公开(公告)号：US10200262B1

公开(公告)日：2019-02-05

申请号：US15206123

申请日：2016-07-08

Applicant: Splunk, Inc.

Inventor： Jacob Barton Leverich ,  Shang Cai ,  Hongyang Zhang ,  Mihai Ganea ,  Alex Cruise

IPC: G06F15/16 ,  H04L12/26 ,  H04L12/24 ,  H04L29/08

Abstract: An anomaly detection system includes a plurality of signals. Each of the signals is associated with an anomaly detection procedure that will be used to identify anomalies within the signal. Anomaly detection is performed by applying the anomaly detection procedure to a sequential set of data points of a signal. The signals are updated based on incoming data streams. The data streams are analyzed, and the sequential set of data points for each signal is updated based on data points extracted from the data streams.

公开(公告)号：US20170031659A1

公开(公告)日：2017-02-02

申请号：US14815954

申请日：2015-07-31

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Jacob Barton Leverich ,  Jeffrey Thomas Lloyd ,  Adam Jamison Oliner ,  Marc Vincent Robichaud

IPC: G06F9/44 ,  G06F17/30

Abstract: A facility for defining an event subtype using examples is described. The facility displays events identified among machine-generated data. The facility receives user input selecting a first subset of the events as examples of an event subtype. In response to receiving the user input, the facility displays a second subset of the events predicted to belong to the event subtype on the basis of the examples of the event subtype.

Abstract translation: 描述使用示例来定义事件子类型的设施。 设备显示在机器生成的数据之间标识的事件。 该设施接收选择事件的第一子集的用户输入，作为事件子类型的示例。 响应于接收到用户输入，设施基于事件子类型的示例显示预测属于事件子类型的事件的第二子集。

公开(公告)号：US11340774B1

公开(公告)日：2022-05-24

申请号：US16542774

申请日：2019-08-16

Applicant: Splunk Inc.

Inventor： Manish Sainani ,  Adam Jamison Oliner ,  Jacob Barton Leverich ,  Leonid Alekseyev ,  Sonal Maheshwari

IPC: G06F15/16 ,  G06F3/0488

Abstract: Techniques are disclosed for anomaly detection based on a predicted value. A search query can be executed over a period of time to produce values for a key performance indicator (KPI), the search query defining the KPI and deriving a value indicative of the performance of a service at a point in time or during a period of time, the value derived from machine data pertaining to one or more entities that provide the service. A graphical user interface (GUI) enabling a user to indicate a sensitivity setting can be displayed. A user input indicating the sensitivity setting can be received via the GUI. Zero or more of the values as anomalies can be identified in consideration of the sensitivity setting indicated by the user input.

公开(公告)号：US10592093B2

公开(公告)日：2020-03-17

申请号：US14859248

申请日：2015-09-18

Applicant: Splunk Inc.

Inventor： Manish Sainani ,  Adam Jamison Oliner ,  Jacob Barton Leverich ,  Leonid Alekseyev ,  Sonal Barton Maheshwari

IPC: G06F17/30 ,  G06F3/0488 ,  H04L12/24

Abstract: Techniques are disclosed for anomaly detection. A search query can be executed over a period of time to produce values for a key performance indicator (KPI), the search query defining the KPI and deriving a value indicative of the performance of a service at a point in time or during a period of time, the value derived from machine data pertaining to one or more entities that provide the service. A graphical user interface (GUI) enabling a user to indicate a sensitivity setting can be displayed. A user input indicating the sensitivity setting can be received via the GUI. Zero or more of the values as anomalies can be identified in consideration of the sensitivity setting indicated by the user input. A GUI including information related to the values identified as anomalies can be caused to be displayed.

公开(公告)号：US20190065298A1

公开(公告)日：2019-02-28

申请号：US16176186

申请日：2018-10-31

Applicant: SPLUNK INC.

Inventor： Jacob Barton Leverich ,  Shang Cai ,  Hongyang Zhang ,  Mihai Ganea ,  Alex Cruise

IPC: G06F11/07

CPC classification number: G06F11/079

Abstract: A continuous anomaly detection service receives data stream and performs continuous anomaly detection on the incoming data streams. This continuous anomaly detection is performed based on anomaly detection definitions, which define a signal used for anomaly detection and an anomaly detection configuration. These anomaly detection definitions can be modified, such that continuous anomaly detection continues to be performed for the data stream and the signal, based on the new anomaly detection definition.

公开(公告)号：US20160104076A1

公开(公告)日：2016-04-14

申请号：US14859236

申请日：2015-09-18

Applicant: Splunk Inc.

Inventor： Sonal Maheshwari ,  Manish Sainani ,  Leonid Alekseyev ,  Alan Hardin ,  Jacob Barton Leverich ,  Adam Jamison Oliner ,  Brian Reyes ,  Alok Anant Bhide

IPC: G06N99/00

CPC classification number: G06N99/005

Abstract: Techniques are disclosed for providing adaptive thresholding technology for Key Performance Indicators (KPIs). Adaptive thresholding technology may automatically assign new values or adjust existing values for one or more thresholds of one or more time policies. Assigning threshold values using adaptive thresholding may involve identifying training data (e.g., historical data, simulated data, or example data) for the time frames and analyzing the training data to identify variations within the data (e.g., patterns, distributions, trends). A threshold value may be determined based on the variations and may be assigned to one or more of the thresholds without additional user intervention.

Abstract translation: 公开了用于为关键性能指标（KPI）提供自适应阈值技术的技术。 自适应阈值技术可以自动分配新值或调整一个或多个时间策略的一个或多个阈值的现有值。 使用自适应阈值分配阈值可以涉及识别用于时间帧的训练数据（例如，历史数据，模拟数据或示例数据），并且分析训练数据以识别数据内的变化（例如，模式，分布，趋势）。 可以基于变化来确定阈值，并且可以将阈值分配给一个或多个阈值，而无需额外的用户干预。

公开(公告)号：US11971778B1

公开(公告)日：2024-04-30

申请号：US18299469

申请日：2023-04-12

Applicant: Splunk Inc.

Inventor： Jacob Barton Leverich ,  Shang Cai ,  Hongyang Zhang ,  Mihai Ganea ,  Alex Cruise

IPC: G06F11/07

CPC classification number: G06F11/079 ,  G06F11/0709 ,  G06F11/0793

Abstract: A continuous anomaly detection service receives data stream and performs continuous anomaly detection on the incoming data streams. This continuous anomaly detection is performed based on anomaly detection definitions, which define a signal used for anomaly detection and an anomaly detection configuration. These anomaly detection definitions can be modified, such that continuous anomaly detection continues to be performed for the data stream and the signal, based on the new anomaly detection definition.

公开(公告)号：US11226977B1

公开(公告)日：2022-01-18

申请号：US16896145

申请日：2020-06-08

Applicant: Splunk Inc.

Inventor： Cory Eugene Burke ,  Jacob Barton Leverich ,  Jeffrey Thomas Lloyd ,  Adam Jamison Oliner ,  Marc Vincent Robichaud ,  Jesse Miller

IPC: G06F16/248 ,  G06F11/30 ,  G06F16/245 ,  G06F16/242 ,  G06F11/34

Abstract: A facility for defining an event subtype using examples is described. The facility displays events identified among machine-generated data. The facility receives user input selecting a first subset of the events as examples of an event subtype. In response to receiving the user input, the facility displays a second subset of the events predicted to belong to the event subtype on the basis of the examples of the event subtype.

公开(公告)号：US10558516B2

公开(公告)日：2020-02-11

申请号：US16176186

申请日：2018-10-31

Applicant: SPLUNK INC.

Inventor： Jacob Barton Leverich ,  Shang Cai ,  Hongyang Zhang ,  Mihai Ganea ,  Alex Cruise

IPC: G06F11/00 ,  G06F11/07

Abstract: A continuous anomaly detection service receives data stream and performs continuous anomaly detection on the incoming data streams. This continuous anomaly detection is performed based on anomaly detection definitions, which define a signal used for anomaly detection and an anomaly detection configuration. These anomaly detection definitions can be modified, such that continuous anomaly detection continues to be performed for the data stream and the signal, based on the new anomaly detection definition.

公开(公告)号：US10235638B2

公开(公告)日：2019-03-19

申请号：US14859236

申请日：2015-09-18

Applicant: Splunk Inc.

Inventor： Sonal Maheshwari ,  Manish Sainani ,  Leonid Alekseyev ,  Alan Hardin ,  Jacob Barton Leverich ,  Adam Jamison Oliner ,  Brian Reyes ,  Alok Anant Bhide

IPC: H04L29/08 ,  G06N99/00

Abstract: Techniques are disclosed for providing adaptive thresholding technology for Key Performance Indicators (KPIs). Adaptive thresholding technology may automatically assign new values or adjust existing values for one or more thresholds of one or more time policies. Assigning threshold values using adaptive thresholding may involve identifying training data (e.g., historical data, simulated data, or example data) for the time frames and analyzing the training data to identify variations within the data (e.g., patterns, distributions, trends). A threshold value may be determined based on the variations and may be assigned to one or more of the thresholds without additional user intervention.