems and methods are disclosed for making space available in a local storage of a data intake and query system. A cache manager of the data intake and query system may determine an amount of storage space of a local data store that is available for use to perform a query. The cache manager may then use one or more eviction policies associated with content stored at the local data store to purge content items to evict from the local storage. The system may then retrieve content for performing the query from a remote storage and store the retrieved content at the local storage.

公开(公告)号：US11762442B1

公开(公告)日：2023-09-19

申请号：US16945723

申请日：2020-07-31

申请人： SPLUNK INC.

发明人： Matteo Merli ,  Karthikeyan Ramasamy ,  Ram Sriharsha

IPC分类号： G06F1/26 ,  G06F1/3296 ,  G06N20/00 ,  H04L67/12

CPC分类号： G06F1/266 ,  G06F1/3296 ,  G06N20/00 ,  H04L67/12

摘要： Various implementations of the present application set forth a computer-implemented method comprising obtaining, by a low-power hub device, a first set of data published by an edge device, where the low-power hub device subscribes to at least a subset of data published by the edge device, generating, by the low-power hub device, a second set of data from the first set of data by inputting the first set of data into a machine learning (ML) model executing on the low-power hub device, and transmitting the second set of data to a remote server computer system.

公开(公告)号：US11755453B1

公开(公告)日：2023-09-12

申请号：US17973394

申请日：2022-10-25

申请人： SPLUNK Inc.

发明人： Tigran Najaryan ,  Aunsh Bharat Chaudhari ,  Morgan James McLean ,  Yiqing Pei

IPC分类号： G06F9/44 ,  G06F11/34

CPC分类号： G06F11/3495

摘要： In response to receiving a selection of an option to discover uninstrumented entities within a monitored environment, information retrieved from monitoring agents currently installed on instrumented entities within a system is analyzed to discover additional entities within the system that are connected to the instrumented entities. Each of these discovered entities is analyzed to determine whether a monitoring agent is able to be installed within the entity; if installation is possible, such installation is automatically performed (or a guided manual installation is implemented utilizing an interface). After a monitoring agent is installed within a discovered entity, information is retrieved from that monitoring agent may be used to discover additional entities within the system that are connected to that discovered entity. In this way, an iterative discovery of all entities within a system may be performed. Results of this iterative discovery may be presented via an interface.

公开(公告)号：US20230273936A1

公开(公告)日：2023-08-31

申请号：US18313240

申请日：2023-05-05

申请人： SPLUNK INC.

发明人： Da XU ,  Sundar VASAN ,  Dhruva Kumar BHAGI

IPC分类号： G06F16/27 ,  G06F16/22 ,  G06F11/30 ,  G06F11/20 ,  G06F11/34 ,  H04L67/1097 ,  G06F11/32

CPC分类号： G06F16/27 ,  G06F16/2272 ,  G06F11/3006 ,  G06F11/2094 ,  G06F11/3476 ,  H04L67/1097 ,  G06F11/3409 ,  G06F11/32 ,  G06F11/3072 ,  G06F3/0617

摘要： A method for performing disaster recovery in a clustered environment comprises identifying, at a master device, a first indexer from a set of indexers to serve as a primary indexer for responding to queries pertaining to a subset of data. The method also comprises assigning, at the master device, a generation identifier indicating that the first indexer is the primary indexer for the subset of data. Responsive to an event prompting a change in a primary indexer designation for the subset of data, the method comprises identifying, at the master device, a second indexer from the set of indexers to serve as the primary indexer for responding to queries pertaining to the subset of data. Further, the method comprises assigning, at the master device, a new generation identifier indicating that the second indexer is the primary indexer for the subset of data.

公开(公告)号：USD997188S1

公开(公告)日：2023-08-29

申请号：US29812102

申请日：2021-10-19

申请人： SPLUNK Inc.

设计人： Jindrich Dinga ,  Jacob Sebastian Stark ,  Mudit Mittal ,  Clark E Mullen

摘要： The sole FIGURE is a front view of a display screen or portion thereof having a graphical user interface showing my new design.
The outermost broken-line rectangle depicts the perimeter of a display screen or portion thereof having a graphical user interface and forms no part of the claimed design. The remaining broken lines depict portions of a graphical user interface and form no part of the claimed design.

公开(公告)号：US11743285B2

公开(公告)日：2023-08-29

申请号：US16528397

申请日：2019-07-31

申请人： Splunk Inc.

发明人： Brian Luger

IPC分类号： H04L9/40

CPC分类号： H04L63/145 ,  H04L63/1408 ,  H04L63/1416 ,  H04L63/1483 ,  H04L63/308

摘要： Techniques and mechanisms are disclosed enabling efficient collection of forensic data from client devices, also referred to herein as endpoint devices, of a networked computer system. Embodiments described herein further enable correlating forensic data with other types of non-forensic data from other data sources. A network security application described herein further enables generating various dashboards, visualizations, and other interfaces for managing forensic data collection, and displaying information related to collected forensic data and information related to identified correlations between items of forensic data and other items of non-forensic data.

公开(公告)号：US11741131B1

公开(公告)日：2023-08-29

申请号：US17162300

申请日：2021-01-29

申请人： Splunk Inc.

发明人： Akash Dwivedi ,  Himanshu Gupta ,  Eric Tschetter ,  Rahul Gidwani

IPC分类号： G06F16/22 ,  G06F16/248 ,  G06F16/28 ,  G06F16/2455

CPC分类号： G06F16/287 ,  G06F16/22 ,  G06F16/248 ,  G06F16/24553 ,  G06F16/288

摘要： Systems and methods are disclosed for efficiently uploading event data of a data intake and processing system and building journey instances using the uploaded event data in a distributed manner. Each journey instance is illustratively associated with a series of events within the event data occurring over a journey duration. For example, a cloud-based hosting system can implement a cloud-based distributed system that receives fragmented uploads of event data from the data intake and query system. Once received, the cloud-based hosting system can combine the event data from one or more uploads and re-stitch portions of the uploaded event data using a set of worker nodes to build journey instances.

公开(公告)号：US11741089B1

公开(公告)日：2023-08-29

申请号：US17589661

申请日：2022-01-31

申请人： Splunk Inc.

发明人： Michael Porath ,  Siegfried Puchbauer-Schnabel

IPC分类号： G06F16/242 ,  G06F16/29 ,  G06F16/248 ,  G06F16/951 ,  G06F16/2457 ,  G06F3/04842

CPC分类号： G06F16/2428 ,  G06F3/04842 ,  G06F16/248 ,  G06F16/24578 ,  G06F16/29 ,  G06F16/951

摘要： A data intake and query system may store raw machine data that includes location information. A client system may include a user interface for searching the data intake and query system. The user interface allows a user to define a field search query and to define one or more ad-hoc boundary regions on a map. A combined query is transmitted to the data intake and query system, the combined query including both the field search query and location search information that is based on the ad-hoc boundary regions. The data intake and query system runs the combined query and returns responsive results, which are displayed at the client user interface.