公开(公告)号：US11438221B1

公开(公告)日：2022-09-06

申请号：US17148478

申请日：2021-01-13

Applicant: SPLUNK Inc.

Inventor： Alexander William Cruise ,  Daniel Ferstay

IPC: H04L41/0686 ,  G06F16/953 ,  H04L41/147 ,  H04L41/22

Abstract: A computerized method is shown and includes receiving one or more lists of identifiers, generating a batch query from the one or more lists of identifiers, querying one or more data stores using the batch query, generating one or more response packets including results from querying using the batch query, and transmitting a first response packet to a first edge device. Generating the batch query may be performed by merging a plurality of lists of identifiers to form a merged list, and removing duplicate identifiers from the merged list. Further, the first response packet may be generated for the first edge device and includes enrichment data corresponding to identifiers transmitted by the first edge device. Additionally, may be the first response packet is generated for a plurality of edge devices including the first edge device and includes enrichment data corresponding to identifiers transmitted by the plurality of edge device.

公开(公告)号：US20230342380A1

公开(公告)日：2023-10-26

申请号：US18343420

申请日：2023-06-28

Applicant: Splunk Inc.

Inventor： Alexander William Cruise ,  Byron Jason Shelden ,  Claire Alexandria Tanner Semple

IPC: G06F16/28 ,  G06F9/54 ,  G06F16/2455 ,  G06F11/30 ,  G06Q10/10

CPC classification number: G06F16/285 ,  G06F9/542 ,  G06F16/24568 ,  G06F11/30 ,  G06Q10/10 ,  G06F16/288

Abstract: Systems and methods are disclosed for implementing a low-latency data stream monitoring system. The data stream monitoring system may obtain raw data from a data source as soon after the data is generated, and may classify the data according to different topics. The topics may be published in a publish-subscribe messaging model, and data enrichment systems may subscribe to the topics to receive data for enrichment. The data enrichment systems may supplement or replace the raw data with additional information, and may further classify or reclassify the enriched data into different topics. The enriched data may then be published to an alert generation system, which may apply various criteria to the enriched data to determine that alerts should be generated, generate the alerts, and publish or transmit the alerts to client devices. Individual data streams, topics, enrichments, criteria, and alarms may be added, removed, or modified as required.

公开(公告)号：US12105740B2

公开(公告)日：2024-10-01

申请号：US18343420

申请日：2023-06-28

Applicant: Splunk Inc.

Inventor： Alexander William Cruise ,  Byron Jason Shelden ,  Claire Alexandria Tanner Semple

IPC: G06F16/2455 ,  G06F9/54 ,  G06F11/30 ,  G06F16/28 ,  G06Q10/10

CPC classification number: G06F16/285 ,  G06F9/542 ,  G06F11/30 ,  G06F16/24568 ,  G06F16/288 ,  G06Q10/10

Abstract: Systems and methods are disclosed for implementing a low-latency data stream monitoring system. The data stream monitoring system may obtain raw data from a data source as soon after the data is generated, and may classify the data according to different topics. The topics may be published in a publish-subscribe messaging model, and data enrichment systems may subscribe to the topics to receive data for enrichment. The data enrichment systems may supplement or replace the raw data with additional information, and may further classify or reclassify the enriched data into different topics. The enriched data may then be published to an alert generation system, which may apply various criteria to the enriched data to determine that alerts should be generated, generate the alerts, and publish or transmit the alerts to client devices. Individual data streams, topics, enrichments, criteria, and alarms may be added, removed, or modified as required.

公开(公告)号：US11843505B1

公开(公告)日：2023-12-12

申请号：US17866195

申请日：2022-07-15

Applicant: Splunk, Inc.

Inventor： Alexander William Cruise ,  Daniel Ferstay

IPC: H04L41/0686 ,  H04L41/147 ,  G06F16/953 ,  H04L41/22

CPC classification number: H04L41/0686 ,  G06F16/953 ,  H04L41/147 ,  H04L41/22

Abstract: A computerized method is disclosed that includes operations of receiving one or more records, wherein each of the one or more records indicates a successful search query evaluation by at least one of a plurality edge devices, building a predictive analytics model based on the one or more records, wherein the predicative analytics model is configured to perform operations configured to predict enrichment data that is to be needed by one or more edge devices in the future during evaluation of a future search query, performing predictive analytics using the predictive analytics model to determine predictive enrichment data, and transmitting a first response packet to a first edge device, wherein the first response packet includes the predictive enrichment data. The records may include one or more of a data stream identifier, a search query, enrichment data that was required at a time the search query was evaluated.

公开(公告)号：US11386127B1

公开(公告)日：2022-07-12

申请号：US17114283

申请日：2020-12-07

Applicant: Splunk Inc.

Inventor： Alexander William Cruise ,  Byron Jason Shelden ,  Claire Alexandria Tanner Semple

IPC: G06F16/28 ,  G06Q10/10 ,  G06F11/30 ,  G06F16/2455 ,  G06F9/54

Abstract: Systems and methods are disclosed for implementing a low-latency data stream monitoring system. The data stream monitoring system may obtain raw data from a data source as soon after the data is generated, and may classify the data according to different topics. The topics may be published in a publish-subscribe messaging model, and data enrichment systems may subscribe to the topics to receive data for enrichment. The data enrichment systems may supplement or replace the raw data with additional information, and may further classify or reclassify the enriched data into different topics. The enriched data may then be published to an alert generation system, which may apply various criteria to the enriched data to determine that alerts should be generated, generate the alerts, and publish or transmit the alerts to client devices. Individual data streams, topics, enrichments, criteria, and alarms may be added, removed, or modified as required.

公开(公告)号：US10860618B2

公开(公告)日：2020-12-08

申请号：US15715077

申请日：2017-09-25

Applicant: Splunk Inc.

Inventor： Alexander William Cruise ,  Byron Jason Shelden ,  Claire Alexandria Tanner Semple

IPC: G06F16/28 ,  G06Q10/10 ,  G06F11/30 ,  G06F16/2455 ,  G06F9/54

Abstract: Systems and methods are disclosed for implementing a low-latency data stream monitoring system. The data stream monitoring system may obtain raw data from a data source as soon after the data is generated, and may classify the data according to different topics. The topics may be published in a publish-subscribe messaging model, and data enrichment systems may subscribe to the topics to receive data for enrichment. The data enrichment systems may supplement or replace the raw data with additional information, and may further classify or reclassify the enriched data into different topics. The enriched data may then be published to an alert generation system, which may apply various criteria to the enriched data to determine that alerts should be generated, generate the alerts, and publish or transmit the alerts to client devices. Individual data streams, topics, enrichments, criteria, and alarms may be added, removed, or modified as required.

公开(公告)号：US11727039B2

公开(公告)日：2023-08-15

申请号：US17811849

申请日：2022-07-11

Applicant: Splunk Inc.

Inventor： Alexander William Cruise ,  Byron Jason Shelden ,  Claire Alexandria Tanner Semple

IPC: G06F16/2455 ,  G06F16/28 ,  G06Q10/10 ,  G06F11/30 ,  G06F9/54

CPC classification number: G06F16/285 ,  G06F9/542 ,  G06F11/30 ,  G06F16/24568 ,  G06F16/288 ,  G06Q10/10

Abstract: Systems and methods are disclosed for implementing a low-latency data stream monitoring system. The data stream monitoring system may obtain raw data from a data source as soon after the data is generated, and may classify the data according to different topics. The topics may be published in a publish-subscribe messaging model, and data enrichment systems may subscribe to the topics to receive data for enrichment. The data enrichment systems may supplement or replace the raw data with additional information, and may further classify or reclassify the enriched data into different topics. The enriched data may then be published to an alert generation system, which may apply various criteria to the enriched data to determine that alerts should be generated, generate the alerts, and publish or transmit the alerts to client devices. Individual data streams, topics, enrichments, criteria, and alarms may be added, removed, or modified as required.

公开(公告)号：US20230015926A1

公开(公告)日：2023-01-19

申请号：US17811849

申请日：2022-07-11

Applicant: Splunk Inc.

Inventor： Alexander William Cruise ,  Byron Jason Shelden ,  Claire Alexandria Tanner Semple

IPC: G06F16/28 ,  G06Q10/10 ,  G06F11/30 ,  G06F16/2455 ,  G06F9/54

Abstract: Systems and methods are disclosed for implementing a low-latency data stream monitoring system. The data stream monitoring system may obtain raw data from a data source as soon after the data is generated, and may classify the data according to different topics. The topics may be published in a publish-subscribe messaging model, and data enrichment systems may subscribe to the topics to receive data for enrichment. The data enrichment systems may supplement or replace the raw data with additional information, and may further classify or reclassify the enriched data into different topics. The enriched data may then be published to an alert generation system, which may apply various criteria to the enriched data to determine that alerts should be generated, generate the alerts, and publish or transmit the alerts to client devices. Individual data streams, topics, enrichments, criteria, and alarms may be added, removed, or modified as required.

公开(公告)号：US10938634B1

公开(公告)日：2021-03-02

申请号：US16264526

申请日：2019-01-31

Applicant: SPLUNK INC.

Inventor： Alexander William Cruise ,  Daniel Ferstay

IPC: H04L12/24 ,  G06F16/953

Abstract: The computerized method is shown and includes obtaining input from a data stream at an electronic device, wherein the input includes machine data, wherein the electronic device has stored thereon a first query, evaluating the query by processing the input according to the first query, responsive to detecting a failure during evaluation of the query resulting from a lack of enrichment data stored on the electronic device, recording a first identifier corresponding to the enrichment data, transmitting the first identifier to a remote server computer system, receiving a communication from the remote server computer system, wherein the communication includes the enrichment data, and evaluating the query by processing second input from the data stream according to the first query and the enrichment data. In some instances the enrichment data includes contextual information for parsing the data stream and converting extracted data into an alternative format.

公开(公告)号：US20190095510A1

公开(公告)日：2019-03-28

申请号：US15715077

申请日：2017-09-25

Applicant: Splunk Inc.

Inventor： Alexander William Cruise ,  Byron Jason Shelden ,  Claire Alexandria Tanner Semple

IPC: G06F17/30 ,  G06Q10/10

Abstract: Systems and methods are disclosed for implementing a low-latency data stream monitoring system. The data stream monitoring system may obtain raw data from a data source as soon after the data is generated, and may classify the data according to different topics. The topics may be published in a publish-subscribe messaging model, and data enrichment systems may subscribe to the topics to receive data for enrichment. The data enrichment systems may supplement or replace the raw data with additional information, and may further classify or reclassify the enriched data into different topics. The enriched data may then be published to an alert generation system, which may apply various criteria to the enriched data to determine that alerts should be generated, generate the alerts, and publish or transmit the alerts to client devices. Individual data streams, topics, enrichments, criteria, and alarms may be added, removed, or modified as required.