公开(公告)号：US11226977B1

公开(公告)日：2022-01-18

申请号：US16896145

申请日：2020-06-08

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Jacob Barton Leverich ,  Jeffrey Thomas Lloyd ,  Adam Jamison Oliner ,  Marc Vincent Robichaud ,  Jesse Miller

IPC: G06F16/248 ,  G06F11/30 ,  G06F16/245 ,  G06F16/242 ,  G06F11/34

Abstract: A facility for defining an event subtype using examples is described. The facility displays events identified among machine-generated data. The facility receives user input selecting a first subset of the events as examples of an event subtype. In response to receiving the user input, the facility displays a second subset of the events predicted to belong to the event subtype on the basis of the examples of the event subtype.

公开(公告)号：US11194794B2

公开(公告)日：2021-12-07

申请号：US15420618

申请日：2017-01-31

Applicant: SPLUNK INC.

Inventor： Adam Jamison Oliner ,  Hongyang Zhang ,  Sergey Slepian ,  Di Lu ,  XiaoYu Jia ,  Peter Chongjin Kim ,  Manish Sainani

IPC: G06F16/242 ,  G06N5/04 ,  G06N20/00 ,  G06F16/2457 ,  G06F16/2458

Abstract: Embodiments of the present invention are directed to facilitating search input recommendations. In accordance with aspects of the present disclosure, a set of events determined from raw machine data is obtained. The events are analyzed to generate a temporal map associated with the set of events. Generally, the temporal map associates candidate terms with temporally related terms that occur within a period of time corresponding with the candidate terms. A search term input into a search field is received. Based on the input search term, the temporal map is used to identify one or more temporally related term recommendations.

公开(公告)号：US20210149912A1

公开(公告)日：2021-05-20

申请号：US17158880

申请日：2021-01-26

Applicant: SPLUNK INC.

Inventor： Jesse Brandau Miller ,  Katherine Kyle Feeney ,  Yuan Xie ,  Steve Zhang ,  Adam Jamison Oliner ,  Jindrich Dinga ,  Jacob Leverich

IPC: G06F16/26

Abstract: Systems and methods include causing presentation of a first cluster in association with an event of the first cluster, the first cluster from a first set of clusters of events. Each event includes a time stamp and event data. Based on the presentation of the first cluster, an extraction rule corresponding to the event of the first cluster is received from a user. Similarities in the event data between the events are determined based on the received extraction rule. The events are grouped into a second set of clusters based on the determined similarities. Presentation is caused of a second cluster in association with an event of the second cluster, where the second cluster is from the second set of clusters.

公开(公告)号：US10956834B2

公开(公告)日：2021-03-23

申请号：US16707845

申请日：2019-12-09

Applicant: Splunk Inc.

Inventor： Manish Sainani ,  Sergey Slepian ,  Iman Makaremi ,  Adam Jamison Oliner ,  Jacob Leverich ,  Di Lu

IPC: G06N20/00 ,  H04L12/24 ,  G06N5/02

Abstract: Disclosed herein is a computer-implemented tool that facilitates data analysis by use of machine learning (ML) techniques. The tool cooperates with a data intake and query system and provides a graphical user interface (GUI) that enables a user to train and apply a variety of different ML models on user-selected datasets of stored machine data. The tool can provide active guidance to the user, to help the user choose data analysis paths that are likely to produce useful results and to avoid data analysis paths that are less likely to produce useful results.

公开(公告)号：US10942960B2

公开(公告)日：2021-03-09

申请号：US16049748

申请日：2018-07-30

Applicant: Splunk Inc.

Inventor： Adam Jamison Oliner ,  Kristal Curtis ,  Iman Makaremi ,  Ross Andrew Lazerowitz

IPC: G06F16/338 ,  G06F9/451 ,  G06F16/38 ,  G06F16/33 ,  G06F9/54 ,  H04L12/24 ,  G06Q10/06 ,  G06Q10/00 ,  G06F16/903

Abstract: Network connections are established between machines of an operating environment to be monitored and a server group of a data intake and query system (DIQS). Data reflecting machine and component operations of the environment is conveyed via the network to the DIQS where it is reflected as timestamped entries in a field-searchable datastore. Monitoring components may search the datastore and identify and record instances of notable events. Triaging models are selectively applied against the notable event instances to produce an enhanced notable event instance representation with modeled results effective to automatically perform or assist in triaging the notable events so they are dispatched in an optimal, effective, and efficient, manner.

公开(公告)号：US10942946B2

公开(公告)日：2021-03-09

申请号：US16049757

申请日：2018-07-30

Applicant: Splunk Inc.

Inventor： Adam Jamison Oliner ,  Kristal Curtis ,  Iman Makaremi ,  Ross Andrew Lazerowitz

IPC: H04L12/24 ,  G06F16/28 ,  G06F16/21 ,  G06F9/54 ,  G06Q10/06 ,  G06Q10/00 ,  G06F16/903 ,  G06Q10/10 ,  H04L29/08

Abstract: Machine data of an operating environment is conveyed by a network to a data intake and query system (DIQS) which reflects the machine data as timestamped entries of a field-searchable datastore. Monitoring functionality may search the machine data to identify notable event instances. A notable event processing system correlates the notable event instance to one or more triaging models which are executed against the notable event to produce a modeled result. Information of the received notable event and the modeled results are combined into an enhanced representation of a notable event instance. The enhanced representation conditions downstream processing to automatically perform or assist triaging of notable event instances to optimize application of computing resources to highest priority conditions in the operating environment.

公开(公告)号：US10235638B2

公开(公告)日：2019-03-19

申请号：US14859236

申请日：2015-09-18

Applicant: Splunk Inc.

Inventor： Sonal Maheshwari ,  Manish Sainani ,  Leonid Alekseyev ,  Alan Hardin ,  Jacob Barton Leverich ,  Adam Jamison Oliner ,  Brian Reyes ,  Alok Anant Bhide

IPC: H04L29/08 ,  G06N99/00

Abstract: Techniques are disclosed for providing adaptive thresholding technology for Key Performance Indicators (KPIs). Adaptive thresholding technology may automatically assign new values or adjust existing values for one or more thresholds of one or more time policies. Assigning threshold values using adaptive thresholding may involve identifying training data (e.g., historical data, simulated data, or example data) for the time frames and analyzing the training data to identify variations within the data (e.g., patterns, distributions, trends). A threshold value may be determined based on the variations and may be assigned to one or more of the thresholds without additional user intervention.

公开(公告)号：US20180218269A1

公开(公告)日：2018-08-02

申请号：US15419918

申请日：2017-01-30

Applicant: SPLUNK INC.

Inventor： Adam Jamison Oliner ,  Aungon Nag Radon ,  Manwah Wong ,  Manish Sainani ,  Harsh Keswani

IPC: G06N5/04 ,  G06N99/00 ,  G06F17/30

CPC classification number: G06N5/04 ,  G06F16/2465 ,  G06F16/26 ,  G06N20/00

Abstract: Embodiments of the present invention are directed to facilitating event forecasting. In accordance with aspects of the present disclosure, a set of events determined from raw machine data is obtained. The events are analyzed to identify leading indicators that indicate a future occurrence of a target event, wherein the leading indicators occur during a search period of time the precedes a warning period of time, thereby providing time for an action to be performed prior to an occurrence of a predicted target event. At least one of the leading indicators is used to predict a target event. An event notification is provided indicating the prediction of the target event.

公开(公告)号：US20180089561A1

公开(公告)日：2018-03-29

申请号：US15420754

申请日：2017-01-31

Applicant: SPLUNK INC.

Inventor： Adam Jamison Oliner ,  Nghi Huu Nguyen ,  Jacob Leverich ,  Zidong Yang

IPC: G06N3/08 ,  G06F17/30

Abstract: Systems and methods include obtaining a set of events, each event in the set of events comprising a time-stamped portion of raw machine data, the raw machine data produced by one or more components within an information technology or security environment and reflects activity within the information technology or security environment. Thereafter, a first neural network is used to automatically identify variable text to extract as a field from the set of events. An indication of the variable text is provided as a field extraction recommendation, for example, to a user device for presentation to a user.

公开(公告)号：US20180032908A1

公开(公告)日：2018-02-01

申请号：US15224439

申请日：2016-07-29

Applicant: Splunk Inc.

Inventor： Pradeep B. Nagaraju ,  Adam Jamison Oliner ,  Brian Matthew Gilmore ,  Erick Anthony Dean ,  Jiahan Wang

IPC: G06N99/00 ,  G06F17/30

CPC classification number: G06N20/00 ,  G06F11/30

Abstract: Disclosed is a technique that can be performed by an electronic device. The technique can include generating raw data based on inputs to the electronic device, and sending the raw data or data items over a network to a server computer system. The sent raw data or the data items can include training data. The technique can further include receiving global model data from the server computer system over the network. The global model data may have been derived from the training data in accordance with a machine learning process. The technique can further include generating an updated local model by updating a local model associated with the electronic device based on the received global model data, and processing local data based on the updated local model to generate output data. The local data can include raw data or data items generated based on inputs to the electronic device.