公开(公告)号：US11386133B1

公开(公告)日：2022-07-12

申请号：US16430708

申请日：2019-06-04

Applicant: SPLUNK INC.

Inventor： Alice Emily Neels ,  Sundar Vasan ,  Simon Fishel ,  Marc Vincent Robichaud ,  Divanny Lamas

IPC: G06F16/338 ,  G06F3/0482 ,  G06F16/901 ,  G06F16/2458 ,  G06F16/34 ,  G06F16/335 ,  G06F16/33 ,  G06F16/248 ,  G06F16/26 ,  G06F3/04847 ,  G06F3/04842 ,  G06F16/9535 ,  G06T11/20 ,  G06F16/2457

Abstract: The disclosure relates to certain system and method embodiments for generating reports from unstructured data. In one embodiment, a method can include identifying events matching criteria of an initial search query (each of the events including a portion of raw machine data that is associated with a time), identifying a set of fields, each field defined for one or more of the identified events, causing display of an interactive graphical user interface (GUI) that includes one or more interactive elements enabling a user to define a report for providing information relating to the matching events (each interactive element enabling processing or presentation of information in the matching events using one or more fields in the identified set of fields), receiving, via the GUI, a report definition indicating how to report information relating to the matching events, and generating, based on the report definition, a report including information relating to the matching events.

公开(公告)号：US11354308B2

公开(公告)日：2022-06-07

申请号：US15885538

申请日：2018-01-31

Applicant: SPLUNK INC.

Inventor： Marc Vincent Robichaud

IPC: G06F16/2453 ,  G06F16/31 ,  G06F16/338 ,  G06F16/44 ,  G06F16/23 ,  G06F16/2458 ,  G06F16/9537

Abstract: A request is received to display at least a portion of a first events set and at least a portion of a second events set in an interleaved and visually distinct display format, where, in the interleaved and visually distinct display format, the at least a portion of the first events set is displayed in a visually distinct manner from the at least a portion of the second events set, and data from the at least a portion of the first events set is interleaved with data from the at least a portion of the second events set. In response to receiving the request, display is caused, on a user interface, of the at least a portion of the first events set and the at least a portion of the second events set in the interleaved and visually distinct display format.

公开(公告)号：US11068452B2

公开(公告)日：2021-07-20

申请号：US15956131

申请日：2018-04-18

Applicant: SPLUNK INC.

Inventor： Marc Vincent Robichaud ,  Cory Eugene Burke ,  Jeffrey Thomas Lloyd

IPC: G06F16/22 ,  G06F16/24 ,  G06F16/2455

Abstract: A search interface is displayed in a table format that includes a plurality of columns, each column including data items of an event attribute, the data items being of a set of events, each column being selectable by a user, and a plurality of rows forming cells with the one or more columns, each cell comprising one or more of the data items of the event attribute of a corresponding column. Based on the user selecting one or more of the columns, a list of options is displayed corresponding to the selected one or more columns, and one or more commands are added to a search query that corresponds to the set of events. The one or more commands are based on at least an option that is selected from the list of options and the event attribute of each of the selected one or more columns.

公开(公告)号：US11003337B2

公开(公告)日：2021-05-11

申请号：US16275207

申请日：2019-02-13

Applicant: SPLUNK INC.

Inventor： Cory Eugene Burke ,  Katherine Kyle Feeney ,  Divanny I. Lamas ,  Marc Vincent Robichaud ,  Matthew G. Ness ,  Clara E. Lee

IPC: G06F17/00 ,  G06F3/0484 ,  G06F3/0482 ,  G06F16/22 ,  G06F16/242 ,  G06F16/248 ,  G06F16/25 ,  G06F16/951 ,  G06F16/2455 ,  G06F40/18 ,  G06K9/20 ,  G06F9/451

Abstract: In embodiments of statistics value chart interface cell mode drill down, a first interface displays in a table format that includes columns each with field values of an event field, and each column having a column heading of a different one of the event fields, and includes rows each with one or more of the field values, each field value in a row associated with a different one of the event fields, and having an aggregated metric that represents a number of events with field-value pairs that match all of the field values listed in a respective row and the corresponding event fields listed in the respective columns. A cell can be emphasized that includes one of the field values in a row that corresponds to one of the different event fields in a column, and in response, a menu displays options to transition to a second interface.

公开(公告)号：US10896175B2

公开(公告)日：2021-01-19

申请号：US15885546

申请日：2018-01-31

Applicant: SPLUNK INC.

Inventor： Marc Vincent Robichaud

IPC: G06F16/2453 ,  G06F16/242

Abstract: A dependency is created between a first search query and a second search query. The first search query defines a first data processing pipeline and the second search query defines a second data processing pipeline that extends the first data processing pipeline. A modification is detected to the first data processing pipeline defined by the first search query. Based on the modification to the first data processing pipeline being detected, the dependency is enforced such that the second data processing pipeline is modified to extend the modified first data processing pipeline. The modification to the first data processing pipeline can include a first set of pipelined commands corresponding to the first search query being modified, and the dependency can be enforced by causing a second set of pipelined commands corresponding to the second search query to be modified to include the modified first set of pipelined commands.

公开(公告)号：US10726037B2

公开(公告)日：2020-07-28

申请号：US14610702

申请日：2015-01-30

Applicant: SPLUNK INC.

Inventor： Marc Vincent Robichaud

IPC: G06F17/30 ,  G06F16/25 ,  G06F16/31 ,  G06F11/30

Abstract: First one or more values are extracted from a plurality of events using a first extraction rule. The extracted first one or more values are assigned to a first field of the plurality of events as a first set of field-data item pairs. Second one or more values are extracted from the plurality of the events using a second extraction rule. The second extraction rule identifies the second one or more values and a field label corresponding to the second one or more values in the extracted first one or more values of the first set of field-data item pairs. The extracted second one or more values are assigned to a second field of the plurality of events as a second set of field-data item pairs. The field label extracted using the second extraction rule or a modified version thereof may be assigned to the second field.

公开(公告)号：US20190179824A1

公开(公告)日：2019-06-13

申请号：US16260998

申请日：2019-01-29

Applicant: Splunk Inc.

Inventor： Nicholas John Filippi ,  Katherine Kyle Feeney ,  Cory Eugene Burke ,  Abhinav Prasad Nekkanti ,  Marc Vincent Robichaud ,  Irina Korobova

IPC: G06F16/2455 ,  G06F16/9536 ,  G06F9/54

Abstract: Custom communication alert techniques are described. In one or more implementations, a triggering condition is detected by one or more computing devices that is found by searching data using one or more extraction rules of a late-binding schema. Responsive to the detection of the triggering condition of the alert, a communication is formed by the one or more computing devices that corresponds to the alert and that includes one or more tokens based on one or more values of the data taken from fields defined by the one or more extraction rules. The communication is caused to be transmitted by the one or more computing device via a network for receipt by at least one computing device of an intended recipient of the communication.

公开(公告)号：US10127258B2

公开(公告)日：2018-11-13

申请号：US14525048

申请日：2014-10-27

Applicant: Splunk Inc.

Inventor： Divanny I. Lamas ,  Marc Vincent Robichaud

IPC: G06F17/30

Abstract: Event time selection output techniques are described. In one or more implementations, one or more inputs are received, at one or more computing devices, that involve interaction associated with a particular one of a plurality of events via a user interface, in which the plurality of events result from a search of data, each of the plurality of events include the data that is associated with a respective point in time, and the one or more inputs specify a relative time in relation to the respective point in time of the particular event. A determination is made as to which of the plurality of events correspond to the specified relative time by the one or more computing devices and a result of the determination is output by the one or more computing devices for display in the user interface.

公开(公告)号：US09589012B2

公开(公告)日：2017-03-07

申请号：US14815884

申请日：2015-07-31

Applicant: Splunk Inc.

Inventor： Alice Emily Neels ,  Archana Sulochana Ganapathi ,  Marc Vincent Robichaud ,  Stephen Phillip Sorkin ,  Steve Yu Zhang

IPC: G06F17/30 ,  G06F17/24

CPC classification number: G06F17/30395 ,  G06F3/0482 ,  G06F17/248 ,  G06F17/30283 ,  G06F17/30424 ,  G06F17/30528 ,  G06F17/30554 ,  G06F17/30867

Abstract: Embodiments include generating data models that may give semantic meaning for unstructured or structured data that may include data generated and/or received by search engines, including a time series engine. A method includes generating a data model for data stored in a repository. Generating the data model includes generating an initial query string, executing the initial query string on the data, generating an initial result set based on the initial query string being executed on the data, determining one or more candidate fields from one or results of the initial result set, generating a candidate data model based on the one or more candidate fields, iteratively modifying the candidate data model until the candidate data model models the data, and using the candidate data model as the data model.

Abstract translation: 实施例包括生成可以给非结构化或结构化数据赋予语义意义的数据模型，其可以包括由搜索引擎（包括时间序列引擎）生成和/或接收的数据。 一种方法包括为存储在存储库中的数据生成数据模型。 生成数据模型包括生成初始查询字符串，对数据执行初始查询字符串，基于对数据执行的初始查询字符串生成初始结果集，从一个或多个初始查询字符串的结果确定一个或多个候选字段 生成基于一个或多个候选字段的候选数据模型，迭代地修改候选数据模型，直到候选数据模型对数据建模，并使用候选数据模型作为数据模型。

公开(公告)号：US20160224659A1

公开(公告)日：2016-08-04

申请号：US14610676

申请日：2015-01-30

Applicant: SPLUNK INC.

Inventor： Marc Vincent Robichaud

IPC: G06F17/30 ,  G06F3/0484

CPC classification number: G06F17/30616 ,  G06F3/04842

Abstract: First one or more values are extracted from a plurality of events using a first extraction rule. The extracted first one or more values are assigned to a first field of the plurality of events as a first set of field-data item pairs and a field label is assigned to the first field. Second one or more values and a field label corresponding to the second one or more values are extracted from the plurality of the events using a second extraction rule, where the extracted field label corresponds to the assigned field label of the first field. The extracted second one or more values are assigned to a second field of the plurality of events as a second set of field-data item pairs, thereby distinguishing the extracted second one or more values from the extracted first one or more values.

Abstract translation: 使用第一提取规则从多个事件中提取第一个或多个值。 将所提取的第一个一个或多个值分配给多个事件的第一个字段作为第一组字段数据项对，并将字段标签分配给第一个字段。 使用第二提取规则从多个事件中提取对应于第二个一个或多个值的第二个一个或多个值和字段标号，其中所提取的字段标签对应于第一字段的分配的字段标签。 所提取的第二个一个或多个值被分配给多个事件的第二个字段作为第二组字段数据项对，从而将所提取的第二个一个或多个值与所提取的第一个或多个值进行区分。