公开(公告)号：US10572811B2

公开(公告)日：2020-02-25

申请号：US14609135

申请日：2015-01-29

Applicant: SPLUNK INC.

Inventor： Nghi Nguyen ,  Jacob Leverich ,  Adam Oliner

IPC: G06N7/00

Abstract: Methods and systems for determining event probabilities and anomalous events are provided. In one implementation, a method includes: receiving source data, where the source data is configured as a plurality of events with associated timestamps; searching the source data, where the searching provides a search result including N events from the plurality of events, where N is an integer greater than one, where each event of the N events includes a plurality of field values, where at least one event of the N events can include one or more categorical field values and one or more numerical field values; and for an event of the N events, determining a probability of occurrence for each field value of the plurality of field values; and using probabilities determined for the plurality of field values, determining a probability of occurrence for the event.

公开(公告)号：US11755938B2

公开(公告)日：2023-09-12

申请号：US16776302

申请日：2020-01-29

Applicant: SPLUNK INC.

Inventor： Nghi Nguyen ,  Jacob Leverich ,  Adam Oliner

IPC: G06N7/01 ,  G06N20/00 ,  G06F3/00

CPC classification number: G06N7/01 ,  G06F3/00 ,  G06N20/00

Abstract: Methods and systems for determining event probabilities and anomalous events are provided. In one implementation, a method includes: receiving source data, where the source data is configured as a plurality of events with associated timestamps; searching the source data, where the searching provides a search result including N events from the plurality of events, where N is an integer greater than one, where each event of the N events includes a plurality of field values, where at least one event of the N events can include one or more categorical field values and one or more numerical field values; and for an event of the N events, determining a probability of occurrence for each field value of the plurality of field values; and using probabilities determined for the plurality of field values, determining a probability of occurrence for the event.

公开(公告)号：US11106681B2

公开(公告)日：2021-08-31

申请号：US16175636

申请日：2018-10-30

Applicant: Splunk, Inc.

Inventor： Adam Oliner ,  Eric Sammer ,  Kristal Curtis ,  Nghi Nguyen

IPC: G06F17/00 ,  G06F16/2455 ,  G06F40/205 ,  G06F16/248 ,  G06N5/04

Abstract: Messages of a first data stream may be accessed from an ingestion buffer in communication with a streaming data processor to receive data from the first data stream. At the streaming data processor and using an inference model, a sourcetype associated with one or more messages from the first data stream may be determined. The one or more messages may include a portion of machine data. Using the streaming data processor, a second data stream may be generated from the first data stream. The second data stream may include a subset of messages from the first data stream. A message of the subset of messages may be included in the second data stream based on a condition associated with the sourcetype for the message. At least one processing operation may be performed on at least one of the subset of messages from the second data stream.

公开(公告)号：US10929560B2

公开(公告)日：2021-02-23

申请号：US15582465

申请日：2017-04-28

Applicant: SPLUNK INC.

Inventor： Adam Oliner ,  Nghi Nguyen

IPC: G06F21/62 ,  G06F16/2458

Abstract: Implementations include receiving a user provided example value of personally identifiable information (PII). Occurrences of the received example value are automatically identified in a dataset of events, wherein each occurrence is identified in a portion of raw machine data of a respective event of the events. For each occurrence of the identified occurrences, an extraction rule is generated, which defines a pattern of the occurrence of the example value and is executable to identify PII values in portions of raw machine data of the events using the pattern. Values of the PII are identified in a set of events using a set of extraction rules comprising the extraction rule of a plurality of the occurrences.

公开(公告)号：US20180314853A1

公开(公告)日：2018-11-01

申请号：US15582465

申请日：2017-04-28

Applicant: SPLUNK INC.

Inventor： ADAM OLINER ,  Nghi Nguyen

IPC: G06F21/62 ,  G06F17/30

Abstract: Implementations include receiving a user provided example value of personally identifiable information (PII). Occurrences of the received example value are automatically identified in a dataset of events, wherein each occurrence is identified in a portion of raw machine data of a respective event of the events. For each occurrence of the identified occurrences, an extraction rule is generated, which defines a pattern of the occurrence of the example value and is executable to identify PII values in portions of raw machine data of the events using the pattern. Values of the PII are identified in a set of events using a set of extraction rules comprising the extraction rule of a plurality of the occurrences.

公开(公告)号：US11928242B2

公开(公告)日：2024-03-12

申请号：US17128522

申请日：2020-12-21

Applicant: SPLUNK Inc.

Inventor： Adam Oliner ,  Nghi Nguyen

IPC: G06F21/62 ,  G06F16/2458

CPC classification number: G06F21/6254 ,  G06F16/2477

Abstract: Implementations include receiving a user provided example value of personally identifiable information (PII). Occurrences of the received example value are automatically identified in a dataset of events, wherein each occurrence is identified in a portion of raw machine data of a respective event of the events. For each occurrence of the identified occurrences, an extraction rule is generated, which defines a pattern of the occurrence of the example value and is executable to identify PII values in portions of raw machine data of the events using the pattern. Values of the PII are identified in a set of events using a set of extraction rules comprising the extraction rule of a plurality of the occurrences.

公开(公告)号：US11853303B1

公开(公告)日：2023-12-26

申请号：US17411357

申请日：2021-08-25

Applicant: SPLUNK Inc.

Inventor： Adam Oliner ,  Eric Sammer ,  Kristal Curtis ,  Nghi Nguyen

IPC: G06F16/00 ,  G06F16/2455 ,  G06F40/205 ,  G06F16/248 ,  G06N5/04

CPC classification number: G06F16/24568 ,  G06F16/248 ,  G06F16/24564 ,  G06F40/205 ,  G06N5/04

Abstract: As described herein, a portion of machine data of a message may be analyzed to infer, using an inference model, a sourcetype of the message. The portion of machine data may be generated by one or more components in an information technology environment. Based on the inference, a set of extraction rules associated with the sourcetype may be selected. Each extraction rule may define criteria for identifying a sub-portion of text from the portion of machine data of the message to produce a value. The set of extraction rules may be applied to the portion of machine data of the message to produce a result set that indicates a number of values identified using the set of extraction rules. Based on the result set, at least one action may be performed on one or more of inference data associated with the inference model and one or more messages.

公开(公告)号：US11748358B2

公开(公告)日：2023-09-05

申请号：US16175642

申请日：2018-10-30

Applicant: Splunk, Inc.

Inventor： Adam Oliner ,  Eric Sammer ,  Kristal Curtis ,  Nghi Nguyen

IPC: G06F16/245 ,  G06F16/2455 ,  G06F40/205 ,  G06F16/248 ,  G06N5/04

CPC classification number: G06F16/24568 ,  G06F16/248 ,  G06F16/24564 ,  G06F40/205 ,  G06N5/04

Abstract: As described herein, a portion of machine data of a message may be analyzed to infer, using an inference model, a sourcetype of the message. The portion of machine data may be generated by one or more components in an information technology environment. Based on the inference, a set of extraction rules associated with the sourcetype may be selected. Each extraction rule may define criteria for identifying a sub-portion of text from the portion of machine data of the message to produce a value. The set of extraction rules may be applied to the portion of machine data of the message to produce a result set that indicates a number of values identified using the set of extraction rules. Based on the result set, at least one action may be performed on one or more of inference data associated with the inference model and one or more messages.

公开(公告)号：US20210110062A1

公开(公告)日：2021-04-15

申请号：US17128522

申请日：2020-12-21

Applicant: SPLUNK Inc.

Inventor： ADAM OLINER ,  Nghi Nguyen

IPC: G06F21/62 ,  G06F16/2458

Abstract: Implementations include receiving a user provided example value of personally identifiable information (PII). Occurrences of the received example value are automatically identified in a dataset of events, wherein each occurrence is identified in a portion of raw machine data of a respective event of the events. For each occurrence of the identified occurrences, an extraction rule is generated, which defines a pattern of the occurrence of the example value and is executable to identify PII values in portions of raw machine data of the events using the pattern. Values of the PII are identified in a set of events using a set of extraction rules comprising the extraction rule of a plurality of the occurrences.