公开(公告)号：US09817862B2

公开(公告)日：2017-11-14

申请号：US14834361

申请日：2015-08-24

Applicant: Splunk Inc.

Inventor： Archana Sulochana Ganapathi ,  Alice Emily Neels ,  Marc Vincent Robichaud ,  Stephen Phillip Sorkin ,  Steve Yu Zhang

IPC: G06F17/30

CPC classification number: G06F17/30395 ,  G06F17/30424 ,  G06F17/30477 ,  G06F17/30554

Abstract: Embodiments are directed towards determining and tracking metadata for the generation of visualizations of requested data. A user may request data by providing a query that may be employed to search for the requested data. The query may include a plurality of commands, which may be employed in a pipeline to perform the search and to generate a table of the requested data. In some embodiments, each command may be executed to perform an action on a set of data. The execution of a command may generate one or more columns to append and/or insert into the table of requested data. Metadata for each generated column may be determined based on the actions performed by executing the commands. The table of requested data and the column metadata may be employed to generate and display a visualization of at least a portion of the requested data to a user.

公开(公告)号：US09740755B2

公开(公告)日：2017-08-22

申请号：US15011294

申请日：2016-01-29

Applicant: SPLUNK, INC.

Inventor： Divanny I. Lamas ,  Marc Vincent Robichaud ,  Carl Sterling Yestrau

IPC: G06F17/30 ,  G06F3/0484 ,  G06F3/0482 ,  G06F3/0481

CPC classification number: G06F17/30557 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/04842 ,  G06F17/30383 ,  G06F17/30477 ,  G06F17/30551 ,  G06F17/30572 ,  G06F17/30991

Abstract: An event limited field picker for a search user interface is described. In one or more implementations, a service may operate to collect and store data as events each of which includes a portion of the data correlated with a point in time. Clients may use a search user interface perform searches by input of search criteria. Responsive to receiving search criteria, the service may operate to apply a late binding schema to extract events that match the search criteria and provide search results for display via the search user interface. The search user interface exposes an event limited field picker operable to make selections of fields with respect to individual events in a view of the search results. In response to receiving an indication of a fields selected via the picker, visibility of selected fields may be updated to control which field and values are included in different views.

公开(公告)号：US20160098464A1

公开(公告)日：2016-04-07

申请号：US14526478

申请日：2014-10-28

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Katherine Kyle Feeney ,  Divanny I. Lamas ,  Marc Vincent Robichaud ,  Matthew G. Ness ,  Clara E. Lee

IPC: G06F17/30 ,  G06F3/0484

CPC classification number: G06F3/04842 ,  G06F3/0482 ,  G06F3/04847 ,  G06F9/451 ,  G06F17/246 ,  G06F17/30315 ,  G06F17/30389 ,  G06F17/30395 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30864 ,  G06K9/2054

Abstract: In embodiments of statistics time chart interface cell mode drill down, a first interface displays in a table format that includes columns each having a column heading comprising a different value, each different value associated with a particular event field, and includes one or more rows, each row having a time increment and aggregated metrics that each represent a number of events having a field-value pair that matches the different value represented in one of the columns and within the time increment over which the aggregated metric is calculated. A cell can be emphasized that includes one of the aggregated metrics in a row that includes the respective time increment, and in response, a menu displays options to transition to a second interface.

Abstract translation: 在统计时间图接口单元模式向下钻取的实施例中，第一界面以表格格式显示，其格式包括列标题包括不同值的列，每个不同值与特定事件字段相关联，并且包括一行或多行， 每行具有时间增量和聚合度量，其各自表示具有与在一列中表示的不同值相匹配的字段值对的事件的数量，并且在计算聚合度量的时间增量内。 可以强调一个单元格，其中包括一行中包含相应时间增量的聚合指标之一，并且作为响应，菜单显示转换到第二接口的选项。

公开(公告)号：US20160098384A1

公开(公告)日：2016-04-07

申请号：US14526454

申请日：2014-10-28

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Katherine Kyle Feeney ,  Divanny I. Lamas ,  Marc Vincent Robichaud ,  Matthew G. Ness ,  Clara E. Lee

IPC: G06F17/24 ,  G06F3/0484 ,  G06F17/30 ,  G06F3/0482

CPC classification number: G06F3/04842 ,  G06F3/0482 ,  G06F3/04847 ,  G06F9/451 ,  G06F17/246 ,  G06F17/30315 ,  G06F17/30389 ,  G06F17/30395 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30864 ,  G06K9/2054

Abstract: In embodiments of statistics time chart interface row mode drill down, a first interface is displayed in a table format that includes columns each having a column heading comprising a different value, each different value associated with a particular event field, and includes rows each with a time increment and one or more aggregated metrics, each aggregated metric representing a number of events having a field-value pair that matches the different value represented in one of the columns and within the time increment over which the aggregated metric is calculated. A row that includes the time increment and the aggregated metrics can be emphasized in the first interface, and in response, a menu is displayed with selectable options to transition to a second interface based on a selected one of the options.

Abstract translation: 在统计时间图界面行方式向下钻取的实施例中，以表格格式显示第一界面，该格式包括列标题包括不同值的列，与特定事件字段相关联的每个不同值，并且包括具有 时间增量和一个或多个聚合度量，每个聚合度量表示具有与在一个列中表示的不同值相匹配的字段值对的事件的数量，并且在计算聚合度量的时间增量内。 可以在第一接口中强调包括时间增量和聚合指标的行，并且作为响应，显示具有可选择选项的菜单，以基于所选择的一个选项来转换到第二接口。

公开(公告)号：US20160092601A1

公开(公告)日：2016-03-31

申请号：US14528951

申请日：2014-10-30

Applicant: Splunk, Inc.

Inventor： Divanny I. Lamas ,  Marc Vincent Robichaud ,  Carl Sterling Yestrau

IPC: G06F17/30 ,  G06F3/0482 ,  G06F3/0484

CPC classification number: G06F17/30557 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/04842 ,  G06F17/30383 ,  G06F17/30477 ,  G06F17/30551 ,  G06F17/30572 ,  G06F17/30991

Abstract: An event limited field picker for a search user interface is described. In one or more implementations, a service may operate to collect and store data as events each of which includes a portion of the data correlated with a point in time. Clients may use a search user interface perform searches by input of search criteria. Responsive to receiving search criteria, the service may operate to apply a late binding schema to extract events that match the search criteria and provide search results for display via the search user interface. The search user interface exposes an event limited field picker operable to make selections of fields with respect to individual events in a view of the search results. In response to receiving an indication of a fields selected via the picker, visibility of selected fields may be updated to control which field and values are included in different views.

Abstract translation: 描述了用于搜索用户界面的事件限制字段选择器。 在一个或多个实现中，服务可以操作以收集和存储数据作为事件，每个事件包括与时间点相关联的数据的一部分。 客户可以使用搜索用户界面通过输入搜索条件执行搜索。 响应于接收搜索条件，服务可以操作以应用晚期绑定模式来提取与搜索条件匹配的事件，并且通过搜索用户界面提供用于显示的搜索结果。 搜索用户界面暴露事件限制字段选择器，其可操作以在搜索结果的视图中对各个事件进行字段的选择。 响应于接收到通过选择器选择的字段的指示，可以更新所选字段的可见性，以控制哪些字段和值被包括在不同的视图中。

公开(公告)号：US08983994B2

公开(公告)日：2015-03-17

申请号：US14067203

申请日：2013-10-30

Applicant: Splunk Inc.

Inventor： Alice Emily Neels ,  Archana Sulochana Ganapathi ,  Marc Vincent Robichaud ,  Stephen Phillip Sorkin ,  Steve Yu Zhang

IPC: G06F17/30

CPC classification number: G06F17/30395 ,  G06F3/0482 ,  G06F17/248 ,  G06F17/30283 ,  G06F17/30424 ,  G06F17/30528 ,  G06F17/30554 ,  G06F17/30867

Abstract: Embodiments include generating data models that may give semantic meaning for unstructured or structured data that may include data generated and/or received by search engines, including a time series engine. A method includes generating a data model for data stored in a repository. Generating the data model includes generating an initial query string, executing the initial query string on the data, generating an initial result set based on the initial query string being executed on the data, determining one or more candidate fields from one or results of the initial result set, generating a candidate data model based on the one or more candidate fields, iteratively modifying the candidate data model until the candidate data model models the data, and using the candidate data model as the data model. The method further includes generating a new query string using the data model, executing the new query string on the data, and generating a new result set based on the new query string being executed on the data.

Abstract translation: 实施例包括生成可以给非结构化或结构化数据赋予语义意义的数据模型，其可以包括由搜索引擎（包括时间序列引擎）生成和/或接收的数据。 一种方法包括为存储在存储库中的数据生成数据模型。 生成数据模型包括生成初始查询字符串，对数据执行初始查询字符串，基于对数据执行的初始查询字符串生成初始结果集，从一个或多个初始查询字符串的结果确定一个或多个候选字段 生成基于一个或多个候选字段的候选数据模型，迭代地修改候选数据模型，直到候选数据模型对数据建模，并使用候选数据模型作为数据模型。 该方法还包括使用数据模型生成新的查询字符串，对数据执行新的查询字符串，并且基于对数据执行的新查询字符串生成新的结果集。

公开(公告)号：US20140214807A1

公开(公告)日：2014-07-31

申请号：US14068651

申请日：2013-10-31

Applicant: Splunk Inc.

Inventor： Archana Sulochana Ganapathi ,  Alice Emily Neels ,  Marc Vincent Robichaud ,  Stephen Phillip Sorkin ,  Steve Yu Zhang

IPC: G06F17/30

CPC classification number: G06F17/30395 ,  G06F17/30424 ,  G06F17/30477 ,  G06F17/30554

Abstract: Embodiments are directed towards determining and tracking metadata for the generation of visualizations of requested data. A user may request data by providing a query that may be employed to search for the requested data. The query may include a plurality of commands, which may be employed in a pipeline to perform the search and to generate a table of the requested data. In some embodiments, each command may be executed to perform an action on a set of data. The execution of a command may generate one or more columns to append and/or insert into the table of requested data. Metadata for each generated column may be determined based on the actions performed by executing the commands. The table of requested data and the column metadata may be employed to generate and display a visualization of at least a portion of the requested data to a user.

Abstract translation: 实施例旨在确定和跟踪用于生成所请求数据的可视化的元数据。 用户可以通过提供可用于搜索所请求的数据的查询来请求数据。 该查询可以包括多个命令，其可以在流水线中用于执行搜索并生成所请求的数据的表。 在一些实施例中，可以执行每个命令以对一组数据执行动作。 命令的执行可以生成一个或多个列来附加和/或插入到所请求的数据的表中。 可以基于通过执行命令执行的动作来确定每个生成的列的元数据。 可以使用所请求的数据和列元数据的表来生成并向用户显示所请求的数据的至少一部分的可视化。

公开(公告)号：US11907271B2

公开(公告)日：2024-02-20

申请号：US17076534

申请日：2020-10-21

Applicant: SPLUNK Inc.

Inventor： Marc Vincent Robichaud

IPC: G06F16/31 ,  G06F3/04842

CPC classification number: G06F16/313 ,  G06F3/04842

Abstract: First one or more values are extracted from a plurality of events using a first extraction rule. The extracted first one or more values are assigned to a first field of the plurality of events as a first set of field-data item pairs and a field label is assigned to the first field. Second one or more values and a field label corresponding to the second one or more values are extracted from the plurality of the events using a second extraction rule, where the extracted field label corresponds to the assigned field label of the first field. The extracted second one or more values are assigned to a second field of the plurality of events as a second set of field-data item pairs, thereby distinguishing the extracted second one or more values from the extracted first one or more values.

公开(公告)号：US11789961B2

公开(公告)日：2023-10-17

申请号：US16902874

申请日：2020-06-16

Applicant: SPLUNK Inc.

Inventor： Divanny I. Lamas ,  Marc Vincent Robichaud ,  Carl Sterling Yestrau

IPC: G06F16/25 ,  G06F16/26 ,  G06F16/23 ,  G06F16/2455 ,  G06F16/2458 ,  G06F3/04842 ,  G06F3/0482 ,  G06F16/9038 ,  G06F3/04817

CPC classification number: G06F16/25 ,  G06F3/0482 ,  G06F3/04817 ,  G06F3/04842 ,  G06F16/2393 ,  G06F16/2455 ,  G06F16/2477 ,  G06F16/26 ,  G06F16/9038

Abstract: An event limited field picker for a search user interface is described. In one or more implementations, a service may operate to collect and store data as events each of which includes a portion of the data correlated with a point in time. Clients may use a search user interface perform searches by input of search criteria. Responsive to receiving search criteria, the service may operate to apply a late binding schema to extract events that match the search criteria and provide search results for display via the search user interface. The search user interface exposes an event limited field picker operable to make selections of fields with respect to individual events in a view of the search results. In response to receiving an indication of a fields selected via the picker, visibility of selected fields may be updated to control which field and values are included in different views.

公开(公告)号：US11614856B2

公开(公告)日：2023-03-28

申请号：US17029773

申请日：2020-09-23

Applicant: SPLUNK INC.

Inventor： Cory Eugene Burke ,  Katherine Kyle Feeney ,  Divanny I. Lamas ,  Marc Vincent Robichaud ,  Matthew G. Ness ,  Clara E. Lee

IPC: G06F3/048 ,  G06F3/04842 ,  G06F3/0482 ,  G06F16/22 ,  G06F16/242 ,  G06F16/248 ,  G06F16/25 ,  G06F16/951 ,  G06F16/2455 ,  G06F40/18 ,  G06V10/22 ,  G06F3/04847 ,  G06F9/451

Abstract: In embodiments of statistics value chart interface row mode drill down, a first interface is displayed in a table format that includes columns each with field values of an event field, and each column having a column heading of a different one of the event fields, and includes rows each with one or more of the field values, where each field value in a row is associated with a different one of the event fields, and each row includes an aggregated metric that represents a number of events having field-value pairs that match all of the one or more field values listed in a respective row and the corresponding event fields listed in the respective columns. A row can be emphasized in the first interface, and in response, a menu is displayed with selectable options to transition to a second interface that displays a listing of the events based on a selected one of the options.