公开(公告)号：US20160216855A1

公开(公告)日：2016-07-28

申请号：US15014017

申请日：2016-02-03

Applicant: Splunk Inc.

Inventor： Hemendra Singh Choudhary ,  Tristan Antonio Fletcher ,  Brian Bingham ,  Fang I. Hsiao ,  Brian C. Reyes

IPC: G06F3/0482 ,  G06F3/0484

CPC classification number: H04L43/16 ,  G06F3/0481 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/542 ,  G06F11/321 ,  G06F11/34 ,  G06F17/30424 ,  G06F17/30463 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30572 ,  G06F17/30675 ,  G06F17/30864 ,  G06F17/30867 ,  G06F17/30958 ,  G06F17/30964 ,  G06F17/30979 ,  G06F17/30991 ,  G06Q10/06393 ,  G06T11/206 ,  G06T2200/24 ,  H04L29/08072 ,  H04L41/0213 ,  H04L41/0806 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/5032 ,  H04L41/5035 ,  H04L41/5038 ,  H04L43/04 ,  H04L43/045 ,  H04L67/10 ,  H04L67/16 ,  Y04S10/54

Abstract: A service monitoring system executing on one or more processors may have operations that are determined by control information. Control over the operation of the service monitoring system can be exerted through the use of a graphical interface. The graphical interface may present the control information of a new or existing correlation search definition for user interaction. The service monitoring system may maintain a data store of key performance indicator (KPI) data, where a KPI value in the data store is produced by a KPI-defining search query that derives the value from machine data associated with one or more entities that perform a monitored service. A correlation search definition of the service monitoring system determines how a search of the KPI data is conducted, how its data is evaluated to determine whether a triggering condition has been met, and, if so, determines what triggered action is to be initiated.

Abstract translation: 在一个或多个处理器上执行的服务监视系统可以具有由控制信息确定的操作。 可以通过使用图形界面来实现对服务监视系统的操作的控制。 图形界面可以呈现用于用户交互的新的或现有的相关搜索定义的控制信息。 服务监视系统可以维护关键性能指标（KPI）数据的数据存储，其中数据存储器中的KPI值由KPI限定搜索查询产生，该搜索查询从与执行的一个或多个实体相关联的机器数据获得值 受监控的服务。 服务监控系统的相关搜索定义确定如何进行KPI数据的搜索，如何对其数据进行评估以确定触发条件是否已被满足，如果是，则确定触发的动作将被启动。

公开(公告)号：US20160105330A1

公开(公告)日：2016-04-14

申请号：US14611200

申请日：2015-01-31

Applicant: Splunk Inc.

Inventor： Hemendra Singh Choudhary ,  Tristan Antonio Fletcher ,  Brian Bingham ,  Fang I. Hsiao ,  Brian C. Reyes

IPC: H04L12/24 ,  G06F3/0484 ,  G06F3/0482 ,  H04L12/26 ,  G06F17/30

CPC classification number: H04L43/16 ,  G06F3/0481 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/542 ,  G06F17/30424 ,  G06F17/30463 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30572 ,  G06F17/30675 ,  G06F17/30864 ,  G06F17/30867 ,  G06F17/30958 ,  G06F17/30964 ,  G06F17/30979 ,  G06F17/30991 ,  G06Q10/06393 ,  G06T11/206 ,  G06T2200/24 ,  H04L29/08072 ,  H04L41/0213 ,  H04L41/0806 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/5032 ,  H04L41/5035 ,  H04L41/5038 ,  H04L43/04 ,  H04L43/045 ,  H04L67/10 ,  H04L67/16

Abstract: One or more processing devices cause display of a graphical user interface (GUI) that includes a correlation search portion that enables a user to specify information for a key performance indicator (KPI) correlation search definition. The KPI correlation search definition includes search information and trigger determination information. The search information identifies KPI values, indicative of the KPI states, in a data store. The trigger determination information includes trigger criteria. The trigger determination evaluates the identified KPI values using the trigger criteria to determine whether to cause a defined action. A contribution threshold for a particular KPI definition is received via the GUI. The contribution threshold corresponds to a particular KPI state. The contribution threshold is stored as trigger criteria information. Each of the KPI values is derived from machine data pertaining to entities identified in a service definition using a search query specified by a KPI definition for the service.

Abstract translation: 一个或多个处理设备引起显示图形用户界面（GUI），该图形用户界面（GUI）包括能够使用户指定关键性能指标（KPI）相关搜索定义的信息的相关搜索部分。 KPI相关搜索定义包括搜索信息和触发确定信息。 搜索信息在数据存储中标识表示KPI状态的KPI值。 触发判定信息包括触发准则。 触发确定使用触发条件来评估所识别的KPI值，以确定是否导致定义的动作。 通过GUI接收特定KPI定义的贡献阈值。 贡献阈值对应于特定的KPI状态。 贡献阈值被存储为触发条件信息。 每个KPI值都是从使用由服务的KPI定义指定的搜索查询在服务定义中标识的实体的机器数据中导出的。

公开(公告)号：US20160103909A1

公开(公告)日：2016-04-14

申请号：US14934126

申请日：2015-11-05

Applicant: Splunk Inc.

Inventor： Alok Anant Bhide ,  Brian John Bingham ,  Tristan Antonio Fletcher ,  Brian Reyes

IPC: G06F17/30 ,  G06F3/0481 ,  G06F3/0482 ,  G06F3/0484

CPC classification number: H04L43/16 ,  G06F3/0481 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/542 ,  G06F17/30424 ,  G06F17/30463 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30572 ,  G06F17/30675 ,  G06F17/30864 ,  G06F17/30867 ,  G06F17/30958 ,  G06F17/30964 ,  G06F17/30979 ,  G06F17/30991 ,  G06Q10/06393 ,  G06T11/206 ,  G06T2200/24 ,  H04L29/08072 ,  H04L41/0213 ,  H04L41/0806 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/5032 ,  H04L41/5035 ,  H04L41/5038 ,  H04L43/04 ,  H04L43/045 ,  H04L67/10 ,  H04L67/16

Abstract: One or more processing devices access a service definition for a service provided by one or more entities that each produce machine data or about which machine data is generated. The service definition identifies the entities that provide the service and, for each entity, identifying information for locating machine data pertaining to that entity. The processing devices access a key performance indicator (KPI) for the service that is defined by a search query that produces a value derived from the machine data pertaining to the entities identified in the service definition. The value indicates how the service is performing at a point in time or during a period of time and indicates a state of the KPI. A graphical interface is displayed and an indication of at least one threshold, which defines an end of a range of values representing a state of the KPI, for the KPI is received.

Abstract translation: 一个或多个处理设备访问由一个或多个实体提供的服务的服务定义，每个实体产生机器数据或关于哪个机器数据被生成。 服务定义识别提供服务的实体，并且为每个实体标识用于定位与该实体有关的机器数据的信息。 处理设备访问由搜索查询定义的服务的关键性能指标（KPI），该搜索查询产生从与服务定义中标识的实体相关的机器数据导出的值。 该值指示服务在某个时间点或一段时间内的运行情况，并指示KPI的状态。 显示图形界面，并且接收至少一个阈值的指示，其定义表示KPI的KPI的状态的范围的范围的结束。

公开(公告)号：US20160103878A1

公开(公告)日：2016-04-14

申请号：US14815888

申请日：2015-07-31

Applicant: Splunk, Inc.

Inventor： Brent Boe ,  Brian Bingham ,  John Robert Coates ,  Tristan Antonio Fletcher

IPC: G06F17/30 ,  G06F9/54

CPC classification number: H04L43/16 ,  G06F3/0481 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/542 ,  G06F17/30424 ,  G06F17/30463 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30572 ,  G06F17/30675 ,  G06F17/30864 ,  G06F17/30867 ,  G06F17/30958 ,  G06F17/30964 ,  G06F17/30979 ,  G06F17/30991 ,  G06Q10/06393 ,  G06T11/206 ,  G06T2200/24 ,  H04L29/08072 ,  H04L41/0213 ,  H04L41/0806 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/5032 ,  H04L41/5035 ,  H04L41/5038 ,  H04L43/04 ,  H04L43/045 ,  H04L67/10 ,  H04L67/16

Abstract: One or more processing devices create one or more entity definitions that each associate an entity with machine data pertaining to that entity and create a service definition for a service provided by one or more entities. The service definition includes an entity definition for each of the one or more entities. The one or more processing devices create one or more key performance indicators (KPIs). Each KPI is defined by a search query that produces a value derived from the machine data identified in one or more of the entity definitions included in the service definition. Each value is indicative of how the service is performing at a point in time or during a period of time.

Abstract translation: 一个或多个处理设备创建一个或多个实体定义，每个实体定义使实体与与该实体有关的机器数据关联，并为由一个或多个实体提供的服务创建服务定义。 服务定义包括一个或多个实体中的每一个的实体定义。 一个或多个处理设备创建一个或多个关键性能指标（KPI）。 每个KPI由搜索查询定义，该搜索查询产生从在服务定义中包括的一个或多个实体定义中标识的机器数据导出的值。 每个值都表示服务在某个时间点或某段时间内的表现。

公开(公告)号：US12175403B2

公开(公告)日：2024-12-24

申请号：US17373700

申请日：2021-07-12

Applicant: Splunk Inc.

Inventor： Tristan Antonio Fletcher ,  Alok Anant Bhide

IPC: G06F17/00 ,  G06F3/0481 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F7/00 ,  G06F9/54 ,  G06F11/32 ,  G06F11/34 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/248 ,  G06F16/25 ,  G06F16/26 ,  G06F16/33 ,  G06F16/901 ,  G06F16/903 ,  G06F16/9038 ,  G06F16/951 ,  G06F16/9535 ,  G06F16/9538 ,  G06Q10/0637 ,  G06Q10/0639 ,  H04L41/0213 ,  H04L41/0806 ,  H04L41/22 ,  H04L41/50 ,  H04L41/5009 ,  H04L43/04 ,  H04L43/045 ,  H04L43/091 ,  H04L43/16 ,  H04L43/55 ,  H04L67/10 ,  H04L67/51 ,  H04L69/329 ,  G06T11/20

Abstract: A service monitoring system receives receiving, via a user interface, an identification of a service of an information technology environment, and causes display of a plurality of key performance indicators (KPIs) in the user interface. Each KPI of the plurality of KPIs indicates a measure of performance for the service. The service monitoring system receives, via the user interface, an identification of a time period, and an identification of one or more visual characteristics for KPI graph lanes. Each of the KPI graph lanes is indicative of one or more KPI values of a respective KPI of the plurality of KPIs, the one or more KPI values are obtained from execution of a search query associated with the respective KPI, and the search query uses the time period to obtain the one or more KPI values. The service monitoring system causes display of a plurality of KPI graph lanes based on the one or more visual characteristics. Each graph lane provides a graphical visualization of the one or more KPI values of the respective KPI, and the display of the plurality of KPI graph lanes allows for visual correlation among the plurality of KPIs over the time period.

公开(公告)号：US11748390B1

公开(公告)日：2023-09-05

申请号：US17575336

申请日：2022-01-13

Applicant: Splunk Inc.

Inventor： Tristan Antonio Fletcher ,  Clint Sharp ,  Anupadmaja Raghavan

IPC: G06F16/00 ,  G06F16/33 ,  G06F16/903 ,  G06F3/0482 ,  G06F3/04842 ,  G06Q10/0639 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/50 ,  H04L43/04 ,  H04L41/069 ,  H04L69/329 ,  H04L9/40 ,  H04L41/0686

CPC classification number: G06F16/334 ,  G06F3/0482 ,  G06F3/04842 ,  G06F16/903 ,  G06Q10/06393 ,  H04L41/069 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/5032 ,  H04L43/04 ,  H04L69/329 ,  H04L41/0686 ,  H04L63/145

Abstract: Technologies are disclosed for providing a common information model. Features include: detecting a scheduled time for a key performance indicator reflecting how a service provided by one or more entities is performing, entity definition information recording the association between the entities and its machine data, service definition information associating the entities that provide the service, and the KPI being defined by a search query, including a field identifier specified in a data model, the KPI derives a value from the machine data; performing the query in response to said detecting, including: associating values in the machine data having disparate field names in accordance with disparate schemas with the field identifier specified in the data model, and processing the associated values as semantically equivalent data instances. In doing so, values having the same semantic (or related semantics) can be used together despite being associated with disparate field names from disparate schemas.

公开(公告)号：US11675816B1

公开(公告)日：2023-06-13

申请号：US17163258

申请日：2021-01-29

Applicant: Splunk Inc.

Inventor： Ramkumar Chandrasekharan ,  Tristan Antonio Fletcher ,  Ramprasad Siva Golla ,  Alpesh Sheth ,  Shailendra Suryawanshi ,  Xiang Zhou

IPC: G06F17/00 ,  G06F16/28 ,  G06N20/00

CPC classification number: G06F16/285 ,  G06N20/00

Abstract: Systems and methods are described for using a streaming data processor to group notable events reflecting operation of a computing system into episodes of related events reflecting an incident on the computing system, such as to enable root cause analysis of the incident. Each notable event can be generated based on one or more events detected within raw machine data. The streaming data processor can ingest a data stream of notable events, and apply a clustering algorithm to the events to cluster those events into episodes. When the episodes satisfy an action rule, the streaming data processor can take an action appropriate to that rule, such as transmitting an alert or programmatically altering operation of the computing system. The streaming data processor can utilize feedback as to the grouping of events into episodes to modify the clustering algorithm and improve accuracy of clustering.

公开(公告)号：US11455590B2

公开(公告)日：2022-09-27

申请号：US15199669

申请日：2016-06-30

Applicant: Splunk Inc.

Inventor： Anupadmaja Raghavan ,  George Daloukov ,  Alok Anant Bhide ,  Ross Andrew Lazerowitz ,  Tristan Antonio Fletcher ,  Alan Vincent Hardin

IPC: G06Q10/06 ,  G06Q10/00 ,  H04L41/5009 ,  H04L41/5006

Abstract: An automatic service monitor in an information technology environment has its operation controlled by information that, in part, defines entities that perform services and defines key performance indicators (KPIs) that indicate measures of performance of the services. Additional information controls the operation of the service monitor with respect to identifying and adapting for KPIs based on the non-normal data caused by maintenance work or other causes. Such adaptation may include changes in how reported information appears to the user.

公开(公告)号：US11275775B2

公开(公告)日：2022-03-15

申请号：US14800678

申请日：2015-07-15

Applicant: Splunk Inc.

Inventor： Tristan Antonio Fletcher ,  Clint Sharp ,  Anupadmaja Raghavan

IPC: G06F16/33 ,  G06F16/903 ,  H04L12/24 ,  H04L12/26 ,  G06Q10/06 ,  G06F3/0482 ,  G06F3/0484 ,  H04L29/08 ,  H04L29/06 ,  H04L41/5009 ,  H04L43/04 ,  H04L41/069 ,  H04L41/50 ,  H04L41/22 ,  G06F3/04842 ,  H04L69/329 ,  H04L41/0686

Abstract: Technologies are disclosed for providing a common information model. Features include: detecting a scheduled time for a key performance indicator reflecting how a service provided by one or more entities is performing, entity definition information recording the association between the entities and its machine data, service definition information associating the entities that provide the service, and the KPI being defined by a search query, including a field identifier specified in a data model, the KPI derives a value from the machine data; performing the query in response to said detecting, including: associating values in the machine data having disparate field names in accordance with disparate schemas with the field identifier specified in the data model, and processing the associated values as semantically equivalent data instances. In doing so, values having the same semantic (or related semantics) can be used together despite being associated with disparate field names from disparate schemas.

公开(公告)号：US20210342394A1

公开(公告)日：2021-11-04

申请号：US17373700

申请日：2021-07-12

Applicant: Splunk Inc.

Inventor： Tristan Antonio Fletcher ,  Alok Anant Bhide

IPC: G06F16/903 ,  G06Q10/06 ,  H04L29/08 ,  G06F16/26 ,  G06F16/248 ,  G06F16/25 ,  G06F16/33 ,  G06F16/951 ,  G06F16/2455 ,  G06F16/901 ,  G06F16/9038 ,  G06F16/9535 ,  G06F16/2453 ,  H04L12/24 ,  G06F11/34 ,  G06F11/32 ,  H04L12/26 ,  G06F3/0484 ,  G06F9/54 ,  G06F3/0481 ,  G06F3/0482

Abstract: A service monitoring system receives receiving, via a user interface, an identification of a service of an information technology environment, and causes display of a plurality of key performance indicators (KPIs) in the user interface. Each KPI of the plurality of KPIs indicates a measure of performance for the service. The service monitoring system receives, via the user interface, an identification of a time period, and an identification of one or more visual characteristics for KPI graph lanes. Each of the KPI graph lanes is indicative of one or more KPI values of a respective KPI of the plurality of KPIs, the one or more KPI values are obtained from execution of a search query associated with the respective KPI, and the search query uses the time period to obtain the one or more KPI values. The service monitoring system causes display of a plurality of KPI graph lanes based on the one or more visual characteristics. Each graph lane provides a graphical visualization of the one or more KPI values of the respective KPI, and the display of the plurality of KPI graph lanes allows for visual correlation among the plurality of KPIs over the time period.