公开(公告)号：US11269876B1

公开(公告)日：2022-03-08

申请号：US16864029

申请日：2020-04-30

Applicant: Splunk Inc.

Inventor： Chandrashekar Basavaiah ,  Elizabeth Li ,  Eric Tschetter ,  Joshua Walters

IPC: G06F9/44 ,  G06F16/2452 ,  G06F16/21 ,  G06F8/77

Abstract: Systems and methods are disclosed for supporting transformations of a graph generated from a query to event data. The event data may be unstructured event data, from which instances of a journey can be identified that represent sequences of related events describing actions performed in a computing environment. When evaluating journey instances, it can be helpful to visualize the instances as a graph. Depending on the instances viewed, a user may desire different modifications to the graph. While such modifications can be made when initially building instances from the unstructured event data, this can limit reuse of the resulting instances (since the modification would also be present when evaluating other subsets). To address this, embodiments of the present disclosure enable graph modifications to be applied to subsets of journey instances after building those instances from unstructured event data, increasing reuse of instances built from a query against the unstructured data.

公开(公告)号：US11625394B1

公开(公告)日：2023-04-11

申请号：US17653626

申请日：2022-03-04

Applicant: Splunk Inc.

Inventor： Chandrashekar Basavaiah ,  Elizabeth Li ,  Eric Tschetter ,  Joshua Walters

IPC: G06F9/44 ,  G06F16/2452 ,  G06F16/21 ,  G06F8/77

Abstract: Systems and methods are disclosed for supporting transformations of a graph generated from a query to event data. The event data may be unstructured event data, from which instances of a journey can be identified that represent sequences of related events describing actions performed in a computing environment. When evaluating journey instances, it can be helpful to visualize the instances as a graph. Depending on the instances viewed, a user may desire different modifications to the graph. While such modifications can be made when initially building instances from the unstructured event data, this can limit reuse of the resulting instances (since the modification would also be present when evaluating other subsets). To address this, embodiments of the present disclosure enable graph modifications to be applied to subsets of journey instances after building those instances from unstructured event data, increasing reuse of instances built from a query against the unstructured data.

公开(公告)号：US11263229B1

公开(公告)日：2022-03-01

申请号：US16657987

申请日：2019-10-18

Applicant: Splunk Inc.

Inventor： Chandrashekar Basavaiah ,  Jindrich Dinga ,  Elizabeth Li ,  Cary Glen Noel ,  Isabelle Park ,  Eric Tschetter ,  Joshua Walters ,  Mei Chun Yeh

IPC: G06F16/00 ,  G06F16/25 ,  G06F16/245 ,  G06F16/22

Abstract: Systems and methods are disclosed for efficiently detecting alert states within unstructured event data. Alert states are illustratively defined as occurring when a threshold number of journey instances are present within the unstructured event data, each journey instance representing a series of events within the event data representing steps within a pre-defined journey. Detecting journey instances within unstructured event data can require significant computational resources, and thus attempting to detect alert states directly from unstructured event data can lead to inefficiencies. Embodiments of this disclosure enable a structured data set of journey instances to be generated from unstructured event data, and for the structured data set to be evaluated based on criteria of multiple alert states. By utilizing a single structured data set to support evaluation based on multiple alert states, detecting alert states from unstructured event data is rendered more efficient.

公开(公告)号：US12271428B1

公开(公告)日：2025-04-08

申请号：US17816337

申请日：2022-07-29

Applicant: Splunk Inc.

Inventor： Christopher Bolognese ,  Finlay Cannon ,  Eli Clein ,  Umesh Dinkar ,  Thomas Haggie ,  Barbara Janczer ,  Elizabeth Li ,  Clark Eugene Mullen ,  Viet Quoc Nguyen ,  Faya Peng ,  Ioan Popa ,  Abid Salahi ,  Keng-Ming Sheu ,  Tulika Thakur ,  Justin Lew ,  Jonathan Ng ,  Jacob Sebastian Stark

IPC: G06F16/904 ,  G06F3/04845 ,  G06F16/903

Abstract: A system generates a user interface that enables a user to interact with an interactive chart associated with a statement of a data processing package. Via one or more user interactions with the user interface, the system may receive one or more chart parameters for the chart. Using a statement from the data processing package and the one or more chart parameters, the system may generate an additional statement and append the generated statement to the data processing package to form an enriched data processing package. The system may communicate the enriched data processing package to a search service for execution. The system may display the results in the chart.

公开(公告)号：US12242495B1

公开(公告)日：2025-03-04

申请号：US17816357

申请日：2022-07-29

Applicant: Splunk Inc.

Inventor： Christopher Bolognese ,  Finlay Cannon ,  Eli Clein ,  Umesh Dinkar ,  Thomas Haggie ,  Barbara Janczer ,  Elizabeth Li ,  Clark Eugene Mullen ,  Viet Quoc Nguyen ,  Faya Peng ,  Ioan Popa ,  Abid Salahi ,  Keng-Ming Sheu ,  Tulika Thakur ,  Justin Lew ,  Jonathan Ng ,  Jacob Sebastian Stark

IPC: G06F16/248 ,  G06F3/0481 ,  G06F3/04842 ,  G06F3/04847

Abstract: A system generates a user interface that enables a user to generate a chart from one or more statements of a data processing package. Via one or more user interactions with the user interface, the system may receive one or more chart parameters for a chart. Using a statement from the data processing package and the one or more chart parameters, the system may generate an additional statement and append the generated statement to the data processing package to form an enriched data processing package. The system may communicate the enriched data processing package to a search service for execution. The system may display the results in an interactive chart.

公开(公告)号：US12001426B1

公开(公告)日：2024-06-04

申请号：US18295567

申请日：2023-04-04

Applicant: Splunk Inc.

Inventor： Chandrashekar Basavaiah ,  Elizabeth Li ,  Eric Tschetter ,  Joshua Walters

IPC: G06F9/44 ,  G06F8/77 ,  G06F16/21 ,  G06F16/2452

CPC classification number: G06F16/24526 ,  G06F8/77 ,  G06F16/212

Abstract: Systems and methods are disclosed for supporting transformations of a graph generated from a query to event data. The event data may be unstructured event data, from which instances of a journey can be identified that represent sequences of related events describing actions performed in a computing environment. When evaluating journey instances, it can be helpful to visualize the instances as a graph. Depending on the instances viewed, a user may desire different modifications to the graph. While such modifications can be made when initially building instances from the unstructured event data, this can limit reuse of the resulting instances (since the modification would also be present when evaluating other subsets). To address this, embodiments of the present disclosure enable graph modifications to be applied to subsets of journey instances after building those instances from unstructured event data, increasing reuse of instances built from a query against the unstructured data.

公开(公告)号：US11809447B1

公开(公告)日：2023-11-07

申请号：US16863757

申请日：2020-04-30

Applicant: Splunk Inc.

Inventor： Jonathan Dillman ,  Elizabeth Li ,  Cornelis Jacob Eduard de Vin

IPC: G06F16/26 ,  G06F16/28

CPC classification number: G06F16/26 ,  G06F16/283

Abstract: A system can collapse steps into an aggregate step to simplify analysis while maintaining underlying data that forms each of the steps collapsed into the aggregate step. The steps may or may not be related in a sequence or grouping of steps. The aggregate step may be a new step that comprises the data of the individual steps used to form the aggregate step. Alternatively, the aggregate step may be a virtual step that may reference or link to the steps used to form the aggregate step, but may not include the data itself. By forming aggregate steps, filtering and notification generation can be simplified. Further, extraneous data can be collapsed into a single aggregate step, which can be particularly advantageously when analyzing large data sets.