公开(公告)号：US12205022B2

公开(公告)日：2025-01-21

申请号：US16945415

申请日：2020-07-31

Applicant: Splunk Inc.

Inventor： Ram Sriharsha ,  Zhaohui Wang ,  Kristal Curtis

IPC: G06N3/08 ,  G06F16/23 ,  G06F16/245

Abstract: Systems and methods are described for extracting data fields from logs ingested in a data processing pipeline or otherwise stored. For example, a log can be applied as an input to an artificial intelligence model trained to infer a log sourcetype of logs, and the artificial intelligence model can output an inferred log sourcetype of the log. The inferred log sourcetype can be used to select another artificial intelligence model trained to extract data fields from logs having the inferred log sourcetype, and the log can then be applied as an input to the other artificial intelligence model. The other artificial intelligence model may then output one or more data fields extracted from the log.

公开(公告)号：US11921720B1

公开(公告)日：2024-03-05

申请号：US17978684

申请日：2022-11-01

Applicant: SPLUNK Inc.

Inventor： Chinmay Madhav Kulkarni ,  Lin Ma ,  Amir Malekpour ,  Mohan Rajagopalan ,  John C. Reed ,  Ram Sriharsha

IPC: G06F16/2453 ,  G06F16/2455 ,  G06N20/00

CPC classification number: G06F16/24549 ,  G06F16/2455 ,  G06N20/00

Abstract: A computer-implemented method is disclosed that includes operations of parsing a query comprised of a sequence of operators to detect each operator of the sequence of operators, where the sequence of operators includes a machine learning (ML) operator representing a trained ML model. Additionally, a schema of the ML operator is determined through metadata. A filter or a projection is generated based on the schema of the ML operator, where the filter or projection is configured to reduce an amount of data retrieved upon application of the filter of the projection to an operator of the sequence of operators comprising the query. The schema of the ML operator indicates a schema of input data to be provided to the ML operator and a schema of output data to be provided by the ML operator following processing.

公开(公告)号：US11792157B1

公开(公告)日：2023-10-17

申请号：US17941502

申请日：2022-09-09

Applicant: SPLUNK Inc.

Inventor： Abhinav Mishra ,  Giovanni Mola ,  Ram Sriharsha ,  Zhaohui Wang

IPC: H04L61/4511 ,  H04L67/141 ,  G06F40/205 ,  H04L43/067 ,  H04L47/28

CPC classification number: H04L61/4511 ,  G06F40/205 ,  H04L43/067 ,  H04L47/286 ,  H04L67/141

Abstract: The disclosure provides implementations for determining whether domain name server (DNS) beaconing is present within a communication session. Some implementations provide a method that includes multiple analyses directed to analyzing each of a time-to-live (TTL) run length distribution for a plurality of DNS records within the communication session and analyzing whether the communication is comprised of at least a threshold number of transmissions. As used in the analyses, the communication session may be comprised of transmissions between a first source device and a first DNS. When DNS beaconing is detected within the communication session, some implementations of the disclosure provide for generating an alert to an administrator or other user.

公开(公告)号：US11615102B2

公开(公告)日：2023-03-28

申请号：US16779509

申请日：2020-01-31

Applicant: Splunk Inc.

Inventor： Ram Sriharsha

IPC: G06F16/2458 ,  G06F16/28 ,  G06F16/23 ,  G06F9/38 ,  G06F9/54 ,  G06K9/62 ,  G06F16/2455 ,  G06F16/14 ,  G06F16/22 ,  G06F16/2453 ,  G06F16/16 ,  G06F17/16 ,  G06F17/18 ,  G06F16/242 ,  G06N20/20 ,  G06N20/00

Abstract: Systems and methods are described for testing one or more machine learning algorithms in parallel with an existing machine learning algorithm implemented within a data processing pipeline. Each machine learning algorithm can train a machine learning model that receives a live stream of raw machine data. The output of the machine learning model trained by the existing machine learning algorithm may be written to an external storage system, but the output of the machine learning model(s) trained by the test machine learning algorithm(s) may not be written to an external storage system. After some time, performance of the test machine learning algorithm(s) and the existing machine learning algorithm is evaluated. If the test machine learning algorithm performs better than the existing machine learning algorithm, then the machine learning algorithms can be swapped without any downtime and without needed to re-train a machine learning model using previously seen raw machine data.

公开(公告)号：US11567735B1

公开(公告)日：2023-01-31

申请号：US17074280

申请日：2020-10-19

Applicant: SPLUNK Inc.

Inventor： Chinmay Madhav Kulkarni ,  Lin Ma ,  Amir Malekpour ,  Mohan Rajagopalan ,  John C. Reed ,  Ram Sriharsha

IPC: G06F8/30 ,  G06F16/21 ,  G06F16/953 ,  G06N20/00 ,  G06F8/41

Abstract: According to one embodiment, a method that supports queries deploying operators based on multiple programming languages is described. A sequence of operators associated with a query is identified, where the sequence of operators includes at least two neighboring operators including a first operator based on a first programming language and a second operator based on a second programming language that is different from the first programming language. Thereafter, a schema associated with the first operator and a schema associated with the second operator is determined along with the compatibility between the schema of the first operator and the schema of the second operator. A query error message is generated in response to incompatibility between the first operator schema and the second operator schema. Compatibility is determined when an output generated by execution of the first operator provides machine data needed as input for execution of the second operator.

公开(公告)号：US11748634B1

公开(公告)日：2023-09-05

申请号：US17074206

申请日：2020-10-19

Applicant: SPLUNK Inc.

Inventor： Chinmay Madhav Kulkarni ,  Lin Ma ,  Amir Malekpour ,  Mohan Rajagopalan ,  John C. Reed ,  Ram Sriharsha

IPC: G06F18/214 ,  G06F16/28 ,  G06F16/2455 ,  G06F16/248 ,  G06F8/41 ,  G06N5/025 ,  G06N20/00

CPC classification number: G06N5/025 ,  G06F18/2148 ,  G06N20/00 ,  G06F8/4452 ,  G06F16/248 ,  G06F16/24553 ,  G06F16/287

Abstract: A computer-implemented method for integration of machine learning components within a pipelined search query to generate a visualization is described. Herein, an interface is provided for receipt of pipelined code into a web-based programming application. The pipelined code features a series of operators configured to perform one or more tasks based on collective operations by the series of operators, wherein a first operator of the series of operators is to receive input data from a selected data source and each remaining operator of the series of operators to receive input based on an output from a preceding operator of the remaining operators. The task(s) performed by the pipelined code generate results including visualizations. The visualization is rendered in a manner that allows the pipelined code to be scrolled to display the pipelined code or the visualization.

公开(公告)号：US20230237094A1

公开(公告)日：2023-07-27

申请号：US18190519

申请日：2023-03-27

Applicant: Splunk Inc.

Inventor： Ram Sriharsha ,  Kristal Lyn Curtis ,  Iryna Vogler-Ivashchanka ,  Clark Eugene Mullen

IPC: G06F16/901 ,  G06F16/2458 ,  G06F16/28 ,  G06F16/23 ,  G06N20/20 ,  G06F9/38 ,  G06F9/54 ,  G06F16/2455 ,  G06F16/14 ,  G06F16/22 ,  G06F16/2453 ,  G06N20/00 ,  G06F16/16 ,  G06F17/16 ,  G06F17/18 ,  G06F16/242 ,  G06F18/214 ,  G06F18/21

CPC classification number: G06F16/901 ,  G06F9/544 ,  G06F9/3885 ,  G06F16/23 ,  G06F16/144 ,  G06F16/156 ,  G06F16/168 ,  G06F16/242 ,  G06F16/285 ,  G06F16/2246 ,  G06F16/2379 ,  G06F16/2465 ,  G06F16/24534 ,  G06F16/24568 ,  G06F17/16 ,  G06F17/18 ,  G06F18/2148 ,  G06F18/2185 ,  G06N20/00 ,  G06N20/20 ,  G06F16/22 ,  G06F16/2264 ,  G06F16/2282

Abstract: Systems and methods are described for processing ingested data in an asynchronous manner as the data is being ingested to detect potential anomalies. For example, one or more streaming data processors can convert data as the data is ingested into a comparable data structure, determine whether the comparable data structure should be assigned to an existing data pattern or a new data pattern, and optionally update a characteristic of the data pattern to which the comparable data structure is assigned. The streaming data processor(s) can perform these operations automatically in real-time or in periodic batches. Once one or more comparable data structures have been assigned to one or more data patterns, the streaming data processor(s) can analyze the comparable data structures assigned to a particular data pattern to determine whether any of the comparable data structures appear to be anomalous.

公开(公告)号：US11620296B2

公开(公告)日：2023-04-04

申请号：US16779456

申请日：2020-01-31

Applicant: Splunk Inc.

Inventor： Ram Sriharsha

IPC: G06F16/00 ,  G06F16/2458 ,  G06F16/28 ,  G06F16/23 ,  G06N20/20 ,  G06F9/38 ,  G06F9/54 ,  G06K9/62 ,  G06F16/2455 ,  G06F16/14 ,  G06F16/22 ,  G06F16/2453 ,  G06N20/00 ,  G06F16/16 ,  G06F17/16 ,  G06F17/18 ,  G06F16/242

Abstract: Systems and methods are described for processing ingested data using an online machine learning algorithm as the data is being ingested. For example, the online machine learning algorithm can be an adaptive thresholding algorithm used to identify outliers in a moving window of data. As another example, the online machine learning algorithm can be a sequential outlier detector that detects anomalous sequences of logs or events. As another example, the online machine learning algorithm can be a sentiment analyzer that determines whether text has a positive, negative, or neutral sentiment. As another example, the online machine learning algorithm can be a drift detector that detects whether ingested data marks the start of a change in the distribution of a time-series.

公开(公告)号：US11500871B1

公开(公告)日：2022-11-15

申请号：US17074100

申请日：2020-10-19

Applicant: SPLUNK Inc.

Inventor： Chinmay Madhav Kulkarni ,  Lin Ma ,  Amir Malekpour ,  Mohan Rajagopalan ,  John C. Reed ,  Ram Sriharsha

IPC: G06F16/2453 ,  G06N20/00 ,  G06F16/2455

Abstract: A computer-implemented method is disclosed that includes operations of receiving a query to be executed, the query including an indication of a data source at which input data is be to obtained, wherein the query is to be executed on the input data, determining a schema of the input data, determining fields of the input data that are required for execution of the query by analyzing a sequence of operators forming the query, determining one or more alterations to the query to improve efficiency of the execution of the query based on the fields of input data required for the execution, and generating an altered query be altering the query in accordance with the one or more alterations. The method may further include converting the query to a directed acyclic graph (DAG) and providing the DAG to a distributed processing engine configured to execute the DAG.

公开(公告)号：US11475024B2

公开(公告)日：2022-10-18

申请号：US16779460

申请日：2020-01-31

Applicant: Splunk Inc.

Inventor： Ram Sriharsha

IPC: G06F16/2458 ,  G06F16/28 ,  G06F16/23 ,  G06N20/20 ,  G06F9/38 ,  G06F9/54 ,  G06K9/62 ,  G06F16/2455 ,  G06F16/14 ,  G06F16/22 ,  G06F16/2453 ,  G06N20/00 ,  G06F16/16 ,  G06F17/16 ,  G06F17/18 ,  G06F16/242

Abstract: Systems and methods are described for processing ingested data, detecting anomalies in the ingested data, and providing explanations of a possible cause of the detected anomalies as the data is being ingested. For example, a token or field in the ingested data may have an anomalous value. Tokens or fields from another portion of the ingested data can be extracted and analyzed to determine whether there is any correlation between the values of the extracted tokens or fields and the anomalous token or field having an anomalous value. If a correlation is detected, this information can be surfaced to a user.