Patents Assigned to Splunk Inc.
  • Patent number: 12200064
    Abstract: Described herein are techniques for integrating external sensors to an edge device, such as for ingesting data into a data intake and query system. The edge device has an internal message broker for communicating with internal (e.g., preconfigured, recognized) sensors, and an external message broker for communicating with external (e.g., customer-configured, otherwise unrecognized) sensors. The external message broker provides access to customer configuration of external sensors, but is logically quarantined from the internal message broker to prevent unwanted customer access to internal configurations. The internal and external message brokers interface only via a bridging service that transforms external sensor data into data based on customer-configurable transformations. The transformed data can be handled by the edge device and/or downstream components (e.g., a data intake and query system) in the same manner as internal sensor data.
    Type: Grant
    Filed: October 23, 2023
    Date of Patent: January 14, 2025
    Assignee: SPLUNK Inc.
    Inventors: Rodrigo Paulo Quaresma, Neel Mehta, Warren Shum, William Huang, Jonathan Yeung, Yi Chien Lee, Masrur Mahmood, Anthony Ng, Allyson Aberg, Qi Shu, Neha Kumari, Joel Jacob
  • Patent number: 12197962
    Abstract: Resegmenting chunks of data for load balancing is disclosed. A plurality of first chunks of data is received. The plurality of first chunks of data includes one or more entries that include raw data produced by a component of an information technology environment and that reflects activity in the information technology environment. The plurality of first chunks of data is resegmented into a plurality of second chunks of data based on a source type of the plurality of first chunks. A first subset of the plurality of second chunks of data is distributed to a first indexer of a set of indexers. An occurrence of a trigger event is determined, and in response to the trigger event, a second subset of the plurality of second chunks of data is distributed to a second indexer of the set of indexers.
    Type: Grant
    Filed: February 15, 2023
    Date of Patent: January 14, 2025
    Assignee: SPLUNK INC.
    Inventors: Jag Kerai, Anish Shrigondekar, Mitchell Blank, Jr., Hasan Alayli
  • Patent number: 12197908
    Abstract: Systems and methods are disclosed for providing a multi-component application, including a first and second component, and a first and second server. The first component may be implemented at the first server, while a second component may be implemented at a client device. An end user of a client device may request access to metadata stored on the second server that is utilized by the second component to implement the multi-component application. The end user may authenticate with the first component. The first component may then communicate with the second server to authenticate the end user to the second server, thereby granting the end user access to the second server without having to reauthenticate to the second server.
    Type: Grant
    Filed: November 22, 2023
    Date of Patent: January 14, 2025
    Assignee: Splunk Inc.
    Inventors: Akash Dwivedi, Simon Foster Fishel, Isabelle Park, Vivian Shen, Eric Tschetter, Joshua Walters
  • Patent number: 12199997
    Abstract: A computerized method is disclosed that includes operations of obtaining network traffic data between a source device and a destination device, applying a set of one or more security rules to a plurality of metrics of the network traffic data to obtain a subset of network traffic metrics, applying a first trained machine learning model to the subset of network traffic metrics to generate a feature vector through feature extraction of the subset of network traffic metrics, and evaluate the feature vector for a presence of beaconing and classify the subset of network traffic metrics, and responsive to the classifying of the subset of network traffic metrics, generating a flag for a system administrator. The plurality of metrics include at least one or more of packet size, packet transmission rate, or a ratio of (i) packet size for inbound packets and (ii) packet size for outbound packets.
    Type: Grant
    Filed: January 11, 2022
    Date of Patent: January 14, 2025
    Assignee: Splunk Inc.
    Inventors: Cui Lin, Stanislav Miskovic
  • Patent number: 12197567
    Abstract: A computer-implemented method of configuring an anomalous behavior detector includes updating a distribution used for modeling anomalous behavior in telemetry data with information associated with observed anomalous behavior to generate an updated distribution representative of the observed anomalous behavior where, prior to the updating, the distribution is representative of theoretical anomalous behavior. The method further includes computing a threshold for a detector operable to alert on anomalous activity using the updated distribution. The method also comprises computing a divergence between the live telemetry data monitored by the detector and the anomalous behavior modeled by the updated distribution. Responsive to a determination that the divergence is above a critical threshold, the method comprises enabling the detector to continue to monitor the live telemetry data in the application.
    Type: Grant
    Filed: October 28, 2021
    Date of Patent: January 14, 2025
    Assignee: SPLUNK INC.
    Inventors: David Dorsey, Michael Andrew Hart
  • Patent number: 12197420
    Abstract: A method includes displaying events that correspond to search results of a search query, the events comprising data items of event attributes, the events displayed in a table. The table includes columns corresponding to an event attribute, rows corresponding events, cells populated data items, and interactive regions corresponding to at least one data item and selectable to add one or more commands to the search query. A reference event attribute is determined based on an analysis of a data object. A supplemental column corresponding to a supplemental event attribute is added to the table based on the reference event attribute. Supplemental interactive regions are added to the table and correspond to supplemental data items.
    Type: Grant
    Filed: March 8, 2023
    Date of Patent: January 14, 2025
    Assignee: Splunk Inc.
    Inventors: Jesse Miller, Marc V. Robichaud, Cory Burke, Alexander James, Jeffrey Thomas Lloyd
  • Patent number: 12197451
    Abstract: A system generates a user interface that enables a user to modify time ranges associated with search-related statements of a data processing package. Via one or more user interactions with the user interface, the system may receive a modified time range for the statement. The modified time range may be appended to the data processing package to form an enriched data processing package. The system may communicate the enriched data processing package to a search service for execution. The system may display the results in the user interface.
    Type: Grant
    Filed: July 29, 2022
    Date of Patent: January 14, 2025
    Assignee: Splunk Inc.
    Inventors: Thomas Haggie, Barbara Janczer, Justin Lew, Clark Eugene Mullen, Ioan Popa, Jacob Sebastian Stark, Keng-Ming Sheu
  • Patent number: 12189624
    Abstract: Embodiments described herein are directed to facilitating management and storage of configurations. In one embodiment, a request to provide configurations associated with a user-application pair is identified. Based on the user-application pair, a user-defined configuration cache is accessed to obtain user-defined configurations, an application-defined configuration cache is accessed to obtain application-defined configurations, and a system-defined configuration cache is accessed to obtain system-defined configurations. Thereafter, at least a portion of the user-defined configurations, the application-defined configurations, and the system-defined configurations are aggregated or merged to generate a set of configurations associated with the user-application pair. Such a set of configurations associated with the user-application pair are provided for use in performing a task.
    Type: Grant
    Filed: January 31, 2023
    Date of Patent: January 7, 2025
    Assignee: Splunk Inc.
    Inventors: Liang Han, Vishal Patel, Sundar R. Vasan, Eric Woo
  • Patent number: 12189931
    Abstract: In embodiments of statistics chart row mode drill down, a first interface is displayed in a table format that includes columns and rows, where each row is associated with an event and each column includes field for a respective event. The rows can further include one or more aggregated metrics representing a number of events associated with a respective row. A row can be emphasized in the first interface and, in response a menu can be displayed with selectable options to transition to a second interface, where the data displayed by the second interface is based on an option selected from the menu.
    Type: Grant
    Filed: May 8, 2023
    Date of Patent: January 7, 2025
    Assignee: Splunk Inc.
    Inventors: Cory Eugene Burke, Katherine Kyle Feeney, Divanny I. Lamas, Marc Vincent Robichaud, Matthew G. Ness, Clara E. Lee
  • Patent number: 12182174
    Abstract: A search assistant engine is described that integrates with a data intake and query system and provides an intuitive user interface to assist a user in searching and evaluating indexed event data. Additionally, the search assistant engine provides logic to intelligently provide data to the user through the user interface such as determining fields of events likely to be of interest based on determining a mutual information score for each field and determining groups of related fields based on determining a mutual information score for each field grouping. Some implementations utilize machine learning techniques in certain analyses such as when clustering events and determining an event templates for each cluster. Additionally, the search assistant engine may import terms or characters from user interaction into predetermined search query templates to generate tailored search query for the user.
    Type: Grant
    Filed: December 28, 2022
    Date of Patent: December 31, 2024
    Assignee: Splunk Inc.
    Inventors: Francis Beckert, Kristal Curtis, Om Rajyaguru, Abraham Starosta, Poonam Yadav
  • Patent number: 12182169
    Abstract: A computerized method is disclosed for grouping alerts through machine learning while implementing certain time constraints. The method includes receiving an alert to be assigned to any of a plurality of existing issues or to a newly created issue, the alert including a temporal field that includes a timestamp of an arrival time of the alert, wherein an issue is a grouping of one or more alerts, determining a subset of existing issues from the plurality of existing issues that each satisfy time constraints, wherein the time constraints correspond to (i) a time elapsed between a most recent alert of a first existing issue and a timestamp of the alert, or (ii) a maximum issue time length of the first existing issue, and deploying a trained machine learning model to assign the alert to either an existing issue of the subset of existing issues or a newly created issue.
    Type: Grant
    Filed: January 31, 2022
    Date of Patent: December 31, 2024
    Assignee: Splunk Inc.
    Inventors: William Deaderick, William Stanton, Thomas Camp Vieth
  • Patent number: 12182151
    Abstract: Implementations of this disclosure provide for automated monitoring of configuration parameters of a primary data intake and query system instance operating within a distributed deployment environment. Further implementations provide for automatically generating instructions in response to a detected change in a configuration parameter of the primary data intake and query system instance and transmitting those instructions to one or more secondary data intake and query system instances. The instructions, upon execution by one or more processors, cause the configuration parameters of the one or more secondary data intake and query system instances to be updated in accordance with the detected change in the configuration parameter of the primary data intake and query system instance.
    Type: Grant
    Filed: January 31, 2023
    Date of Patent: December 31, 2024
    Assignee: Splunk Inc.
    Inventors: Daniel Federschmidt, Ashley Hoang, Yuan Ling, Mayur Sanjaybhai Pipaliya, Nicolas Stone, Carl Yestrau
  • Patent number: 12184744
    Abstract: A process for providing requests to a management application in a multi-tenant environment is described herein. In embodiments, a broker client is deployed within a tenant execution environment executed by a server computer system. In embodiments, the broker client is configured to communicate with a broker responsible for managing the tenant execution environment based on configuration information. Furthermore, in various embodiments, request to perform operations associated with the tenant execution environment are transmitted to the broker client over a connection and the broker client provides the request to the broker for execution.
    Type: Grant
    Filed: September 30, 2022
    Date of Patent: December 31, 2024
    Assignee: Splunk Inc.
    Inventors: Christopher Kellogg, Pradeep Baliganapalli Nagaraju
  • Patent number: 12181956
    Abstract: Systems and methods are disclosed that are directed to improving the prioritization, display, and viewing of system alerts through the use of machine learning techniques to group the alerts and further to prioritize the groupings. Additionally, a graphical user interface is generated that illustrates the prioritized listing of the plurality of groupings. Thus, a system administrator or other user receives an improved experience as the number of notifications provided to the system administrator are reduced due to the grouping of individual alerts into related groupings and further due to the prioritization of the groupings. Previously, or in current technology, system alerts may be automatically generated and provided immediately to a system administrator. In some instances, any advantage of detecting system errors or system monitoring provided by the alerts is negated by the vast number of alerts and provision of minimally important alerts in a manner that concealed more important alerts.
    Type: Grant
    Filed: June 12, 2023
    Date of Patent: December 31, 2024
    Assignee: Splunk Inc.
    Inventors: Kristal Curtis, William Deaderick, Wei J. Gao, Tanner Gilligan, Chandrima Sarkar, Aleksander Stojanovic, Ralph Donald Thompson, Poonam Yadav, Sichen Zhong
  • Patent number: 12182110
    Abstract: A system is described that receives a query model of a query that includes one or more query commands. The query model includes a command model that corresponds to at least query command of the one or more query commands. The system uses the command model to generate an interactive action model summary and causes a user interface to display the query and the interactive action model summary in a query actions panel. A modification to the query in the user interface causes an update to the query actions panel and a modification to the action model summary causes an update to the at least one query command of the query.
    Type: Grant
    Filed: January 30, 2023
    Date of Patent: December 31, 2024
    Assignee: Splunk, Inc.
    Inventors: Finlay Cannon, Jindrich Dinga, Thomas Haggie, Clark E. Mullen, Jonathan Ng, Andrew John Peters, Bardhi Shtylla, Ioan Popa, Barbara Janczer, Jacob Sebastian Stark
  • Patent number: 12175403
    Abstract: A service monitoring system receives receiving, via a user interface, an identification of a service of an information technology environment, and causes display of a plurality of key performance indicators (KPIs) in the user interface. Each KPI of the plurality of KPIs indicates a measure of performance for the service. The service monitoring system receives, via the user interface, an identification of a time period, and an identification of one or more visual characteristics for KPI graph lanes. Each of the KPI graph lanes is indicative of one or more KPI values of a respective KPI of the plurality of KPIs, the one or more KPI values are obtained from execution of a search query associated with the respective KPI, and the search query uses the time period to obtain the one or more KPI values. The service monitoring system causes display of a plurality of KPI graph lanes based on the one or more visual characteristics.
    Type: Grant
    Filed: July 12, 2021
    Date of Patent: December 24, 2024
    Assignee: Splunk Inc.
    Inventors: Tristan Antonio Fletcher, Alok Anant Bhide
  • Patent number: 12169471
    Abstract: An example method for managing datasets produced by alert-triggering search queries may include producing a dataset by executing a search query on a portion of data associated with a time window defined relative to a current time. The method may further include responsive to determining that a portion of the dataset satisfies a condition defining an alert, generating an instance of the alert. The method may further include associating, by a memory data structure, the instance of the alert with an identifier of the query and a parameter specifying a time of execution of the query that has triggered the instance. The method may further include receiving a request for the dataset portion. The method may further include substituting, in a definition of the time window, the current time with the time parameter. The method may further include reproducing the dataset portion by re-executing the query using the time window.
    Type: Grant
    Filed: February 10, 2022
    Date of Patent: December 17, 2024
    Assignee: Splunk Inc.
    Inventors: Qianjie Zhong, Ting Wang, Margaret Lee, Dawei Li, Nick Filippi, Yue Ni, Shiming Yuan
  • Patent number: 12169498
    Abstract: Metric time series (MTS) data objects stored within in-memory storage are marked as inactive in response to determining that no MTS data has been received for the MTS objects within a first predetermined time period. In response to determining that an MTS object has been inactive for longer than a second predetermined time period, the MTS data object is migrated from in-memory storage to on-disk storage. Queries directed to MTS objects are first run against MTS object data stored within in-memory storage, and then against MTS object data stored within on-disk storage. In this way, an amount of in-memory storage needed to store MTS objects may be minimized, while optimizing search performance.
    Type: Grant
    Filed: January 26, 2023
    Date of Patent: December 17, 2024
    Assignee: SPLUNK Inc.
    Inventors: Uday Sagar Shiramshetty, Mitchell Grayer Eisenstat, Chowie Chunyan Lin
  • Patent number: 12169499
    Abstract: A system generates a user interface that enables a user to generate a data summarization statement for a data processing package. Via one or more user interactions with the user interface, the system may receive one or more parameters for the summarization statement. Using the parameters, the system may generate a summarization statement for execution by a data service, an action model display object, a statement action model display object, and/or a filter token object for display in the user interface.
    Type: Grant
    Filed: July 29, 2022
    Date of Patent: December 17, 2024
    Assignee: Splunk Inc.
    Inventors: Finlay Cannon, Thomas Haggie, Justin Lew, Clark Eugene Mullen, Jonathan Ng, Faya Peng, Ioan Popa, Keng-Ming Sheu, Jacob Sebastian Stark, Yuchen Mou
  • Patent number: D1054444
    Type: Grant
    Filed: July 14, 2023
    Date of Patent: December 17, 2024
    Assignee: SPLUNK Inc.
    Inventors: Tatsuya Hama, Clark E Mullen, Ioan Popa, Iryna Vogler-Ivashchanka