公开(公告)号：US20180293327A1

公开(公告)日：2018-10-11

申请号：US15479823

申请日：2017-04-05

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Jason Szeto ,  Jose Solis ,  Jindrich Dinga ,  David Marquardt

IPC: G06F17/30

Abstract: Systems and methods are disclosed for locating data and categorizing a set of data using inverted indexes. The inverted indexes include token entries and field-value pair entries, as well as event references that correspond to events that include raw machine data. Using filter criteria, the inverted indexes are identified. In turn, the inverted indexes are used to identify a set of events that satisfy the filter criteria. The identified set of events are categorized based on categorization criteria and provided for display to a user.

公开(公告)号：US20170270132A1

公开(公告)日：2017-09-21

申请号：US14611227

申请日：2015-01-31

Applicant: Splunk Inc.

Inventor： Clint Sharp ,  Jesse Miller ,  Jason Szeto ,  Nima Haddadkaveh

IPC: G06F17/30

CPC classification number: G06F16/134 ,  G06F16/148 ,  G06F16/168 ,  G06F16/182

Abstract: A search support system allows a customer to browse data contained in files stored on an external storage system. The search support system allows a customer to specify data processing tasks to be performed on raw data retrieved from a file stored on the external storage system. The customer specifies each data processing task and the search support system performs each task as it is selected by the customer on raw data retrieved from the file. The search support system concurrently displays the results of each data processing task in real time in a graphical user interface. The search support system saves the customer's settings as a late binding schema that can be applied to raw data retrieved from the external storage system in order to parse the raw data and to create, index, and search timestamped events derived from the raw data.

公开(公告)号：US12197420B1

公开(公告)日：2025-01-14

申请号：US18180397

申请日：2023-03-08

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Marc V. Robichaud ,  Cory Burke ,  Alexander James ,  Jeffrey Thomas Lloyd

IPC: G06F16/23 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F16/00 ,  G06F16/242 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/26 ,  G06F16/33 ,  G06F21/62 ,  G06F40/134 ,  G06F40/174 ,  G06F40/177 ,  G06F40/18 ,  G06Q10/00 ,  G06T11/20 ,  G06Q10/10

Abstract: A method includes displaying events that correspond to search results of a search query, the events comprising data items of event attributes, the events displayed in a table. The table includes columns corresponding to an event attribute, rows corresponding events, cells populated data items, and interactive regions corresponding to at least one data item and selectable to add one or more commands to the search query. A reference event attribute is determined based on an analysis of a data object. A supplemental column corresponding to a supplemental event attribute is added to the table based on the reference event attribute. Supplemental interactive regions are added to the table and correspond to supplemental data items.

公开(公告)号：US20240419712A1

公开(公告)日：2024-12-19

申请号：US18419179

申请日：2024-01-22

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Jason Szeto ,  Jose Solis ,  Jindrich Dinga ,  David Marquardt

IPC: G06F16/34 ,  G06F16/335 ,  G06F16/35 ,  G06T11/20

Abstract: Systems and methods are disclosed involving user interface (UI) search tools for locating data, including tools for summarizing indexed raw machine data that organize and present results to enable expansion and exploration of initial summarizations. The initial summarizations may be explored and refined to help users determine how to identify and best focus a search on data subsets of greater interest.

公开(公告)号：US11972203B1

公开(公告)日：2024-04-30

申请号：US18306863

申请日：2023-04-25

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F3/048 ,  G06F16/2458 ,  G06F40/174

CPC classification number: G06F40/174 ,  G06F16/2477

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.

公开(公告)号：US11880399B2

公开(公告)日：2024-01-23

申请号：US17861083

申请日：2022-07-08

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Jason Szeto ,  Jose Solis ,  Jindrich Dinga ,  David Marquardt

IPC: G06F16/34 ,  G06F16/335 ,  G06F16/35 ,  G06T11/20

CPC classification number: G06F16/345 ,  G06F16/335 ,  G06F16/358 ,  G06T11/206 ,  G06T2200/24

Abstract: Systems and methods are disclosed involving user interface (UI) search tools for locating data, including tools for summarizing indexed raw machine data that organize and present results to enable expansion and exploration of initial summarizations. The initial summarizations may be explored and refined to help users determine how to identify and best focus a search on data subsets of greater interest.

公开(公告)号：US20210357362A1

公开(公告)日：2021-11-18

申请号：US17443436

申请日：2021-07-26

Applicant: Splunk Inc.

Inventor： Alexander D. Munk ,  Jesse Miller

IPC: G06F16/13 ,  G06F3/0482 ,  G06F16/14 ,  G06F16/16 ,  G06F16/951

Abstract: A data intake and query system provides interfaces that enable users to configure source type definitions used by the system. A data intake and query system generally refers to a system for collecting and analyzing data including machine-generated data. Such a system may be configured to consume many different types of machine data generated by any number of different data sources including various servers, network devices, applications, etc. At a high level, a source type definition comprises one or more properties that define how various components of a data intake and query system collect, index, store, search and otherwise interact with particular types of data consumed by the system. The interfaces provided by the system generally comprise one or more interface components for configuring various attributes of a source type definition.

公开(公告)号：US11106713B2

公开(公告)日：2021-08-31

申请号：US15479852

申请日：2017-04-05

Applicant: Splunk Inc.

Inventor： Jesse Miller ,  Jason Szeto ,  Jose Solis ,  Jindrich Dinga ,  David Marquardt

IPC: G06F16/335 ,  G06F16/31 ,  G06F16/338 ,  G06F16/34 ,  G06F16/35 ,  G06T11/20

Abstract: Systems and methods are disclosed for sampling a set of data using inverted indexes in response to a user interaction with a user interface. Based on the user interaction with a displayed grouping of a summarization of a set of data, the system uses filter criteria corresponding to the grouping to review one or more inverted indexes and identify a sample of events for analysis. The system then accesses the sample of events and provides the results for display to a user.

公开(公告)号：US11074216B2

公开(公告)日：2021-07-27

申请号：US16013381

申请日：2018-06-20

Applicant: Splunk Inc.

Inventor： Alexander D. Munk ,  Jesse Miller

IPC: G06F16/13 ,  G06F16/14 ,  G06F16/16 ,  G06F16/951 ,  G06F3/0482

Abstract: A data intake and query system provides interfaces that enable users to configure source type definitions used by the system. A data intake and query system generally refers to a system for collecting and analyzing data including machine-generated data. Such a system may be configured to consume many different types of machine data generated by any number of different data sources including various servers, network devices, applications, etc. At a high level, a source type definition comprises one or more properties that define how various components of a data intake and query system collect, index, store, search and otherwise interact with particular types of data consumed by the system. The interfaces provided by the system generally comprise one or more interface components for configuring various attributes of a source type definition.

公开(公告)号：US10430505B2

公开(公告)日：2019-10-01

申请号：US15417430

申请日：2017-01-27

Applicant: Splunk, Inc.

Inventor： Jesse Miller ,  Micah James Delfino ,  Marc Robichaud ,  David Carasso

IPC: G06F3/048 ,  G06F17/24 ,  G06F7/24 ,  G06F3/0484 ,  G06F16/248 ,  G06F16/904 ,  G06F16/2458

Abstract: The technology disclosed relates to formulating and refining field extraction rules that are used at query time on raw data with a late-binding schema. The field extraction rules identify portions of the raw data, as well as their data types and hierarchical relationships. These extraction rules are executed against very large data sets not organized into relational structures that have not been processed by standard extraction or transformation methods. By using sample events, a focus on primary and secondary example events help formulate either a single extraction rule spanning multiple data formats, or multiple rules directed to distinct formats. Selection tools mark up the example events to indicate positive examples for the extraction rules, and to identify negative examples to avoid mistaken value selection. The extraction rules can be saved for query-time use, and can be incorporated into a data model for sets and subsets of event data.