公开(公告)号：US20190166146A1

公开(公告)日：2019-05-30

申请号：US16264561

申请日：2019-01-31

Applicant: Splunk Inc,

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey ,  Alexander Raitz ,  David Hazekamp

IPC: H04L29/06 ,  G06F17/24 ,  G06F21/62 ,  G06F16/2458 ,  G06F16/25 ,  H04L12/26 ,  G06F3/0484 ,  G06F16/248

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

公开(公告)号：US09921733B2

公开(公告)日：2018-03-20

申请号：US14607873

申请日：2015-01-28

Applicant: SPLUNK INC.

Inventor： Nicholas Filippi ,  Siegfried Puchbauer-Schnabel ,  Cary Noel

IPC: G06F15/00 ,  G06F13/00 ,  G06F3/0484

CPC classification number: G06F3/04847

Abstract: Provided are systems and methods for determining and displaying automatically binned information via a graphical user interface. A graphical user interface (GUI) may include a first graphical element representing a first metric value for a first time window and a second graphical element representing a second metric value for a second time window. An indication of a selection of the first time window may be received via the GUI. An updated GUI comprising a third graphical element representing a third metric value for the third time window and a fourth graphical element representing the fourth metric value for the fourth time window may be displayed, wherein the third time window and the fourth time window may be sub-ranges of the first time window.

公开(公告)号：US20170031565A1

公开(公告)日：2017-02-02

申请号：US14815984

申请日：2015-08-01

Applicant: Splunk Inc.

Inventor： Vijay Chauhan ,  Cary Noel ,  Wenhui Yu ,  Luke Murphey

IPC: G06F3/0484 ,  H04L29/06

CPC classification number: G06F3/04842 ,  G06F3/04847 ,  H04L63/1416 ,  H04L63/1425

Abstract: Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. A network security application provides various interfaces that enable users to create investigation timelines, where the investigation timelines display a collection of events related to a particular network security investigation. A network security application further provides functionality to monitor and log user interactions with the network security application, where particular logged user interactions may also be added to one or more investigation timelines.

Abstract translation: 公开了技术和机制，使网络安全分析师和其他用户有效地进行网络安全调查并产生调查结果的有用表示。 如本文所使用的，网络安全调查通常是指分析者（或分析师小组）对可能对管理的计算机网络造成内部和/或外部威胁的一个或多个检测到的网络事件的分析。 网络安全应用程序提供各种接口，使用户能够创建调查时间表，其中调查时间表显示与特定网络安全调查相关的事件的集合。 网络安全应用程序还提供监视和记录与网络安全应用程序的用户交互的功能，其中特定记录的用户交互也可以被添加到一个或多个调查时间线。

公开(公告)号：US08806361B1

公开(公告)日：2014-08-12

申请号：US14046767

申请日：2013-10-04

Applicant: Splunk Inc.

Inventor： Cary Noel ,  John Coates

IPC: G06F3/048 ,  G06F3/0482

CPC classification number: G06F3/0481 ,  G06F3/0484 ,  G06F3/04842 ,  G06F17/30551 ,  G06F17/30554

Abstract: A visualization can include a set of swim lanes, each swim lane representing information about an event type. An event type can be specified, e.g., as those events having certain keywords and/or having specified value(s) for specified field(s). The swim lane can plot when (within a time range) events of the associated event type occurred. Specifically, each such event can be assigned to a bucket having a bucket time matching the event time. A swim lane can extend along a timeline axis in the visualization, and the buckets can be positioned at a point along the axis that represents the bucket time. Thus, the visualization may indicate whether events were clustered at a point in time. Because the visualization can include a plurality of swim lanes, the visualization can further indicate how timing of events of a first type compare to timing of events of a second type.

Abstract translation: 可视化可以包括一组泳道，每个泳道表示关于事件类型的信息。 可以指定事件类型，例如作为具有某些关键字的事件和/或具有指定字段的指定值的事件。 泳道可以绘制发生相关事件类型的事件（在一段时间内）。 特别地，每个这样的事件可以被分配给具有与事件时间匹配的桶时间的桶。 泳道可以沿着可视化中的时间线轴线延伸，并且桶可以被定位在沿轴线的表示铲斗时间的点上。 因此，可视化可以指示事件是否在某个时间点聚集。 因为可视化可以包括多个泳道，所以可视化可以进一步指示第一类型的事件的定时如何与第二类型的事件的定时比较。

公开(公告)号：US12124669B1

公开(公告)日：2024-10-22

申请号：US17688029

申请日：2022-03-07

Applicant: Splunk Inc.

Inventor： Cary Noel ,  John Coates

IPC: G06F3/0484 ,  G06F3/0481 ,  G06F3/04842 ,  G06F16/2458 ,  G06F16/248

CPC classification number: G06F3/0481 ,  G06F3/0484 ,  G06F3/04842 ,  G06F16/2477 ,  G06F16/248

Abstract: A visualization can include a set of swim lanes, each swim lane representing information about an event type. An event type can be specified, e.g., as those events having certain keywords and/or having specified value(s) for specified field(s). The swim lane can plot when (within a time range) events of the associated event type occurred. Specifically, each such event can be assigned to a bucket having a bucket time matching the event time. A swim lane can extend along a timeline axis in the visualization, and the buckets can be positioned at a point along the axis that represents the bucket time. Thus, the visualization may indicate whether events were clustered at a point in time. Because the visualization can include a plurality of swim lanes, the visualization can further indicate how timing of events of a first type compare to timing of events of a second type.

公开(公告)号：US11797168B1

公开(公告)日：2023-10-24

申请号：US17856842

申请日：2022-07-01

Applicant: SPLUNK INC.

Inventor： Nicholas Filippi ,  Siegfried Puchbauer-Schnabel ,  Cary Noel

IPC: G06F3/04847

CPC classification number: G06F3/04847

Abstract: Provided are systems and methods for determining and displaying automatically binned information via a graphical user interface. A graphical user interface (GUI) may include a first graphical element representing a first metric value for a first time window and a second graphical element representing a second metric value for a second time window. An indication of a selection of the first time window may be received via the GUI. An updated GUI comprising a third graphical element representing a third metric value for the third time window and a fourth graphical element representing the fourth metric value for the fourth time window may be displayed, wherein the third time window and the fourth time window may be sub-ranges of the first time window.

公开(公告)号：US20210385139A1

公开(公告)日：2021-12-09

申请号：US17443228

申请日：2021-07-22

Applicant: Splunk Inc.

Inventor： Qianjie Zhong ,  Geng Qin ,  Ting Wang ,  Min Zhang ,  Micah Delfino ,  Jef Bekes ,  D. Randall Young ,  Cary Noel ,  Feng Shao ,  Dritan Bitincka

IPC: H04L12/26 ,  H04L12/24

Abstract: Techniques and mechanisms are disclosed that enable collection of various types of data from cloud computing services and the generation of various dashboards and visualizations to view information about collections of cloud computing resources. A user can configure collection of data from one or more cloud computing services and view visualizations using an application platform referred to herein as a cloud computing management application. A cloud computing management application further may be configured to generate and cause display of interactive topology map representations of cloud computing resources based on the collected data, where an interactive topology map enables users to view an intuitive visualization of a collection of computing resources, efficiently cause performance of actions with respect to various resources displayed in the topology map, and analyze the collection of resources in ways that are not possible using conventional cloud computing service management consoles.

公开(公告)号：US11144185B1

公开(公告)日：2021-10-12

申请号：US16147310

申请日：2018-09-28

Applicant: SPLUNK INC.

Inventor： Jindrich Dinga ,  Simon Fishel ,  Cary Noel ,  Isabelle Park ,  Horst Werner

IPC: G06F3/0484 ,  G06F3/0482 ,  G06F16/904 ,  G06F16/9535

Abstract: Systems, methods, and computer readable media are disclosed for generating and providing concurrent journey visualizations associated with different journey definitions. In computer-implemented embodiments, a data intake and query system, or a journey visualization computing tool, can be used to generate and provide concurrent representations corresponding with different journey definitions. In operation, a set of journey instances associated with a journey having a set of steps is obtained. Each step may be associated with at least one event that includes raw machine data produced by a component of an information technology environment. Upon obtaining different journey definitions specifying filters to apply to the set of journey instances, the data intake and query system can generate journey visualizations in accordance with the journey definitions. Thereafter, the journey visualizations corresponding with the journey definitions can be concurrently displayed by a computing device via a graphical user interface.

公开(公告)号：US10997192B2

公开(公告)日：2021-05-04

申请号：US16264562

申请日：2019-01-31

Applicant: Splunk Inc.

Inventor： Paul Boster ,  Keith Kramer ,  Cary Noel ,  Isabelle Park

IPC: G06F16/248 ,  G06F16/25 ,  G06F3/0484

Abstract: Systems and methods are disclosed for implementing a data stream correlation user interface. The data stream correlation user interface provides workflows for selecting individual data sources from a matrix of data sources, identifying individual data fields of the data sources, establishing criteria for determining correlations between them, and reviewing and enabling user verification of correlated data sources. Correlations may be established based on the values of data fields in individual records of the data sources, and may be determined based on correspondences or associations between the values, lookup tables, formulas, user-specified criteria, or other relationships.

公开(公告)号：US20180157404A1

公开(公告)日：2018-06-07

申请号：US15885799

申请日：2018-01-31

Applicant: Splunk Inc.

Inventor： Cary Noel ,  Ian Link

IPC: G06F3/0484 ,  G06F17/30 ,  G06Q10/06

CPC classification number: G06F3/04847 ,  G06F16/00 ,  G06Q10/063

Abstract: Data values for various items are visualized in real-time or near real-time using radial-based techniques to produce data visualizations bearing some resemblance to, for example, pie charts, radial charts, etc. The data values are shown using indicators that encircle, or at least partially encircle, a central point. One or more characteristics of the indicator reflect the value that corresponds to the indicator. The characteristics may include, for instance, the color of the indicator and/or the distance of the indicator (or more specifically, a given point on the indicator) from the central point. The characteristics of the indicators change over time, in accordance with changes in the current values of the data items. A variety of indicators may be used, including, without limitation, points, icons, pie “wedges,” filled or partially-filled sectors of an ellipse or semi-circle, arcs or lines that span between the sides of such sectors, and so forth.