Patents Assigned to Splunk Inc.
  • Patent number: 11455590
    Abstract: An automatic service monitor in an information technology environment has its operation controlled by information that, in part, defines entities that perform services and defines key performance indicators (KPIs) that indicate measures of performance of the services. Additional information controls the operation of the service monitor with respect to identifying and adapting for KPIs based on the non-normal data caused by maintenance work or other causes. Such adaptation may include changes in how reported information appears to the user.
    Type: Grant
    Filed: June 30, 2016
    Date of Patent: September 27, 2022
    Assignee: Splunk Inc.
    Inventors: Anupadmaja Raghavan, George Daloukov, Alok Anant Bhide, Ross Andrew Lazerowitz, Tristan Antonio Fletcher, Alan Vincent Hardin
  • Patent number: 11455087
    Abstract: In embodiments of field value search drill down, a search system exposes a search interface that displays one or more events returned as a search result set. A field-value pair can be emphasized in the field-value pairs of an event displayed in the search interface, and a menu is displayed with search options that are selectable to operate on the emphasized field-value pair of the event. The menu includes the search options to add search criteria of the emphasized field-value pair to a search command in a search bar of the search interface, exclude the search criteria of the emphasized field-value pair from a search, or create a new data search based on the emphasized field-value pair. A selection of one of the search options in the menu can be received, and the search command in the search bar is updated based on the search option that is selected.
    Type: Grant
    Filed: April 29, 2019
    Date of Patent: September 27, 2022
    Assignee: Splunk Inc.
    Inventors: Cory Eugene Burke, Katherine Kyle Feeney, Divanny I. Lamas, Marc Vincent Robichaud, Matthew G. Ness, Clara E. Lee
  • Patent number: 11455314
    Abstract: Embodiments of the present disclosure provide a method for performing search queries in a manner that avoids overloading an indexer cluster or indexers with an unwanted or unauthorized high levels of concurrent searches. The method comprises transmitting a slot request from a search head to a cluster master in response to a query, wherein the cluster master is communicatively coupled with an indexer cluster comprising a plurality of indexers. The method further comprises receiving addresses of active indexers in the indexer cluster and a response to the slot request from the cluster master. Responsive to a grant of a slot by the cluster master, the method comprises using the addresses to transmit the query to the active indexers and receiving results of the query from the active indexers. Subsequently, the method comprises releasing the slot to the cluster master.
    Type: Grant
    Filed: April 21, 2020
    Date of Patent: September 27, 2022
    Assignee: Splunk Inc.
    Inventor: Ashish Mathew
  • Patent number: 11451453
    Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display, on a computer system, a graphical user interface (GUI) for obtaining configuration information for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements for managing one or more ephemeral event streams that contain temporarily generated time-series event data from the network packets, wherein managing the one or more ephemeral event streams comprises modifying an end time for terminating the capture of time-series event data in an ephemeral event stream. The system then updates the configuration information based on input received through the first set of user-interface elements.
    Type: Grant
    Filed: October 31, 2019
    Date of Patent: September 20, 2022
    Assignee: Splunk Inc.
    Inventors: Fang I. Hsiao, Clayton S. Ching, Michael R. Dickey, Vladimir A. Shcherbakov, Nishant Teredesai, Cary Glen Noel
  • Patent number: 11450419
    Abstract: Medication security and healthcare privacy analytics systems are described that enable users to search for and process stored healthcare environment data. The medication security and healthcare privacy analytics systems receive and correlate data from a plurality of data sources, including medication dispensing systems, healthcare employee records, and patient records, including user behavior or interaction data with the foregoing data sources. The medication security and healthcare privacy analytics systems include graphical user interfaces (GUIs) that enable users to select elements to filter the processed healthcare environment data and generate visualizations of filtered datasets. The visualizations are created using datasets generated by clustering algorithms and can indicate those users from a plurality of users whose interactions with various systems are anomalous (e.g., indicative of unexpected or non-customary user behavior).
    Type: Grant
    Filed: April 30, 2019
    Date of Patent: September 20, 2022
    Assignee: Splunk Inc.
    Inventor: Gleb Esman
  • Patent number: 11449464
    Abstract: A graphical user interface allows a customer to specify delimiters and/or patterns that occur in event data and indicate the presence of a particular field. The graphical user interface applies a customer's delimiter specifications directly to event data and displays the resulting event data in real time. Delimiter specifications may be saved as configuration settings and systems in a distributed setting may use the delimiter specifications to extract field values as the systems process raw data into event data. Extracted field values are used to accelerate search queries that a system receives.
    Type: Grant
    Filed: January 17, 2020
    Date of Patent: September 20, 2022
    Assignee: Splunk Inc.
    Inventor: Jesse Miller
  • Patent number: 11449293
    Abstract: Various embodiments of the present application set forth a computer-implemented method that includes transmitting, by a wearable device, a first request that includes a first set of parameters, receiving, by the wearable device, a first set of values based on the first set of parameters, wherein the first set of values are provided by a first data source, displaying, by the wearable device, a first dashboard that includes a first visualization associated with the first set of values, determining that a first physical interaction with a first physical input device associated with the wearable device occurred, and in response to the first physical interaction, causing the first visualization to display a first data value included in the first set of values.
    Type: Grant
    Filed: January 31, 2019
    Date of Patent: September 20, 2022
    Assignee: SPLUNK INC.
    Inventors: Mingyuan Chen, Dylan Patricia Conway, Simon Tam
  • Patent number: 11449371
    Abstract: As an indexer indexes and groups events, it can generate data slices that include events. Based on a slice rollover policy, the indexer can add a particular slice to an aggregate slice. Based on an aggregate slice backup policy, the indexer can store a copy of the aggregate slice to a shared storage system. The aggregate slice can be used for restore purposes in the event the indexer fails or becomes unresponsive.
    Type: Grant
    Filed: July 31, 2020
    Date of Patent: September 20, 2022
    Assignee: Splunk Inc.
    Inventors: Shalabh Goyal, Anish Shrigondekar, Bhavin Thaker, Zhenghui Xie, Ruochen Zhang
  • Patent number: 11442924
    Abstract: In some embodiments, a method may include display of a data summary view of a set of events that correspond to query results of a query. Each event of the set of events may include data items of a plurality of event attributes. In embodiments, the data summary view can include various summary reports. Each summary report can include summary entries and a summary graph that each present a summary of data items of a selected event attribute, of the plurality of event attributes. At least one summary report can include summary entries that are selectable by a user. The method may further include filtering the set of event, in response to, and based on, selection of one or more of the selectable summary entries by the user and updating of at least the first and second summary graphs to correspond to the filtered set of events.
    Type: Grant
    Filed: January 29, 2019
    Date of Patent: September 13, 2022
    Assignee: Splunk Inc.
    Inventors: Jesse Miller, Marc V. Robichaud, Cory Burke, Jeffrey Thomas Lloyd, Alexander James, Andrew Robbins
  • Patent number: 11442935
    Abstract: Systems and methods are described for determining a record generation estimate related to a particular processing task. The system obtains a sample set of data that includes multiple records. The system applies a processing task, such as a transform or regular expression rule to the sample set of data and determines how many records are generated by the processing task. Based on the number of records generated, the system determines a record generation estimate. The system can use the record generation estimate to allocate compute resources or determine a query execution time for at least a portion of the query based on the record generation estimate.
    Type: Grant
    Filed: April 29, 2019
    Date of Patent: September 13, 2022
    Assignee: Splunk Inc.
    Inventors: Sourav Pal, Arindam Bhattacharjee, Asha Andrade
  • Patent number: 11436222
    Abstract: Embodiments of the present disclosure provide techniques for using an inverted index in a pipelined search query. A field searchable data store is provided that comprises a plurality of event records, each event record comprising a time-stamped portion of raw machine data. Responsive to the receipt of an incoming search query, the search engine accesses an inverted index, wherein each entry in the inverted index comprises at least one field name, a corresponding at least one field value and a reference value associated with each field name and value pair that identifies a location in the data store where an associated event record is stored. Once the inverted index is accessed, it can be used to identify and search a subset of the plurality of event records, wherein the subset comprises one or more event records with corresponding reference values in the inverted index.
    Type: Grant
    Filed: October 2, 2019
    Date of Patent: September 6, 2022
    Assignee: SPLUNK INC.
    Inventors: David Ryan Marquardt, Karthikeyan Sabhanatarajan, Steve Yu Zhang
  • Patent number: 11436116
    Abstract: Systems and methods are described for improving data availability and/or resiliency of indexers of a data intake and query system. A data intake and query system can index large amounts of data using one or more indexers. An indexer can store a copy of the data that the indexer is assigned to process in the shared storage system, and a cluster master can track the storage of the data and the indexer assigned to process the data. In the event an indexer fails or is otherwise unable to index data that it has been assigned to index, the cluster master can assign one or more second indexers to process the data. The second indexer can download the data from the shared storage system.
    Type: Grant
    Filed: January 31, 2020
    Date of Patent: September 6, 2022
    Assignee: Splunk Inc.
    Inventors: Alexandros Batsakis, Mehul Goyal, Ashish Mathew, Douglas Rapp, Igor Stojanovski, Eric Woo
  • Patent number: 11438221
    Abstract: A computerized method is shown and includes receiving one or more lists of identifiers, generating a batch query from the one or more lists of identifiers, querying one or more data stores using the batch query, generating one or more response packets including results from querying using the batch query, and transmitting a first response packet to a first edge device. Generating the batch query may be performed by merging a plurality of lists of identifiers to form a merged list, and removing duplicate identifiers from the merged list. Further, the first response packet may be generated for the first edge device and includes enrichment data corresponding to identifiers transmitted by the first edge device. Additionally, may be the first response packet is generated for a plurality of edge devices including the first edge device and includes enrichment data corresponding to identifiers transmitted by the plurality of edge device.
    Type: Grant
    Filed: January 13, 2021
    Date of Patent: September 6, 2022
    Assignee: SPLUNK Inc.
    Inventors: Alexander William Cruise, Daniel Ferstay
  • Patent number: 11436268
    Abstract: The various embodiments describe multi-site cluster-based data intake and query systems, including cloud-based data intake and query systems. Using a hybrid search system that includes cloud-based data intake and query systems working in concert with so-called “on-premises” data intake and query systems can promote the scalability of search functionality. In addition, the hybrid search system can enable data isolation in a manner in which sensitive data is maintained “on premises” and information or data that is not sensitive can be moved to the cloud-based system. Further, the cloud-based system can enable efficient leveraging of data that may already exist in the cloud. In addition, various embodiments enable configuration data associated with search functionality to be shared amongst clusters in a manner that promotes cluster security.
    Type: Grant
    Filed: April 30, 2018
    Date of Patent: September 6, 2022
    Assignee: Splunk Inc.
    Inventors: Ledio Ago, Declan Gerard Shanaghy
  • Patent number: 11429600
    Abstract: A method includes causing display to a user of at least one event of a first result set from a first pipelined search on events at an event source. Each event comprises a time stamp and a portion of machine data. A selection of a command is received from the user. The selection is to extend the first pipelined search with the selected command in a second pipelined search. The system selects between the first result set and the event source for execution of the second pipelined search based on an analysis of the selected command and at least one command of the first pipelined search. Based on the selecting being of the first result set, display to the user is caused of at least one event of a second result set from the execution of the second pipelined search on the first result set.
    Type: Grant
    Filed: January 29, 2020
    Date of Patent: August 30, 2022
    Assignee: Splunk Inc.
    Inventors: Jesse Brandau Miller, Marc V. Robichaud, Cory Eugene Burke
  • Patent number: 11429627
    Abstract: Machine data is collected from multiple sources of an operating environment such as an information technology system, factory floor, or the like, into a data intake and query system, in one embodiment. Metrics representative of the environment are included in or derived from the data. Users may interact with an interface to depict a representation of various metrics and interdependencies and that depiction is reflected in a computer storage model. Changes to the computer storage model based on the user interaction may also result in automatic changes to control information reflected in the computer storage model that directs the processing of various monitoring functions associated with the metrics.
    Type: Grant
    Filed: September 28, 2018
    Date of Patent: August 30, 2022
    Assignee: SPLUNK Inc.
    Inventors: Ricky Gene Burnett, Dipock Das, Steven Shaun McIntyre, Darrell Sano
  • Patent number: 11429608
    Abstract: Embodiments of the present disclosure provide techniques for emitting structured and dynamic fields from an accelerated data model. The method comprises evaluating a query to search a data model, wherein the data model is defined by a set of events and at least one structured field from fields associated with the set of events. Each event comprises a time-stamped portion of raw machine data and is stored in a field searchable data store. A summarization table is associated with the data model and comprises a plurality of entries comprising reference values, wherein a respective summarization table entry comprises: the at least one structured field; a respective field value; and a reference value.
    Type: Grant
    Filed: July 31, 2019
    Date of Patent: August 30, 2022
    Assignee: Splunk Inc.
    Inventors: Karthikeyan Sabhanatarajan, David Ryan Marquardt, Steve Zhang, Nicholas Romito, Sophia Zhu
  • Patent number: D963676
    Type: Grant
    Filed: January 29, 2021
    Date of Patent: September 13, 2022
    Assignee: SPLUNK Inc.
    Inventors: Uladzimir Bahatyrevich, Anthony Barbato
  • Patent number: D963677
    Type: Grant
    Filed: January 29, 2021
    Date of Patent: September 13, 2022
    Assignee: SPLUNK Inc.
    Inventor: Uladzimir Bahatyrevich
  • Patent number: D965006
    Type: Grant
    Filed: January 29, 2021
    Date of Patent: September 27, 2022
    Assignee: SPLUNK Inc.
    Inventor: Uladzimir Bahatyrevich