公开(公告)号：US11151125B1

公开(公告)日：2021-10-19

申请号：US16735520

申请日：2020-01-06

Applicant: Splunk Inc.

Inventor： Akash Dwivedi ,  Himanshu Gupta ,  Eric Tschetter

IPC: G06F16/23 ,  G06F16/248 ,  G06F9/54 ,  G06F16/2458 ,  G06F16/25 ,  G06F16/22

Abstract: Systems and methods are disclosed for efficiently storing information identifying journey instances within unstructured event data of a data intake and processing system. Each journey instance is illustratively associated with a series of events within the unstructured event data occurring over a journey duration. Because the unstructured event data may be constantly updated, any given inspection of the event data may yield both complete and incomplete instances. Storage of instance data over time can require updating of prior incomplete journey instances with complete versions of such instance detected at a later point in time. However, a data store of the unstructured event data may be unsuited for such updating, as the store may maintain version information for deleted data to reduce possibility of data loss. To address this issue, a separate structured data store, such as a columnar time series data store, is provided to efficiently store instance information.

公开(公告)号：US10909182B2

公开(公告)日：2021-02-02

申请号：US15936362

申请日：2018-03-26

Applicant: Splunk Inc.

Inventor： Joerg Beringer ,  Isabelle Park ,  Joshua Walters ,  Eric Tschetter ,  Simon Fishel

IPC: G06F16/903 ,  G06F16/28 ,  G06F16/9038

Abstract: Systems and methods are disclosed for processing events having raw machine data associated with a timestamp using one or more pivot identifiers and one or more step identifiers to generate one or more journey instances. Based on the one or more pivot identifier field, the system can relate events that have a common field value for the pivot identifier field. Based on the one or more step identifiers, the system can group the related events into a subset of events. Using the subset of events, the system can build a journey instance.

公开(公告)号：US10776377B2

公开(公告)日：2020-09-15

申请号：US15936356

申请日：2018-03-26

Applicant: Splunk Inc.

Inventor： Joerg Beringer ,  Isabelle Park ,  Joshua Walters ,  Eric Tschetter ,  Simon Fishel

IPC: G06F16/00 ,  G06F16/248 ,  G06F3/0483 ,  G06F3/0484 ,  G06F3/0482 ,  G06F16/28 ,  G06F16/9535

Abstract: Systems and methods are disclosed for generating one or more journey instances from events having raw machine data associated with a timestamp. The system generates a user interface that includes field identifiers associated with the plurality events for selection as one or more pivot identifiers and one or more step identifiers. Based on the one or more pivot identifiers, the system identifies related events that share a common field value, and based on the one or more step identifiers, the system groups the related events into a subset of events. Using the subset of events the system builds a journey instance.

公开(公告)号：US20190294719A1

公开(公告)日：2019-09-26

申请号：US15936351

申请日：2018-03-26

Applicant: Splunk Inc.

Inventor： Joerg Beringer ,  Isabelle Park ,  Joshua Walters ,  Eric Tschetter ,  Simon Fishel

IPC: G06F17/30 ,  G06F3/0482

Abstract: Systems and methods are disclosed for generating a user interface to enable identification of one or more pivot identifiers and one or more step identifiers. The system executes a query on events having raw machine data associated with a timestamp and obtains fields associated with the events. The system further populates a graphical user interface with field identifiers associated with the obtained fields and enables identification of one or more fields as one or more pivot identifiers and one or more step identifiers.

公开(公告)号：US12197908B1

公开(公告)日：2025-01-14

申请号：US18517485

申请日：2023-11-22

Applicant: Splunk Inc.

Inventor： Akash Dwivedi ,  Simon Foster Fishel ,  Isabelle Park ,  Vivian Shen ,  Eric Tschetter ,  Joshua Walters

IPC: G06F8/65 ,  G06F3/0482 ,  G06F8/71 ,  G06F16/903 ,  G06F16/9038 ,  H04L67/025

Abstract: Systems and methods are disclosed for providing a multi-component application, including a first and second component, and a first and second server. The first component may be implemented at the first server, while a second component may be implemented at a client device. An end user of a client device may request access to metadata stored on the second server that is utilized by the second component to implement the multi-component application. The end user may authenticate with the first component. The first component may then communicate with the second server to authenticate the end user to the second server, thereby granting the end user access to the second server without having to reauthenticate to the second server.

公开(公告)号：US12001426B1

公开(公告)日：2024-06-04

申请号：US18295567

申请日：2023-04-04

Applicant: Splunk Inc.

Inventor： Chandrashekar Basavaiah ,  Elizabeth Li ,  Eric Tschetter ,  Joshua Walters

IPC: G06F9/44 ,  G06F8/77 ,  G06F16/21 ,  G06F16/2452

CPC classification number: G06F16/24526 ,  G06F8/77 ,  G06F16/212

Abstract: Systems and methods are disclosed for supporting transformations of a graph generated from a query to event data. The event data may be unstructured event data, from which instances of a journey can be identified that represent sequences of related events describing actions performed in a computing environment. When evaluating journey instances, it can be helpful to visualize the instances as a graph. Depending on the instances viewed, a user may desire different modifications to the graph. While such modifications can be made when initially building instances from the unstructured event data, this can limit reuse of the resulting instances (since the modification would also be present when evaluating other subsets). To address this, embodiments of the present disclosure enable graph modifications to be applied to subsets of journey instances after building those instances from unstructured event data, increasing reuse of instances built from a query against the unstructured data.

公开(公告)号：US11726990B2

公开(公告)日：2023-08-15

申请号：US17451300

申请日：2021-10-18

Applicant: Splunk Inc.

Inventor： Akash Dwivedi ,  Himanshu Gupta ,  Eric Tschetter

IPC: G06F16/23 ,  G06F16/248 ,  G06F9/54 ,  G06F16/2458 ,  G06F16/25 ,  G06F16/22

CPC classification number: G06F16/2379 ,  G06F9/54 ,  G06F16/221 ,  G06F16/248 ,  G06F16/2477 ,  G06F16/258

Abstract: Systems and methods are disclosed for efficiently storing information identifying journey instances within unstructured event data of a data intake and processing system. Each journey instance is illustratively associated with a series of events within the unstructured event data occurring over a journey duration. Because the unstructured event data may be constantly updated, any given inspection of the event data may yield both complete and incomplete instances. Storage of instance data over time can require updating of prior incomplete journey instances with complete versions of such instance detected at a later point in time. However, a data store of the unstructured event data may be unsuited for such updating, as the store may maintain version information for deleted data to reduce possibility of data loss. To address this issue, a separate structured data store, such as a columnar time series data store, is provided to efficiently store instance information.

公开(公告)号：US20230161821A1

公开(公告)日：2023-05-25

申请号：US18151364

申请日：2023-01-06

Applicant: Splunk Inc.

Inventor： Joerg Beringer ,  Isabelle Park ,  Joshua Walters ,  Eric Tschetter ,  Simon Foster Fishel

IPC: G06F16/903 ,  G06F16/28 ,  G06F16/9038

CPC classification number: G06F16/90335 ,  G06F16/287 ,  G06F16/9038

Abstract: Systems and methods are disclosed for processing events having raw machine data associated with a timestamp using one or more pivot identifiers and one or more step identifiers to generate one or more journey instances. Based on the one or more pivot identifier field, the system can relate events that have a common field value for the pivot identifier field. Based on the one or more step identifiers, the system can group the related events into a subset of events. Using the subset of events, the system can build a journey instance.

公开(公告)号：US11550849B2

公开(公告)日：2023-01-10

申请号：US17160933

申请日：2021-01-28

Applicant: Splunk Inc.

Inventor： Joerg Beringer ,  Isabelle Park ,  Joshua Walters ,  Eric Tschetter ,  Simon Foster Fishel

IPC: G06F16/903 ,  G06F16/28 ,  G06F16/9038

Abstract: Systems and methods are disclosed for processing events having raw machine data associated with a timestamp using one or more pivot identifiers and one or more step identifiers to generate one or more journey instances. Based on the one or more pivot identifier field, the system can relate events that have a common field value for the pivot identifier field. Based on the one or more step identifiers, the system can group the related events into a subset of events. Using the subset of events, the system can build a journey instance.

公开(公告)号：US11269876B1

公开(公告)日：2022-03-08

申请号：US16864029

申请日：2020-04-30

Applicant: Splunk Inc.

Inventor： Chandrashekar Basavaiah ,  Elizabeth Li ,  Eric Tschetter ,  Joshua Walters

IPC: G06F9/44 ,  G06F16/2452 ,  G06F16/21 ,  G06F8/77

Abstract: Systems and methods are disclosed for supporting transformations of a graph generated from a query to event data. The event data may be unstructured event data, from which instances of a journey can be identified that represent sequences of related events describing actions performed in a computing environment. When evaluating journey instances, it can be helpful to visualize the instances as a graph. Depending on the instances viewed, a user may desire different modifications to the graph. While such modifications can be made when initially building instances from the unstructured event data, this can limit reuse of the resulting instances (since the modification would also be present when evaluating other subsets). To address this, embodiments of the present disclosure enable graph modifications to be applied to subsets of journey instances after building those instances from unstructured event data, increasing reuse of instances built from a query against the unstructured data.