公开(公告)号：US12130829B2

公开(公告)日：2024-10-29

申请号：US18051458

申请日：2022-10-31

Applicant: Splunk Inc.

Inventor： Nasim Bigdelu ,  Margaret Kelley ,  Mirjana Tesic ,  Rebecca Tortell ,  Rajesh Raman

IPC: G06F16/00 ,  G06F16/242 ,  G06F16/248

CPC classification number: G06F16/248 ,  G06F16/2425

Abstract: Systems and methods are described for generation and execution of modified queries. An input can be received via a visualization of a user interface. The input may identify a first field value and a first field for execution of a query. A set of data for execution of the query can be identified based on the input. Alias data may identify a second field that is associated with the first field. Using the alias data, a modified query can be generated based on the query and the second field. The modified query can be executed to generate query results. The query results can be displayed via a visualization of the user interface based on the first field.

公开(公告)号：US12013880B2

公开(公告)日：2024-06-18

申请号：US17721251

申请日：2022-04-14

Applicant: SPLUNK Inc.

Inventor： Nishant Agarwal ,  Houwu Bai ,  Darshan Patel ,  Rajesh Raman ,  Joseph Ari Ross

IPC: G06F16/28 ,  G06F16/2455 ,  G06F16/2458 ,  H04L43/08

CPC classification number: G06F16/287 ,  G06F16/24568 ,  G06F16/2477 ,  H04L43/08

Abstract: Described are systems, methods, and techniques for collecting, analyzing, processing, and storing time series data and for evaluating and dynamically estimating a resolution of one or more streams of data points and updating an output resolution. Responsive to receiving a stream of data points, a data resolution can be derived and an output resolution can be set to a first value. When a change to the data resolution is detected, the output resolution can be changed, modifying a frequency at which output data points are generated and/or transmitted. In some instances, a detector can be implemented to trigger an alert responsive to ingested data points corresponding with triggering parameters. An output resolution for the detector can be dynamically modified based on dynamically detecting a change to the data resolution of the stream of data.

公开(公告)号：US20240143612A1

公开(公告)日：2024-05-02

申请号：US18051458

申请日：2022-10-31

Applicant: Splunk Inc.

Inventor： Nasim Bigdelu ,  Margaret Kelley ,  Mirjana Tesic ,  Rebecca Tortell ,  Rajesh Raman

IPC: G06F16/248 ,  G06F16/242

CPC classification number: G06F16/248 ,  G06F16/2425

Abstract: Systems and methods are described for generation and execution of modified queries. An input can be received via a visualization of a user interface. The input may identify a first field value and a first field for execution of a query. A set of data for execution of the query can be identified based on the input. Alias data may identify a second field that is associated with the first field. Using the alias data, a modified query can be generated based on the query and the second field. The modified query can be executed to generate query results. The query results can be displayed via a visualization of the user interface based on the first field.

公开(公告)号：US11797542B1

公开(公告)日：2023-10-24

申请号：US17374837

申请日：2021-07-13

Applicant: Splunk Inc.

Inventor： Rajesh Raman ,  Maxime Petazzoni ,  Arijit Mukherji ,  Phillip Liu

IPC: G06F16/24 ,  G06F16/2455 ,  G06F40/279 ,  G06F16/2453 ,  G06F40/205 ,  G06F16/242 ,  G06F16/28 ,  G06F16/907

CPC classification number: G06F16/24568 ,  G06F16/244 ,  G06F16/24535 ,  G06F16/284 ,  G06F16/907 ,  G06F40/205 ,  G06F40/279

Abstract: A system processes data stream language expressions that combine result data streams from multiple data stream language sub-expressions. The system determines a set of fixed dimensions based on static analysis of the data stream language sub-expression. The system determines a union set representing a union of the sets of fixed dimensions. The system determines at execution time of the data stream language expression, a plurality of sets of data streams. Each set of data stream corresponds to a data stream language sub-expression from the plurality of data stream language expressions. The system correlates data streams across the plurality of sets of data streams based on the union set. The system determines result data streams for the data stream language expression by combining data values of correlated data streams.

公开(公告)号：US12298981B1

公开(公告)日：2025-05-13

申请号：US18441788

申请日：2024-02-14

Applicant: Splunk Inc.

Inventor： Ankit Bhagat ,  Steven Karis ,  Amin Moshgabadi ,  Rajesh Raman

IPC: G06F16/2455 ,  G06F16/22 ,  G06F16/242 ,  G06F16/2452 ,  G06F16/2458 ,  G06F16/248 ,  G06F21/62

Abstract: Systems and methods are described for generation of a query using a non-textual input. For example, the query can be generated using a point and click input. A selection of a data source can be identified and an initial query can be automatically generated based on the selection of the data source. A graphical user interface can be displayed and populated with one or more selectable parameters based on the initial query. A selection of the one or more selectable parameters can be received as a non-textual input and a query can be automatically generated based on the selection. For example, a query for execution by a data intake and query system can be generated based on the selection. The query can be provided to the data intake and query system. The data intake and query system may then execute the query on a set of data.

公开(公告)号：US12298980B1

公开(公告)日：2025-05-13

申请号：US16938807

申请日：2020-07-24

Applicant: Splunk Inc.

Inventor： Rajesh Raman ,  Jennifer Williamson ,  Edward Crossman ,  Uday Sagar Shiramshetty ,  Arijit Mukherji ,  Phillip Liu ,  Tianyu Wang

IPC: G06F16/2455 ,  G06F16/2457 ,  G06F16/248

Abstract: According to embodiments, a data stream including a plurality of time series data is received and metadata objects are extracted from the data stream. The metadata objects are associated with metrics time series (MTS) objects. The metadata objects and MTS objects are stored via separate in-memory data structures in a logical database. The in-memory data structures include information that correlates the metadata objects with the MTS objects. Any updates to the metadata objects will stay with the metadata objects and do not propagate to the MTS objects. A logical in-memory join may be performed to associate the metadata objects with the appropriate MTS object according to the in-memory data structures when a query for an MTS object is received.

公开(公告)号：US12039307B1

公开(公告)日：2024-07-16

申请号：US18331571

申请日：2023-06-08

Applicant: Splunk Inc.

Inventor： Rajesh Raman ,  Arijit Mukherji ,  Kris Grandy ,  Phillip Liu

IPC: G06F8/41 ,  G06F9/46 ,  G06F9/54 ,  G06F11/07 ,  G06F11/30 ,  G06F11/34 ,  G06F11/36 ,  G06F16/16 ,  G06F16/2455

CPC classification number: G06F8/443 ,  G06F9/466 ,  G06F9/542 ,  G06F11/07 ,  G06F11/3086 ,  G06F11/34 ,  G06F11/3452 ,  G06F11/3466 ,  G06F11/3604 ,  G06F16/164 ,  G06F16/24568 ,  G06F11/3006 ,  G06F11/3072 ,  G06F11/3409 ,  G06F2201/81 ,  G06F2201/835 ,  G06F2201/86 ,  G06F2201/88

Abstract: An instrumentation analysis system processes data streams by executing instructions specified using a data stream language program. The data stream language allows users to specify a search condition using a find block for identifying the set of data streams processed by the data stream language program. The set of identified data streams may change dynamically. The data stream language allows users to group data streams into sets of data streams based on distinct values of one or more metadata attributes associated with the input data streams. The data stream language allows users to specify a threshold block for determining whether data values of input data streams are outside boundaries specified using low/high thresholds. The elements of the set of data streams input to the threshold block can dynamically change. The low/high threshold values can be specified as data streams and can dynamically change.

公开(公告)号：US20230120313A1

公开(公告)日：2023-04-20

申请号：US17721251

申请日：2022-04-14

Applicant: SPLUNK Inc.

Inventor： Nishant Agarwal ,  Houwu Bai ,  Darshan Patel ,  Rajesh Raman ,  Joseph Ari Ross

IPC: H04L43/08

Abstract: Described are systems, methods, and techniques for collecting, analyzing, processing, and storing time series data and for evaluating and dynamically estimating a resolution of one or more streams of data points and updating an output resolution. Responsive to receiving a stream of data points, a data resolution can be derived and an output resolution can be set to a first value. When a change to the data resolution is detected, the output resolution can be changed, modifying a frequency at which output data points are generated and/or transmitted. In some instances, a detector can be implemented to trigger an alert responsive to ingested data points corresponding with triggering parameters. An output resolution for the detector can be dynamically modified based on dynamically detecting a change to the data resolution of the stream of data.

公开(公告)号：US11194697B2

公开(公告)日：2021-12-07

申请号：US16546860

申请日：2019-08-21

Applicant: Splunk Inc.

Inventor： Phillip Liu ,  Arijit Mukherji ,  Rajesh Raman

IPC: G06F11/36 ,  G06F16/2455 ,  G06F11/30 ,  G06F11/32

Abstract: An analysis system receives data streams generated by instances of instrumented software executing on external systems. The analysis system evaluates an expression using data values of the data streams over a plurality of time intervals. For example, the analysis system may aggregate data values of data streams for each time interval. The analysis system determines whether or not a data stream is considered for a time interval based on when the data value arrives during the time interval. The analysis system determines a maximum expected delay value for each data stream being processed. The analysis system evaluates the expression using data values that arrive before their maximum expected delay values. The analysis system also determines a failure threshold value for a data stream. If a data value of a data stream fails to arrive before the failure threshold value, the analysis system marks the data stream as dead.

公开(公告)号：US11093506B1

公开(公告)日：2021-08-17

申请号：US16427024

申请日：2019-05-30

Applicant: Splunk Inc.

Inventor： Rajesh Raman ,  Maxime Petazzoni ,  Arijit Mukherji ,  Phillip Liu

IPC: G06F16/24 ,  G06F16/2455 ,  G06F16/242 ,  G06F16/2453 ,  G06F16/907 ,  G06F16/28 ,  G06F40/205 ,  G06F40/279

Abstract: A system processes data stream language expressions that combine result data streams from multiple data stream language sub-expressions. The system determines a set of fixed dimensions based on static analysis of the data stream language sub-expression. The system determines a union set representing a union of the sets of fixed dimensions. The system determines at execution time of the data stream language expression, a plurality of sets of data streams. Each set of data stream corresponds to a data stream language sub-expression from the plurality of data stream language expressions. The system correlates data streams across the plurality of sets of data streams based on the union set. The system determines result data streams for the data stream language expression by combining data values of correlated data streams.