公开(公告)号：US11809497B2

公开(公告)日：2023-11-07

申请号：US18151364

申请日：2023-01-06

Applicant: Splunk Inc.

Inventor： Joerg Beringer ,  Isabelle Park ,  Joshua Walters ,  Eric Tschetter ,  Simon Foster Fishel

IPC: G06F16/903 ,  G06F16/28 ,  G06F16/9038

CPC classification number: G06F16/90335 ,  G06F16/287 ,  G06F16/9038

Abstract: Systems and methods are disclosed for processing events having raw machine data associated with a timestamp using one or more pivot identifiers and one or more step identifiers to generate one or more journey instances. Based on the one or more pivot identifier field, the system can relate events that have a common field value for the pivot identifier field. Based on the one or more step identifiers, the system can group the related events into a subset of events. Using the subset of events, the system can build a journey instance.

公开(公告)号：US11805144B1

公开(公告)日：2023-10-31

申请号：US18061364

申请日：2022-12-02

Applicant: Splunk Inc.

Inventor： Allison Lindsey Drake ,  James Irwin Ebeling ,  Marios Iliofotou ,  Lucas Keith Murphey ,  Mihir Randhir Parikh ,  Amarendra Pendala ,  Krishna Prasanna Sankaran ,  Sourabh Satish

IPC: G06F3/0482 ,  H04L9/40 ,  G06T11/20 ,  G06F16/26 ,  G06F16/2457 ,  G06T11/00 ,  G06F16/248

CPC classification number: H04L63/1425 ,  G06F16/248 ,  G06F16/24578 ,  G06F16/26 ,  G06T11/001 ,  G06T11/206 ,  H04L63/1433 ,  G06F3/0482 ,  G06T2200/24

Abstract: Security related anomalies in the data related to network entities are identified, and a risk score is assigned to each entity based on the anomalies. Visualization data is generated for a color-coded interactive visualization. Generating the visualization data includes assigning each entity to a separate polygon to be displayed concurrently on a display screen; selecting a size of each polygon to indicate one of: a number of security related anomalies associated with the entity, or a risk level assigned to the entity, where the risk level is based on the risk score of the entity, and selecting a color of each polygon to indicate the other one of: the number of security related anomalies associated with the entity, or the risk level assigned to the entity; and causing, the color-coded interactive visualization to be displayed on a display device based on the visualization data.

公开(公告)号：US11799798B1

公开(公告)日：2023-10-24

申请号：US17973357

申请日：2022-10-25

Applicant: Splunk Inc.

Inventor： Omprakaash Thoppai ,  Sakib Mehasanewala ,  Yogesh Sontakke

IPC: H04L12/26 ,  G06F16/901 ,  H04L47/70 ,  G06F16/9035 ,  H04L47/78 ,  H04L47/762

CPC classification number: H04L47/828 ,  G06F16/901 ,  G06F16/9035 ,  H04L47/762 ,  H04L47/781

Abstract: Techniques are described for providing a cloud data collector (CDC) application for managing the generation of infrastructure templates. The CDC application provides graphical user interfaces that enable a user to provide inputs indicating configurations of data to be ingested by the data intake and query system, each configuration including one or more user accounts, in addition to data sources and regions associated with data sources. Using the configurations provided as input to the CDC application, the CDC application generates an infrastructure template that can be used to configure the service provider network to provide the requested security data to the data intake and query system.

公开(公告)号：US11797168B1

公开(公告)日：2023-10-24

申请号：US17856842

申请日：2022-07-01

Applicant: SPLUNK INC.

Inventor： Nicholas Filippi ,  Siegfried Puchbauer-Schnabel ,  Cary Noel

IPC: G06F3/04847

CPC classification number: G06F3/04847

Abstract: Provided are systems and methods for determining and displaying automatically binned information via a graphical user interface. A graphical user interface (GUI) may include a first graphical element representing a first metric value for a first time window and a second graphical element representing a second metric value for a second time window. An indication of a selection of the first time window may be received via the GUI. An updated GUI comprising a third graphical element representing a third metric value for the third time window and a fourth graphical element representing the fourth metric value for the fourth time window may be displayed, wherein the third time window and the fourth time window may be sub-ranges of the first time window.

公开(公告)号：US11792291B1

公开(公告)日：2023-10-17

申请号：US17828824

申请日：2022-05-31

Applicant: SPLUNK INC.

Inventor： Nikhil Mungel ,  Brian Krueger

IPC: H04L67/567 ,  H04L67/02 ,  H04L67/564 ,  H04L41/5051 ,  H04L41/50 ,  H04L67/1097

CPC classification number: H04L67/567 ,  H04L67/02 ,  H04L67/564 ,  H04L41/5051 ,  H04L41/5058 ,  H04L67/1097

Abstract: In various embodiments, a gateway application generates an outgoing Hypertext Transmission Protocol (HTTP) request based on an incoming HTTP request. In operation, the gateway application receives the incoming HTTP request and identifies an upstream service based on at least one of an HTTP method and a header included in the incoming HTTP request. Subsequently, the gateway application generates an outgoing HTTP request based on the upstream service and the incoming HTTP request. Finally, the gateway application issues the outgoing HTTP request. The outgoing HTTP request causes the upstream service to perform an action requested in the incoming HTTP request. Advantageously, the gateway application enables underlying upstream services to perform actions specified via incoming HTTP requests without directly exposing the upstream services to users.

公开(公告)号：US11789943B1

公开(公告)日：2023-10-17

申请号：US17829141

申请日：2022-05-31

Applicant: Splunk Inc.

Inventor： Gergely Danyi ,  Steven Flanders ,  Joseph Ari Ross ,  Justin Smith ,  Eric Wohlstadter ,  Chengyu Yang

IPC: G06F16/245 ,  G06F11/34 ,  G06F11/30

CPC classification number: G06F16/245 ,  G06F11/302 ,  G06F11/3495

Abstract: A computer-implemented method for analyzing spans and traces associated with a microservices-based application executing in a distributed computing environment comprises aggregating a plurality of ingested spans associated with one or more applications executing in the distributed computing environment into a plurality of traces, wherein each of the plurality of ingested spans is associated with a plurality of tags. The method further comprises comparing durations of a set of related traces of the plurality of traces to determine patterns for the plurality of tags and generating a histogram that represents a distribution of the durations of the set of related traces. The method also comprises providing alerts for one or more tags from the plurality of tags associated with traces having a duration above a threshold based on the distribution of the durations.

公开(公告)号：US11789804B1

公开(公告)日：2023-10-17

申请号：US17589556

申请日：2022-01-31

Applicant: Splunk Inc.

Inventor： Gergely Danyi ,  Sakshi Garg ,  Maxime Petazzoni ,  Sahinaz Safari Sanjani ,  Timothy Matthew Robin Williamson ,  Eric Wohlstadter

IPC: G06F11/00 ,  G06F11/07

CPC classification number: G06F11/079 ,  G06F11/0751 ,  G06F11/0778

Abstract: A method of identifying a root cause of a failure for a trace within a microservices-based application includes determining if a root span of the trace is an error span resulting in an error experienced by a user at a front end of the microservices-based application. If the root span of the trace is an error span, the method analyzes a plurality of spans comprising the trace to determine if the trace comprises at least one leaf error span. If the trace comprises a single leaf error span, the method attributes the root cause of the failure in the trace to a service associated with the single leaf error span. If the trace comprises multiple leaf error spans the method attributes the root cause of the failure in the trace to a service associated with a leaf error span of the multiple leaf error spans comprising a latest starting timestamp.

公开(公告)号：US11782989B1

公开(公告)日：2023-10-10

申请号：US17670773

申请日：2022-02-14

Applicant: SPLUNK Inc.

Inventor： Brian Bingham ,  Tristan Fletcher ,  Alok Anant Bhide

IPC: G06F16/9038 ,  G06F16/901 ,  G06F16/9032 ,  G06F16/903 ,  G06F16/2458 ,  G06F16/26 ,  G06F3/0488 ,  G06F3/0482 ,  G06F9/455 ,  G06F11/32 ,  G06F11/34

CPC classification number: G06F16/9038 ,  G06F3/0482 ,  G06F3/0488 ,  G06F9/45533 ,  G06F11/323 ,  G06F16/2471 ,  G06F16/26 ,  G06F16/9017 ,  G06F16/90328 ,  G06F16/90335 ,  G06F11/3409 ,  G06F2201/815

Abstract: The disclosed system and method acquire and store performance measurements relating to performance of a component in an information technology (IT) environment and log data produced by the IT environment, in association with corresponding time stamps. The disclosed system and method correlate at least one of the performance measurements with at least one of the portions of log data.

公开(公告)号：US11782920B1

公开(公告)日：2023-10-10

申请号：US17163118

申请日：2021-01-29

Applicant: Splunk Inc.

Inventor： Phil Yonghui Wang ,  Steve Zhang

IPC: G06F16/24 ,  G06F16/245 ,  G06F16/2453 ,  G06F16/2458

CPC classification number: G06F16/24535 ,  G06F16/2477 ,  G06F16/24542

Abstract: A data intake and query system executes a search query at a first execution time for querying events having associated time stamps within a first time period characterized by a first start time and a first end time. The first start time is computed based upon a time indicated by reference time information stored prior to execution of the search query. The system determines whether execution of the search query completed successfully based upon a first search result obtained from executing the search query. If the first execution of the search query was not successful, the system computes for a second execution of the search query after the first execution, a second time period using the reference time information. The second execution is configured to query events with associated timestamps that fall within a second time period that includes the first time period and an additional time period.

公开(公告)号：US11777945B1

公开(公告)日：2023-10-03

申请号：US17586086

申请日：2022-01-27

Applicant: SPLUNK Inc.

Inventor： George Apostolopoulos ,  Ignacio Nicolas Bermudez Corrales

IPC: G06N20/00 ,  G06N7/00 ,  H04L9/40 ,  G06F16/28

CPC classification number: H04L63/102 ,  G06F16/288 ,  G06N7/00 ,  G06N20/00 ,  H04L63/1425

Abstract: Embodiments of the present invention are directed to facilitating detection of suspicious access to resources. In accordance with aspects of the present disclosure, an access graph is generated. The access graph contains access data that includes observed accesses between entities and resources. Access scores can be determined for entity-resource pairs in the access graph by applying a set of access rules to the entity-resource pairs in the access graph. The access scores indicate an extent of relatedness between the corresponding entity and resource. Thereafter, the access scores can be used to train a probabilistic prediction model that predicts suspiciousness of accesses between entities and resources.