公开(公告)号：US11714698B1

公开(公告)日：2023-08-01

申请号：US17587877

申请日：2022-01-28

Applicant: Splunk, Inc.

Inventor： Kristal Curtis ,  William Deaderick ,  Wei Jie Gao ,  Tanner Gilligan ,  Chandrima Sarkar ,  Alexander Stojanovic ,  Ralph Donald Thompson ,  Sichen Zhong ,  Poonam Yadav

IPC: G06F11/30 ,  G06F11/07 ,  G06F18/214 ,  G06F18/21

CPC classification number: G06F11/0781 ,  G06F11/0769 ,  G06F18/214 ,  G06F18/2178

Abstract: A computerized method is disclosed for generating a prioritized listing of alerts based on scoring by a machine learning model and retraining the model based on user feedback. Operations of the method include receiving a plurality of alerts, generating a score for each of the plurality of alerts through evaluation of each of the plurality of alerts by a machine learning model, generating a prioritized listing of the plurality of alerts based on the generated scores, receiving user feedback on the prioritized listing, retraining the machine learning model based on the user feedback by generating a set of labeled alert pairs, wherein a labeled alert pair includes a first alert, a second alert, and an indication as to which of the first alert or the second alert is a higher priority in accordance with the user feedback, and evaluating subsequently received alerts with the retrained machine learning model.

公开(公告)号：US12216527B1

公开(公告)日：2025-02-04

申请号：US17583056

申请日：2022-01-24

Applicant: Splunk, Inc.

Inventor： Abraham Starosta ,  Francis Beckert ,  Chandrima Sarkar

IPC: G06F11/00 ,  G06F11/07 ,  G06F16/23 ,  G06N20/00 ,  G06F11/30 ,  G06F11/34

Abstract: A computerized method is disclosed for automated handling of data ingestion anomalies. The method features operations of detecting a data ingestion anomaly and determining a cause for the data ingestion anomaly. The causal determination may be conducted by at least (i) determining features of an anomalous data ingestion volume, (ii) training a second data model, after a first data model being used to detect the data ingestion anomaly, with data sets consistent with the determined features, (iii) applying the second data model to predict whether a data ingestion sub-volume is anomalous, (iv) obtaining system state information during ingestion of the anomalous data ingestion sub-volume, and (v) determining the cause of the anomalous data ingestion volume based on the system state information.

公开(公告)号：US11995052B1

公开(公告)日：2024-05-28

申请号：US17591528

申请日：2022-02-02

Applicant: Splunk Inc.

Inventor： Zhaohui Wang ,  Ryan Gannon ,  Xiao Lin ,  Chandrima Sarkar

IPC: G06F16/215

CPC classification number: G06F16/215

Abstract: A computerized method for detection of categorical drift within an incoming data stream. Herein, an error threshold is computed based on a first set of training data samples selected to detect categorical drift occurring for a data stream. Thereafter, probability distributions associated with content of a first and second data samples of the data stream are computed. Analytics are conducted to compute a difference between content of the first probability distribution that is based on a first data point of the first data sample and content of the second probability distribution that is based on a first data point of the second data sample. After computing the difference, that categorical drift is determined whether categorical drift detection has been conducted.

公开(公告)号：US12181956B1

公开(公告)日：2024-12-31

申请号：US18208879

申请日：2023-06-12

Applicant: Splunk Inc.

Inventor： Kristal Curtis ,  William Deaderick ,  Wei J. Gao ,  Tanner Gilligan ,  Chandrima Sarkar ,  Aleksander Stojanovic ,  Ralph Donald Thompson ,  Poonam Yadav ,  Sichen Zhong

IPC: G06F11/30 ,  G06F11/07 ,  G06F18/21 ,  G06F18/214

Abstract: Systems and methods are disclosed that are directed to improving the prioritization, display, and viewing of system alerts through the use of machine learning techniques to group the alerts and further to prioritize the groupings. Additionally, a graphical user interface is generated that illustrates the prioritized listing of the plurality of groupings. Thus, a system administrator or other user receives an improved experience as the number of notifications provided to the system administrator are reduced due to the grouping of individual alerts into related groupings and further due to the prioritization of the groupings. Previously, or in current technology, system alerts may be automatically generated and provided immediately to a system administrator. In some instances, any advantage of detecting system errors or system monitoring provided by the alerts is negated by the vast number of alerts and provision of minimally important alerts in a manner that concealed more important alerts.

公开(公告)号：US12050507B1

公开(公告)日：2024-07-30

申请号：US17582995

申请日：2022-01-24

Applicant: Splunk, Inc.

Inventor： Abraham Starosta ,  Francis Beckert ,  Chandrima Sarkar

IPC: G06F11/07 ,  G06F16/2455 ,  G06F16/2458

CPC classification number: G06F11/0781 ,  G06F16/24561 ,  G06F16/2471

Abstract: A computerized method is disclosed for automated handling of data ingestion anomalies. The method features training a data model based on a first volume of data associated with a first time period. Thereafter, using the data model, a predictive analysis is conducted on a second volume of data associated with a second time period subsequent to the first time period to produce a predicted data ingestion volume. After, a correlative analysis between the predicted data ingestion volume and an actual data ingestion volume during the second time period is conducted to produce a prediction error. A notification is generated based on the prediction error.

公开(公告)号：US11907227B1

公开(公告)日：2024-02-20

申请号：US17591511

申请日：2022-02-02

Applicant: Splunk, Inc.

Inventor： Zhaohui Wang ,  Ryan Gannon ,  Xiao Lin ,  Abhinav Mishra ,  Chandrima Sarkar ,  Ram Sriharsha

IPC: G06F16/00 ,  G06F16/2455 ,  G06F16/22 ,  G06F16/2458

CPC classification number: G06F16/24568 ,  G06F16/22 ,  G06F16/2462 ,  G06F16/24552

Abstract: A computerized method is disclosed including operations of receiving a data stream, performing a changepoint detection resulting in a detection of changepoints in the data stream including: maintaining a listing of starting indices for each run within the data stream in a buffer of size L wherein each index of the listing has a run length probability representing a likelihood of being a changepoint, receiving a new data point within the data stream and adding a new index to the buffer resulting in the buffer having size L+1, calculating a posterior run length probability that the new data point is a changepoint, and removing an index from the listing that has a lowest run length probability thereby returning the buffer to size L, and responsive to determining the index removed from the listing does not correspond to the new data point, identifying a changepoint associated with the new data point.