公开(公告)号：US11263229B1

公开(公告)日：2022-03-01

申请号：US16657987

申请日：2019-10-18

Applicant: Splunk Inc.

Inventor： Chandrashekar Basavaiah ,  Jindrich Dinga ,  Elizabeth Li ,  Cary Glen Noel ,  Isabelle Park ,  Eric Tschetter ,  Joshua Walters ,  Mei Chun Yeh

IPC: G06F16/00 ,  G06F16/25 ,  G06F16/245 ,  G06F16/22

Abstract: Systems and methods are disclosed for efficiently detecting alert states within unstructured event data. Alert states are illustratively defined as occurring when a threshold number of journey instances are present within the unstructured event data, each journey instance representing a series of events within the event data representing steps within a pre-defined journey. Detecting journey instances within unstructured event data can require significant computational resources, and thus attempting to detect alert states directly from unstructured event data can lead to inefficiencies. Embodiments of this disclosure enable a structured data set of journey instances to be generated from unstructured event data, and for the structured data set to be evaluated based on criteria of multiple alert states. By utilizing a single structured data set to support evaluation based on multiple alert states, detecting alert states from unstructured event data is rendered more efficient.

公开(公告)号：US11144185B1

公开(公告)日：2021-10-12

申请号：US16147310

申请日：2018-09-28

Applicant: SPLUNK INC.

Inventor： Jindrich Dinga ,  Simon Fishel ,  Cary Noel ,  Isabelle Park ,  Horst Werner

IPC: G06F3/0484 ,  G06F3/0482 ,  G06F16/904 ,  G06F16/9535

Abstract: Systems, methods, and computer readable media are disclosed for generating and providing concurrent journey visualizations associated with different journey definitions. In computer-implemented embodiments, a data intake and query system, or a journey visualization computing tool, can be used to generate and provide concurrent representations corresponding with different journey definitions. In operation, a set of journey instances associated with a journey having a set of steps is obtained. Each step may be associated with at least one event that includes raw machine data produced by a component of an information technology environment. Upon obtaining different journey definitions specifying filters to apply to the set of journey instances, the data intake and query system can generate journey visualizations in accordance with the journey definitions. Thereafter, the journey visualizations corresponding with the journey definitions can be concurrently displayed by a computing device via a graphical user interface.

公开(公告)号：US10997192B2

公开(公告)日：2021-05-04

申请号：US16264562

申请日：2019-01-31

Applicant: Splunk Inc.

Inventor： Paul Boster ,  Keith Kramer ,  Cary Noel ,  Isabelle Park

IPC: G06F16/248 ,  G06F16/25 ,  G06F3/0484

Abstract: Systems and methods are disclosed for implementing a data stream correlation user interface. The data stream correlation user interface provides workflows for selecting individual data sources from a matrix of data sources, identifying individual data fields of the data sources, establishing criteria for determining correlations between them, and reviewing and enabling user verification of correlated data sources. Correlations may be established based on the values of data fields in individual records of the data sources, and may be determined based on correspondences or associations between the values, lookup tables, formulas, user-specified criteria, or other relationships.

公开(公告)号：US20190294718A1

公开(公告)日：2019-09-26

申请号：US15936372

申请日：2018-03-26

Applicant: Splunk Inc.

Inventor： Joerg Beringer ,  Isabelle Park ,  Joshua Walters ,  Eric Tschetter ,  Simon Fishel ,  Horst Werner

IPC: G06F17/30

Abstract: Systems and methods are disclosed for analyzing multiple groups of ordered events having raw machine data associated with a timestamp. The events in a particular group of ordered events can be related based on a common field value for a particular field associated with a pivot identifier. Further, the events in a particular group of ordered events can be categorized based on one or more field values for field associated with a step identifier. One or more visualizations can be generated based on one or more of the groups of ordered events.