公开(公告)号：US10726030B2

公开(公告)日：2020-07-28

申请号：US14815954

申请日：2015-07-31

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Jacob Barton Leverich ,  Jeffrey Thomas Lloyd ,  Adam Jamison Oliner ,  Marc Vincent Robichaud ,  Jesse Miller

IPC: G06F16/248 ,  G06F11/30 ,  G06F11/34 ,  G06F16/242 ,  G06F16/245

Abstract: A facility for defining an event subtype using examples is described. The facility displays events identified among machine-generated data. The facility receives user input selecting a first subset of the events as examples of an event subtype. In response to receiving the user input, the facility displays a second subset of the events predicted to belong to the event subtype on the basis of the examples of the event subtype.

公开(公告)号：US10375098B2

公开(公告)日：2019-08-06

申请号：US15420737

申请日：2017-01-31

Applicant: SPLUNK INC.

Inventor： Adam Jamison Oliner ,  Jonathan La ,  Colleen Kinross ,  Hongyang Zhang ,  Jacob Leverich ,  Shang Cai ,  Mihai Ganea ,  Alex Cruise ,  Toufic Boubez ,  Manish Sainani

IPC: H04L29/06 ,  G06N3/04 ,  G06N3/08

Abstract: In some implementations, sequences of time series values determined from machine data are obtained. Each sequence corresponds to a respective time series. A plurality of predictive models is generated for a first time series from the sequences of time series values. Each predictive model is to generate predicted values associated with the first time series using values of a second time series. For each of the plurality of predictive models, an error is determined between the corresponding predicted values and values associated with the first time series. A predictive model is selected for anomaly detection based on the determined error of the predictive model. Transmission is caused of an indication of an anomaly detected using the selected predictive model.

公开(公告)号：US20190147363A1

公开(公告)日：2019-05-16

申请号：US16244817

申请日：2019-01-10

Applicant: Splunk Inc.

Inventor： Sonal Maheshwari ,  Manish Sainani ,  Leonid Alekseyev ,  Alan Hardin ,  Jacob Barton Leverich ,  Adam Jamison Oliner ,  Brian Reyes ,  Alok Anant Bhide

IPC: G06N20/00

CPC classification number: G06N20/00

Abstract: Techniques are disclosed for providing adaptive thresholding technology for Key Performance Indicators (KPIs) that are updated using training data. Adaptive thresholding technology may automatically assign new values or adjust existing values for one or more thresholds of one or more time policies. Assigning threshold values using adaptive thresholding may involve identifying training data (e.g., historical data, simulated data, or example data) for the time frames and analyzing the training data to identify variations within the data (e.g., patterns, distributions, trends). A threshold value may be determined based on the variations and may be assigned to one or more of the thresholds without additional user intervention.

公开(公告)号：US20180365309A1

公开(公告)日：2018-12-20

申请号：US16049757

申请日：2018-07-30

Applicant: Splunk Inc.

Inventor： Adam Jamison Oliner ,  Kristal Curtis ,  Iman Makaremi ,  Ross Andrew Lazerowitz

IPC: G06F17/30

Abstract: Machine data of an operating environment is conveyed by a network to a data intake and query system (DIQS) which reflects the machine data as timestamped entries of a field-searchable datastore. Monitoring functionality may search the machine data to identify notable event instances. A notable event processing system correlates the notable event instance to one or more triaging models which are executed against the notable event to produce a modeled result. Information of the received notable event and the modeled results are combined into an enhanced representation of a notable event instance. The enhanced representation conditions downstream processing to automatically perform or assist triaging of notable event instances to optimize application of computing resources to highest priority conditions in the operating environment.

公开(公告)号：US20170329462A1

公开(公告)日：2017-11-16

申请号：US15662916

申请日：2017-07-28

Applicant: Splunk Inc.

Inventor： Sonal Maheshwari ,  Manish Sainani ,  Leonid Alekseyev ,  Alan Hardin ,  Jacob Barton Leverich ,  Adam Jamison Oliner ,  Brian Reyes ,  Alok Anant Bhide

IPC: G06F3/0481 ,  G06F17/30 ,  G06T11/20 ,  H04L29/08

CPC classification number: G06F3/0481 ,  G06F3/04812 ,  G06F16/2474 ,  G06F16/248 ,  G06Q10/06393 ,  G06Q10/109 ,  G06T11/206 ,  H04L67/1095

Abstract: Techniques are disclosed for providing a graphical user interface (GUI) for displaying and configuring adaptive or static thresholds for Key Performance Indicators (KPIs). The GUI may include one or more presentation schedules that may display threshold information associated with time policies. Each presentation schedule may include multiple time slots and span a portion of one or more time cycles. Some of the time slots may be associated with a specific time policy and may have a unifying appearance that distinguishes the time slots from timeslots associated with other time policies. The presentation schedules may arrange the time slots in a time grid arrangement (e.g., calendar grid view) or a graph arrangement with depictions (e.g., points, lines) that may illustrate KPI values and threshold markers that may illustrate the threshold values.

公开(公告)号：US11693895B1

公开(公告)日：2023-07-04

申请号：US17743434

申请日：2022-05-12

Applicant: Splunk Inc.

Inventor： Sara Alspaugh ,  Adam Jamison Oliner

IPC: G06T11/20 ,  G06F16/35 ,  G06F9/54 ,  G06N5/04 ,  G06F16/31 ,  G06F16/901

CPC classification number: G06F16/358 ,  G06F9/542 ,  G06F16/328 ,  G06F16/9024 ,  G06N5/04 ,  G06T11/206

Abstract: Machine data reflecting operation of a monitored system is ingested and made available for search by a data intake and query system (DIQS). Monitoring includes obtaining a subset of ordered events that are assigned to a task. In a graphical user interface on a display, a chart for the task is displayed. The chart includes an event identifier for each event of the subset of the ordered events, a confidence level value related to each event identifier of each event of the subset of ordered events, the confidence level value indicating the confidence level that the event is in the task. The chart further includes a time reference value identifying a time of each event.

公开(公告)号：US11657065B2

公开(公告)日：2023-05-23

申请号：US17158880

申请日：2021-01-26

Applicant: SPLUNK INC.

Inventor： Jesse Brandau Miller ,  Katherine Kyle Feeney ,  Yuan Xie ,  Steve Zhang ,  Adam Jamison Oliner ,  Jindrich Dinga ,  Jacob Leverich

IPC: G06F16/26

CPC classification number: G06F16/26

Abstract: Systems and methods include causing presentation of a first cluster in association with an event of the first cluster, the first cluster from a first set of clusters of events. Each event includes a time stamp and event data. Based on the presentation of the first cluster, an extraction rule corresponding to the event of the first cluster is received from a user. Similarities in the event data between the events are determined based on the received extraction rule. The events are grouped into a second set of clusters based on the determined similarities. Presentation is caused of a second cluster in association with an event of the second cluster, where the second cluster is from the second set of clusters.

公开(公告)号：US11632383B2

公开(公告)日：2023-04-18

申请号：US17075928

申请日：2020-10-21

Applicant: SPLUNK INC.

Inventor： Adam Jamison Oliner ,  Jonathan La ,  Colleen Kinross ,  Hongyang Zhang ,  Jacob Leverich ,  Shang Cai ,  Mihai Ganea ,  Alex Cruise ,  Toufic Boubez ,  Manish Sainani

IPC: G06F21/00 ,  H04L9/40 ,  G06N3/08 ,  G06N5/00 ,  G06N3/04

Abstract: In some implementations, sequences of time series values determined from machine data are obtained. Each sequence corresponds to a respective time series. A plurality of predictive models is generated for a first time series from the sequences of time series values. Each predictive model is to generate predicted values associated with the first time series using values of a second time series. For each of the plurality of predictive models, an error is determined between the corresponding predicted values and values associated with the first time series. A predictive model is selected for anomaly detection based on the determined error of the predictive model. Transmission is caused of an indication of an anomaly detected using the selected predictive model.

公开(公告)号：US11340774B1

公开(公告)日：2022-05-24

申请号：US16542774

申请日：2019-08-16

Applicant: Splunk Inc.

Inventor： Manish Sainani ,  Adam Jamison Oliner ,  Jacob Barton Leverich ,  Leonid Alekseyev ,  Sonal Maheshwari

IPC: G06F15/16 ,  G06F3/0488

Abstract: Techniques are disclosed for anomaly detection based on a predicted value. A search query can be executed over a period of time to produce values for a key performance indicator (KPI), the search query defining the KPI and deriving a value indicative of the performance of a service at a point in time or during a period of time, the value derived from machine data pertaining to one or more entities that provide the service. A graphical user interface (GUI) enabling a user to indicate a sensitivity setting can be displayed. A user input indicating the sensitivity setting can be received via the GUI. Zero or more of the values as anomalies can be identified in consideration of the sensitivity setting indicated by the user input.

公开(公告)号：US10685279B2

公开(公告)日：2020-06-16

申请号：US15420754

申请日：2017-01-31

Applicant: SPLUNK INC.

Inventor： Adam Jamison Oliner ,  Nghi Huu Nguyen ,  Jacob Leverich ,  Zidong Yang

IPC: G06F17/00 ,  G06N3/04 ,  G06F16/26 ,  G06F16/25

Abstract: Systems and methods include obtaining a set of events, each event in the set of events comprising a time-stamped portion of raw machine data, the raw machine data produced by one or more components within an information technology or security environment and reflects activity within the information technology or security environment. Thereafter, a first neural network is used to automatically identify variable text to extract as a field from the set of events. An indication of the variable text is provided as a field extraction recommendation, for example, to a user device for presentation to a user.