Abstract: A wrapper layer over a target interface receives requests from client devices over a different interface, converts the requests into a format that is compatible with the target interface, and transmits each converted request over the target interface for processing by a service. The wrapper layer also processes a request by a client device to subscribe to a certain type of update made via the target interface by verifying that the client device is authorized to access a resource associated with that type of update and creating a subscription that identifies the client device and the type of update. When the wrapper layer subsequently receives a request corresponding to that type of update, the wrapper layer matches attributes of the request to the subscription by the client device and transmits a message notifying the client device of the request.

Abstract: Systems and methods are described for monitoring indexing nodes, populating and maintaining a resource catalog with relevant information, receiving requests for indexing node availability or assignments, identifying indexing nodes that are available to process data, and/or communicating information relating to available indexing nodes. The system can maintain the resource catalog based on communications with each of the containerized indexing nodes. The system can receive, from a partition manager of a data intake and query system, a request for a containerized indexing node that the partition manager can assign to process data received by the partition manager. The system can identify an available containerized indexing node to process the data. The system can communicate, to the partition manager, an indexing node identifier associated with the available containerized indexing node.

Abstract: Systems, methods, and software described herein provide action recommendations to administrators of a computing environment based on effectiveness of previously implemented actions. In one example, an advisement system identifies a security incident for an asset in the computing environment, and obtains enrichment information for the incident. Based on the enrichment information a rule set and associated recommended security actions are identified for the incident. Once the recommended security actions are identified, a subset of the action recommendations are organized based on previous action implementations in the computing environment, and the subset is provided to an administrator for selection.

Abstract: Various implementations set forth a computer-implemented method for scanning a three-dimensional (3D) environment. The method includes generating, in a first time interval, a first extended reality (XR) stream based on a first set of meshes representing a 3D environment, transmitting, to a remote device, the first XR stream for rendering a 3D representation of a first portion of the 3D environment in a remote XR environment, determining that the 3D environment has changed based on a second set of meshes representing the 3D environment and generated subsequent to the first time interval, generating a second XR stream based on the second set of meshes, and transmitting, to the remote device, the second XR stream for rendering a 3D representation of at least a portion of the changed 3D environment in the remote XR environment.

Abstract: Embodiments include generating data models that may give semantic meaning for unstructured or structured data that may include data generated and/or received by search engines, including a time series engine. A method includes generating a data model for data stored in a repository. Generating the data model includes generating an initial query string, executing the initial query string on the data, generating an initial result set based on the initial query string being executed on the data, determining one or more candidate fields from one or results of the initial result set, generating a candidate data model based on the one or more candidate fields, iteratively modifying the candidate data model until the candidate data model models the data, and using the candidate data model as the data model.

Abstract: Various embodiments of the present application set forth a computer-implemented method that includes generating, based on a resource file stored at an endpoint device, a credential data packet for authenticating with a first application executing in a first network, where the resource file includes a set of encryption keys associated with a plurality of applications including the first application, and where the credential data packet is encrypted with a device key signed by the endpoint device, and the credential data packet is signed by an endpoint device management (EDM) key extracted from the set of encryptions keys included in the resource file, sending, by the endpoint device, the credential data packet to the first application via a trusted communication channel, and receiving, by the endpoint device and in response to the credential data packet, an authorization packet from the first application via the trusted communication channel.

Abstract: Systems and methods ingest machine data including logs, metadata, and cost and usage information from multiple heterogeneous cloud services. The machine data is saved as events. An application retrieves the metadata, events, metrics, and logs and causes an easy to understand visual representation of costs, resource usage, and non-compliance for each of a client's cloud services. Further, the data across the client's multiple heterogeneous cloud services is normalized to provide visual representations that compare the costs, resource usage, and non-compliance across the client's multiple heterogeneous cloud services. Further, machine learning aspects of the application can provide recommendations and trend analysis for cloud service asset usage.

Abstract: Various embodiments of the present application set forth a computer-implemented method that includes receiving, from a device, a natural-language (NL) request. The method further includes selecting, using the NL request, an intent from a set of intents, wherein the intent is associated with a pre-defined intent template, the pre-defined intent template including a set of property fields that are associated with one or more portions of the NL request. The method also includes determining, based on the NL request, a set of property field values for the set of property fields. The method further includes generating a query to be executed on a field-searchable data source, wherein the query is based on one or more property field values included in the set of property field values. The method also includes receiving, in response to the query, a result that includes a set of event field values. In addition, the method includes causing the device to display at least a portion of the result.

Abstract: Described are systems, methods, and techniques for collecting, analyzing, processing, and storing time series data and for evaluating and determining whether and how to include late or delayed data points for inclusion when publishing or storing the time series data. Maximum delay values can identify a duration for waiting for late or delayed data, such as prior to publication. In some examples, maximum delay values can be dynamically adjustable based on a statistical evaluation process. For late or delayed data points that are received after the maximum delay elapses, some data points can be included in the stored time series data, such as if they are received in the same order that they are generated.

Abstract: Embodiments are directed towards previewing results generated from indexing data raw data before the corresponding index data is added to an index store. Raw data may be received from a preview data source. After an initial set of configuration information may be established, the preview data may be submitted to an index processing pipeline. A previewing application may generate preview results based on the preview index data and the configuration information. The preview results may enable previewing how the data is being processed by the indexing application. If the preview results are not acceptable, the configuration information may be modified. The preview application enables modification of the configuration information until the generated preview results may be acceptable. If the configuration information is acceptable, the preview data may be processed and indexed in one or more index stores.

Abstract: Described are systems, methods, and techniques for collecting, analyzing, processing, and storing time series data and for evaluating and determining whether and how to include late or delayed data points when publishing or storing the time series data. Maximum delay values can identify a duration for waiting for late or delayed data, such as prior to publication. In some examples, maximum delay values can be dynamically adjustable based on a statistical evaluation process. For late or delayed data points that are received after the maximum delay elapses, some data points can be included in the stored time series data, such as if they are received in the same order that they are generated.

Abstract: A service monitoring system (SMS) transforms machine data from a monitored information technology (IT) environment into meaningful key performance indicators (KPIs) that each represents some measure of a service implemented by the environment on an ongoing basis. An overall health score for the service is determined from the KPIs and a prediction is made for a future health score. Data regarding a particular KPI and other KPIs is transformed to predicted future values for the particular KPI over a prediction window. Additionally, predicted future KPI scores may be used to determine a KPI impact score reflecting some measure of the degree to which the KPI, its related components, or processing related thereto, can influence the actual future health score. The KPI impact scores condition or direct the future operation of one or more SMS processes.

Abstract: Techniques are described for enabling users of an information technology (IT) and security operations application to create highly reusable custom functions for playbooks. The creation and execution of playbooks using an IT and security operations application generally enables users to automate operations related to an IT environment responsive to the identification of various types of incidents or other triggering conditions. Users can create playbooks to automate operations such as, for example, modifying firewall settings, quarantining devices, restarting servers, etc., to improve users' ability to efficiently respond to various types of incidents operational issues that arise from time to time in IT environments.

Abstract: Systems and methods are disclosed for implementing a data processing workflow user interface for a streaming data processing system. The workflow is visually represented as a series of modules along with interconnections for the modules. Each module represents an operation on a streaming data object, such as a data transformation. The user interface enables selection of a workflow template based on a user-specified data source, and then allows the user to customize the workflow template by specifying additional operations to apply to data objects. The interface may show the user a preview of output data objects processed according to the customized workflow.

Abstract: Dashboard evaluation includes receiving a dashboard code defining a dashboard that includes visualizations in a layout, rendering, in a graphical user interface (GUI) of a dashboard editing tool, the dashboard based on the dashboard code, and extracting, using the dashboard code, a data attribute of a data object represented by a visualization of the multiple visualizations. Dashboard evaluation further includes evaluating, by the dashboard editing tool, the visualization based on the data attribute to obtain a score, presenting, in the GUI of the dashboard editing tool, a recommendation based on the score failing to satisfy a first threshold, receiving, through the GUI of the dashboard editing tool and after presenting the recommendation, an edit to the dashboard code that adjusts the visualization, and storing, by the dashboard editing tool, the edit to the dashboard code.

Abstract: Machine data of an operating environment is conveyed by a network to a data intake and query system (DIQS) which reflects the machine data as timestamped entries of a field-searchable datastore. Monitoring functionality may search the machine data to identify notable event instances. A notable event processing system correlates the notable event instance to one or more triaging models which are executed against the notable event to produce a modeled result. Information of the received notable event and the modeled results are combined into an enhanced representation of a notable event instance. The enhanced representation conditions downstream processing to automatically perform or assist triaging of notable event instances to optimize application of computing resources to highest priority conditions in the operating environment.

Abstract: An information technology (IT) and security operations application is described that stores data reflecting customizations that users make to GUIs displaying information about various types of incidents, and further uses such data to generate “popular” interface profiles indicating popular GUI modifications. The analysis of the GUI customizations data is performed using data associated with multiple tenants of the IT and security operations application to develop profiles that may represent a general consensus on a collection and arrangement of interface elements that enable analysts to efficiently respond to certain types of incidents. Users of the IT and security operations application can then optionally apply these popular interface profiles to various GUIs during their use of the application.

Abstract: A system of terminating data server nodes based on insufficient processing of messages. In embodiments, a plurality of time-stamped, searchable events from machine data are created. A plurality of data server nodes that service messages across one or more portions of the plurality of time-stamped, searchable events, are executed in parallel. For each message received, the message is sent to a data server node, of the plurality of data server nodes, to cause the receiving data server node to perform a data operation associated with the received message. A determination can then be made that a particular data server node insufficiently processes messages sent to the particular data server node. Thereafter, termination of the particular data server node is initiated to terminate processes or threads executed by the particular data server node.