公开(公告)号：US10380189B2

公开(公告)日：2019-08-13

申请号：US15693172

申请日：2017-08-31

Applicant: Splunk Inc.

Inventor： Brent Boe ,  Brian Bingham ,  John Robert Coates ,  Tristan Antonio Fletcher

IPC: G06F15/173 ,  G06F16/903 ,  G06Q10/06 ,  G06F16/26 ,  G06F16/248 ,  G06F16/25 ,  G06F16/33 ,  G06F16/951 ,  G06F16/2455 ,  G06F16/901 ,  G06F16/9038 ,  G06F16/9535 ,  G06F16/2453 ,  H04L12/24 ,  H04L12/26 ,  G06F3/0484 ,  G06F9/54 ,  G06F3/0481 ,  G06F3/0482 ,  H04L29/08 ,  G06F11/34 ,  G06F11/32 ,  G06T11/20

Abstract: One or more processing devices create one or more entity definitions that each associate an entity with machine data pertaining to that entity and create a service definition for a service provided by one or more entities. The service definition includes an entity definition for each of the one or more entities. The one or more processing devices create one or more key performance indicators (KPIs). Each KPI is defined by a search query that produces a value derived from the machine data identified in one or more of the entity definitions included in the service definition. Each value is indicative of how the service is performing at a point in time or during a period of time.

公开(公告)号：US10367827B2

公开(公告)日：2019-07-30

申请号：US14135427

申请日：2013-12-19

Applicant: Splunk Inc.

Inventor： Mark Seward ,  John Robert Coates

IPC: H04L29/06 ,  G06F16/21 ,  G06F16/951

Abstract: Systems and methods are provided for identifying network addresses and/or IDs of a deduplicated list among network data, machine data, and/or events derived from network data and/or machine data, and for identifying notable events by searching for the presence of network addresses and/or network IDs that are deduplicated across lists received from multiple external sources. One method includes receiving a plurality of lists of network locations, wherein each list is received from over a network, wherein each of the network locations includes a domain name or an IP address, and wherein at least two of the plurality of lists each include a same network location; aggregating the plurality of lists of network locations into a deduplicated list of unique network locations; and searching network data or machine data for a network location included in the deduplicated list of unique network locations.

公开(公告)号：US20180157724A1

公开(公告)日：2018-06-07

申请号：US15885809

申请日：2018-01-31

Applicant: Splunk Inc.

Inventor： Michael Kinsely ,  Alex Raitz ,  John Robert Coates ,  Shirley Wu

IPC: G06F17/30

CPC classification number: G06F16/254

Abstract: A field extraction template simplifies the creation of field extraction rules by providing a user with a set of field names commonly assigned to a certain type of data, as well as guidance on how to extract values for those fields. These field extraction rules, in turn, facilitate access to certain “chunks” of the data, or to information derived from those chunks, through named fields. A field extraction template comprises at least a set of field names and ordering data for the field names. The ordering data indicates index positions that are associated with at least some of the field names. A delimiter is specified for splitting data items into arrays of chunks. The chunk of a data item that belongs to a given field name is the chunk whose position within the item's array of chunks is equivalent to the index position associated with the given field name.

公开(公告)号：US20170286038A1

公开(公告)日：2017-10-05

申请号：US15088106

申请日：2016-03-31

Applicant: Splunk Inc.

Inventor： Li Li ,  Gang Tao ,  Yongxin Su ,  Junqing Hao ,  Ting Wang ,  John Robert Coates ,  Elias Haddad ,  Guodong Wang

IPC: G06F3/14 ,  G06T11/00 ,  G06F17/27 ,  G06F3/0482 ,  G06F3/0484 ,  G06F17/30 ,  G06F17/24

CPC classification number: G06F3/14 ,  G06Q10/063 ,  G09G2358/00 ,  G09G2370/02 ,  G09G2370/10

Abstract: The operation of an automatic data input and query system is controlled by well-defined control data. The system exposes user interfaces enabling an administrator to interact with control data to modify the ongoing operation of the system. Certain control data determines the collection and treatment of data from various technology sources. A robust control interface is provided enabling the efficient and reliable adding on of new technology data sources. Once established, control data for a new technology data source may be packaged in a form for archiving or distribution. The system may support the export and import of such packages. Such packages may be created independently of the system.

公开(公告)号：US09596146B2

公开(公告)日：2017-03-14

申请号：US15012817

申请日：2016-02-01

Applicant: Splunk Inc.

Inventor： John Robert Coates ,  Poorva Malviya ,  Brian John Bingham

IPC: G06F17/30 ,  G06F7/00 ,  H04L12/24 ,  G06Q10/06 ,  H04L29/08 ,  H04L12/26 ,  G06F3/0484 ,  G06F9/54 ,  G06F3/0481 ,  G06F3/0482

CPC classification number: H04L43/16 ,  G06F3/0481 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/542 ,  G06F17/30424 ,  G06F17/30463 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30572 ,  G06F17/30675 ,  G06F17/30864 ,  G06F17/30867 ,  G06F17/30958 ,  G06F17/30964 ,  G06F17/30979 ,  G06F17/30991 ,  G06Q10/06393 ,  G06T11/206 ,  G06T2200/24 ,  H04L29/08072 ,  H04L41/0213 ,  H04L41/0806 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/5032 ,  H04L41/5035 ,  H04L41/5038 ,  H04L43/04 ,  H04L43/045 ,  H04L67/10 ,  H04L67/16

Abstract: Raw machine data are captured and organized as events. Entity definitions representing machine entities that perform a service identify the machine data associated with respective entities. KPI search queries each define a KPI. Each KPI search query derives one or more values for the KPI from machine data identified in the entity definitions. A dashboard template having an identifier for the KPI is presented by a graphical interface. The identifier presents at a user-designated location and may be a widget that provides a numerical or graphical representation of one or more values for the KPI. Embodiments may allow modification of the template.

Abstract translation: 原始机器数据被捕获并组织为事件。 表示执行服务的机器实体的实体定义识别与相应实体相关联的机器数据。 KPI搜索查询每个定义一个KPI。 每个KPI搜索查询从实体定义中标识的机器数据中获取KPI的一个或多个值。 具有用于KPI的标识符的仪表板模板由图形界面呈现。 标识符呈现在用户指定的位置，并且可以是提供用于KPI的一个或多个值的数字或图形表示的小部件。 实施例可以允许修改模板。

公开(公告)号：US09130860B1

公开(公告)日：2015-09-08

申请号：US14528858

申请日：2014-10-30

Applicant: Splunk Inc.

Inventor： Brent Boe ,  Brian Bingham ,  John Robert Coates ,  Tristan Antonio Fletcher

IPC: G06F15/16 ,  H04L12/26 ,  G06F17/30 ,  H04L12/24 ,  G06F12/00

CPC classification number: H04L43/16 ,  G06F3/0481 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/542 ,  G06F17/30424 ,  G06F17/30463 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30572 ,  G06F17/30675 ,  G06F17/30864 ,  G06F17/30867 ,  G06F17/30958 ,  G06F17/30964 ,  G06F17/30979 ,  G06F17/30991 ,  G06Q10/06393 ,  G06T11/206 ,  G06T2200/24 ,  H04L29/08072 ,  H04L41/0213 ,  H04L41/0806 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/5032 ,  H04L41/5035 ,  H04L41/5038 ,  H04L43/04 ,  H04L43/045 ,  H04L67/10 ,  H04L67/16

Abstract: One or more processing devices create one or more entity definitions that each associate an entity with machine data pertaining to that entity and create a service definition for a service provided by one or more entities. The service definition includes an entity definition for each of the one or more entities. The one or more processing devices create one or more key performance indicators (KPIs). Each KPI is defined by a search query that produces a value derived from the machine data identified in one or more of the entity definitions included in the service definition. Each value is indicative of how the service is performing at a point in time or during a period of time.

Abstract translation: 一个或多个处理设备创建一个或多个实体定义，每个实体定义使实体与与该实体有关的机器数据关联，并为由一个或多个实体提供的服务创建服务定义。 服务定义包括一个或多个实体中的每一个的实体定义。 一个或多个处理设备创建一个或多个关键性能指标（KPI）。 每个KPI由搜索查询定义，该搜索查询产生从在服务定义中包括的一个或多个实体定义中标识的机器数据导出的值。 每个值都表示服务在某个时间点或某段时间内的表现。

公开(公告)号：US11907244B2

公开(公告)日：2024-02-20

申请号：US17809837

申请日：2022-06-29

Applicant: SPLUNK INC.

Inventor： Michael Kinsely ,  Alex Raitz ,  John Robert Coates ,  Shirley Wu

IPC: G06F16/00 ,  G06F7/00 ,  G06F16/25

CPC classification number: G06F16/254

Abstract: A field extraction template simplifies the creation of field extraction rules by providing a user with a set of field names commonly assigned to a certain type of data, as well as guidance on how to extract values for those fields. These field extraction rules, in turn, facilitate access to certain “chunks” of the data, or to information derived from those chunks, through named fields. A field extraction template comprises at least a set of field names and ordering data for the field names. The ordering data indicates index positions that are associated with at least some of the field names. A delimiter is specified for splitting data items into arrays of chunks. The chunk of a data item that belongs to a given field name is the chunk whose position within the item's array of chunks is equivalent to the index position associated with the given field name.

公开(公告)号：US20220083572A1

公开(公告)日：2022-03-17

申请号：US17539143

申请日：2021-11-30

Applicant: Splunk Inc.

Inventor： Li Li ,  Gang Tao ,  Yongxin Su ,  Junqing Hao ,  Ting Wang ,  John Robert Coates ,  Elias Haddad ,  Guodong Wang

IPC: G06F16/28 ,  G06F16/2458 ,  G06N20/00

Abstract: Determining a set of extraction rules include clustering event segments into at least a first group of event segments, and determining, using first field data in the first group of event segments, a first set of extraction rules for extracting the first field data from each event segment of the first group of event segments. A determination is made that the first set of extraction rules fails to successfully extract all of the first field data. Responsive to the determination, the event segments are re-clustered into at least a second group of event segments and a third group of event segments until a successful set of extraction rules are identified. The successful set of extraction rules are stored in computer memory.

公开(公告)号：US11249710B2

公开(公告)日：2022-02-15

申请号：US15088106

申请日：2016-03-31

Applicant: Splunk Inc.

Inventor： Li Li ,  Gang Tao ,  Yongxin Su ,  Junqing Hao ,  Ting Wang ,  John Robert Coates ,  Elias Haddad ,  Guodong Wang

IPC: G06Q10/06 ,  G06N5/02 ,  G06F17/40 ,  G06F3/14

Abstract: The operation of an automatic data input and query system is controlled by well-defined control data. The system exposes user interfaces enabling an administrator to interact with control data to modify the ongoing operation of the system. Certain control data determines the collection and treatment of data from various technology sources. A robust control interface is provided enabling the efficient and reliable adding on of new technology data sources. Once established, control data for a new technology data source may be packaged in a form for archiving or distribution. The system may support the export and import of such packages. Such packages may be created independently of the system.

公开(公告)号：US11196756B2

公开(公告)日：2021-12-07

申请号：US15421393

申请日：2017-01-31

Applicant: Splunk Inc.

Inventor： Mark Seward ,  John Robert Coates

IPC: H04L29/06 ,  G06F16/21 ,  G06F16/951

Abstract: Systems and methods are provided for identifying network addresses and/or IDs of a deduplicated list among network data, machine data, and/or events derived from network data and/or machine data, and for identifying notable events by searching for the presence of network addresses and/or network IDs that are deduplicated across lists received from multiple external sources. One method includes receiving a plurality of lists of network locations, wherein each list is received from over a network, wherein each of the network locations includes a domain name or an IP address, and wherein at least two of the plurality of lists each include a same network location; aggregating the plurality of lists of network locations into a deduplicated list of unique network locations; and searching network data or machine data for a network location included in the deduplicated list of unique network locations.