公开(公告)号：US20180091528A1

公开(公告)日：2018-03-29

申请号：US15276756

申请日：2016-09-26

Applicant: Splunk Inc.

Inventor： Banipal Shahbaz ,  Siri Atma Oaklander De Licori ,  John Robert Coates ,  David Hazekamp ,  Devendra Badhani ,  Luke Murphey ,  Patrick Schulz

IPC: H04L29/06

Abstract: Techniques and mechanisms are disclosed for configuring actions to be performed by a network security application in response to the detection of potential security incidents, and for causing a network security application to report on the performance of those actions. For example, users may use such a network security application to configure one or more “modular alerts.” As used herein, a modular alert generally represents a component of a network security application which enables users to specify security modular alert actions to be performed in response to the detection of defined triggering conditions, and which further enables tracking information related to the performance of modular alert actions and reporting on the performance of those actions.

公开(公告)号：US20170286455A1

公开(公告)日：2017-10-05

申请号：US15143562

申请日：2016-04-30

Applicant: Splunk Inc.

Inventor： Li Li ,  Gang Tao ,  Yongxin Su ,  Junqing Hao ,  Ting Wang ,  John Robert Coates ,  Elias Haddad ,  Guodong Wang

IPC: G06F17/30

CPC classification number: G06F16/212 ,  G06F16/24575

Abstract: The operation of an automatic data input and query system is controlled by well-defined control data. Technology Add-On (TA) control data extends the operations of the system to gather and process machine data from additional sources. A user interface is exposed enabling a user who may be agnostic of requirements imposed by the system for TA content and format, to build a proper TA for controlling the system.

公开(公告)号：US20170142143A1

公开(公告)日：2017-05-18

申请号：US15421393

申请日：2017-01-31

Applicant: Splunk Inc.

Inventor： Mark Seward ,  John Robert Coates

IPC: H04L29/06 ,  G06F17/30

CPC classification number: H04L63/1416 ,  G06F16/212 ,  G06F16/951 ,  H04L63/1425

Abstract: Systems and methods are provided for identifying network addresses and/or IDs of a deduplicated list among network data, machine data, and/or events derived from network data and/or machine data, and for identifying notable events by searching for the presence of network addresses and/or network IDs that are deduplicated across lists received from multiple external sources. One method includes receiving a plurality of lists of network locations, wherein each list is received from over a network, wherein each of the network locations includes a domain name or an IP address, and wherein at least two of the plurality of lists each include a same network location; aggregating the plurality of lists of network locations into a deduplicated list of unique network locations; and searching network data or machine data for a network location included in the deduplicated list of unique network locations.

公开(公告)号：US20170140071A1

公开(公告)日：2017-05-18

申请号：US15420383

申请日：2017-01-31

Applicant: Splunk Inc.

Inventor： John Robert Coates ,  Poorva Malviya ,  Brian John Bingham

IPC: G06F17/30 ,  G06F3/0482 ,  G06F3/0484 ,  H04L12/24

Abstract: Raw machine data are captured and organized as events. Entity definitions representing machine entities that perform a service identify the machine data associated with respective entities. KPI search queries each define a KPI. Each KPI search query derives one or more values for the KPI from machine data identified in the entity definitions. A dashboard template having an identifier for the KPI is presented by a graphical interface. The identifier presents at a user-designated location and may be a widget that provides a numerical or graphical representation of one or more values for the KPI. Embodiments may allow modification of the template.

公开(公告)号：US12265863B2

公开(公告)日：2025-04-01

申请号：US17565181

申请日：2021-12-29

Applicant: Splunk Inc.

Inventor： Li Li ,  Gang Tao ,  Yongxin Su ,  Junqing Hao ,  Ting Wang ,  John Robert Coates ,  Elias Haddad ,  Guodong Wang

IPC: G06N5/025 ,  G06F3/14 ,  G06F9/54 ,  G06Q10/063

Abstract: The operation of an automatic data input and query system is controlled by well-defined control data. The system exposes user interfaces enabling an administrator to interact with control data to modify the ongoing operation of the system. Certain control data determines the collection and treatment of data from various technology sources. A robust control interface is provided enabling the efficient and reliable adding on of new technology data sources. Once established, control data for a new technology data source may be packaged in a form for archiving or distribution. The system may support the export and import of such packages. Such packages may be created independently of the system.

公开(公告)号：US11868404B1

公开(公告)日：2024-01-09

申请号：US17121692

申请日：2020-12-14

Applicant: Splunk Inc.

Inventor： Brent Boe ,  Brian Bingham ,  John Robert Coates ,  Tristan Antonio Fletcher

IPC: G06F15/173 ,  G06F16/903 ,  G06Q10/0639 ,  G06F16/26 ,  G06F16/248 ,  G06F16/25 ,  G06F16/33 ,  G06F16/951 ,  G06F16/2455 ,  G06F16/901 ,  G06F16/9038 ,  G06F16/9535 ,  G06F16/2453 ,  H04L41/5009 ,  G06F11/34 ,  G06F11/32 ,  G06Q10/0637 ,  H04L41/0213 ,  H04L41/50 ,  H04L43/045 ,  G06F3/04842 ,  G06F9/54 ,  H04L67/10 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  H04L41/22 ,  G06F3/0481 ,  G06F3/04847 ,  H04L41/0806 ,  H04L43/04 ,  H04L43/16 ,  H04L43/55 ,  H04L43/091 ,  H04L67/51 ,  H04L69/329 ,  G06T11/20

CPC classification number: G06F16/903 ,  G06F3/0481 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04817 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/542 ,  G06F11/321 ,  G06F11/34 ,  G06F16/248 ,  G06F16/2455 ,  G06F16/24542 ,  G06F16/252 ,  G06F16/26 ,  G06F16/334 ,  G06F16/9024 ,  G06F16/9038 ,  G06F16/90335 ,  G06F16/951 ,  G06F16/9535 ,  G06Q10/0637 ,  G06Q10/0639 ,  G06Q10/06393 ,  H04L41/0213 ,  H04L41/0806 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/5032 ,  H04L43/04 ,  H04L43/045 ,  H04L43/091 ,  H04L43/16 ,  H04L43/55 ,  H04L67/10 ,  H04L67/51 ,  H04L69/329 ,  G06T11/206 ,  G06T2200/24

Abstract: One or more processing devices cause display of a user interface that identifies a service definition representing a service, receive input identifying an entity, where the service is performed at least in part by the entity, and store the service definition representing the service in association with an entity definition representing the entity. The entity definition comprises information identifying data pertaining to the entity in a datastore of machine data that reflects activity in an information technology environment produced by a plurality of components of the information technology environment. The one or more processing devices receive input pertaining to a search definition representing a search producing a measure of the service, and store the search definition representing the search, where the search produces the measure of the service using at least a portion of the data pertaining to the entity.

公开(公告)号：US20220327137A1

公开(公告)日：2022-10-13

申请号：US17809837

申请日：2022-06-29

Applicant: SPLUNK INC.

Inventor： Michael Kinsely ,  Alex Raitz ,  John Robert Coates ,  Shirley Wu

IPC: G06F16/25

Abstract: A field extraction template simplifies the creation of field extraction rules by providing a user with a set of field names commonly assigned to a certain type of data, as well as guidance on how to extract values for those fields. These field extraction rules, in turn, facilitate access to certain “chunks” of the data, or to information derived from those chunks, through named fields. A field extraction template comprises at least a set of field names and ordering data for the field names. The ordering data indicates index positions that are associated with at least some of the field names. A delimiter is specified for splitting data items into arrays of chunks. The chunk of a data item that belongs to a given field name is the chunk whose position within the item's array of chunks is equivalent to the index position associated with the given field name.

公开(公告)号：US20220121410A1

公开(公告)日：2022-04-21

申请号：US17565181

申请日：2021-12-29

Applicant: Splunk Inc.

Inventor： Li Li ,  Gang Tao ,  Yongxin Su ,  Junqing Hao ,  Ting Wang ,  John Robert Coates ,  Elias Haddad ,  Guodong Wang

IPC: G06F3/14 ,  G06Q10/06 ,  G06N5/02 ,  G06F17/40 ,  G06F9/54

Abstract: The operation of an automatic data input and query system is controlled by well-defined control data. The system exposes user interfaces enabling an administrator to interact with control data to modify the ongoing operation of the system. Certain control data determines the collection and treatment of data from various technology sources. A robust control interface is provided enabling the efficient and reliable adding on of new technology data sources. Once established, control data for a new technology data source may be packaged in a form for archiving or distribution. The system may support the export and import of such packages. Such packages may be created independently of the system.

公开(公告)号：US09922102B2

公开(公告)日：2018-03-20

申请号：US14266797

申请日：2014-04-30

Applicant: Splunk Inc.

Inventor： Michael Kinsely ,  Alex Raitz ,  John Robert Coates ,  Shirley Wu

IPC: G06F17/30 ,  G06F7/00

CPC classification number: G06F17/30563

Abstract: A field extraction template simplifies the creation of field extraction rules by providing a user with a set of field names commonly assigned to a certain type of data, as well as guidance on how to extract values for those fields. These field extraction rules, in turn, facilitate access to certain “chunks” of the data, or to information derived from those chunks, through named fields. A field extraction template comprises at least a set of field names and ordering data for the field names. The ordering data indicates index positions that are associated with at least some of the field names. A delimiter is specified for splitting data items into arrays of chunks. The chunk of a data item that belongs to a given field name is the chunk whose position within the item's array of chunks is equivalent to the index position associated with the given field name.

公开(公告)号：US09755912B2

公开(公告)日：2017-09-05

申请号：US14815888

申请日：2015-07-31

Applicant: Splunk, Inc.

Inventor： Brent Boe ,  Brian Bingham ,  John Robert Coates ,  Tristan Antonio Fletcher

IPC: G06F15/173 ,  H04L12/24 ,  G06Q10/06 ,  H04L29/08 ,  G06F17/30 ,  H04L12/26 ,  G06F3/0484 ,  G06F9/54 ,  G06F3/0481 ,  G06F3/0482 ,  G06F12/00

CPC classification number: H04L43/16 ,  G06F3/0481 ,  G06F3/04817 ,  G06F3/0482 ,  G06F3/0484 ,  G06F3/04842 ,  G06F3/04847 ,  G06F9/542 ,  G06F17/30424 ,  G06F17/30463 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30572 ,  G06F17/30675 ,  G06F17/30864 ,  G06F17/30867 ,  G06F17/30958 ,  G06F17/30964 ,  G06F17/30979 ,  G06F17/30991 ,  G06Q10/06393 ,  G06T11/206 ,  G06T2200/24 ,  H04L29/08072 ,  H04L41/0213 ,  H04L41/0806 ,  H04L41/22 ,  H04L41/5009 ,  H04L41/5032 ,  H04L41/5035 ,  H04L41/5038 ,  H04L43/04 ,  H04L43/045 ,  H04L67/10 ,  H04L67/16

Abstract: One or more processing devices create one or more entity definitions that each associate an entity with machine data pertaining to that entity and create a service definition for a service provided by one or more entities. The service definition includes an entity definition for each of the one or more entities. The one or more processing devices create one or more key performance indicators (KPIs). Each KPI is defined by a search query that produces a value derived from the machine data identified in one or more of the entity definitions included in the service definition. Each value is indicative of how the service is performing at a point in time or during a period of time.