Real Time Touch



new TOP 200 Companies filing patents this week

new Companies with the Most Patent Filings (2010+)




Real Time Touch

Splunk Inc patents


Recent patent applications related to Splunk Inc. Splunk Inc is listed as an Agent/Assignee. Note: Splunk Inc may have other listings under different names/spellings. We're not affiliated with Splunk Inc, we're just tracking patents.

ARCHIVE: New 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009 | Company Directory "S" | Splunk Inc-related inventors


Configuring alerts related to performance problems or security issues in an information technology environment

A system that enables a user to configure alert actions based on search results generated by a query is disclosed. During operation, the system presents an alert user interface (ui) to a user, wherein the alert ui enables the user to configure one or more alert actions to be performed based on the search results. ... Splunk Inc

Storing log data and performing a search on the log data and data that is not log data

Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. ... Splunk Inc

Event specific entity relationship discovery in data intake stage of a distributed data processing system

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. ... Splunk Inc

Computer-implemented system and method for creating an environment for detecting malicious content

Techniques and mechanisms are disclosed for creating an environment for detecting malicious network traffic. A test computer network including a plurality of cloned nodes is created. ... Splunk Inc

Anomaly detection based on relationships between multiple time series

In some implementations, sequences of time series values determined from machine data are obtained. Each sequence corresponds to a respective time series. ... Splunk Inc

Graph-based network security threat detection across time and entities

The disclosed techniques relate to a graph-based network security analytic framework to combine multiple sources of information and security knowledge in order to detect risky behaviors and potential threats. In some examples, the input can be anomaly events or simply regular events. ... Splunk Inc

Security monitoring of network connections using metrics data

Various embodiments of the present invention set forth techniques for security monitoring of a network connection, including analyzing network traffic data for a network connection associated with a computing device, identifying one or more network traffic metrics for the network connection based on the network traffic data, determining that the network connection corresponds to at least one network connection profile based on the one or more network traffic metrics, detecting a potential security threat for the network connection based on the one or more network traffic metrics and the at least one network connection profile, and initiating a mitigation action with respect to the network connection in response to detecting the potential security threat. Advantageously, the techniques allow detecting potential security threats based on network traffic metrics and categorizations, without requiring monitoring of the content or the total volume of all traffic exchanged via the connection.. ... Splunk Inc

Visualizing network activity involving networked computing devices distributed across network address spaces

Techniques and mechanisms are disclosed for generating visualizations which graphically depict network activity occurring between pairs of networked computing devices. The visualizations are based on data indicating the network activity, where the network activity can involve devices having any network addresses within an entire network address space (e.g., any address within the internet protocol version v4 (ipv4) or ipv6 network address space), or within some subset of an entire network address space. ... Splunk Inc

Search input recommendations

Embodiments of the present invention are directed to facilitating search input recommendations. In accordance with aspects of the present disclosure, a set of events determined from raw machine data is obtained. ... Splunk Inc

Event forecasting

Embodiments of the present invention are directed to facilitating event forecasting. In accordance with aspects of the present disclosure, a set of events determined from raw machine data is obtained. ... Splunk Inc

Generating visualizations for search results data containing multiple data dimensions

Techniques and mechanisms are disclosed for generating and causing display of graphical interfaces which enable an interactive and flexible search results visualization process. Based on results data identified in response to execution of a search query, an interface element is displayed which enables users to select a field contained in the results data, also referred to herein as a “dimension” or “facet,” and for which a “faceted” visualization of the results data can be dynamically generated and displayed. ... Splunk Inc

Interactive development environment for iterative query visualization and exploration

Embodiments of the present disclosure are directed to an interactive development environment (ide) interface that provides historical visualization of queries and query result information iteratively and intuitively. According to an embodiment of the present disclosure, a process is provided to generate visualizations of queries and processed query result information in a single, persistent, integrated display. ... Splunk Inc

Multi-phased data execution in a data processing system

The disclosed embodiments include a method performed by a data intake and query system. The method includes receiving a search query by a search head, defining a search process for applying the search query to indexers, delegating a first portion of the search process to indexers and a second portion of the search process to intermediary node(s) communicatively coupled to the search head and the indexers. ... Splunk Inc

Using an inverted index in a pipelined search query to determine a set of event data that is further limited by filtering and/or processing of subsequent query pipestages

Embodiments of the present disclosure provide techniques for using an inverted index in a pipelined search query. A field searchable data store is provided that comprises a plurality of event records, each event record comprising a time-stamped portion of raw machine data. ... Splunk Inc

08/02/18 / #20180217874

Resegmenting chunks of data for efficient load balancing across indexers

Resegmenting chunks of data for load balancing is disclosed. A plurality of first chunks of data is received. ... Splunk Inc

07/26/18 / #20180212985

Identifying attack behavior based on scripting language activity

Techniques for identifying attack behavior based on scripting language activity are disclosed. A security monitoring system generates a behavior profile for a first client device based on scripting language commands included in a first set of raw machine data received from the first client device, where the first client device is coupled to a network, and the first set of raw machine data is associated with network traffic received by or transmitted from the first client device. ... Splunk Inc

07/19/18 / #20180203871

File monitoring

Various methods and systems for monitoring files in a computer system are provided. In this regard, aspects of the invention facilitate file monitoring without file handle use, as it pertains to file monitoring and tailing, thereby mitigating file handle locking conflicts. ... Splunk Inc

07/19/18 / #20180203864

Searching unstructured data in response to structured queries

Technologies are described herein for executing queries expressed with reference to a structured query language against unstructured data. A user issues a structured query through a traditional structured data management (“sdm”) application. ... Splunk Inc

07/12/18 / #20180198858

Multi-thread processing of search responses

Multi-thread processing of search responses is disclosed. An example method may include transmitting, by a computer system, a search request to a plurality of search peers of a data aggregation and analysis system; receiving a plurality of data packets from the plurality of search peers; parsing, by a first processing thread of the computer system, one or more data packets of the plurality of data packets, to produce a partial response to the search request; and processing, by a second processing thread of the computer system, the partial response to produce a memory data structure representing an aggregated response to the search request.. ... Splunk Inc

07/12/18 / #20180196864

Clustered search head configuration synchronization with bloom filter

Embodiments of the present disclosure provide techniques for efficiently and accurately performing propagation of search-head specific configuration customizations across multiple individual configuration files of search heads of a cluster for a consistent user experience. The cluster of search heads may be synchronized such that the search heads operate to receive the configuration or knowledge object customizations from one or more clients from a central or lead search head. ... Splunk Inc

07/12/18 / #20180196824

Cache aware searching of buckets in remote storage

Embodiments are disclosed for performing cache aware searching. In response to a search query, a first bucket and a second bucket in remote storage for processing the search query. ... Splunk Inc

07/12/18 / #20180196753

Pre-fetching data from buckets in remote storage for a cache

Embodiments are disclosed for a prefetching method that may include copying, in response to a search query, a first bucket from a remote storage to a cache. The first bucket may include first data associated with the search query. ... Splunk Inc

06/21/18 / #20180173739

Storing events associated with a time stamp extracted from log data and performing a search on the events and data that is not log data

Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. ... Splunk Inc

06/21/18 / #20180173717

Parsing events using a selected field delimiter opiton

A graphical user interface allows a customer to specify delimiters and/or patterns that occur in event data and indicate the presence of a particular field. The graphical user interface applies a customer's delimiter specifications directly to event data and displays the resulting event data in real time. ... Splunk Inc

06/14/18 / #20180167276

Application-based configuration of network data capture by remote capture agents

The disclosed embodiments provide a method and system for facilitating the processing of network data. During operation, the system obtains, at a remote capture agent, configuration information for the remote capture agent from a configuration server over a network. ... Splunk Inc

06/07/18 / #20180159885

Identifying matching event data from disparate data sources

Methods and apparatus consistent with the invention provide the ability to organize and build understandings of machine data generated by a variety of information-processing environments. Machine data is a product of information-processing systems (e.g., activity logs, configuration files, messages, database records) and represents the evidence of particular events that have taken place and been recorded in raw data format. ... Splunk Inc

06/07/18 / #20180157755

Searching raw data from an external data system using a dual mode search system

A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (erp) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. ... Splunk Inc

06/07/18 / #20180157737

Systems and methods for distributing indexer configurations

Provided are systems and methods for causing display of an index management graphical user interface (gui). In one embodiment, a method can be provided. ... Splunk Inc

06/07/18 / #20180157724

Designating fields in machine data using templates

A field extraction template simplifies the creation of field extraction rules by providing a user with a set of field names commonly assigned to a certain type of data, as well as guidance on how to extract values for those fields. These field extraction rules, in turn, facilitate access to certain “chunks” of the data, or to information derived from those chunks, through named fields. ... Splunk Inc

06/07/18 / #20180157722

Event limited field picker

An event limited field picker for a search user interface is described. In one or more implementations, a service may operate to collect and store data as events each of which includes a portion of the data correlated with a point in time. ... Splunk Inc

06/07/18 / #20180157719

Employing external data stores to service data requests

In embodiments, a computer-implemented method may entail receiving a search request. A first data store and a second data store, that contains data archived from the first data store, may be identified. ... Splunk Inc

06/07/18 / #20180157705

Events sets in a visually distinct display format

A request is received to display at least a portion of a first events set and at least a portion of a second events set in an interleaved and visually distinct display format, where, in the interleaved and visually distinct display format, the at least a portion of the first events set is displayed in a visually distinct manner from the at least a portion of the second events set, and data from the at least a portion of the first events set is interleaved with data from the at least a portion of the second events set. In response to receiving the request, display is caused, on a user interface, of the at least a portion of the first events set and the at least a portion of the second events set in the interleaved and visually distinct display format.. ... Splunk Inc

06/07/18 / #20180157704

Enforcing dependency between pipelines

A dependency is created between a first search query and a second search query. The first search query defines a first data processing pipeline and the second search query defines a second data processing pipeline that extends the first data processing pipeline. ... Splunk Inc

06/07/18 / #20180157693

Aggregating search results from a plurality of searches executed across time series data

Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. ... Splunk Inc

06/07/18 / #20180157405

Binning information associated with ranges of time

Provided are systems and methods for determining and displaying automatically binned information via a graphical user interface. A graphical user interface (gui) may include a first graphical element representing a first metric value for a first time window and a second graphical element representing a second metric value for a second time window. ... Splunk Inc

06/07/18 / #20180157404

Machine data analysis in an information technology environment

Data values for various items are visualized in real-time or near real-time using radial-based techniques to produce data visualizations bearing some resemblance to, for example, pie charts, radial charts, etc. The data values are shown using indicators that encircle, or at least partially encircle, a central point. ... Splunk Inc

06/07/18 / #20180157400

Statistics time chart interface row mode drill down

In embodiments of statistics time chart interface row mode drill down, a first interface is displayed in a table format that includes columns each having a column heading comprising a different value, each different value associated with a particular event field, and includes rows each with a time increment and one or more aggregated metrics, each aggregated metric representing a number of events having a field-value pair that matches the different value represented in one of the columns and within the time increment over which the aggregated metric is calculated. A row that includes the time increment and the aggregated metrics can be emphasized in the first interface, and in response, a menu is displayed with selectable options to transition to a second interface based on a selected one of the options.. ... Splunk Inc

05/31/18 / #20180150507

Command entry list for modifying a search query

A list of command entries is displayed in a search interface, each of the command entries representing one or more commands of a plurality of commands of a search query. The list of command entries are displayed in a sequence corresponding to the plurality of commands of the search query. ... Splunk Inc

05/31/18 / #20180150480

Ray casting technique for geofencing operation

A system that facilitates a geofencing operation is disclosed. The system obtains polygons that define a set of geographic regions. ... Splunk Inc

05/24/18 / #20180146000

Event information access interface in data intake stage of a distributed data processing system

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. ... Splunk Inc

05/24/18 / #20180145989

Optimizing resource allocation for projects executing in a cloud-based environment

Embodiments are directed towards a system and method for a cloud-based front end that may abstract and enable access to the underlying cloud-hosted elements and objects that may be part of a multi-tenant application, such as a search application. Search objects may be employed to access indexed objects. ... Splunk Inc

05/03/18 / #20180121566

Pushing data visualizations to registered displays

In various implementations, search results corresponding to a search query are obtained. A data visualization is generated from the search results. ... Splunk Inc

05/03/18 / #20180121497

Interface templates for query commands

A method includes causing display of events that correspond to search results of a search query in a table. The table includes rows representing events comprising data items of event attributes, columns forming cells with the row, the columns representing respective event attributes, and interactive regions corresponding to one or more data items of the displayed data items. ... Splunk Inc

05/03/18 / #20180121035

Display management for data visualizations of analytics data

In various implementations, a display of a display device is registered based on receiving a request from the display device. User input is received from a display management device indicating a display configuration setting for the display. ... Splunk Inc

04/05/18 / #20180096499

Proactive monitoring tree providing pinned performance information associated with a selected node

The disclosed embodiments relate to a system that displays performance data for a computing environment. During operation, the system first determines values for a performance metric for a plurality of entities that comprise the computing environment. ... Splunk Inc

03/29/18 / #20180091559

Managing the collection of forensic data from endpoint devices

Techniques and mechanisms are disclosed enabling efficient collection of forensic data from client devices, also referred to herein as endpoint devices, of a networked computer system. Embodiments described herein further enable correlating forensic data with other types of non-forensic data from other data sources. ... Splunk Inc

03/29/18 / #20180091529

Correlating forensic data collected from endpoint devices with other non-forensic data

Techniques and mechanisms are disclosed enabling efficient collection of forensic data from client devices, also referred to herein as endpoint devices, of a networked computer system. Embodiments described herein further enable correlating forensic data with other types of non-forensic data from other data sources. ... Splunk Inc

03/29/18 / #20180091528

Configuring modular alert actions and reporting action performance information

Techniques and mechanisms are disclosed for configuring actions to be performed by a network security application in response to the detection of potential security incidents, and for causing a network security application to report on the performance of those actions. For example, users may use such a network security application to configure one or more “modular alerts.” as used herein, a modular alert generally represents a component of a network security application which enables users to specify security modular alert actions to be performed in response to the detection of defined triggering conditions, and which further enables tracking information related to the performance of modular alert actions and reporting on the performance of those actions.. ... Splunk Inc

03/29/18 / #20180089601

Generating augmented process models for process analytics

Embodiments of the present invention are directed to generating augmented process models for use in process analytics. In one embodiment, a process model, search indicators, composite attributes, and relationship indicators are received. ... Splunk Inc

03/29/18 / #20180089561

Automatically generating field extraction recommendations

Systems and methods include obtaining a set of events, each event in the set of events comprising a time-stamped portion of raw machine data, the raw machine data produced by one or more components within an information technology or security environment and reflects activity within the information technology or security environment. Thereafter, a first neural network is used to automatically identify variable text to extract as a field from the set of events. ... Splunk Inc

03/29/18 / #20180089334

Managing process analytics across process components

Embodiments of the present invention are directed to managing process analytics across process components. In some embodiments, an indication of a state of a process instance associated with a process is determined by querying a process engine. ... Splunk Inc

03/29/18 / #20180089328

Techniques for ingesting metrics data

The disclosed embodiments include a method performed by a data intake and query system. The method includes ingesting collected data including metrics data including key values and numerical values, where each numerical value is indicative of a measured characteristic of a computing resource (e.g., device), and populating a first portion of a metric-series index (msidx) file with the key values and a second portion of the msidx file with the numerical values. ... Splunk Inc

03/29/18 / #20180089324

Dynamic resource allocation for real-time search

Systems and methods are disclosed for utilizing an ingested data buffer operating according to a publish-subscribe messaging model as an intake mechanism for a query system. Data from various sources can be placed into the data buffer according to different topics. ... Splunk Inc

03/29/18 / #20180089312

Multi-layer partition allocation for query execution

Systems and methods are disclosed for processing and executing queries against one or more dataset sources, where the queries identify a set of data to be processed and a manner of processing the set of data. To query the dataset sources, a query coordinator generates a query processing scheme that includes a dynamic allocation of multiple layers of partitions. ... Splunk Inc

03/29/18 / #20180089306

Query acceleration data store

Systems and methods for a data index and query system that utilize a query acceleration data store. An example method includes receiving a query identifying a set of data to be processed and a manner of processing the set of data. ... Splunk Inc

03/29/18 / #20180089303

Clustering events based on extraction rules

Systems and methods include causing presentation of a first cluster in association with an event of the first cluster, the first cluster from a first set of clusters of events. Each event includes a time stamp and event data. ... Splunk Inc

03/29/18 / #20180089290

Metrics store system

The disclosed embodiments include a method performed by a data intake and query system. The method includes ingesting each metric including at least one key value and a measured value taken of a computing resource, and storing each metric in an index of a metrics store, where the index defines at least one dimension populated with the at least one key value and a measure populated with the measured value. ... Splunk Inc

03/29/18 / #20180089289

Real-time search techniques

The disclosed embodiments include a method performed by a data intake and query system. The method includes receiving a real-time search query including search criteria, and receiving a stream of metrics, where each metric includes a measured value taken of a computing device. ... Splunk Inc

03/29/18 / #20180089288

Metrics-aware user interface

The disclosed embodiments include a method performed by a data intake and query system. The method includes providing a user interface enabling access to a metrics store, where the metrics store maintains metrics stored in an index, each metric represents a measured value taken of a computing device, and the index defines at least one dimension associated with each measured value. ... Splunk Inc

03/29/18 / #20180089287

In-memory metrics catalog

The disclosed embodiments include a method performed by a data intake and query system. The method includes populating each metric including a measure value, cataloging metadata in an in-memory metrics catalog, where the metadata is related to the metrics. ... Splunk Inc

03/29/18 / #20180089286

Storing and querying metrics data

The disclosed embodiments include a method performed by a data intake and query system to store and query metrics data. The method includes ingesting metrics, where each metric includes key values and numerical value indicative of a measured characteristic of a computing resource. ... Splunk Inc

03/29/18 / #20180089278

Data conditioning for dataset destination

Systems and methods are disclosed for processing queries against one or more dataset sources utilizing dynamically allocated partitions operating on one or more worker nodes. The results of the processing are stored in a dataset destination. ... Splunk Inc

03/29/18 / #20180089272

Techniques for generating structured metrics from ingested events

The disclosed embodiments include a method performed by a data intake and query system. The method includes ingesting data including raw data obtained over a computer network from a plurality of remote computer systems, and generating events, where each event includes a segment of the raw data and a respective timestamp. ... Splunk Inc

03/29/18 / #20180089269

Query processing using query-resource usage and node utilization data

Systems and methods are disclosed for processing queries against one or more dataset sources. The system tracks query resource data and resource utilization data. ... Splunk Inc

03/29/18 / #20180089262

Dynamic resource allocation for common storage query

Systems and methods are disclosed for processing queries against a common storage utilizing dynamically allocated partitions operating on one or more worker nodes. The common storage can include one or more data stores, which collectively contain a data set divided across multiple buckets of data. ... Splunk Inc

03/29/18 / #20180089259

External dataset capability compensation

Systems and methods are disclosed for processing queries against an external data source utilizing dynamically allocated partitions operating on one or more worker nodes. The external data source can include data that has not been processed by the system. ... Splunk Inc

03/29/18 / #20180089258

Resource allocation for multiple datasets

Systems and methods are disclosed for processing queries against multiple dataset sources. One dataset source can include indexers that index and store data. ... Splunk Inc

03/29/18 / #20180089188

Hash bucketing of data

The disclosed embodiments include a method performed by a data intake and query system. The method includes ingesting metrics including respective key values and respective measured values, where the respective key values include a primary key value of a selected primary key. ... Splunk Inc

03/22/18 / #20180081935

Data visualization in a dashboard display using panel templates

Systems and methods provide a platform of at least partially pre-defined panel templates that a user can select and manipulate to customize the visualization of data of interest within an interactive dashboard. Each panel template may be defined by a developer in advance to include a set of inputs, a query, and a visualization. ... Splunk Inc

03/15/18 / #20180077035

Monitoring data queues and providing alerts

A computer-implemented method, system, and computer-readable media are disclosed herein. In embodiments, the computer-implemented method may entail receiving, by a data service, live data associated with an entity. ... Splunk Inc

03/15/18 / #20180075134

Defining a new correlation search based on fluctuations in key performance indicators displayed in graph lanes

A system, method and graphical user interface (gui) for creating a new correlation search based on fluctuations in key performance indicators (kpis) displayed in a set of graph lanes. The graph lanes may provide graphical visualizations of the kpis associated with one or more services and may assist a user in identifying a situation (e.g., problem or a pattern of interest) in the performance of the services. ... Splunk Inc

03/08/18 / #20180069888

Identity resolution in data intake of a distributed data processing system

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. ... Splunk Inc

03/08/18 / #20180069887

Storyboard displays of information technology investigative events along a timeline

Techniques and mechanisms are disclosed that enable network security analysts and other users to efficiently conduct network security investigations and to produce useful representations of investigation results. As used herein, a network security investigation generally refers to an analysis by an analyst (or team of analysts) of one or more detected network events that may pose internal and/or external threats to a computer network under management. ... Splunk Inc

03/08/18 / #20180069886

Configuring the generation of event data based on a triggering search query

The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system provides a risk-identification mechanism for identifying a security risk from time-series event data generated from network packets captured by one or more remote capture agents distributed across a network. ... Splunk Inc

03/01/18 / #20180060418

Defining fields from particular occurences of field labels in events

First one or more values are extracted from a plurality of events using a first extraction rule. The extracted first one or more values are assigned to a first field of the plurality of events as a first set of field-data item pairs and a field label is assigned to the first field. ... Splunk Inc

03/01/18 / #20180060185

Instantiating data queues for management of remote data stores

A computer-implemented method, system, and computer-readable media are disclosed herein. In embodiments, the computer-implemented method may entail receiving, by a data service, live data associated with an entity. ... Splunk Inc

02/22/18 / #20180054474

Dynamically instantiating and terminating data queues

A computer-implemented method, system, and computer-readable media are disclosed herein. In embodiments, the computer-implemented method may entail receiving, by a data service, live data associated with an entity. ... Splunk Inc

02/22/18 / #20180054452

Model workflow control in a distributed computation system

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. ... Splunk Inc

02/22/18 / #20180054377

Monitoring network traffic in association with an application

Various methods and systems for facilitating network traffic monitoring in association with an application running on a client device are provided. In this regard, aspects of the invention facilitate monitoring network traffic being transmitted to and/or from a client device, such as a mobile device, so that network performance can be analyzed. ... Splunk Inc

02/22/18 / #20180053342

Efficient polygon-clipping technique to reduce data transfer requirements for a viewport

A system that displays a set of polygons is described. This system obtains a set of line segments that defines the set of polygons. ... Splunk Inc

02/22/18 / #20180052994

User activity monitoring

Systems and methods are disclosed for associating an entity with a risk score that may indicate a security threat associated with the entity's activity. An exemplary method may involve monitoring the activity of a subset of the set of entities (e.g., entities included in a watch list) by executing a search query against events indicating the activity of the subset of entities. ... Splunk Inc

02/22/18 / #20180052912

Monitoring it services from machine data with time varying static thresholds

One or more processing devices derive values indicative of various aspects of how a particular service in an information technology (it) environment is performing at a point in time or for a period of time. The values are derived by a search query over machine data associated with the one or more entities that provide the service. ... Splunk Inc

02/22/18 / #20180052721

Central registry for binding features using dynamic pointers

A first feature (e.g., chart or table) includes a reference to a dynamic pointer. Independently, the pointer is defined to point to a second feature (e.g., a query). ... Splunk Inc

02/15/18 / #20180048741

Configuring generation of multiple event streams from a packet flow

The disclosed embodiments provide a system that processes network data. During operation, the system obtains, at a remote capture agent, a first protocol classification for a first packet flow captured by the remote capture agent. ... Splunk Inc

02/15/18 / #20180046829

Anonymizing machine data events

Components of a system for generating anonymized data from timestamped event data are disclosed. The generation of anonymized data is performed in accordance with an anonymization configuration. ... Splunk Inc

02/08/18 / #20180041402

Monitoring service-level performance using key performance indicators derived from machine data

One or more processing devices create one or more entity definitions that each associate an entity with machine data pertaining to that entity and create a service definition for a service provided by one or more entities. The service definition includes an entity definition for each of the one or more entities. ... Splunk Inc

02/01/18 / #20180034715

Analytics for edge devices

Disclosed is a technique that can be performed by an electronic device. The technique can include generating timestamped events, where the timestamped events include raw data generated by electronic device. ... Splunk Inc

02/01/18 / #20180032915

Transmitting machine learning models to edge devices for edge analytics

Disclosed is a technique that can be performed by a server computer system. The technique can include executing a machine learning process to generate a machine learning model based on global data collected from one or more electronic devices, wherein the machine learning model is described by model data. ... Splunk Inc

02/01/18 / #20180032908

Machine learning in edge analytics

Disclosed is a technique that can be performed by an electronic device. The technique can include generating raw data based on inputs to the electronic device, and sending the raw data or data items over a network to a server computer system. ... Splunk Inc

02/01/18 / #20180032862

Automated anomaly detection for event-based system

Described herein is a technology that facilitates the production of and the use of automated datagens for event-based systems. A datagen (i.e., data-generator or data generation system) is a component, module, or subsystem of computer systems that searches, monitors, and analyzes machine data. ... Splunk Inc

02/01/18 / #20180032861

Automated data-generation for event-based system

Described herein is a technology that facilitates the production of and the use of automated datagens for event-based. A datagen (i.e., data-generator or data generation system) is a component, module, or subsystem of computer systems that searches, monitors, and analyzes machine data. ... Splunk Inc

02/01/18 / #20180032570

Search point management

A method includes causing display to a user of at least one event of a first result set from a first pipelined search on events at an event source. Each event comprises a time stamp and a portion of machine data. ... Splunk Inc

02/01/18 / #20180032558

Searching non-text machine data

Described herein are technologies that facilitate effective use (e.g., indexing and searching) of non-text machine data (e.g., audio/visual data) in an event-based machine-data intake and query system.. . ... Splunk Inc

02/01/18 / #20180032557

Event-based correlation of non-text machine data

Described herein are technologies that facilitate effective use (e.g., indexing and searching) of non-text machine data (e.g., audio/visual data) in an event-based machine-data intake and query system.. . ... Splunk Inc

02/01/18 / #20180032512

Event-based data intake and query system employing non-text machine data

Described herein are technologies that facilitate effective use (e.g., indexing and searching) of non-text machine data (e.g., audio/visual data) with text-based indexes of an event-based machine-data intake and query system.. . ... Splunk Inc

02/01/18 / #20180032363

Systems and methods for determining parent states of parent components in a virtual-machine environment based on performance states of related child components and component state criteria during a user-selected time period

Techniques promote monitoring of hypervisor systems by presenting dynamic representations of hypervisor architectures that include performance indicators. A reviewer can interact with the representation to progressively view select lower-level performance indicators. ... Splunk Inc

02/01/18 / #20180032316

Syntax templates for coding

A method includes in response to a user selection of a command of a coding language, causing display of a set of argument blocks in a text input region based on syntax of the command. Each argument block allows the user to input a value of an argument of the command to the argument block. ... Splunk Inc

01/25/18 / #20180024901

Automatic entity control in a machine data driven service monitoring system

Automated discovery of relationships between entities within an it environment. A technique is performed by a relationship module that performs a discovery search for entity relationships to produce a set of relationship search results. ... Splunk Inc

01/25/18 / #20180024702

Concurrent display of search results from differing time-based search queries executed across event data

A visualization can include a set of swim lanes, each swim lane representing information about an event type. An event type can be specified, e.g., as those events having certain keywords and/or having specified value(s) for specified field(s). ... Splunk Inc

01/11/18 / #20180012405

Three-dimensional point-in-polygon operation to facilitate visualizing data points bounded by 3d geometric regions

A system, a method and instructions embodied on a non-transitory computer-readable storage medium that solve a 3d point-in-polygon (pip) problem is presented. This system projects polygons that comprise a set of polyhedra onto projected polygons in a reference plane. ... Splunk Inc

01/04/18 / #20180007180

Priority-based processing of messages from multiple servers

Systems and methods for priority-based processing of messages received from multiple servers. An example method comprises: receiving a plurality of network packets from one or more servers; processing the plurality of network packets to produce a first message associated with a first timestamp and a second message associated with a second timestamp; writing the first message to a first message queue of a plurality of message queues; writing the second message to a second message queue of the plurality of message queues; and retrieving, from the plurality of message queues, the first message and the second message in an order of their respective associated timestamps.. ... Splunk Inc

01/04/18 / #20180006911

Transforming event data using remote capture agents and transformation servers

The disclosed embodiments provide a method and system for processing network data. During operation, the system obtains, at a remote capture agent, configuration information for the remote capture agent from a configuration server over a network. ... Splunk Inc

01/04/18 / #20180004785

Generating and storing summarization tables for searchable events

Embodiments are directed are towards the transparent summarization of events. Queries directed towards summarizing and reporting on event records may be received at a search head. ... Splunk Inc

12/28/17 / #20170371979

Creating and testing a correlation search

One or more processing devices receive a definition of a search query for a correlation search of a data store, the data store comprising time-stamped events that each comprise a portion of raw machine data reflecting activity in an information technology environment and produced by a component of the information technology environment, receive a definition of a triggering condition to be applied to a dataset that is produced by the search query, receive a definition of one or more actions to be performed when the dataset produced by the search query satisfies the triggering condition, test the search query with the triggering condition, and cause, based on results of the testing, generation of the correlation search using the defined search query, the triggering condition, and the one or more actions, the correlation search comprising search processing language having the search query and a processing command for criteria on which the triggering condition is based.. . ... Splunk Inc

12/14/17 / #20170359371

Performing rule-based actions based on accessed domain name registrations

Domain names are determined for each computational event in a set, each event detailing requests or posts of webpages. A number of events or accesses associated with each domain name within a time period is determined. ... Splunk Inc

12/14/17 / #20170357554

Data forwarding using multiple data pipelines

In accordance with implementations of the present disclosure, a backup of live data received by a data forwarder is generated at the data forwarder while the live data is provided to a real-time data pipeline for forwarding from the data forwarder. A a first portion of the live data is recovered from the backup to a stale data pipeline of the data forwarder. ... Splunk Inc

12/07/17 / #20170351720

Automatic associations in an i.t. monitoring system

A computer system exposes an interface for the specification of filter criteria. The filter criteria may identify control information of a service monitoring system (sms) that defines entities in an it environment monitored by the sms. ... Splunk Inc

11/30/17 / #20170344591

Storing log data as events and performing a search on the log data and data obtained from a real-time monitoring environment

Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. ... Splunk Inc

11/30/17 / #20170344576

Periodically processing data in files identified using checksums

Embodiments are directed towards managing and tracking item identification of a plurality of items to determine if an item is a new or existing item, where an existing item has been previously processed. In some embodiments, two or more item identifiers may be generated. ... Splunk Inc

11/23/17 / #20170339029

Monitoring it services at an individual overall level from machine data

One or more processing devices derive values indicative of various aspects of how a particular service in an information technology (it) environment is performing at a point in time or for a period of time. The values are derived by a search query over machine data associated with the one or more entities that provide the service. ... Splunk Inc

11/23/17 / #20170339024

Thresholds for key performance indicators derived from machine data

One or more processing devices access a service definition for a service provided by one or more entities that each produce machine data or about which machine data is generated. The service definition identifies the entities that provide the service and, for each entity, identifying information for locating machine data pertaining to that entity. ... Splunk Inc

11/23/17 / #20170337252

Incident review interface

A computing machine performs a correlation search against kpi data for one or more services using a selection criteria and a triggering condition. When the triggering condition is satisfied a notable event or incident is created and information about the notable event is presented using a user interface that may have interactive elements.. ... Splunk Inc

11/23/17 / #20170337231

Log data time stamp extraction and search on log data and data obtained from a real-time monitoring environment

Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. ... Splunk Inc

11/23/17 / #20170337230

Storing and executing a search on log data and data obtained from a real-time monitoring environment

Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. ... Splunk Inc

11/16/17 / #20170331930

Configuring generation of event streams by remote capture agents

The disclosed embodiments provide a system that processes network data. During operation, the system obtains, at a remote capture agent, a first protocol classification for a first packet flow captured by the remote capture agent. ... Splunk Inc

11/16/17 / #20170330309

Aligning a result image with a source image to create a blur effect for the source image

A processing device receives input representing a selection of a first area of a source image. The processing device identifies a result image that corresponds to the source image. ... Splunk Inc

11/16/17 / #20170329854

Techniques for compiling and presenting query results

Improved crawling and curation of data and metadata from diverse data sources is described. In some embodiments, improvements are achieved by interpreting the context, vocabulary and relationships of data element, to enable relational data search capability for users. ... Splunk Inc

11/16/17 / #20170329853

Techniques for curating data for query processing

Improved crawling and curation of data and metadata from diverse data sources is described. In some embodiments, improvements are achieved by interpreting the context, vocabulary and relationships of data element, to enable relational data search capability for users. ... Splunk Inc

11/16/17 / #20170329800

Efficient point-in-polygon indexing technique to visualize data points bounded by geometric regions

A system that displays geographic data is disclosed. The system obtains polygons that define a set of geographic regions. ... Splunk Inc

11/16/17 / #20170329662

Correlating application errors with incomplete transactions

Various methods and systems for tracking incomplete purchases in correlation with application performance, such as application errors or crashes, are provided. In this regard, aspects of the invention facilitate monitoring transaction and application error events and analyzing data associated therewith to identify data indicating an impact of incomplete purchases in relation to an error(s) such that application performance can be improved. ... Splunk Inc

11/16/17 / #20170329462

Graphical user interface for static and adaptive thresholds

Techniques are disclosed for providing a graphical user interface (gui) for displaying and configuring adaptive or static thresholds for key performance indicators (kpis). The gui may include one or more presentation schedules that may display threshold information associated with time policies. ... Splunk Inc

11/09/17 / #20170322985

Creating an entity definition from a search result set

A processing device performs a search query to produce a search result set having entries having data items. A table, having rows and columns, is displayed in a user interface. ... Splunk Inc

10/05/17 / #20170286525

Field extraction rules from clustered data samples

The operation of an automatic data input and query system is controlled by well-defined control data. Certain control data may relate to data schemas and direct operations performed by the system to extract fields from machine data. ... Splunk Inc

10/05/17 / #20170286505

Event limited field picker

An event limited field picker for a search user interface is described. In one or more implementations, a service may operate to collect and store data as events each of which includes a portion of the data correlated with a point in time. ... Splunk Inc

10/05/17 / #20170286499

Query-triggered processing of performance data and log data from an information technology environment

The disclosed system and method acquire and store performance measurements relating to performance of a component in an information technology (it) environment and log data produced by the it environment, in association with corresponding time stamps. The disclosed system and method correlate at least one of the performance measurements with at least one of the portions of log data.. ... Splunk Inc

10/05/17 / #20170286455

Technology add-on packages controlling a data input and query system

The operation of an automatic data input and query system is controlled by well-defined control data. Technology add-on (ta) control data extends the operations of the system to gather and process machine data from additional sources. ... Splunk Inc

10/05/17 / #20170286038

Technology add-on control console

The operation of an automatic data input and query system is controlled by well-defined control data. The system exposes user interfaces enabling an administrator to interact with control data to modify the ongoing operation of the system. ... Splunk Inc

09/21/17 / #20170272458

Network security system with real-time and batch paths

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. ... Splunk Inc

09/21/17 / #20170270219

Advanced field extractor

Embodiments are directed towards a graphical user interface identify locations within event records with splittable timestamp information. A display of event records is provided using any of a variety of formats. ... Splunk Inc

09/21/17 / #20170270186

Generating statistics

Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. ... Splunk Inc

09/21/17 / #20170270132

File browser user interface

A search support system allows a customer to browse data contained in files stored on an external storage system. The search support system allows a customer to specify data processing tasks to be performed on raw data retrieved from a file stored on the external storage system. ... Splunk Inc

09/21/17 / #20170270088

Automatic rule modification

Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. ... Splunk Inc

09/14/17 / #20170264512

Systems and methods for monitoring and analyzing performance in a computer system with state distribution ring

A system that displays performance data for a computing environment. During operation, the system determines performance states for a plurality of entities that comprise the computing environment based on values of a performance metric for the entities. ... Splunk Inc

09/07/17 / #20170257293

Systems and methods for monitoring and analyzing performance in a computer system with severity-state sorting

The disclosed embodiments relate to a system that displays performance data for a computing environment. During operation, the system first determines values for a performance metric for entities that comprise the computing environment. ... Splunk Inc

09/07/17 / #20170257292

Systems and methods for displaying metrics on real-time data in an environment

A system and computer-implemented is provided for displaying a configurable metric relating to an environment in a graphical display along with a value of the metric calculated over a configurable time period. The metric is used to identify events of interest in the environment based on processing real time machine data from one or more sources. ... Splunk Inc

09/07/17 / #20170255711

Processing of performance data and raw log data from an information technology environment

The disclosed system and method acquire and store performance measurements relating to performance of a component in an information technology (it) environment and log data produced by the it environment, in association with corresponding time stamps. The disclosed system and method correlate at least one of the performance measurements with at least one of the portions of log data.. ... Splunk Inc

09/07/17 / #20170255695

Determining rules based on text

Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. ... Splunk Inc

09/07/17 / #20170255683

Processing of performance data and structure data by thresholding log data

The disclosed system and method acquire and store performance measurements relating to performance of a component in an information technology (it) environment and log data produced by the it environment, in association with corresponding time stamps. The disclosed system and method correlate at least one of the performance measurements with at least one of the portions of log data.. ... Splunk Inc

09/07/17 / #20170255606

Determining events having a value

Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. ... Splunk Inc

09/07/17 / #20170255601

Determining events associated with a value

Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. ... Splunk Inc

09/07/17 / #20170255481

Systems and methods for automatically characterizing performance of a hypervisor system

Techniques promote monitoring of hypervisor systems by presenting dynamic representations of hypervisor architectures that include performance indicators. A reviewer can interact with the representation to progressively view select lower-level performance indicators. ... Splunk Inc

09/07/17 / #20170255349

Systems and methods for monitoring and analyzing performance in a computer system with node pinning for concurrent comparison of nodes

In some embodiments, in response to the user selecting a first node in the tree to be pinned, the system displays a first detail panel for the first node, wherein the first detail panel displays state information for the first node, wherein the state information is frozen at the time of pinning. Moreover, in response to the user selecting a second node in the tree to be pinned, the system displays a second detail panel for the second node, wherein the second detail panel displays state information for the second node, wherein the state information is frozen at the time of pinning. ... Splunk Inc

08/24/17 / #20170243132

Machine-learning data analysis tool

Disclosed herein is a computer-implemented tool that facilitates data analysis by use of machine learning (ml) techniques. The tool cooperates with a data intake and query system and provides a graphical user interface (gui) that enables a user to train and apply a variety of different ml models on user-selected datasets of stored machine data. ... Splunk Inc

08/17/17 / #20170237761

Monitoring search query results relating to alert notifications

The disclosed embodiments relate to a system that generates an alert based on information extracted from search results generated by a query. During operation, the system executes the query to generate the search results. ... Splunk Inc

08/17/17 / #20170237683

Processing event data using dynamic data server nodes

A system of dynamically-instantiated data server components provides access to a data repository. Different data server components are assigned to different data collections in the repository. ... Splunk Inc

08/17/17 / #20170237634

Transformation of network data at remote capture agents

The disclosed embodiments provide a method and system for processing network data. During operation, the system obtains, at a remote capture agent, configuration information for the remote capture agent from a configuration server over a network. ... Splunk Inc

08/10/17 / #20170228943

Conveying data to a user via field-attribute mappings in a three-dimensional model

Systems and methods according to various embodiments enable a user to view three-dimensional representations of data objects (“nodes”) within a 3d environment from a first person perspective. The system may be configured to allow the user to interact with the nodes by moving a virtual camera through the 3d environment. ... Splunk Inc

08/10/17 / #20170228942

Conveying machine data to a user via attribute mapping in a three-dimensional model

Systems and methods according to various embodiments enable a user to view three-dimensional representations of data objects (“nodes”) within a 3d environment from a first person perspective. The system may be configured to allow the user to interact with the nodes by moving a virtual camera through the 3d environment. ... Splunk Inc

08/03/17 / #20170223036

Model training and deployment in complex event processing of computer network data

A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. ... Splunk Inc

08/03/17 / #20170223030

Detection of security transactions

In a method, a plurality of events is accessed, wherein an event of the plurality of events includes a portion of raw-machine data from a data source of a plurality of data sources. For at least one event of the plurality of events, a transaction phase of a computer security transaction is correlated with the at least one event based at least in part on a data source associated with the at least one event. ... Splunk Inc








ARCHIVE: New 2018 2017 2016 2015 2014 2013 2012 2011 2010 2009



###

This listing is an abstract for educational and research purposes is only meant as a recent sample of applications filed, not a comprehensive history. Freshpatents.com is not affiliated or associated with Splunk Inc in any way and there may be associated servicemarks. This data is also published to the public by the USPTO and available for free on their website. Note that there may be alternative spellings for Splunk Inc with additional patents listed. Browse our Agent directory for other possible listings. Page by FreshPatents.com

###