公开(公告)号：US20160098402A1

公开(公告)日：2016-04-07

申请号：US14528905

申请日：2014-10-30

Applicant: Splunk Inc.

Inventor： Nicholas John Filippi ,  Katherine Kyle Feeney ,  Cory Eugene Burke ,  Abhinav Prasad Nekkanti ,  Marc Vincent Robichaud ,  Irina Korobova

IPC: G06F17/30 ,  G06F9/54

CPC classification number: G06F17/3051 ,  G06F11/00 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/0766 ,  G06F17/30 ,  G06F17/30563 ,  G06Q10/00 ,  H04L41/00 ,  H04L41/0631

Abstract: Custom communication alert techniques are described. In one or more implementations, a triggering condition is detected by one or more computing devices that is found by searching data using one or more extraction rules of a late-binding schema. Responsive to the detection of the triggering condition of the alert, a communication is formed by the one or more computing devices that corresponds to the alert and that includes one or more tokens based on one or more values of the data taken from fields defined by the one or more extraction rules. The communication is caused to be transmitted by the one or more computing device via a network for receipt by at least one computing device of an intended recipient of the communication.

Abstract translation: 描述自定义通信警报技术。 在一个或多个实现中，通过使用后期绑定模式的一个或多个提取规则通过搜索数据而发现的一个或多个计算设备来检测触发条件。 响应于警报的触发条件的检测，由与警报对应的一个或多个计算设备形成通信，并且基于从由所述警报定义的字段取得的数据的一个或多个值来包括一个或多个令牌 一个或多个提取规则。 该通信被一个或多个计算设备经由网络发送，以由通信的预期接收者的至少一个计算设备接收。

公开(公告)号：US20160098385A1

公开(公告)日：2016-04-07

申请号：US14526468

申请日：2014-10-28

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Katherine Kyle Feeney ,  Divanny I. Lamas ,  Marc Vincent Robichaud ,  Matthew G. Ness ,  Clara E. Lee

IPC: G06F17/24 ,  G06F3/0484 ,  G06K9/20 ,  G06F3/0482

CPC classification number: G06F3/04842 ,  G06F3/0482 ,  G06F3/04847 ,  G06F9/451 ,  G06F17/246 ,  G06F17/30315 ,  G06F17/30389 ,  G06F17/30395 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30864 ,  G06K9/2054

Abstract: In embodiments of statistics value chart interface cell mode drill down, a first interface displays in a table format that includes columns each with field values of an event field, and each column having a column heading of a different one of the event fields, and includes rows each with one or more of the field values, each field value in a row associated with a different one of the event fields, and having an aggregated metric that represents a number of events with field-value pairs that match all of the field values listed in a respective row and the corresponding event fields listed in the respective columns. A cell can be emphasized that includes one of the field values in a row that corresponds to one of the different event fields in a column, and in response, a menu displays options to transition to a second interface.

Abstract translation: 在统计值图表接口单元模式下拉的实施例中，第一界面以表格格式显示，其格式包括各自具有事件字段的字段值的列，并且每列具有不同的事件字段的列标题，并且包括 每个具有一个或多个字段值的行，与行事件字段中的不同一个相关联的行中的每个字段值，并且具有表示具有与所有字段值匹配的字段值对的事件的数量的聚合度量 列在相应的行中以及相应列中列出的相应事件字段。 可以强调一个单元格，其中包括与列中的不同事件字段之一相对应的行中的一个字段值，并且作为响应，菜单显示用于转换到第二接口的选项。

公开(公告)号：US20150339344A1

公开(公告)日：2015-11-26

申请号：US14815884

申请日：2015-07-31

Applicant: Splunk Inc.

Inventor： Alice Emily Neels ,  Archana Sulochana Ganapathi ,  Marc Vincent Robichaud ,  Stephen Phillip Sorkin ,  Steve Yu Zhang

IPC: G06F17/30

CPC classification number: G06F17/30395 ,  G06F3/0482 ,  G06F17/248 ,  G06F17/30283 ,  G06F17/30424 ,  G06F17/30528 ,  G06F17/30554 ,  G06F17/30867

Abstract: Embodiments include generating data models that may give semantic meaning for unstructured or structured data that may include data generated and/or received by search engines, including a time series engine. A method includes generating a data model for data stored in a repository. Generating the data model includes generating an initial query string, executing the initial query string on the data, generating an initial result set based on the initial query string being executed on the data, determining one or more candidate fields from one or results of the initial result set, generating a candidate data model based on the one or more candidate fields, iteratively modifying the candidate data model until the candidate data model models the data, and using the candidate data model as the data model.

Abstract translation: 实施例包括生成可以给非结构化或结构化数据赋予语义意义的数据模型，其可以包括由搜索引擎（包括时间序列引擎）生成和/或接收的数据。 一种方法包括为存储在存储库中的数据生成数据模型。 生成数据模型包括生成初始查询字符串，对数据执行初始查询字符串，基于对数据执行的初始查询字符串生成初始结果集，从一个或多个初始查询字符串的结果确定一个或多个候选字段 生成基于一个或多个候选字段的候选数据模型，迭代地修改候选数据模型，直到候选数据模型对数据建模，并使用候选数据模型作为数据模型。

公开(公告)号：US20140074817A1

公开(公告)日：2014-03-13

申请号：US13662369

申请日：2012-10-26

Applicant: SPLUNK INC.

Inventor： Alice Emily Neels ,  Archara Sulochana Ganapathi ,  Marc Vincent Robichaud ,  Stephen Phillip Sorkin ,  Steve Yu Zhang

IPC: G06F17/30

CPC classification number: G06F17/30395 ,  G06F3/0482 ,  G06F17/248 ,  G06F17/30283 ,  G06F17/30424 ,  G06F17/30528 ,  G06F17/30554 ,  G06F17/30867

Abstract: Embodiments are directed towards generating data models that may give semantic meaning for unstructured data or structured data that may include data generated and/or received by search engines, including a time series engine. Data models also may be generated to provide semantic meaning to structured data. A data model may be composed of a hierarchical data model objects analogous to an object-oriented programming class hierarchy. Users may employ a data modeling application to produce reports using search objects that may be part of, or associated with the data model. The data modeling application may employ the search object and the data model to generate a query string for searching a data repository to produce a result set. A data modeling application may map the result set data to data model objects that may be used to generate reports.

Abstract translation: 实施例涉及生成可能给非结构化数据或结构化数据提供语义意义的数据模型，这些结构化数据或结构化数据可能包括由搜索引擎（包括时间序列引擎）生成和/或接收的数据。 也可以生成数据模型以为结构化数据提供语义。 数据模型可以由类似于面向对象的编程类层次结构的分层数据模型对象组成。 用户可以使用数据建模应用程序来生成使用可能是数据模型的一部分或与数据模型相关联的搜索对象的报告。 数据建模应用程序可以使用搜索对象和数据模型来生成用于搜索数据存储库以产生结果集的查询字符串。 数据建模应用程序可将结果集数据映射到可用于生成报告的数据模型对象。

公开(公告)号：US12019624B2

公开(公告)日：2024-06-25

申请号：US17121949

申请日：2020-12-15

Applicant: SPLUNK Inc.

Inventor： Marc Vincent Robichaud ,  Cory Eugene Burke ,  Jeffrey Thomas Lloyd

IPC: G06F16/242 ,  G06Q10/10

CPC classification number: G06F16/2423 ,  G06Q10/103

Abstract: A list of command entries is displayed in a search interface, each of the command entries representing one or more commands of a plurality of commands of a search query. The list of command entries are displayed in a sequence corresponding to the plurality of commands of the search query. Based on a user interaction with a designated command entry in the displayed list of command entries, the displayed list of command entries is modified with respect to the designated command. Furthermore, the search query is automatically modified with respect to the corresponding one or more commands represented by the designated command entry. The modification can include causing the designated command entry to be removed from or reordered in the displayed list of command entries and the automatic modification cam include causing the corresponding one or more commands to be removed from or reordered in the search query.

公开(公告)号：US11893010B1

公开(公告)日：2024-02-06

申请号：US17734786

申请日：2022-05-02

Applicant: SPLUNK INC.

Inventor： Alice Emily Neels ,  Archana Sulochana Ganapathi ,  Marc Vincent Robichaud ,  Stephen Phillip Sorkin ,  Steve Yu Zhang

IPC: G06F16/242 ,  G06F16/27 ,  G06F16/245 ,  G06F16/248 ,  G06F16/9535 ,  G06F16/2457 ,  G06F40/186 ,  G06F3/0482

CPC classification number: G06F16/2425 ,  G06F3/0482 ,  G06F16/245 ,  G06F16/248 ,  G06F16/24575 ,  G06F16/27 ,  G06F16/9535 ,  G06F40/186

Abstract: Embodiments include generating data models that may give semantic meaning for unstructured or structured data that may include data generated and/or received by search engines, including a time series engine. A method includes generating a data model for data stored in a repository. Generating the data model includes generating an initial query string, executing the initial query string on the data, generating an initial result set based on the initial query string being executed on the data, determining one or more candidate fields from one or results of the initial result set, generating a candidate data model based on the one or more candidate fields, iteratively modifying the candidate data model until the candidate data model models the data, and using the candidate data model as the data model.

公开(公告)号：US11816108B1

公开(公告)日：2023-11-14

申请号：US17805095

申请日：2022-06-02

Applicant: SPLUNK INC.

Inventor： Nicholas John Filippi ,  Katherine Kyle Feeney ,  Cory Eugene Burke ,  Abhinav Prasad Nekkanti ,  Marc Vincent Robichaud ,  Irina Korobova

IPC: G06F16/20 ,  G06F16/2455 ,  G06F11/07 ,  H04L41/0631 ,  G06F11/00 ,  G06Q10/00 ,  H04L41/00 ,  G06F16/9536 ,  G06F9/54 ,  G06F16/00 ,  G06F16/25

CPC classification number: G06F16/24565 ,  G06F9/542 ,  G06F11/00 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/0766 ,  G06F16/9536 ,  G06Q10/00 ,  H04L41/00 ,  H04L41/0631 ,  G06F16/00 ,  G06F16/254

Abstract: Custom communication alert techniques are described. In one or more implementations, a triggering condition is detected by one or more computing devices that is found by searching data using one or more extraction rules of a late-binding schema. Responsive to the detection of the triggering condition of the alert, a communication is formed by the one or more computing devices that corresponds to the alert and that includes one or more tokens based on one or more values of the data taken from fields defined by the one or more extraction rules. The communication is caused to be transmitted by the one or more computing device via a network for receipt by at least one computing device of an intended recipient of the communication.

公开(公告)号：US11687515B1

公开(公告)日：2023-06-27

申请号：US17475049

申请日：2021-09-14

Applicant: SPLUNK Inc.

Inventor： Divanny I. Lamas ,  Marc Vincent Robichaud

IPC: G06F16/00 ,  G06F16/22 ,  G06F16/2458

CPC classification number: G06F16/2291 ,  G06F16/2477

Abstract: Event time selection output techniques are described. In one or more implementations, one or more inputs are received, at one or more computing devices, that involve interaction associated with a particular one of a plurality of events via a user interface, in which the plurality of events result from a search of data, each of the plurality of events include the data that is associated with a respective point in time, and the one or more inputs specify a relative time in relation to the respective point in time of the particular event. A determination is made as to which of the plurality of events correspond to the specified relative time by the one or more computing devices and a result of the determination is output by the one or more computing devices for display in the user interface.

公开(公告)号：US11531713B2

公开(公告)日：2022-12-20

申请号：US16750256

申请日：2020-01-23

Applicant: SPLUNK INC.

Inventor： Marc Vincent Robichaud ,  Cory Eugene Burke ,  Jeffrey Thomas Lloyd

IPC: G06F16/93 ,  G06F3/0482 ,  G06F16/242 ,  G06F16/2458 ,  G06F16/248 ,  G06F16/9038

Abstract: Based on a selection by a user of first one or more values of one or more events displayed in a graphical interface, an extraction rule is automatically determined that is capable of extracting a field label-value pair at least partially within at least the selected one or more values. An option is displayed that correspond to the determined extraction rule in the graphical interface. Based on the user selecting the option in the graphical interface, display is caused of second one or more values of one or more field label-value pairs extracted from the one or more events using the extraction rule. The one or more events may be displayed in a table format, and the first one or more value may be selected by the user selecting one or more cells, columns, or text portions in the table format.

公开(公告)号：US20220155943A1

公开(公告)日：2022-05-19

申请号：US17647797

申请日：2022-01-12

Applicant: SPLUNK INC.

Inventor： Cory Eugene Burke ,  Katherine Kyle Feeney ,  Divanny I. Lamas ,  Marc Vincent Robichaud ,  Matthew G. Ness ,  Clara E. Lee

IPC: G06F3/04842 ,  G06F16/22 ,  G06F16/242 ,  G06F3/0482 ,  G06F40/18 ,  G06V10/22 ,  G06F16/951 ,  G06F3/04847 ,  G06F16/248 ,  G06F16/2455 ,  G06F16/25 ,  G06F9/451

Abstract: In embodiments of statistics chart row mode drill down, a first interface is displayed in a table format that includes columns and rows, where each row is associated with an event and each column includes field for a respective event. The rows can further include one or more aggregated metrics representing a number of events associated with a respective row. A row can be emphasized in the first interface and, in response a menu can be displayed with selectable options to transition to a second interface, where the data displayed by the second interface is based on an option selected from the menu.