公开(公告)号：US20150180891A1

公开(公告)日：2015-06-25

申请号：US14135427

申请日：2013-12-19

Applicant: Splunk Inc.

Inventor： Mark SEWARD ,  John Robert COATES

IPC: H04L29/06

CPC classification number: H04L63/1416 ,  G06F16/212 ,  G06F16/951 ,  H04L63/1425

Abstract: Systems and methods are provided for identifying network addresses and/or IDs of a deduplicated list among network data, machine data, and/or events derived from network data and/or machine data, and for identifying notable events by searching for the presence of network addresses and/or network IDs that are deduplicated across lists received from multiple external sources. One method includes receiving a plurality of lists of network locations, wherein each list is received from over a network, wherein each of the network locations includes a domain name or an IP address, and wherein at least two of the plurality of lists each include a same network location; aggregating the plurality of lists of network locations into a deduplicated list of unique network locations; and searching network data or machine data for a network location included in the deduplicated list of unique network locations.

Abstract translation: 系统和方法被提供用于识别网络数据，机器数据和/或从网络数据和/或机器数据导出的事件中的重复数据删除的列表的网络地址和/或ID，并且通过搜索网络的存在来识别显着的事件 在从多个外部源接收到的列表中进行重复数据删除的地址和/或网络ID。 一种方法包括接收多个网络位置列表，其中每个列表通过网络接收，其中每个网络位置包括域名或IP地址，并且其中多个列表中的至少两个列表包括 同一网络位置; 将多个网络位置列表聚合成唯一网络位置的重复数据删除列表; 以及搜索包含在唯一网络位置的重复数据删除列表中的网络位置的网络数据或机器数据。