公开(公告)号：US20170185607A1

公开(公告)日：2017-06-29

申请号：US15461076

申请日：2017-03-16

Applicant: Splunk Inc.

Inventor： Qianjie Zhong ,  Ting Wang ,  Margaret Lee ,  Dawei Li ,  Nick Filippi ,  Yue Ni ,  Shiming Yuan

IPC: G06F17/30

CPC classification number: G06F16/125 ,  G06F11/0727 ,  G06F11/0775 ,  G06F16/162 ,  G06F16/245 ,  G06F16/2455 ,  G06F16/24565 ,  G06F16/2477 ,  G06F16/254 ,  G06F16/9535 ,  G08B21/18

Abstract: An example method for managing datasets produced by alert-triggering search queries may include producing a dataset by executing a search query on a portion of data associated with a time window defined relative to a current time. The method may further include responsive to determining that a portion of the dataset satisfies a condition defining an alert, generating an instance of the alert. The method may further include associating, by a memory data structure, the instance of the alert with an identifier of the query and a parameter specifying a time of execution of the query that has triggered the instance. The method may further include receiving a request for the dataset portion. The method may further include substituting, in a definition of the time window, the current time with the time parameter. The method may further include reproducing the dataset portion by re-executing the query using the time window.

公开(公告)号：US12169471B2

公开(公告)日：2024-12-17

申请号：US17669156

申请日：2022-02-10

Applicant: Splunk Inc.

Inventor： Qianjie Zhong ,  Ting Wang ,  Margaret Lee ,  Dawei Li ,  Nick Filippi ,  Yue Ni ,  Shiming Yuan

IPC: G06F16/11 ,  G06F11/07 ,  G06F16/16 ,  G06F16/245 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/25 ,  G06F16/9535 ,  G08B21/18

Abstract: An example method for managing datasets produced by alert-triggering search queries may include producing a dataset by executing a search query on a portion of data associated with a time window defined relative to a current time. The method may further include responsive to determining that a portion of the dataset satisfies a condition defining an alert, generating an instance of the alert. The method may further include associating, by a memory data structure, the instance of the alert with an identifier of the query and a parameter specifying a time of execution of the query that has triggered the instance. The method may further include receiving a request for the dataset portion. The method may further include substituting, in a definition of the time window, the current time with the time parameter. The method may further include reproducing the dataset portion by re-executing the query using the time window.

公开(公告)号：US10678805B2

公开(公告)日：2020-06-09

申请号：US15966279

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Ken Chen ,  Gang Tao ,  Lai Qiang Ding ,  Junqing Hao ,  Ting Wang ,  Elias Haddad ,  Dritan Bitincka

IPC: G06F15/173 ,  G06F16/248 ,  H04L12/26

Abstract: Techniques and mechanisms are disclosed that enable a data collection system to adaptively control collection of data from one or more external data sources. At a high level, adaptively controlling collection of data from external data sources may include collecting performance information related to one or more data collection nodes and, in response to analyzing the collected performance information, adapting rates at which the data collection nodes send data collection requests to external data sources. Data collection performance information generally may include, but is not limited to, network traffic data, error messages generated by external data sources and/or data collection nodes, computing device performance information, and any other types of information related to a data collection node's ability to collect data from external data sources.

公开(公告)号：US10007710B2

公开(公告)日：2018-06-26

申请号：US15011525

申请日：2016-01-30

Applicant: Splunk Inc.

Inventor： Ken Chen ,  Gang Tao ,  Lai Qiang Ding ,  Junqing Hao ,  Ting Wang ,  Elias Haddad ,  Dritan Bitincka

IPC: G06F15/173 ,  G06F17/30 ,  H04L12/26

CPC classification number: G06F16/248 ,  H04L43/024 ,  H04L43/0817

Abstract: Techniques and mechanisms are disclosed that enable a data collection system to adaptively control collection of data from one or more external data sources. At a high level, adaptively controlling collection of data from external data sources may include collecting performance information related to one or more data collection nodes and, in response to analyzing the collected performance information, adapting rates at which the data collection nodes send data collection requests to external data sources. Data collection performance information generally may include, but is not limited to, network traffic data, error messages generated by external data sources and/or data collection nodes, computing device performance information, and any other types of information related to a data collection node's ability to collect data from external data sources.

公开(公告)号：US20170286038A1

公开(公告)日：2017-10-05

申请号：US15088106

申请日：2016-03-31

Applicant: Splunk Inc.

Inventor： Li Li ,  Gang Tao ,  Yongxin Su ,  Junqing Hao ,  Ting Wang ,  John Robert Coates ,  Elias Haddad ,  Guodong Wang

IPC: G06F3/14 ,  G06T11/00 ,  G06F17/27 ,  G06F3/0482 ,  G06F3/0484 ,  G06F17/30 ,  G06F17/24

CPC classification number: G06F3/14 ,  G06Q10/063 ,  G09G2358/00 ,  G09G2370/02 ,  G09G2370/10

Abstract: The operation of an automatic data input and query system is controlled by well-defined control data. The system exposes user interfaces enabling an administrator to interact with control data to modify the ongoing operation of the system. Certain control data determines the collection and treatment of data from various technology sources. A robust control interface is provided enabling the efficient and reliable adding on of new technology data sources. Once established, control data for a new technology data source may be packaged in a form for archiving or distribution. The system may support the export and import of such packages. Such packages may be created independently of the system.

公开(公告)号：US20160253415A1

公开(公告)日：2016-09-01

申请号：US14396366

申请日：2014-07-09

Applicant: SPLUNK INC.

Inventor： Qianjie Zhong ,  Yue Ni ,  Ting Wang ,  Dawei Li ,  Nick Filippi ,  Xianqin Ma

IPC: G06F17/30 ,  G06F9/54 ,  G06F3/0484

CPC classification number: G06F16/345 ,  G06F3/04842 ,  G06F9/542 ,  G06F11/0721 ,  G06F11/0766 ,  G06F16/24565 ,  G06F16/3331 ,  G06F16/338

Abstract: Systems and methods for presenting and sorting summaries of alerts triggered by search queries in data aggregation and analysis systems. An example method may comprise: causing, by one or more processing devices, one or more alert summaries to be displayed, each alert summary corresponding to an alert and representing one or more instances of the alert, the alert defined by a search query and a triggering condition; wherein an instance of the alert corresponds to a particular dataset that (i) is generated by executing the search query over time-series data falling within a particular time range in a set of time ranges over which the search query has been instructed to search, and (ii) satisfies the triggering condition for the alert; wherein an alert summary includes an indication of at least one of: a total count of alert instances generated by the alert, or a count of alert instances generated by the alert that have not been viewed by a user.

Abstract translation: 用于呈现和排序数据汇总和分析系统中搜索查询触发的警报摘要的系统和方法。 示例性方法可以包括：通过一个或多个处理设备引起一个或多个警报摘要的显示，每个警报摘要对应于警报并且表示警报的一个或多个实例，由搜索查询和 触发条件; 其中所述警报的实例对应于特定数据集，所述特定数据集通过在搜索查询已被指示搜索的一组时间范围内的特定时间范围内的时间序列数据上执行搜索查询来生成， 和（ii）满足警报的触发条件; 其中警报摘要包括以下中的至少一个的指示：由所述警报产生的警报实例的总​​计数，或所述警报所生成的尚未被用户观看的警报实例的计数。

公开(公告)号：US12265863B2

公开(公告)日：2025-04-01

申请号：US17565181

申请日：2021-12-29

Applicant: Splunk Inc.

Inventor： Li Li ,  Gang Tao ,  Yongxin Su ,  Junqing Hao ,  Ting Wang ,  John Robert Coates ,  Elias Haddad ,  Guodong Wang

IPC: G06N5/025 ,  G06F3/14 ,  G06F9/54 ,  G06Q10/063

Abstract: The operation of an automatic data input and query system is controlled by well-defined control data. The system exposes user interfaces enabling an administrator to interact with control data to modify the ongoing operation of the system. Certain control data determines the collection and treatment of data from various technology sources. A robust control interface is provided enabling the efficient and reliable adding on of new technology data sources. Once established, control data for a new technology data source may be packaged in a form for archiving or distribution. The system may support the export and import of such packages. Such packages may be created independently of the system.

公开(公告)号：US20220121410A1

公开(公告)日：2022-04-21

申请号：US17565181

申请日：2021-12-29

Applicant: Splunk Inc.

Inventor： Li Li ,  Gang Tao ,  Yongxin Su ,  Junqing Hao ,  Ting Wang ,  John Robert Coates ,  Elias Haddad ,  Guodong Wang

IPC: G06F3/14 ,  G06Q10/06 ,  G06N5/02 ,  G06F17/40 ,  G06F9/54

Abstract: The operation of an automatic data input and query system is controlled by well-defined control data. The system exposes user interfaces enabling an administrator to interact with control data to modify the ongoing operation of the system. Certain control data determines the collection and treatment of data from various technology sources. A robust control interface is provided enabling the efficient and reliable adding on of new technology data sources. Once established, control data for a new technology data source may be packaged in a form for archiving or distribution. The system may support the export and import of such packages. Such packages may be created independently of the system.

公开(公告)号：US20200167311A1

公开(公告)日：2020-05-28

申请号：US16777357

申请日：2020-01-30

Applicant: Splunk Inc.

Inventor： Qianjie Zhong ,  Ting Wang ,  Margaret Lee ,  Dawei Li ,  Nick Filippi ,  Yue Ni ,  Shiming Yuan

IPC: G06F16/11 ,  G08B21/18 ,  G06F16/2455 ,  G06F16/9535 ,  G06F16/2458 ,  G06F16/245 ,  G06F16/16 ,  G06F16/25 ,  G06F11/07

Abstract: An example method for managing datasets produced by alert-triggering search queries may include producing a dataset by executing a search query on a portion of data associated with a time window defined relative to a current time. The method may further include responsive to determining that a portion of the dataset satisfies a condition defining an alert, generating an instance of the alert. The method may further include associating, by a memory data structure, the instance of the alert with an identifier of the query and a parameter specifying a time of execution of the query that has triggered the instance. The method may further include receiving a request for the dataset portion. The method may further include substituting, in a definition of the time window, the current time with the time parameter. The method may further include reproducing the dataset portion by re-executing the query using the time window.

公开(公告)号：US10567557B2

公开(公告)日：2020-02-18

申请号：US14889764

申请日：2014-10-31

Applicant: Splunk Inc.

Inventor： Lai Qiang Ding ,  Ziliang Chen ,  Junqing Hao ,  Ting Wang

IPC: H04L12/26 ,  H04L29/08 ,  H04L29/06

Abstract: The disclosed embodiments provide a system that processes data received from a remote system. During operation, the system sends, from a computer system to a remote system, a request for a local time at the remote system and records a time of transmission of the request. Next, the system obtains, from the remote system, a response to the request, wherein the response includes the local time of the remote system. The system then computes a difference between the time of transmission and the local time of the remote system to determine a time offset that accounts for a time difference between the computer system and the remote system. Finally, the system uses the time offset to standardize timestamps in time-series data received from the remote system, wherein standardizing the timestamps associated with the time-series data comprises adjusting the timestamps to conform to a time standard.