公开(公告)号：US11651149B1

公开(公告)日：2023-05-16

申请号：US17874046

申请日：2022-07-26

Applicant: SPLUNK Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F3/048 ,  G06F40/174 ,  G06F16/2458

CPC classification number: G06F40/174 ,  G06F16/2477

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US11042697B2

公开(公告)日：2021-06-22

申请号：US16589445

申请日：2019-10-01

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F3/048 ,  G06F40/174 ,  G06F16/2458

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US09442981B2

公开(公告)日：2016-09-13

申请号：US14929332

申请日：2015-10-31

Applicant: Splunk Inc.

Inventor： Mitchell Neuman Blank, Jr. ,  Leonid Budchenko ,  David Carasso ,  Micah James Delfino ,  Johnvey Hwang ,  Stephen Phillip Sorkin ,  Eric Timothy Woo

IPC: G06F17/30 ,  G06F3/0484 ,  G06F3/0482 ,  G06F17/27

CPC classification number: G06F17/30867 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/0485 ,  G06F17/2705 ,  G06F17/30321 ,  G06F17/30507 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30619 ,  G06F17/30864

Abstract: Embodiments are directed towards previewing results generated from indexing data raw data before the corresponding index data is added to an index store. Raw data may be received from a preview data source. After an initial set of configuration information may be established, the preview data may be submitted to an index processing pipeline. A previewing application may generate preview results based on the preview index data and the configuration information. The preview results may enable previewing how the data is being processed by the indexing application. If the preview results are not acceptable, the configuration information may be modified. The preview application enables modification of the configuration information until the generated preview results may be acceptable. If the configuration information is acceptable, the preview data may be processed and indexed in one or more index stores.

Abstract translation: 实施例针对在将对应的索引数据添加到索引存储之前预览从索引数据原始数据生成的结果。 可以从预览数据源接收原始数据。 在可以建立一组初始配置信息之后，可以将预览数据提交给索引处理流水线。 预览应用可以基于预览索引数据和配置信息生成预览结果。 预览结果可能可以预览索引应用程序如何处理数据。 如果预览结果不可接受，则可以修改配置信息。 预览应用程序可以修改配置信息，直到生成的预览结果可以接受。 如果配置信息是可接受的，则预览数据可以在一个或多个索引存储中被处理和索引。

公开(公告)号：US10592694B2

公开(公告)日：2020-03-17

申请号：US15798317

申请日：2017-10-30

Applicant: Splunk Inc.

Inventor： David Carasso

IPC: G06F21/00 ,  G06F21/62 ,  G06F3/0482 ,  G06F3/0484 ,  G06F16/23 ,  G06F3/0481

Abstract: Components of a system for generating anonymized data from timestamped event data are disclosed. The generation of anonymized data is performed in accordance with an anonymization configuration. The anonymization configuration includes information regarding the source of the event data, particulars about the anonymization process that transforms the clear event data from the source into an anonymized form, and particulars about the destination and characteristics for the output dataset. A graphical user interface permits development of anonymization configurations in an interactive, iterative way. The configured anonymizer employs methods and options to produce anonymized data with superior usability as a substitute for real world data, including a mode to effectively emulate live data streams.

公开(公告)号：US20200012715A1

公开(公告)日：2020-01-09

申请号：US16541637

申请日：2019-08-15

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  Catherine Anne Hanson ,  David Carasso

IPC: G06F17/24 ,  G06F16/2458

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US10394946B2

公开(公告)日：2019-08-27

申请号：US15694654

申请日：2017-09-01

Applicant: SPLUNK INC.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  Catherine Anne Hanson ,  David Carasso

IPC: G06F3/048 ,  G06F17/24 ,  G06F16/2458

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US20170139887A1

公开(公告)日：2017-05-18

申请号：US15417430

申请日：2017-01-27

Applicant: Splunk, Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F17/24 ,  G06F3/0484 ,  G06F17/30

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US20160055214A1

公开(公告)日：2016-02-25

申请号：US14929332

申请日：2015-10-31

Applicant: Splunk Inc.

Inventor： Mitchell Neuman Blank, JR. ,  Leonid Budchenko ,  David Carasso ,  Micah James Delfino ,  Johnvey Hwang ,  Stephen Phillip Sorkin ,  Eric Timothy Woo

IPC: G06F17/30 ,  G06F3/0482 ,  G06F17/27 ,  G06F3/0484

CPC classification number: G06F17/30867 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/0485 ,  G06F17/2705 ,  G06F17/30321 ,  G06F17/30507 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30619 ,  G06F17/30864

Abstract: Embodiments are directed towards previewing results generated from indexing data raw data before the corresponding index data is added to an index store. Raw data may be received from a preview data source. After an initial set of configuration information may be established, the preview data may be submitted to an index processing pipeline. A previewing application may generate preview results based on the preview index data and the configuration information. The preview results may enable previewing how the data is being processed by the indexing application. If the preview results are not acceptable, the configuration information may be modified. The preview application enables modification of the configuration information until the generated preview results may be acceptable. If the configuration information is acceptable, the preview data may be processed and indexed in one or more index stores.

Abstract translation: 实施例针对在将对应的索引数据添加到索引存储之前预览从索引数据原始数据生成的结果。 可以从预览数据源接收原始数据。 在可以建立一组初始配置信息之后，可以将预览数据提交给索引处理流水线。 预览应用可以基于预览索引数据和配置信息生成预览结果。 预览结果可能可以预览索引应用程序如何处理数据。 如果预览结果不可接受，则可以修改配置信息。 预览应用程序可以修改配置信息，直到生成的预览结果可以接受。 如果配置信息是可接受的，则预览数据可以在一个或多个索引存储中被处理和索引。

公开(公告)号：US20150149879A1

公开(公告)日：2015-05-28

申请号：US14610668

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  Catherine Anne Hanson ,  David Carasso

IPC: G06F17/24

CPC classification number: G06F17/243 ,  G06F17/30551

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

Abstract translation: 所公开的技术涉及制定和提炼在查询时使用具有后期绑定模式的原始数据的字段提取规则。 字段提取规则识别原始数据的部分，以及它们的数据类型和层次关系。 这些提取规则是针对未组织成尚未通过标准提取或转换方法处理的关系结构的非常大的数据集执行的。 通过使用示例事件，关注主要和次要示例事件有助于制定跨多个数据格式的单个提取规则，或者针对不同格式的多个规则。 选择工具标记示例事件以指示提取规则的正例，并确定负面示例以避免错误的值选择。 提取规则可以保存以供查询时间使用，并且可以被并入事件数据的集合和子集的数据模型中。

公开(公告)号：US11972203B1

公开(公告)日：2024-04-30

申请号：US18306863

申请日：2023-04-25

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F3/048 ,  G06F16/2458 ,  G06F40/174

CPC classification number: G06F40/174 ,  G06F16/2477

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.