公开(公告)号：US20170185607A1

公开(公告)日：2017-06-29

申请号：US15461076

申请日：2017-03-16

Applicant: Splunk Inc.

Inventor： Qianjie Zhong ,  Ting Wang ,  Margaret Lee ,  Dawei Li ,  Nick Filippi ,  Yue Ni ,  Shiming Yuan

IPC: G06F17/30

CPC classification number: G06F16/125 ,  G06F11/0727 ,  G06F11/0775 ,  G06F16/162 ,  G06F16/245 ,  G06F16/2455 ,  G06F16/24565 ,  G06F16/2477 ,  G06F16/254 ,  G06F16/9535 ,  G08B21/18

Abstract: An example method for managing datasets produced by alert-triggering search queries may include producing a dataset by executing a search query on a portion of data associated with a time window defined relative to a current time. The method may further include responsive to determining that a portion of the dataset satisfies a condition defining an alert, generating an instance of the alert. The method may further include associating, by a memory data structure, the instance of the alert with an identifier of the query and a parameter specifying a time of execution of the query that has triggered the instance. The method may further include receiving a request for the dataset portion. The method may further include substituting, in a definition of the time window, the current time with the time parameter. The method may further include reproducing the dataset portion by re-executing the query using the time window.

公开(公告)号：US20200167311A1

公开(公告)日：2020-05-28

申请号：US16777357

申请日：2020-01-30

Applicant: Splunk Inc.

Inventor： Qianjie Zhong ,  Ting Wang ,  Margaret Lee ,  Dawei Li ,  Nick Filippi ,  Yue Ni ,  Shiming Yuan

IPC: G06F16/11 ,  G08B21/18 ,  G06F16/2455 ,  G06F16/9535 ,  G06F16/2458 ,  G06F16/245 ,  G06F16/16 ,  G06F16/25 ,  G06F11/07

Abstract: An example method for managing datasets produced by alert-triggering search queries may include producing a dataset by executing a search query on a portion of data associated with a time window defined relative to a current time. The method may further include responsive to determining that a portion of the dataset satisfies a condition defining an alert, generating an instance of the alert. The method may further include associating, by a memory data structure, the instance of the alert with an identifier of the query and a parameter specifying a time of execution of the query that has triggered the instance. The method may further include receiving a request for the dataset portion. The method may further include substituting, in a definition of the time window, the current time with the time parameter. The method may further include reproducing the dataset portion by re-executing the query using the time window.

公开(公告)号：US20160147830A1

公开(公告)日：2016-05-26

申请号：US14396367

申请日：2014-07-09

Applicant: SPLUNK INC.

Inventor： Qianjie Zhong ,  Ting Wang ,  Margaret Lee ,  Dawei Li ,  Nick Filippi ,  Yue Ni ,  Shiming Yuan

IPC: G06F17/30 ,  G08B21/18

CPC classification number: G06F16/125 ,  G06F11/0727 ,  G06F11/0775 ,  G06F16/162 ,  G06F16/245 ,  G06F16/2455 ,  G06F16/24565 ,  G06F16/2477 ,  G06F16/254 ,  G06F16/9535 ,  G08B21/18

Abstract: Systems and methods for managing datasets produced by alert-triggering search queries in data aggregation and analysis systems. An example method may comprise: executing, by one or more processing devices, a search query on a portion of searchable data associated with a time window to produce a dataset comprising one or more results; responsive to determining that at least a portion of the dataset satisfies a triggering condition defining an alert associated with the search query, generating an instance of the alert; associating, by a memory data structure, the instance of the alert with an identifier of the search query and a time parameter specifying the time window; receiving, from a client computing device, a request for the portion of the dataset; and responsive to determining that the portion of the dataset is not stored in the memory in a manner associating it with the instance of the alert, reproducing the portion of the dataset by re-executing the search query in view of the time parameter.

Abstract translation: 用于管理在数据聚合和分析系统中由警报触发搜索查询产生的数据集的系统和方法。 示例性方法可以包括：由一个或多个处理设备执行与时间窗口相关联的可搜索数据的一部分上的搜索查询，以产生包括一个或多个结果的数据集; 响应于确定所述数据集的至少一部分满足定义与所述搜索查询相关联的警报的触发条件，生成所述警报的实例; 通过存储器数据结构将警报的实例与搜索查询的标识符和指定时间窗口的时间参数相关联; 从客户端计算设备接收对所述数据集的所述部分的请求; 并且响应于确定所述数据集的所述部分未以与所述警报的实例相关联的方式存储在所述存储器中，通过根据所述时间参数重新执行所述搜索查询来再现所述数据集的所述部分。

公开(公告)号：US12169471B2

公开(公告)日：2024-12-17

申请号：US17669156

申请日：2022-02-10

Applicant: Splunk Inc.

Inventor： Qianjie Zhong ,  Ting Wang ,  Margaret Lee ,  Dawei Li ,  Nick Filippi ,  Yue Ni ,  Shiming Yuan

IPC: G06F16/11 ,  G06F11/07 ,  G06F16/16 ,  G06F16/245 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/25 ,  G06F16/9535 ,  G08B21/18

Abstract: An example method for managing datasets produced by alert-triggering search queries may include producing a dataset by executing a search query on a portion of data associated with a time window defined relative to a current time. The method may further include responsive to determining that a portion of the dataset satisfies a condition defining an alert, generating an instance of the alert. The method may further include associating, by a memory data structure, the instance of the alert with an identifier of the query and a parameter specifying a time of execution of the query that has triggered the instance. The method may further include receiving a request for the dataset portion. The method may further include substituting, in a definition of the time window, the current time with the time parameter. The method may further include reproducing the dataset portion by re-executing the query using the time window.

公开(公告)号：US20160253415A1

公开(公告)日：2016-09-01

申请号：US14396366

申请日：2014-07-09

Applicant: SPLUNK INC.

Inventor： Qianjie Zhong ,  Yue Ni ,  Ting Wang ,  Dawei Li ,  Nick Filippi ,  Xianqin Ma

IPC: G06F17/30 ,  G06F9/54 ,  G06F3/0484

CPC classification number: G06F16/345 ,  G06F3/04842 ,  G06F9/542 ,  G06F11/0721 ,  G06F11/0766 ,  G06F16/24565 ,  G06F16/3331 ,  G06F16/338

Abstract: Systems and methods for presenting and sorting summaries of alerts triggered by search queries in data aggregation and analysis systems. An example method may comprise: causing, by one or more processing devices, one or more alert summaries to be displayed, each alert summary corresponding to an alert and representing one or more instances of the alert, the alert defined by a search query and a triggering condition; wherein an instance of the alert corresponds to a particular dataset that (i) is generated by executing the search query over time-series data falling within a particular time range in a set of time ranges over which the search query has been instructed to search, and (ii) satisfies the triggering condition for the alert; wherein an alert summary includes an indication of at least one of: a total count of alert instances generated by the alert, or a count of alert instances generated by the alert that have not been viewed by a user.

Abstract translation: 用于呈现和排序数据汇总和分析系统中搜索查询触发的警报摘要的系统和方法。 示例性方法可以包括：通过一个或多个处理设备引起一个或多个警报摘要的显示，每个警报摘要对应于警报并且表示警报的一个或多个实例，由搜索查询和 触发条件; 其中所述警报的实例对应于特定数据集，所述特定数据集通过在搜索查询已被指示搜索的一组时间范围内的特定时间范围内的时间序列数据上执行搜索查询来生成， 和（ii）满足警报的触发条件; 其中警报摘要包括以下中的至少一个的指示：由所述警报产生的警报实例的总​​计数，或所述警报所生成的尚未被用户观看的警报实例的计数。

公开(公告)号：US11755635B2

公开(公告)日：2023-09-12

申请号：US14396366

申请日：2014-07-09

Applicant: Splunk Inc. ,  Qianjie Zhong ,  Yue Ni ,  Ting Wang ,  Dawei Li ,  Nick Filippi ,  Xianqin Ma

Inventor： Qianjie Zhong ,  Yue Ni ,  Ting Wang ,  Dawei Li ,  Nick Filippi ,  Xianqin Ma

IPC: G06F16/34 ,  G06F16/338 ,  G06F16/33 ,  G06F16/2455 ,  G06F11/07 ,  G06F3/04842 ,  G06F9/54

CPC classification number: G06F16/345 ,  G06F3/04842 ,  G06F9/542 ,  G06F11/0721 ,  G06F11/0766 ,  G06F16/24565 ,  G06F16/338 ,  G06F16/3331

Abstract: Systems and methods for presenting and sorting summaries of alerts triggered by search queries in data aggregation and analysis systems. An example method may comprise: causing, by one or more processing devices, one or more alert summaries to be displayed, each alert summary corresponding to an alert and representing one or more instances of the alert, the alert defined by a search query and a triggering condition; wherein an instance of the alert corresponds to a particular dataset that (i) is generated by executing the search query over time-series data falling within a particular time range in a set of time ranges over which the search query has been instructed to search, and (ii) satisfies the triggering condition for the alert; wherein an alert summary includes an indication of at least one of: a total count of alert instances generated by the alert, or a count of alert instances generated by the alert that have not been viewed by a user.

公开(公告)号：US20220171736A1

公开(公告)日：2022-06-02

申请号：US17669156

申请日：2022-02-10

Applicant: Splunk Inc.

Inventor： Qianjie Zhong ,  Ting Wang ,  Margaret Lee ,  Dawei Li ,  Nick Filippi ,  Yue Ni ,  Shiming Yuan

IPC: G06F16/11 ,  G06F16/16 ,  G06F16/245 ,  G06F16/2458 ,  G06F16/9535 ,  G06F16/2455 ,  G06F11/07 ,  G06F16/25 ,  G08B21/18

Abstract: An example method for managing datasets produced by alert-triggering search queries may include producing a dataset by executing a search query on a portion of data associated with a time window defined relative to a current time. The method may further include responsive to determining that a portion of the dataset satisfies a condition defining an alert, generating an instance of the alert. The method may further include associating, by a memory data structure, the instance of the alert with an identifier of the query and a parameter specifying a time of execution of the query that has triggered the instance. The method may further include receiving a request for the dataset portion. The method may further include substituting, in a definition of the time window, the current time with the time parameter. The method may further include reproducing the dataset portion by re-executing the query using the time window.

公开(公告)号：US11288231B2

公开(公告)日：2022-03-29

申请号：US16777357

申请日：2020-01-30

Applicant: Splunk Inc.

Inventor： Qianjie Zhong ,  Ting Wang ,  Margaret Lee ,  Dawei Li ,  Nick Filippi ,  Yue Ni ,  Shiming Yuan

IPC: G06F16/11 ,  G06F16/16 ,  G06F16/245 ,  G06F16/2458 ,  G06F16/9535 ,  G06F16/2455 ,  G06F11/07 ,  G06F16/25 ,  G08B21/18

Abstract: An example method for managing datasets produced by alert-triggering search queries may include producing a dataset by executing a search query on a portion of data associated with a time window defined relative to a current time. The method may further include responsive to determining that a portion of the dataset satisfies a condition defining an alert, generating an instance of the alert. The method may further include associating, by a memory data structure, the instance of the alert with an identifier of the query and a parameter specifying a time of execution of the query that has triggered the instance. The method may further include receiving a request for the dataset portion. The method may further include substituting, in a definition of the time window, the current time with the time parameter. The method may further include reproducing the dataset portion by re-executing the query using the time window.

公开(公告)号：US10585851B2

公开(公告)日：2020-03-10

申请号：US15461076

申请日：2017-03-16

Applicant: Splunk Inc.

Inventor： Qianjie Zhong ,  Ting Wang ,  Margaret Lee ,  Dawei Li ,  Nick Filippi ,  Yue Ni ,  Shiming Yuan

IPC: G06F16/11 ,  G06F16/16 ,  G06F16/245 ,  G06F16/2458 ,  G06F16/9535 ,  G06F16/2455 ,  G06F11/07 ,  G06F16/25 ,  G08B21/18

Abstract: An example method for managing datasets produced by alert-triggering search queries may include producing a dataset by executing a search query on a portion of data associated with a time window defined relative to a current time. The method may further include responsive to determining that a portion of the dataset satisfies a condition defining an alert, generating an instance of the alert. The method may further include associating, by a memory data structure, the instance of the alert with an identifier of the query and a parameter specifying a time of execution of the query that has triggered the instance. The method may further include receiving a request for the dataset portion. The method may further include substituting, in a definition of the time window, the current time with the time parameter. The method may further include reproducing the dataset portion by re-executing the query using the time window.