公开(公告)号：US20210406100A1

公开(公告)日：2021-12-30

申请号：US17447408

申请日：2021-09-10

Applicant: Splunk Inc.

Inventor： Michael Joseph Baum ,  R. David Carasso ,  Robin Kumar Das ,  Bradley Hall ,  Brian Philip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Erik M. Swan ,  Rory Greene ,  Nicholas Christian Mealy ,  Christina Frances Regina Noren

IPC: G06F9/54

Abstract: Methods and apparatus consistent with the invention provide the ability to organize and build understandings of machine data generated by a variety of information-processing environments. Machine data is a product of information-processing systems (e.g., activity logs, configuration files, messages, database records) and represents the evidence of particular events that have taken place and been recorded in raw data format. In one embodiment, machine data is turned into a machine data web by organizing machine data into events and then linking events together.

公开(公告)号：US11106691B2

公开(公告)日：2021-08-31

申请号：US16394754

申请日：2019-04-25

Applicant: SPLUNK INC.

Inventor： R. David Carasso ,  Micah James Delfino

IPC: G06F17/00 ,  G06F16/2458 ,  G06F16/901 ,  G06F40/284

Abstract: Embodiments are directed towards a graphical user interface identify locations within event records with splittable timestamp information. A display of event records is provided using any of a variety of formats. A splittable timestamp selector allows a user to select one or more locations within event records as having time related information that may be split across the one or more locations, including, information based on date, time of day, day of the week, or other time information. Any of a plurality of mechanisms is used to associate the selected locations with the split timestamp information, including tags, labels, or header information within the event records. In other embodiments, a separate table, list, index, or the like may be generated that associates the selected locations with the split timestamp information. The split timestamp information may be used within extraction rules for selecting subsets or the event records.

公开(公告)号：US10769178B2

公开(公告)日：2020-09-08

申请号：US14816036

申请日：2015-08-02

Applicant: Splunk Inc.

Inventor： R. David Carasso ,  Micah James Delfino ,  Johnvey Hwang

IPC: G06F16/28 ,  G06F3/0484 ,  G06F3/0482 ,  G06F16/34 ,  G06F16/93 ,  G06F16/248 ,  G06F16/332 ,  G06F16/33 ,  G06F16/338 ,  G06F16/951 ,  G06Q10/06 ,  G06F40/166 ,  G06F40/169 ,  G06F40/174 ,  G06Q10/00

Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.

公开(公告)号：US10740313B2

公开(公告)日：2020-08-11

申请号：US15883588

申请日：2018-01-30

Applicant: Splunk Inc.

Inventor： Michael Joseph Baum ,  R. David Carasso ,  Robin Kumar Das ,  Rory Greene ,  Bradley Hall ,  Nicholas Christian Mealy ,  Brian Philip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Erik M. Swan

IPC: G06F16/00 ,  G06F16/22 ,  G06F16/248 ,  G06F16/951 ,  G06F16/23 ,  G06F16/2458 ,  G06F16/2455 ,  G06F16/2457

Abstract: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is stored as discrete events time stamps. A search is received and relevant event information is retrieved based in whole or in part on the time stamp, a keyword indexing mechanism, or statistical indices calculated at the time of the search.

公开(公告)号：US10579648B2

公开(公告)日：2020-03-03

申请号：US15582668

申请日：2017-04-29

Applicant: SPLUNK, Inc.

Inventor： R. David Carasso ,  Micah James Delfino ,  Johnvey Hwang

IPC: G06F16/28 ,  G06F3/0484 ,  G06F3/0482 ,  G06F16/34 ,  G06F16/93 ,  G06F16/248 ,  G06F16/332 ,  G06F16/33 ,  G06F16/338 ,  G06F16/951 ,  G06Q10/06 ,  G06Q10/00 ,  G06F17/24

Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.

公开(公告)号：US20190258649A1

公开(公告)日：2019-08-22

申请号：US16399136

申请日：2019-04-30

Applicant: Splunk Inc.

Inventor： Michael Joseph Baum ,  R. David Carasso ,  Robin Kumar Das ,  Bradley Hall ,  Brian Philip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Erik M. Swan ,  Rory Greene ,  Nicholas Christian Mealy ,  Christina Frances Regina Noren

IPC: G06F16/28 ,  G06F16/2457 ,  G06K9/62 ,  G06F17/27 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/23 ,  G06F16/31 ,  G06F16/35 ,  H04L29/06

Abstract: Methods and apparatus consistent with the invention provide the ability to organize and build understandings of machine data generated by a variety of information-processing environments. Machine data is a product of information-processing systems (e.g., activity logs, configuration files, messages, database records) and represents the evidence of particular events that have taken place and been recorded in raw data format. In one embodiment, machine data is turned into a machine data web by organizing machine data into events and then linking events together.

公开(公告)号：US10339162B2

公开(公告)日：2019-07-02

申请号：US15011622

申请日：2016-01-31

Applicant: Splunk Inc.

Inventor： Michael Joseph Baum ,  R. David Carasso ,  Robin Kumar Das ,  Bradley Hall ,  Brian Philip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Erik M. Swan ,  Rory Greene ,  Nicholas Christian Mealy ,  Christina Frances Regina Noren

IPC: G06F17/40 ,  G06F16/28 ,  G06F16/35 ,  G06F16/31 ,  G06F16/23 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/2457 ,  G06K9/62 ,  G06F17/27 ,  H04L29/06 ,  G06F16/33 ,  G06F11/34

Abstract: Methods and apparatus consistent with the invention provide the ability to organize and build understandings of machine data generated by a variety of information-processing environments. Machine data is a product of information-processing systems (e.g., activity logs, configuration files, messages, database records) and represents the evidence of particular events that have taken place and been recorded in raw data format. In one embodiment, machine data is turned into a machine data web by organizing machine data into events and then linking events together.

公开(公告)号：US10318537B2

公开(公告)日：2019-06-11

申请号：US15582599

申请日：2017-04-28

Applicant: SPLUNK, Inc.

Inventor： R. David Carasso ,  Micah James Delfino

IPC: G06F16/2458 ,  G06F16/901 ,  G06F17/27 ,  G06F15/16

Abstract: Embodiments are directed towards a graphical user interface identify locations within event records with splittable timestamp information. A display of event records is provided using any of a variety of formats. A splittable timestamp selector allows a user to select one or more locations within event records as having time related information that may be split across the one or more locations, including, information based on date, time of day, day of the week, or other time information. Any of a plurality of mechanisms is used to associate the selected locations with the split timestamp information, including tags, labels, or header information within the event records. In other embodiments, a separate table, list, index, or the like may be generated that associates the selected locations with the split timestamp information. The split timestamp information may be used within extraction rules for selecting subsets or the event records.

公开(公告)号：US10262018B2

公开(公告)日：2019-04-16

申请号：US15339953

申请日：2016-11-01

Applicant: Splunk Inc.

Inventor： Erik M. Swan ,  R. David Carasso ,  Robin Kumar Das ,  Rory Greene ,  Bradley Hall ,  Nicholas Christian Mealy ,  Brian Philip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Michael Joseph Baum

IPC: G06F7/00 ,  G06F17/30

Abstract: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.

公开(公告)号：US10216779B2

公开(公告)日：2019-02-26

申请号：US15008425

申请日：2016-01-27

Applicant: Splunk Inc.

Inventor： Erik M. Swan ,  R. David Carasso ,  Robin Kumar Das ,  Rory Greene ,  Bradley Hall ,  Nicholas Christian Mealy ,  Brian Philip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Michael Joseph Baum

IPC: G06F17/00 ,  G06F17/30

Abstract: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.