公开(公告)号：US11610156B1

公开(公告)日：2023-03-21

申请号：US17397919

申请日：2021-08-09

Applicant: SPLUNK INC.

Inventor： Pradeep Baliganapalli Nagaraju ,  Steve Zhang ,  Jiahan Wang ,  Adam Jamison Oliner ,  Erick Anthony Dean

IPC: G06F15/16 ,  G06N20/00 ,  G06N3/08 ,  G06N3/04 ,  G06K9/62 ,  G06V10/94

Abstract: Disclosed is a technique that can be performed by a server computer system. The technique can include executing a machine learning process to generate a machine learning model based on global data collected from one or more electronic devices, wherein the machine learning model is described by model data. The technique can further include encapsulating the model data in a markup language document. The technique can further include sending, over a network, the markup language document to at least one electronic device of the one or more electronic devices to cause the at least one electronic device to update a local device machine learning model.

公开(公告)号：US10997190B2

公开(公告)日：2021-05-04

申请号：US15012757

申请日：2016-02-01

Applicant: Splunk Inc.

Inventor： Michael Porath ,  Simon Foster Fishel ,  Adam Jamison Oliner ,  Clark Eugene Mullen ,  Siegfried Puchbauer-Schnabel ,  Marshall Chalmers Agnew

IPC: G06F16/24 ,  G06F16/248 ,  G06F9/54 ,  G06F9/451

Abstract: A modular visualization framework registers definitions for a variety of visualization types. The definitions are tagged with visualization characteristics. During a working session, likely interactive, a user identifies a search query used to produce data to be visualized. The working context, including the search query and data produced by its execution, is tagged for its visualization characteristics. Information about the working context, including its visualization characteristics, is then used to produce a customized list of candidates suited for the working context from which the user may select a visualization type.

公开(公告)号：US10855712B2

公开(公告)日：2020-12-01

申请号：US16446300

申请日：2019-06-19

Applicant: SPLUNK INC.

Inventor： Adam Jamison Oliner ,  Jonathan La ,  Colleen Kinross ,  Hongyang Zhang ,  Jacob Leverich ,  Shang Cai ,  Mihai Ganea ,  Alex Cruise ,  Toufic Boubez ,  Manish Sainani

IPC: G06F21/00 ,  H04L29/06 ,  G06N3/08 ,  G06N5/00 ,  G06N3/04

Abstract: In some implementations, sequences of time series values determined from machine data are obtained. Each sequence corresponds to a respective time series. A plurality of predictive models is generated for a first time series from the sequences of time series values. Each predictive model is to generate predicted values associated with the first time series using values of a second time series. For each of the plurality of predictive models, an error is determined between the corresponding predicted values and values associated with the first time series. A predictive model is selected for anomaly detection based on the determined error of the predictive model. Transmission is caused of an indication of an anomaly detected using the selected predictive model.

公开(公告)号：US20180034715A1

公开(公告)日：2018-02-01

申请号：US15224440

申请日：2016-07-29

Applicant: Splunk Inc.

Inventor： Pradeep B. Nagaraju ,  Adam Jamison Oliner ,  Brian Matthew Gilmore ,  Erick Anthony Dean ,  Jiahan Wang

IPC: H04L12/26 ,  H04L12/24 ,  G06F17/30 ,  G06N99/00

Abstract: Disclosed is a technique that can be performed by an electronic device. The technique can include generating timestamped events, where the timestamped events include raw data generated by electronic device. The technique can further include obtaining results by performing a operation on the timestamped events, in accordance with instructions. The technique can further include sending the results or indicia thereof over a network to a server computer system, and receiving back new instructions generated by the server computer system based on the sent results. Lastly, the technique can include performing a new operation on timestamped events including raw data generated based by the electronic device, where the new operation can be performed in accordance with the new instructions to obtain new results.

公开(公告)号：US20170031659A1

公开(公告)日：2017-02-02

申请号：US14815954

申请日：2015-07-31

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Jacob Barton Leverich ,  Jeffrey Thomas Lloyd ,  Adam Jamison Oliner ,  Marc Vincent Robichaud

IPC: G06F9/44 ,  G06F17/30

Abstract: A facility for defining an event subtype using examples is described. The facility displays events identified among machine-generated data. The facility receives user input selecting a first subset of the events as examples of an event subtype. In response to receiving the user input, the facility displays a second subset of the events predicted to belong to the event subtype on the basis of the examples of the event subtype.

Abstract translation: 描述使用示例来定义事件子类型的设施。 设备显示在机器生成的数据之间标识的事件。 该设施接收选择事件的第一子集的用户输入，作为事件子类型的示例。 响应于接收到用户输入，设施基于事件子类型的示例显示预测属于事件子类型的事件的第二子集。

公开(公告)号：US11681900B2

公开(公告)日：2023-06-20

申请号：US16901985

申请日：2020-06-15

Applicant: SPLUNK Inc.

Inventor： Adam Jamison Oliner ,  Nghi Huu Nguyen ,  Jacob Leverich ,  Zidong Yang

IPC: G06F16/00 ,  G06N3/045 ,  G06F16/26 ,  G06F16/25

CPC classification number: G06N3/045 ,  G06F16/254 ,  G06F16/26 ,  G06F2221/2151

Abstract: Systems and methods include obtaining a set of events, each event in the set of events comprising a time-stamped portion of raw machine data, the raw machine data produced by one or more components within an information technology or security environment and reflects activity within the information technology or security environment. Thereafter, a first neural network is used to automatically identify variable text to extract as a field from the set of events. An indication of the variable text is provided as a field extraction recommendation, for example, to a user device for presentation to a user.

公开(公告)号：US11593400B1

公开(公告)日：2023-02-28

申请号：US17158638

申请日：2021-01-26

Applicant: Splunk Inc.

Inventor： Adam Jamison Oliner ,  Kristal Curtis ,  Iman Makaremi ,  Ross Andrew Lazerowitz

IPC: H04L41/0604 ,  G06F16/28 ,  G06F16/21 ,  G06F9/54 ,  H04L41/22 ,  H04L41/069 ,  H04L41/5009 ,  H04L41/0681 ,  G06Q10/0639 ,  G06Q10/20 ,  G06F16/903 ,  G06Q10/10 ,  H04L67/50

Abstract: Machine data of an operating environment is conveyed by a network to a data intake and query system (DIQS) which reflects the machine data as timestamped entries of a field-searchable datastore. Monitoring functionality may search the machine data to identify notable event instances. A notable event processing system correlates the notable event instance to one or more triaging models which are executed against the notable event to produce a modeled result. Information of the received notable event and the modeled results are combined into an enhanced representation of a notable event instance. The enhanced representation conditions downstream processing to automatically perform or assist triaging of notable event instances to optimize application of computing resources to highest priority conditions in the operating environment.

公开(公告)号：US11552866B1

公开(公告)日：2023-01-10

申请号：US16725935

申请日：2019-12-23

Applicant: Splunk Inc.

Inventor： Pradeep B. Nagaraju ,  Adam Jamison Oliner ,  Brian Matthew Gilmore ,  Erick Anthony Dean ,  Jiahan Wang

IPC: G06F15/177 ,  H04L43/028 ,  G06F16/9038 ,  G06F16/901 ,  H04L41/14 ,  G06F16/2458 ,  H04L43/08 ,  G06N20/00 ,  G06N5/04

Abstract: Disclosed is a technique that can be performed by a server computer system. The technique can include obtaining data from each of multiple endpoint devices to form global data. The global data can be generated by the endpoint devices in accordance with local instructions in each of the endpoint devices. The technique further includes generating global instructions based on the global data and sending the global instructions to a particular endpoint device. The global instructions configure the particular endpoint device to perform a data analytic operation that analyzes events. The events can include raw data generated by a sensor of the particular endpoint device.

公开(公告)号：US11087236B2

公开(公告)日：2021-08-10

申请号：US15660897

申请日：2017-07-26

Applicant: Splunk Inc.

Inventor： Pradeep Baliganapalli Nagaraju ,  Steve Zhang ,  Jiahan Wang ,  Adam Jamison Oliner ,  Erick Anthony Dean

IPC: G06F15/173 ,  G06N20/00 ,  G06K9/00 ,  G06N3/08 ,  G06N3/04 ,  G06K9/62

Abstract: Disclosed is a technique that can be performed by a server computer system. The technique can include executing a machine learning process to generate a machine learning model based on global data collected from one or more electronic devices, wherein the machine learning model is described by model data. The technique can further include encapsulating the model data in a markup language document. The technique can further include sending, over a network, the markup language document to at least one electronic device of the one or more electronic devices to cause the at least one electronic device to update a local device machine learning model.

公开(公告)号：US10909140B2

公开(公告)日：2021-02-02

申请号：US15276693

申请日：2016-09-26

Applicant: SPLUNK INC.

Inventor： Jesse Brandau Miller ,  Katherine Kyle Feeney ,  Yuan Xie ,  Steve Zhang ,  Adam Jamison Oliner ,  Jindrich Dinga ,  Jacob Leverich

IPC: G06F16/00 ,  G06F16/26

Abstract: Systems and methods include causing presentation of a first cluster in association with an event of the first cluster, the first cluster from a first set of clusters of events. Each event includes a time stamp and event data. Based on the presentation of the first cluster, an extraction rule corresponding to the event of the first cluster is received from a user. Similarities in the event data between the events are determined based on the received extraction rule. The events are grouped into a second set of clusters based on the determined similarities. Presentation is caused of a second cluster in association with an event of the second cluster, where the second cluster is from the second set of clusters.