公开(公告)号：US12079100B1

公开(公告)日：2024-09-03

申请号：US17589847

申请日：2022-01-31

Applicant: Splunk, Inc.

Inventor： William Deaderick ,  William Stanton ,  Thomas Camp Vieth

IPC: G06F11/00 ,  G06F11/07 ,  G06F11/30 ,  G06F11/34 ,  G06F16/2458 ,  G06F16/242

CPC classification number: G06F11/3082 ,  G06F11/0793 ,  G06F11/3409 ,  G06F16/2477 ,  G06F16/244

Abstract: A computerized method is disclosed for grouping alerts and providing remediation recommendation. The method includes receiving the alert to be assigned to an existing open issue or a newly created issue, wherein an issue is a grouping of one or more alerts, assigning the alert to either a first existing open issue or the newly created issue by determining a weighted sum of the distance between the feature vectors of the alert and each existing open issue, determining a weighted sum of the distance between the feature vectors of the alert and each closed issue, and generating a user interface that illustrates an assignment of the alert and at least one of (i) a closed issue having a shortest distance to the alert or (ii) recommended remediation efforts associated with the closed issue having the shortest distance to the alert.

公开(公告)号：US12182169B1

公开(公告)日：2024-12-31

申请号：US17589600

申请日：2022-01-31

Applicant: Splunk, Inc.

Inventor： William Deaderick ,  William Stanton ,  Thomas Camp Vieth

IPC: G06F11/00 ,  G06F11/07 ,  G06F16/28 ,  G06F11/30 ,  G06F11/34 ,  G06F16/242 ,  G06N20/00

Abstract: A computerized method is disclosed for grouping alerts through machine learning while implementing certain time constraints. The method includes receiving an alert to be assigned to any of a plurality of existing issues or to a newly created issue, the alert including a temporal field that includes a timestamp of an arrival time of the alert, wherein an issue is a grouping of one or more alerts, determining a subset of existing issues from the plurality of existing issues that each satisfy time constraints, wherein the time constraints correspond to (i) a time elapsed between a most recent alert of a first existing issue and a timestamp of the alert, or (ii) a maximum issue time length of the first existing issue, and deploying a trained machine learning model to assign the alert to either an existing issue of the subset of existing issues or a newly created issue.

公开(公告)号：US12086045B1

公开(公告)日：2024-09-10

申请号：US17589833

申请日：2022-01-31

Applicant: Splunk, Inc.

Inventor： William Deaderick ,  William Stanton ,  Thomas Camp Vieth

IPC: G06F11/00 ,  G06F11/30 ,  G06F16/242 ,  G06F16/2458 ,  G06F18/21

CPC classification number: G06F11/3075 ,  G06F16/244 ,  G06F16/2477 ,  G06F18/2178

Abstract: A computerized method is disclosed for grouping alerts through machine learning. The method including receiving an alert to be assigned to any of a plurality of existing issues or to a newly created issue, wherein an issue is a grouping of alerts, determining a temporal distance between the alert and each of the existing issues, determining either of (i) a numerical distance between the alert and each of the existing issues for a particular numerical field, or (ii) a categorical distance between the alert and each of the existing issues for a particular categorical field, determining an overall distance between the alert and each of the existing issues, and assigning the alert to either (i) an existing issue having a shortest overall distance to the alert that satisfies one or more time constraints, or (ii) the newly created issue.

公开(公告)号：US12066915B1

公开(公告)日：2024-08-20

申请号：US17589532

申请日：2022-01-31

Applicant: Splunk, Inc.

Inventor： William Deaderick ,  William Stanton ,  Thomas Camp Vieth

IPC: G06F11/00 ,  G06F11/07 ,  G06F11/30 ,  G06F11/34 ,  G06F16/242 ,  G06N20/00

CPC classification number: G06F11/3075 ,  G06F11/0781 ,  G06F11/3409 ,  G06F11/3447 ,  G06F11/3452 ,  G06F16/244 ,  G06F11/3082 ,  G06N20/00

Abstract: A computerized method is disclosed for retraining machine learning models based on user feedback. The method includes receiving user feedback indicating a change is to be made to an assignment of one or more alerts, wherein the one or more alerts were assigned by a machine learning model implementing a distance metric, wherein an issue is a grouping of at least one alert, constructing a convex optimization procedure to minimize an adjustment of weights of the distance metric, retraining the machine learning model by adjusting the weights of the distance metric in accordance with the convex optimization procedure, and evaluating one or more subsequently received alert using the retrained machine learning model. Changes to be made to the assignment include any of merging of two issues, splitting of two issues based on time or an alert field, or reassignment of an alert from a first issue to a second issue.