公开(公告)号：US10592093B2

公开(公告)日：2020-03-17

申请号：US14859248

申请日：2015-09-18

Applicant: Splunk Inc.

Inventor： Manish Sainani ,  Adam Jamison Oliner ,  Jacob Barton Leverich ,  Leonid Alekseyev ,  Sonal Barton Maheshwari

IPC: G06F17/30 ,  G06F3/0488 ,  H04L12/24

Abstract: Techniques are disclosed for anomaly detection. A search query can be executed over a period of time to produce values for a key performance indicator (KPI), the search query defining the KPI and deriving a value indicative of the performance of a service at a point in time or during a period of time, the value derived from machine data pertaining to one or more entities that provide the service. A graphical user interface (GUI) enabling a user to indicate a sensitivity setting can be displayed. A user input indicating the sensitivity setting can be received via the GUI. Zero or more of the values as anomalies can be identified in consideration of the sensitivity setting indicated by the user input. A GUI including information related to the values identified as anomalies can be caused to be displayed.

公开(公告)号：US10536351B2

公开(公告)日：2020-01-14

申请号：US15224440

申请日：2016-07-29

Applicant: Splunk Inc.

Inventor： Pradeep B. Nagaraju ,  Adam Jamison Oliner ,  Brian Matthew Gilmore ,  Erick Anthony Dean ,  Jiahan Wang

IPC: G06F15/177 ,  H04L12/26 ,  H04L12/24 ,  G06N20/00 ,  G06F16/901 ,  G06F16/9038

Abstract: Disclosed is a technique that can be performed by an electronic device. The technique can include generating timestamped events, where the timestamped events include raw data generated by electronic device. The technique can further include obtaining results by performing a operation on the timestamped events, in accordance with instructions. The technique can further include sending the results or indicia thereof over a network to a server computer system, and receiving back new instructions generated by the server computer system based on the sent results. Lastly, the technique can include performing a new operation on timestamped events including raw data generated based by the electronic device, where the new operation can be performed in accordance with the new instructions to obtain new results.

公开(公告)号：US20200012966A1

公开(公告)日：2020-01-09

申请号：US16573745

申请日：2019-09-17

Applicant: Splunk Inc.

Inventor： Pradeep Baliganapalli Nagaraju ,  Adam Jamison Oliner ,  Brian Matthew Gilmore ,  Erick Anthony Dean ,  Jiahan Wang

IPC: G06N20/00

Abstract: Disclosed is a technique that can be performed by an electronic device. The electronic device can generate time-stamped events, extract training data from the time-stamped events, and sending the training data over a network to a remote computer. The electronic device can receive model data generated by the remote computer from the training data by use of a machine learning process, update a local model of the electronic device based on the received model data, and generate an output by processing locally sourced data of the electronic device with the updated local model.

公开(公告)号：US10460255B2

公开(公告)日：2019-10-29

申请号：US15224439

申请日：2016-07-29

Applicant: Splunk Inc.

Inventor： Pradeep B. Nagaraju ,  Adam Jamison Oliner ,  Brian Matthew Gilmore ,  Erick Anthony Dean ,  Jiahan Wang

IPC: G06N20/00 ,  G06F11/30

Abstract: Disclosed is a technique that can be performed by an electronic device. The technique can include generating raw data based on inputs to the electronic device, and sending the raw data or data items over a network to a server computer system. The sent raw data or the data items can include training data. The technique can further include receiving global model data from the server computer system over the network. The global model data may have been derived from the training data in accordance with a machine learning process. The technique can further include generating an updated local model by updating a local model associated with the electronic device based on the received global model data, and processing local data based on the updated local model to generate output data. The local data can include raw data or data items generated based on inputs to the electronic device.

公开(公告)号：US20180349482A1

公开(公告)日：2018-12-06

申请号：US16049748

申请日：2018-07-30

Applicant: Splunk Inc.

Inventor： Adam Jamison Oliner ,  Kristal Curtis ,  Iman Makaremi ,  Ross Andrew Lazerowitz

IPC: G06F17/30 ,  G06F9/451

CPC classification number: G06F3/0481 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/542 ,  G06F17/30964 ,  G06Q10/06393 ,  G06Q10/20 ,  H04L41/0604 ,  H04L41/0681 ,  H04L41/069 ,  H04L41/22 ,  H04L41/5009 ,  Y04S10/54

Abstract: Network connections are established between machines of an operating environment to be monitored and a server group of a data intake and query system (DIQS). Data reflecting machine and component operations of the environment is conveyed via the network to the DIQS where it is reflected as timestamped entries in a field-searchable datastore. Monitoring components may search the datastore and identify and record instances of notable events. Triaging models are selectively applied against the notable event instances to produce an enhanced notable event instance representation with modeled results effective to automatically perform or assist in triaging the notable events so they are dispatched in an optimal, effective, and efficient, manner.

公开(公告)号：US20180089303A1

公开(公告)日：2018-03-29

申请号：US15276693

申请日：2016-09-26

Applicant: SPLUNK INC.

Inventor： Jesse Brandau Miller ,  Katherine Kyle Feeney ,  Yuan Xie ,  Steve Zhang ,  Adam Jamison Oliner ,  Jindrich Dinga ,  Jacob Leverich

IPC: G06F17/30

CPC classification number: G06F16/26

Abstract: Systems and methods include causing presentation of a first cluster in association with an event of the first cluster, the first cluster from a first set of clusters of events. Each event includes a time stamp and event data. Based on the presentation of the first cluster, an extraction rule corresponding to the event of the first cluster is received from a user. Similarities in the event data between the events are determined based on the received extraction rule. The events are grouped into a second set of clusters based on the determined similarities. Presentation is caused of a second cluster in association with an event of the second cluster, where the second cluster is from the second set of clusters.

公开(公告)号：US20160104076A1

公开(公告)日：2016-04-14

申请号：US14859236

申请日：2015-09-18

Applicant: Splunk Inc.

Inventor： Sonal Maheshwari ,  Manish Sainani ,  Leonid Alekseyev ,  Alan Hardin ,  Jacob Barton Leverich ,  Adam Jamison Oliner ,  Brian Reyes ,  Alok Anant Bhide

IPC: G06N99/00

CPC classification number: G06N99/005

Abstract: Techniques are disclosed for providing adaptive thresholding technology for Key Performance Indicators (KPIs). Adaptive thresholding technology may automatically assign new values or adjust existing values for one or more thresholds of one or more time policies. Assigning threshold values using adaptive thresholding may involve identifying training data (e.g., historical data, simulated data, or example data) for the time frames and analyzing the training data to identify variations within the data (e.g., patterns, distributions, trends). A threshold value may be determined based on the variations and may be assigned to one or more of the thresholds without additional user intervention.

Abstract translation: 公开了用于为关键性能指标（KPI）提供自适应阈值技术的技术。 自适应阈值技术可以自动分配新值或调整一个或多个时间策略的一个或多个阈值的现有值。 使用自适应阈值分配阈值可以涉及识别用于时间帧的训练数据（例如，历史数据，模拟数据或示例数据），并且分析训练数据以识别数据内的变化（例如，模式，分布，趋势）。 可以基于变化来确定阈值，并且可以将阈值分配给一个或多个阈值，而无需额外的用户干预。

公开(公告)号：US11916764B1

公开(公告)日：2024-02-27

申请号：US18152027

申请日：2023-01-09

Applicant: SPLUNK INC.

Inventor： Pradeep Baliganapalli Nagaraju ,  Adam Jamison Oliner ,  Brian Matthew Gilmore ,  Erick Anthony Dean ,  Jiahan Wang

IPC: G06F15/177 ,  H04L43/028 ,  H04L41/14 ,  G06N20/00 ,  G06F16/901 ,  G06F16/9038 ,  H04L43/08 ,  G06F16/2458 ,  G06N5/047

CPC classification number: H04L43/028 ,  G06F16/2477 ,  G06F16/901 ,  G06F16/9038 ,  G06N20/00 ,  H04L41/14 ,  H04L43/08 ,  G06N5/047

Abstract: Disclosed is a technique that can be performed by a server computer system. The technique can include obtaining data from each of multiple endpoint devices to form global data. The global data can be generated by the endpoint devices in accordance with local instructions in each of the endpoint devices. The technique further includes generating global instructions based on the global data and sending the global instructions to a particular endpoint device. The global instructions configure the particular endpoint device to perform a data analytic operation that analyzes events. The events can include raw data generated by a sensor of the particular endpoint device.

公开(公告)号：US11886464B1

公开(公告)日：2024-01-30

申请号：US18100329

申请日：2023-01-23

Applicant: Splunk Inc.

Inventor： Adam Jamison Oliner ,  Kristal Curtis ,  Iman Makaremi ,  Ross Andrew Lazerowitz

IPC: H04L41/0604 ,  G06F16/28 ,  G06F16/21 ,  G06F9/54 ,  H04L41/22 ,  H04L41/069 ,  H04L41/5009 ,  H04L41/0681 ,  G06Q10/0639 ,  G06Q10/20 ,  G06F16/903 ,  G06Q10/10 ,  H04L67/50

CPC classification number: G06F16/282 ,  G06F9/542 ,  G06F16/213 ,  G06F16/903 ,  G06Q10/06393 ,  G06Q10/10 ,  G06Q10/20 ,  H04L41/0604 ,  H04L41/069 ,  H04L41/0681 ,  H04L41/22 ,  H04L41/5009 ,  H04L67/535

Abstract: Machine data of an operating environment is conveyed by a network to a data intake and query system (DIQS) which reflects the machine data as timestamped entries of a field-searchable datastore. Monitoring functionality may search the machine data to identify notable event instances. A notable event processing system correlates the notable event instance to one or more triaging models which are executed against the notable event to produce a modeled result. Information of the received notable event and the modeled results are combined into an enhanced representation of a notable event instance. The enhanced representation conditions downstream processing to automatically perform or assist triaging of notable event instances to optimize application of computing resources to highest priority conditions in the operating environment.

公开(公告)号：US11379508B1

公开(公告)日：2022-07-05

申请号：US17158220

申请日：2021-01-26

Applicant: Splunk Inc.

Inventor： Sara Alspaugh ,  Adam Jamison Oliner

IPC: G06T11/20 ,  G06F16/35 ,  G06F9/54 ,  G06F16/901 ,  G06N5/04 ,  G06F16/31

Abstract: Machine data reflecting operation of a monitored system is ingested and made available for search by a data intake and query system (DIQS). Ingested data includes log data entries produced by an application that represent low-level instances of user interface or interaction events. Inference processing generates a new collection of data instances that each identifies a higher-level task performed by a user in a sequence of the low-level events without regard to any explicit task affiliation data component of the low-level instances. Information for the task may include a measure of confidence that each low-level event of the sequence is properly associated with the task. Tasks of the new collection may be advantageously visualized and included in downstream processing.