公开(公告)号：US11676072B1

公开(公告)日：2023-06-13

申请号：US17163212

申请日：2021-01-29

Applicant: Splunk Inc.

Inventor： Ramkumar Chandrasekharan ,  William Deaderick ,  Lila Fridley ,  Ramprasad Siva Golla ,  Shailendra Suryawanshi

IPC: G06F7/00 ,  G06N20/00 ,  G06F3/0482 ,  G06F3/0486 ,  G06F16/28

CPC classification number: G06N20/00 ,  G06F3/0482 ,  G06F3/0486 ,  G06F16/285

Abstract: Systems and methods are described for training a machine learning (ML) model to group notable events reflecting operation of a computing system into episodes of related events reflecting an incident on the computing system, such as to enable root cause analysis of the incident. The ML model is trained using pairwise binary similarity labels (PBSLs) indicating that two events must or must not be grouped together. An interface is provided that facilitates rapid generating of PBSLs by relocating one or more events from a first episode to a second episode. The relocation input is translated into PBSLs that are then used to train the ML model.

公开(公告)号：US12066915B1

公开(公告)日：2024-08-20

申请号：US17589532

申请日：2022-01-31

Applicant: Splunk, Inc.

Inventor： William Deaderick ,  William Stanton ,  Thomas Camp Vieth

IPC: G06F11/00 ,  G06F11/07 ,  G06F11/30 ,  G06F11/34 ,  G06F16/242 ,  G06N20/00

CPC classification number: G06F11/3075 ,  G06F11/0781 ,  G06F11/3409 ,  G06F11/3447 ,  G06F11/3452 ,  G06F16/244 ,  G06F11/3082 ,  G06N20/00

Abstract: A computerized method is disclosed for retraining machine learning models based on user feedback. The method includes receiving user feedback indicating a change is to be made to an assignment of one or more alerts, wherein the one or more alerts were assigned by a machine learning model implementing a distance metric, wherein an issue is a grouping of at least one alert, constructing a convex optimization procedure to minimize an adjustment of weights of the distance metric, retraining the machine learning model by adjusting the weights of the distance metric in accordance with the convex optimization procedure, and evaluating one or more subsequently received alert using the retrained machine learning model. Changes to be made to the assignment include any of merging of two issues, splitting of two issues based on time or an alert field, or reassignment of an alert from a first issue to a second issue.

公开(公告)号：US12182169B1

公开(公告)日：2024-12-31

申请号：US17589600

申请日：2022-01-31

Applicant: Splunk, Inc.

Inventor： William Deaderick ,  William Stanton ,  Thomas Camp Vieth

IPC: G06F11/00 ,  G06F11/07 ,  G06F16/28 ,  G06F11/30 ,  G06F11/34 ,  G06F16/242 ,  G06N20/00

Abstract: A computerized method is disclosed for grouping alerts through machine learning while implementing certain time constraints. The method includes receiving an alert to be assigned to any of a plurality of existing issues or to a newly created issue, the alert including a temporal field that includes a timestamp of an arrival time of the alert, wherein an issue is a grouping of one or more alerts, determining a subset of existing issues from the plurality of existing issues that each satisfy time constraints, wherein the time constraints correspond to (i) a time elapsed between a most recent alert of a first existing issue and a timestamp of the alert, or (ii) a maximum issue time length of the first existing issue, and deploying a trained machine learning model to assign the alert to either an existing issue of the subset of existing issues or a newly created issue.

公开(公告)号：US12181956B1

公开(公告)日：2024-12-31

申请号：US18208879

申请日：2023-06-12

Applicant: Splunk Inc.

Inventor： Kristal Curtis ,  William Deaderick ,  Wei J. Gao ,  Tanner Gilligan ,  Chandrima Sarkar ,  Aleksander Stojanovic ,  Ralph Donald Thompson ,  Poonam Yadav ,  Sichen Zhong

IPC: G06F11/30 ,  G06F11/07 ,  G06F18/21 ,  G06F18/214

Abstract: Systems and methods are disclosed that are directed to improving the prioritization, display, and viewing of system alerts through the use of machine learning techniques to group the alerts and further to prioritize the groupings. Additionally, a graphical user interface is generated that illustrates the prioritized listing of the plurality of groupings. Thus, a system administrator or other user receives an improved experience as the number of notifications provided to the system administrator are reduced due to the grouping of individual alerts into related groupings and further due to the prioritization of the groupings. Previously, or in current technology, system alerts may be automatically generated and provided immediately to a system administrator. In some instances, any advantage of detecting system errors or system monitoring provided by the alerts is negated by the vast number of alerts and provision of minimally important alerts in a manner that concealed more important alerts.

公开(公告)号：US12086045B1

公开(公告)日：2024-09-10

申请号：US17589833

申请日：2022-01-31

Applicant: Splunk, Inc.

Inventor： William Deaderick ,  William Stanton ,  Thomas Camp Vieth

IPC: G06F11/00 ,  G06F11/30 ,  G06F16/242 ,  G06F16/2458 ,  G06F18/21

CPC classification number: G06F11/3075 ,  G06F16/244 ,  G06F16/2477 ,  G06F18/2178

Abstract: A computerized method is disclosed for grouping alerts through machine learning. The method including receiving an alert to be assigned to any of a plurality of existing issues or to a newly created issue, wherein an issue is a grouping of alerts, determining a temporal distance between the alert and each of the existing issues, determining either of (i) a numerical distance between the alert and each of the existing issues for a particular numerical field, or (ii) a categorical distance between the alert and each of the existing issues for a particular categorical field, determining an overall distance between the alert and each of the existing issues, and assigning the alert to either (i) an existing issue having a shortest overall distance to the alert that satisfies one or more time constraints, or (ii) the newly created issue.

公开(公告)号：US20250028737A1

公开(公告)日：2025-01-23

申请号：US18222863

申请日：2023-07-17

Applicant: Splunk Inc.

Inventor： Houwu Bai ,  Kristal Curtis ,  William Deaderick ,  Tanner Gilligan ,  Poonam Yadav ,  Om Rajyaguru

IPC: G06F16/28 ,  G06F16/2458

Abstract: Computerized methodologies are disclosed that are directed to detecting anomalies within a time-series data set. An aspect of the anomaly detection process includes determining one or more seasonality patterns that correspond to a specific time-series data set by evaluating a set of candidate seasonality patterns (e.g., hourly, daily, weekly, day-start off-sets, etc.). The evaluation of a candidate seasonality pattern may include dividing the time-series data set into a collection of subsequences based on the particular candidate seasonality pattern. Further, the collection of subsequences may be divided into clusters and a silhouette score may be computed to measure the clustering quality of the candidate seasonality pattern. In some instances, the candidate seasonality pattern having the highest silhouette score is selected and utilized in anomaly detection process. In other instances, a plurality of seasonality patterns may be combined forming a time policy, where the time policy is utilized in anomaly detection process.

公开(公告)号：US12158880B1

公开(公告)日：2024-12-03

申请号：US17978153

申请日：2022-10-31

Applicant: SPLUNK, INC.

Inventor： Kristal Curtis ,  William Deaderick ,  Tanner Gilligan ,  Joseph Ross ,  Abraham Starosta ,  Sichen Zhong

IPC: G06F16/22 ,  G06F16/242 ,  G06F16/2458 ,  G06F16/28

Abstract: Implementations of this disclosure provide an anomaly detection system and methods of performing anomaly detection on a time-series dataset. The anomaly detection may include utilization of a forecasting machine learning algorithm to obtain a prediction of points of the dataset and comparing the predicted value of a point in the dataset with the actual value to determine an error value associated with that point. Additionally, the anomaly detection may include determination of a sensitivity threshold that impacts whether points within the dataset associated with certain error values are flagged as anomalies. The forecasting machine learning algorithm may implement a seasonality component determination process that accounts for seasonality or patterns in the dataset. A search query statement may be automatically generated through importing the sensitivity threshold into a predetermined search query statement that implements that forecasting machine learning algorithm.

公开(公告)号：US12008046B1

公开(公告)日：2024-06-11

申请号：US17837931

申请日：2022-06-10

Applicant: Splunk, Inc.

Inventor： Kristal Curtis ,  William Deaderick ,  Abraham Starosta

IPC: G06F16/903 ,  H04L41/069

CPC classification number: G06F16/90335 ,  H04L41/069

Abstract: A computerized method is disclosed that includes operations of obtaining a data set, selecting candidate parameter pairs to be analyzed, wherein the candidate parameter pairs include a window length and a sensitivity multiplier, and wherein the window length is a number of data points, performing an anomaly detection process for each candidate parameter pair including importing each candidate parameter pair into a predetermined search query thereby generating a set of populated predetermined search queries, wherein the predetermined search query is configured to perform the anomaly detection process, executing each search query of the set of populated predetermined search queries on the data set to obtain a set of anomaly detection results, and scoring each anomaly detection result by applying a set of heuristics to the set of the anomaly detection results, and generating an auto-tuned search query by selecting a first candidate parameter pair based on a score of each of the set of anomaly detection results and importing the first candidate parameter pair into the predetermined search query.

公开(公告)号：US20250028618A1

公开(公告)日：2025-01-23

申请号：US18222870

申请日：2023-07-17

Applicant: Splunk Inc.

Inventor： Houwu Bai ,  Kristal Curtis ,  William Deaderick ,  Tanner Gilligan ,  Poonam Yadav ,  Om Rajyaguru

IPC: G06F11/34 ,  G06F11/30 ,  G06F16/23 ,  G06F16/2458

Abstract: Computerized methodologies are disclosed that are directed to detecting anomalies within a time-series data set. A first aspect of the anomaly detection process includes analyzing the regularity of the data points of the time-series data set and determining whether a data aggregation process is to be performed based on the regularity of the data points, which results in a time-series data set having data points occurring at regular intervals. A seasonality pattern may be determined for the time-series data set, where a silhouette score is computed to measure the quality of the fit of the seasonality pattern to the time-series data. The silhouette score may be compared to a threshold and based on the comparison, the seasonality pattern or a set of heuristics may be utilized in an anomaly detection process. When the seasonality pattern is utilized, the seasonality pattern may be utilized to generate thresholds indicating anomalous behavior.

公开(公告)号：US12079100B1

公开(公告)日：2024-09-03

申请号：US17589847

申请日：2022-01-31

Applicant: Splunk, Inc.

Inventor： William Deaderick ,  William Stanton ,  Thomas Camp Vieth

IPC: G06F11/00 ,  G06F11/07 ,  G06F11/30 ,  G06F11/34 ,  G06F16/2458 ,  G06F16/242

CPC classification number: G06F11/3082 ,  G06F11/0793 ,  G06F11/3409 ,  G06F16/2477 ,  G06F16/244

Abstract: A computerized method is disclosed for grouping alerts and providing remediation recommendation. The method includes receiving the alert to be assigned to an existing open issue or a newly created issue, wherein an issue is a grouping of one or more alerts, assigning the alert to either a first existing open issue or the newly created issue by determining a weighted sum of the distance between the feature vectors of the alert and each existing open issue, determining a weighted sum of the distance between the feature vectors of the alert and each closed issue, and generating a user interface that illustrates an assignment of the alert and at least one of (i) a closed issue having a shortest distance to the alert or (ii) recommended remediation efforts associated with the closed issue having the shortest distance to the alert.