公开(公告)号：US11960545B1

公开(公告)日：2024-04-16

申请号：US17829179

申请日：2022-05-31

Applicant: Splunk Inc.

Inventor： Karthikeyan Sabhanatarajan ,  David Ryan Marquardt ,  Steve Zhang ,  Nicholas Romito

IPC: G06F16/903 ,  G06F16/901

CPC classification number: G06F16/90335 ,  G06F16/901

Abstract: Embodiments of the present disclosure provide techniques for performing searches of event records by leveraging reference values in an inverted index. A method of searching comprises accessing a query associated with a first set of event records in a field searchable data store, each event record comprising a time-stamped portion of raw machine data. The method further comprises evaluating the query and generating results for the query by accessing an inverted index, wherein each entry in the inverted index comprises at least one field, a corresponding at least one field value and a reference value that identifies a location in the field searchable data store where an associated event record is stored. The method further comprises performing a search to filter out a second set of event records and retrieving the second set of event records from the field searchable data store using reference values in the inverted index.

公开(公告)号：US11610156B1

公开(公告)日：2023-03-21

申请号：US17397919

申请日：2021-08-09

Applicant: SPLUNK INC.

Inventor： Pradeep Baliganapalli Nagaraju ,  Steve Zhang ,  Jiahan Wang ,  Adam Jamison Oliner ,  Erick Anthony Dean

IPC: G06F15/16 ,  G06N20/00 ,  G06N3/08 ,  G06N3/04 ,  G06K9/62 ,  G06V10/94

Abstract: Disclosed is a technique that can be performed by a server computer system. The technique can include executing a machine learning process to generate a machine learning model based on global data collected from one or more electronic devices, wherein the machine learning model is described by model data. The technique can further include encapsulating the model data in a markup language document. The technique can further include sending, over a network, the markup language document to at least one electronic device of the one or more electronic devices to cause the at least one electronic device to update a local device machine learning model.

公开(公告)号：US20200226183A1

公开(公告)日：2020-07-16

申请号：US16830010

申请日：2020-03-25

Applicant: SPLUNK INC.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F16/951 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/903

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing real-time search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.

公开(公告)号：US11657065B2

公开(公告)日：2023-05-23

申请号：US17158880

申请日：2021-01-26

Applicant: SPLUNK INC.

Inventor： Jesse Brandau Miller ,  Katherine Kyle Feeney ,  Yuan Xie ,  Steve Zhang ,  Adam Jamison Oliner ,  Jindrich Dinga ,  Jacob Leverich

IPC: G06F16/26

CPC classification number: G06F16/26

Abstract: Systems and methods include causing presentation of a first cluster in association with an event of the first cluster, the first cluster from a first set of clusters of events. Each event includes a time stamp and event data. Based on the presentation of the first cluster, an extraction rule corresponding to the event of the first cluster is received from a user. Similarities in the event data between the events are determined based on the received extraction rule. The events are grouped into a second set of clusters based on the determined similarities. Presentation is caused of a second cluster in association with an event of the second cluster, where the second cluster is from the second set of clusters.

公开(公告)号：US11429608B2

公开(公告)日：2022-08-30

申请号：US16527719

申请日：2019-07-31

Applicant: Splunk Inc.

Inventor： Karthikeyan Sabhanatarajan ,  David Ryan Marquardt ,  Steve Zhang ,  Nicholas Romito ,  Sophia Zhu

IPC: G06F16/24 ,  G06F16/2453 ,  G06F16/903

Abstract: Embodiments of the present disclosure provide techniques for emitting structured and dynamic fields from an accelerated data model. The method comprises evaluating a query to search a data model, wherein the data model is defined by a set of events and at least one structured field from fields associated with the set of events. Each event comprises a time-stamped portion of raw machine data and is stored in a field searchable data store. A summarization table is associated with the data model and comprises a plurality of entries comprising reference values, wherein a respective summarization table entry comprises: the at least one structured field; a respective field value; and a reference value. The method further comprises accessing the set of events from the field searchable data store using the reference values in the summarization table and annotating the set of events with the at least one structured field and with at least one dynamic field from the fields associated with the set of events, wherein the at least one dynamic field is not defined in the data model.

公开(公告)号：US11379530B2

公开(公告)日：2022-07-05

申请号：US16527854

申请日：2019-07-31

Applicant: Splunk Inc.

Inventor： Karthikeyan Sabhanatarajan ,  David Ryan Marquardt ,  Steve Zhang ,  Nicholas Romito

IPC: G06F17/30 ,  G06F16/903 ,  G06F16/901

Abstract: Embodiments of the present disclosure provide techniques for performing searches of event records by leveraging reference values in an inverted index. A method of searching comprises accessing a query associated with a first set of event records in a field searchable data store, each event record comprising a time-stamped portion of raw machine data. The method further comprises evaluating the query and generating results for the query by accessing an inverted index, wherein each entry in the inverted index comprises at least one field, a corresponding at least one field value and a reference value that identifies a location in the field searchable data store where an associated event record is stored. The method further comprises performing a search to filter out a second set of event records and retrieving the second set of event records from the field searchable data store using reference values in the inverted index.

公开(公告)号：US20210042369A1

公开(公告)日：2021-02-11

申请号：US17080032

申请日：2020-10-26

Applicant: SPLUNK Inc.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F16/951 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/903

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing realtime search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.

公开(公告)号：US20190278868A9

公开(公告)日：2019-09-12

申请号：US15885629

申请日：2018-01-31

Applicant: SPLUNK INC.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F17/30

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing real-time search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.

公开(公告)号：US20180089303A1

公开(公告)日：2018-03-29

申请号：US15276693

申请日：2016-09-26

Applicant: SPLUNK INC.

Inventor： Jesse Brandau Miller ,  Katherine Kyle Feeney ,  Yuan Xie ,  Steve Zhang ,  Adam Jamison Oliner ,  Jindrich Dinga ,  Jacob Leverich

IPC: G06F17/30

CPC classification number: G06F16/26

Abstract: Systems and methods include causing presentation of a first cluster in association with an event of the first cluster, the first cluster from a first set of clusters of events. Each event includes a time stamp and event data. Based on the presentation of the first cluster, an extraction rule corresponding to the event of the first cluster is received from a user. Similarities in the event data between the events are determined based on the received extraction rule. The events are grouped into a second set of clusters based on the determined similarities. Presentation is caused of a second cluster in association with an event of the second cluster, where the second cluster is from the second set of clusters.

公开(公告)号：US12099517B1

公开(公告)日：2024-09-24

申请号：US18300936

申请日：2023-04-14

Applicant: Splunk Inc.

Inventor： Jesse Brandau Miller ,  Katherine Kyle Feeney ,  Yuan Xie ,  Steve Zhang ,  Adam Jamison Oliner ,  Jindrich Dinga ,  Jacob Leverich

IPC: G06F16/00 ,  G06F16/26

CPC classification number: G06F16/26

Abstract: Systems and methods include causing presentation of a first cluster in association with an event of the first cluster, the first cluster from a first set of clusters of events. Each event includes a time stamp and event data. Based on the presentation of the first cluster, an extraction rule corresponding to the event of the first cluster is received from a user. Similarities in the event data between the events are determined based on the received extraction rule. The events are grouped into a second set of clusters based on the determined similarities. Presentation is caused of a second cluster in association with an event of the second cluster, where the second cluster is from the second set of clusters.