公开(公告)号：US11269876B1

公开(公告)日：2022-03-08

申请号：US16864029

申请日：2020-04-30

Applicant: Splunk Inc.

Inventor： Chandrashekar Basavaiah ,  Elizabeth Li ,  Eric Tschetter ,  Joshua Walters

IPC: G06F9/44 ,  G06F16/2452 ,  G06F16/21 ,  G06F8/77

Abstract: Systems and methods are disclosed for supporting transformations of a graph generated from a query to event data. The event data may be unstructured event data, from which instances of a journey can be identified that represent sequences of related events describing actions performed in a computing environment. When evaluating journey instances, it can be helpful to visualize the instances as a graph. Depending on the instances viewed, a user may desire different modifications to the graph. While such modifications can be made when initially building instances from the unstructured event data, this can limit reuse of the resulting instances (since the modification would also be present when evaluating other subsets). To address this, embodiments of the present disclosure enable graph modifications to be applied to subsets of journey instances after building those instances from unstructured event data, increasing reuse of instances built from a query against the unstructured data.

公开(公告)号：US12001426B1

公开(公告)日：2024-06-04

申请号：US18295567

申请日：2023-04-04

Applicant: Splunk Inc.

Inventor： Chandrashekar Basavaiah ,  Elizabeth Li ,  Eric Tschetter ,  Joshua Walters

IPC: G06F9/44 ,  G06F8/77 ,  G06F16/21 ,  G06F16/2452

CPC classification number: G06F16/24526 ,  G06F8/77 ,  G06F16/212

Abstract: Systems and methods are disclosed for supporting transformations of a graph generated from a query to event data. The event data may be unstructured event data, from which instances of a journey can be identified that represent sequences of related events describing actions performed in a computing environment. When evaluating journey instances, it can be helpful to visualize the instances as a graph. Depending on the instances viewed, a user may desire different modifications to the graph. While such modifications can be made when initially building instances from the unstructured event data, this can limit reuse of the resulting instances (since the modification would also be present when evaluating other subsets). To address this, embodiments of the present disclosure enable graph modifications to be applied to subsets of journey instances after building those instances from unstructured event data, increasing reuse of instances built from a query against the unstructured data.

公开(公告)号：US11625394B1

公开(公告)日：2023-04-11

申请号：US17653626

申请日：2022-03-04

Applicant: Splunk Inc.

Inventor： Chandrashekar Basavaiah ,  Elizabeth Li ,  Eric Tschetter ,  Joshua Walters

IPC: G06F9/44 ,  G06F16/2452 ,  G06F16/21 ,  G06F8/77

Abstract: Systems and methods are disclosed for supporting transformations of a graph generated from a query to event data. The event data may be unstructured event data, from which instances of a journey can be identified that represent sequences of related events describing actions performed in a computing environment. When evaluating journey instances, it can be helpful to visualize the instances as a graph. Depending on the instances viewed, a user may desire different modifications to the graph. While such modifications can be made when initially building instances from the unstructured event data, this can limit reuse of the resulting instances (since the modification would also be present when evaluating other subsets). To address this, embodiments of the present disclosure enable graph modifications to be applied to subsets of journey instances after building those instances from unstructured event data, increasing reuse of instances built from a query against the unstructured data.

公开(公告)号：US11263229B1

公开(公告)日：2022-03-01

申请号：US16657987

申请日：2019-10-18

Applicant: Splunk Inc.

Inventor： Chandrashekar Basavaiah ,  Jindrich Dinga ,  Elizabeth Li ,  Cary Glen Noel ,  Isabelle Park ,  Eric Tschetter ,  Joshua Walters ,  Mei Chun Yeh

IPC: G06F16/00 ,  G06F16/25 ,  G06F16/245 ,  G06F16/22

Abstract: Systems and methods are disclosed for efficiently detecting alert states within unstructured event data. Alert states are illustratively defined as occurring when a threshold number of journey instances are present within the unstructured event data, each journey instance representing a series of events within the event data representing steps within a pre-defined journey. Detecting journey instances within unstructured event data can require significant computational resources, and thus attempting to detect alert states directly from unstructured event data can lead to inefficiencies. Embodiments of this disclosure enable a structured data set of journey instances to be generated from unstructured event data, and for the structured data set to be evaluated based on criteria of multiple alert states. By utilizing a single structured data set to support evaluation based on multiple alert states, detecting alert states from unstructured event data is rendered more efficient.