公开(公告)号：US12067007B1

公开(公告)日：2024-08-20

申请号：US17874024

申请日：2022-07-26

Applicant: SPLUNK Inc.

Inventor： Jesse Brandau Miller ,  Marc V. Robichaud ,  Cory Eugene Burke

IPC: G06F7/00 ,  G06F16/242 ,  G06F16/2455 ,  G06F16/248

CPC classification number: G06F16/2425 ,  G06F16/2428 ,  G06F16/2455 ,  G06F16/248

Abstract: A method includes causing display to a user of at least one event of a first result set from a first pipelined search on events at an event source. Each event comprises a time stamp and a portion of machine data. A selection of a command is received from the user. The selection is to extend the first pipelined search with the selected command in a second pipelined search. The system selects between the first result set and the event source for execution of the second pipelined search based on an analysis of the selected command and at least one command of the first pipelined search. Based on the selecting being of the first result set, display to the user is caused of at least one event of a second result set from the execution of the second pipelined search on the first result set.

公开(公告)号：US20210149912A1

公开(公告)日：2021-05-20

申请号：US17158880

申请日：2021-01-26

Applicant: SPLUNK INC.

Inventor： Jesse Brandau Miller ,  Katherine Kyle Feeney ,  Yuan Xie ,  Steve Zhang ,  Adam Jamison Oliner ,  Jindrich Dinga ,  Jacob Leverich

IPC: G06F16/26

Abstract: Systems and methods include causing presentation of a first cluster in association with an event of the first cluster, the first cluster from a first set of clusters of events. Each event includes a time stamp and event data. Based on the presentation of the first cluster, an extraction rule corresponding to the event of the first cluster is received from a user. Similarities in the event data between the events are determined based on the received extraction rule. The events are grouped into a second set of clusters based on the determined similarities. Presentation is caused of a second cluster in association with an event of the second cluster, where the second cluster is from the second set of clusters.

公开(公告)号：US12099517B1

公开(公告)日：2024-09-24

申请号：US18300936

申请日：2023-04-14

Applicant: Splunk Inc.

Inventor： Jesse Brandau Miller ,  Katherine Kyle Feeney ,  Yuan Xie ,  Steve Zhang ,  Adam Jamison Oliner ,  Jindrich Dinga ,  Jacob Leverich

IPC: G06F16/00 ,  G06F16/26

CPC classification number: G06F16/26

Abstract: Systems and methods include causing presentation of a first cluster in association with an event of the first cluster, the first cluster from a first set of clusters of events. Each event includes a time stamp and event data. Based on the presentation of the first cluster, an extraction rule corresponding to the event of the first cluster is received from a user. Similarities in the event data between the events are determined based on the received extraction rule. The events are grouped into a second set of clusters based on the determined similarities. Presentation is caused of a second cluster in association with an event of the second cluster, where the second cluster is from the second set of clusters.

公开(公告)号：US20200167350A1

公开(公告)日：2020-05-28

申请号：US16776317

申请日：2020-01-29

Applicant: SPLUNK INC.

Inventor： Jesse Brandau Miller ,  Marc V. Robichaud ,  Cory Eugene Burke

IPC: G06F16/242 ,  G06F16/2455 ,  G06F16/248

Abstract: A method includes causing display to a user of at least one event of a first result set from a first pipelined search on events at an event source. Each event comprises a time stamp and a portion of machine data. A selection of a command is received from the user. The selection is to extend the first pipelined search with the selected command in a second pipelined search. The system selects between the first result set and the event source for execution of the second pipelined search based on an analysis of the selected command and at least one command of the first pipelined search. Based on the selecting being of the first result set, display to the user is caused of at least one event of a second result set from the execution of the second pipelined search on the first result set.

公开(公告)号：US10387408B2

公开(公告)日：2019-08-20

申请号：US14929150

申请日：2015-10-30

Applicant: SPLUNK INC.

Inventor： Brian Krueger ,  Katherine Kyle Feeney ,  Andrew E. Robbins ,  Jesse Brandau Miller ,  Elizabeth Dykstra-Erickson ,  Jeffrey Thomas Lloyd ,  Cory Eugene Burke ,  Marc V. Robichaud

IPC: G06F16/242

Abstract: In various embodiments, methods and systems for presenting a search interface with search query history based functionality is provided. A search query history store comprising search queries is accessed. The search query history store includes search queries executed in a search computing system. A search query comprises one or more commands. A plurality of search queries retrieved from the search query history store is displayed on the search interface using a placement style. A placement style, such as an indent style, provides a structure for separating and arranging commands of a plurality of search queries displayed. The search interface further provides for receiving a selection of at least a portion of a search query from the plurality of search queries to initiate actions or execute actions based on the selection. The search interface includes a search input interface, such as a search bar, where the selection of the portion of the search query is displayed based on a selected action.

公开(公告)号：US11429600B2

公开(公告)日：2022-08-30

申请号：US16776317

申请日：2020-01-29

Applicant: SPLUNK INC.

Inventor： Jesse Brandau Miller ,  Marc V. Robichaud ,  Cory Eugene Burke

IPC: G06F7/00 ,  G06F16/242 ,  G06F16/248 ,  G06F16/2455

Abstract: A method includes causing display to a user of at least one event of a first result set from a first pipelined search on events at an event source. Each event comprises a time stamp and a portion of machine data. A selection of a command is received from the user. The selection is to extend the first pipelined search with the selected command in a second pipelined search. The system selects between the first result set and the event source for execution of the second pipelined search based on an analysis of the selected command and at least one command of the first pipelined search. Based on the selecting being of the first result set, display to the user is caused of at least one event of a second result set from the execution of the second pipelined search on the first result set.

公开(公告)号：US10909140B2

公开(公告)日：2021-02-02

申请号：US15276693

申请日：2016-09-26

Applicant: SPLUNK INC.

Inventor： Jesse Brandau Miller ,  Katherine Kyle Feeney ,  Yuan Xie ,  Steve Zhang ,  Adam Jamison Oliner ,  Jindrich Dinga ,  Jacob Leverich

IPC: G06F16/00 ,  G06F16/26

Abstract: Systems and methods include causing presentation of a first cluster in association with an event of the first cluster, the first cluster from a first set of clusters of events. Each event includes a time stamp and event data. Based on the presentation of the first cluster, an extraction rule corresponding to the event of the first cluster is received from a user. Similarities in the event data between the events are determined based on the received extraction rule. The events are grouped into a second set of clusters based on the determined similarities. Presentation is caused of a second cluster in association with an event of the second cluster, where the second cluster is from the second set of clusters.

公开(公告)号：US20170220632A1

公开(公告)日：2017-08-03

申请号：US15009675

申请日：2016-01-28

Applicant: SPLUNK INC.

Inventor： Jesse Brandau Miller

IPC: G06F17/30 ,  G06F3/0482 ,  G06F3/0484

CPC classification number: G06F17/30398 ,  G06F17/30557 ,  G06F17/30867

Abstract: In embodiments, method and systems are provided for facilitating identification of field values based on delimiters. In some implementations, a user selection of a delimiter type to use for identifying values within fields is received. The values within fields are generally separated from one another by delimiters. A first set of one or more values from a plurality of events based on the selected delimiter is identified. Further, a second set of one or more values from the plurality of events is identified based on the selected delimiter. The identified first set of one or more values to a first field and the second set of one or more values to a second field. Additional embodiments are described and/or claimed.

公开(公告)号：US11995071B1

公开(公告)日：2024-05-28

申请号：US17242513

申请日：2021-04-28

Applicant: SPLUNK Inc.

Inventor： Jesse Brandau Miller

IPC: G06F17/00 ,  G06F16/242 ,  G06F16/25 ,  G06F16/9535

CPC classification number: G06F16/2428 ,  G06F16/25 ,  G06F16/9535

Abstract: In embodiments, method and systems are provided for facilitating identification of field values based on an extraction rule. In some implementations, a graphical user interface receives first input identifying an extraction mode that defines at least a portion of how to extract values from fields of events, and further receives second input configuring an extraction rule that defines at least a first field of the fields based on the extraction mode. The second input may include selecting a delimiter type for a delimiter mode, or specifying fields from a sample event for a regular expression mode. As such, an extraction rule may be configured, and a first set of the values from the events may be assigned to the first field based on the extraction rule.

公开(公告)号：US11698900B2

公开(公告)日：2023-07-11

申请号：US16520251

申请日：2019-07-23

Applicant: SPLUNK INC.

Inventor： Brian Krueger ,  Katherine Kyle Feeney ,  Andrew E. Robbins ,  Jesse Brandau Miller ,  Elizabeth Dykstra-Erickson ,  Jeffrey Thomas Lloyd ,  Cory Eugene Burke ,  Marc V. Robichaud

IPC: G06F16/242

CPC classification number: G06F16/2425

Abstract: In various embodiments, methods and systems for presenting a search interface with search query history based functionality is provided. A search query history store comprising search queries is accessed. The search query history store includes search queries executed in a search computing system. A search query comprises one or more commands. A plurality of search queries retrieved from the search query history store is displayed on the search interface using a placement style. A placement style, such as an indent style, provides a structure for separating and arranging commands of a plurality of search queries displayed. The search interface further provides for receiving a selection of at least a portion of a search query from the plurality of search queries to initiate actions or execute actions based on the selection. The search interface includes a search input interface, such as a search bar, where the selection of the portion of the search query is displayed based on a selected action.