公开(公告)号：US11936764B1

公开(公告)日：2024-03-19

申请号：US17865041

申请日：2022-07-14

Applicant: Splunk Inc.

Inventor： Vladimir A. Shcherbakov ,  Michael R. Dickey

IPC: H04L69/22 ,  H04L67/10

CPC classification number: H04L69/22 ,  H04L67/10

Abstract: The disclosed embodiments provide a system that processes network data. During operation, the system obtains, at a remote capture agent, a first protocol classification for a first packet flow captured by the remote capture agent. Next, the system uses configuration information associated with the first protocol classification to build a first event stream from the first packet flow at the remote capture agent, wherein the first event stream comprises time-series event data generated from network packets in the first packet flow based on the first protocol classification. The system then transmits the first event stream over a network for subsequent storage and processing of the first event stream by one or more components on the network.

公开(公告)号：US10462004B2

公开(公告)日：2019-10-29

申请号：US14699807

申请日：2015-04-29

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Wei Jiang ,  Vladimir A. Shcherbakov ,  Ramkumar Chandrasekharan ,  Clayton S. Ching

IPC: G06F16/00 ,  H04L12/24 ,  G06F3/0482 ,  G06F3/0484 ,  G06F16/26 ,  G06F3/0481 ,  H04L29/08

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements containing a set of statistics associated with one or more event streams that comprise the time-series event data. The system then causes for display, in the GUI, one or more graphs comprising one or more values from the set of statistics. Finally, the system causes for display, in the GUI, a value of a statistic from the set of statistics based on a position of a cursor over the one or more graphs.

公开(公告)号：US20190303385A1

公开(公告)日：2019-10-03

申请号：US16442338

申请日：2019-06-14

Applicant: Splunk Inc.

Inventor： Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Nishant Teredesai ,  Matthew S. Zises

IPC: G06F16/26 ,  H04L12/26 ,  H04L12/24 ,  H04L29/06

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements comprising event stream information for one or more ephemeral event streams used to temporarily generate the time-series event data from the network packets. The system then causes for display, in the GUI, a mechanism for navigating between the event stream information and creation information for one or more creators of the one or more ephemeral event streams.

公开(公告)号：US20190268446A1

公开(公告)日：2019-08-29

申请号：US16404644

申请日：2019-05-06

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Clint Sharp

IPC: H04L29/06 ,  H04L12/26

Abstract: The disclosed embodiments provide a system for extracting custom content from network packets. During operation, the system receives a stream of packets. The system then parses packets in the stream to determine a protocol for each packet. Next, the system applies a custom-content-extraction rule to each packet associated with a target protocol to obtain the extracted content. Then, the system stores the extracted content in events in a data store to facilitate subsequent queries involving the extracted content.

公开(公告)号：US10382599B2

公开(公告)日：2019-08-13

申请号：US15665268

申请日：2017-07-31

Applicant: Splunk Inc.

Inventor： Vladimir A. Shcherbakov ,  Michael Dickey

IPC: H04L29/08 ,  H04L29/06

Abstract: The disclosed embodiments provide a system that processes network data. During operation, the system obtains, at a remote capture agent, a first protocol classification for a first packet flow captured by the remote capture agent. Next, the system uses configuration information associated with the first protocol classification to build a first event stream from the first packet flow at the remote capture agent, wherein the first event stream comprises time-series event data generated from network packets in the first packet flow based on the first protocol classification. The system then transmits the first event stream over a network for subsequent storage and processing of the first event stream by one or more components on the network.

公开(公告)号：US20160127180A1

公开(公告)日：2016-05-05

申请号：US14528932

申请日：2014-10-30

Applicant: Splunk Inc.

Inventor： Vladimir A. Shcherbakov ,  Michael R. Dickey ,  Cary Glen Noel ,  Kishore R. Ramasayam ,  Mignon L. Belongie

IPC: H04L12/24 ,  G06F3/0481 ,  G06F3/0482 ,  G06F3/0484

CPC classification number: G06F3/0482 ,  H04L41/0613 ,  H04L41/0622 ,  H04L41/0681 ,  H04L41/0686 ,  H04L41/22 ,  H04L43/026 ,  H04L43/045 ,  H04L43/12

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system provides, in the GUI, a first set of user-interface elements for including one or more event attributes in the time-series event data of an event stream associated with a protocol classification of the network packets. The system then includes the one or more event attributes specified through the first set of user-interface elements in the configuration information.

Abstract translation: 所公开的实施例提供了有助于网络数据的处理的系统。 在操作期间，系统提供图形用户界面（GUI），用于获得用于配置由一个或多个远程捕获代理捕获的网络分组生成时间序列事件数据的配置信息。 接下来，系统在GUI中提供用于在与网络分组的协议分类相关联的事件流的时间序列事件数据中包括一个或多个事件属性的第一组用户界面元素。 然后，该系统包括通过配置信息中的第一组用户界面元素指定的一个或多个事件属性。

公开(公告)号：US20150295779A1

公开(公告)日：2015-10-15

申请号：US14610438

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Nishant Teredesai ,  Matthew S. Zises

IPC: H04L12/24 ,  H04L29/06

CPC classification number: G06F16/26 ,  H04L41/22 ,  H04L43/022 ,  H04L43/045 ,  H04L63/1433

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements comprising event stream information for one or more ephemeral event streams used to temporarily generate the time-series event data from the network packets. The system then causes for display, in the GUI, a mechanism for navigating between the event stream information and creation information for one or more creators of the one or more ephemeral event streams.

Abstract translation: 所公开的实施例提供了有助于网络数据的处理的系统。 在操作期间，系统使得显示图形用户界面（GUI），用于获得用于配置从一个或多个远程捕获代理捕获的网络分组生成时间序列事件数据的配置信息。 接下来，系统导致在GUI中显示第一组用户界面元素，其包括用于从网络分组临时生成时间序列事件数据的一个或多个临时事件流的事件流信息。 然后，系统在GUI中显示用于在事件流信息和用于一个或多个临时事件流的一个或多个创建者的创建信息之间导航的机制。

公开(公告)号：US11567960B2

公开(公告)日：2023-01-31

申请号：US17143063

申请日：2021-01-06

Applicant: Splunk Inc.

Inventor： Vladimir A. Shcherbakov ,  Stewart Smith ,  Nicholas Matthew Tankersley ,  Junyu Wang ,  Peter Wu

IPC: G06F16/30 ,  G06F16/248 ,  G06F16/26 ,  G06F3/0482 ,  G06F3/04817

Abstract: Systems and methods are described to determine relationships between one or more components of an isolated execution environment system based on data obtained from a data intake and query system. Based on the determined relationships, an interactive visualization is generated that indicates the hierarchical relationship of the components. In some cases, to illustrate the relationship between components of the isolated execution environment system, the visualization can include one or more display objects displayed in a subordinate or superior relationship to other display objects. In certain cases, based on an interaction with a display object, the system can generate a query and/or display additional information and/or visualizations based on the results of the query.

公开(公告)号：US20220124183A1

公开(公告)日：2022-04-21

申请号：US17466665

申请日：2021-09-03

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Clint Sharp

IPC: H04L69/22 ,  H04L43/028

Abstract: The disclosed embodiments provide a system for extracting custom content from network packets. During operation, the system receives a stream of packets. The system then parses packets in the stream to determine a protocol for each packet. Next, the system applies a custom-content-extraction rule to each packet associated with a target protocol to obtain the extracted content. Then, the system stores the extracted content in events in a data store to facilitate subsequent queries involving the extracted content.

公开(公告)号：US11296951B2

公开(公告)日：2022-04-05

申请号：US16908564

申请日：2020-06-22

Applicant: Splunk Inc.

Inventor： Fang I. Hsiao ,  Clayton S. Ching ,  Michael R. Dickey ,  Vladimir A. Shcherbakov ,  Cary Glen Noel

IPC: H04L12/24 ,  H04L12/26 ,  H04L41/22 ,  H04L43/0894 ,  H04L43/045

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system obtains a set of event streams from one or more remote capture agents over one or more networks, wherein the set of event streams comprises time-series event data generated from network packets captured by the one or more remote capture agents. Next, the system causes for display, within a graphical user interface (GUI), a first set of user interface elements, wherein the first set of user interface elements includes event stream information for an event stream in the set of event streams and a first graph of a metric associated with the time-series event data in the event stream. The system then updates the first graph in real-time with the time-series event data from the one or more remote capture agents.