Abstract: Techniques and mechanisms are disclosed enabling efficient collection of forensic data from client devices, also referred to herein as endpoint devices, of a networked computer system. Embodiments described herein further enable correlating forensic data with other types of non-forensic data from other data sources. A network security application described herein further enables generating various dashboards, visualizations, and other interfaces for managing forensic data collection, and displaying information related to collected forensic data and information related to identified correlations between items of forensic data and other items of non-forensic data.

Abstract: Technologies are disclosed for providing a common information model. Features include: detecting a scheduled time for a key performance indicator reflecting how a service provided by one or more entities is performing, entity definition information recording the association between the entities and its machine data, service definition information associating the entities that provide the service, and the KPI being defined by a search query, including a field identifier specified in a data model, the KPI derives a value from the machine data; performing the query in response to said detecting, including: associating values in the machine data having disparate field names in accordance with disparate schemas with the field identifier specified in the data model, and processing the associated values as semantically equivalent data instances. In doing so, values having the same semantic (or related semantics) can be used together despite being associated with disparate field names from disparate schemas.

Abstract: A computer-implemented method for integration of machine learning components within a pipelined search query to generate a visualization is described. Herein, an interface is provided for receipt of pipelined code into a web-based programming application. The pipelined code features a series of operators configured to perform one or more tasks based on collective operations by the series of operators, wherein a first operator of the series of operators is to receive input data from a selected data source and each remaining operator of the series of operators to receive input based on an output from a preceding operator of the remaining operators. The task(s) performed by the pipelined code generate results including visualizations. The visualization is rendered in a manner that allows the pipelined code to be scrolled to display the pipelined code or the visualization.

Abstract: In embodiments, at a first cluster, information identifying a plurality of indexers of the first cluster is determined based on a master node of the first cluster identifying active indexers within the first cluster. The information is transmitted from the first cluster to a second cluster. Such information can include a list of active indexers, and an indication of how to communicate with the plurality of indexers that is used by the second cluster in distributing a distributed search query. The distributed search query is received at the plurality of indexers of the first cluster. The distributed search query is distributed across the plurality of indexers based on the information identifying the plurality of indexers. A response is provided from at least one of the plurality of indexers, wherein each response from a respective indexer is generated based on an evaluation of the distributed search query.

Abstract: An example method of determining a state of a key performance indicator (KPI) comprises: receiving one or more entity definitions, wherein each entity definition associates an entity with machine data pertaining to the entity; receiving a service definition for a service provided by one or more entities, the service definition including a reference to a corresponding entity definition of the entity definitions, wherein the service definition includes a respective reference for each of the one or more entities; receiving definitions of one or more KPIs, each KPI defined by a respective search query that produces a value derived from particular machine data, wherein the particular machine data is identified by the service definition, wherein each value is indicative of performance of the service at a point in time or during a period of time; deriving, by performing on the machine data a search query associated with the KPI, one or more KPI values for the KPI; selecting, among a plurality of states of the KPI, a

Abstract: Embodiments of the present invention are directed to facilitating distributed data processing for machine learning. In accordance with aspects of the present disclosure, a set of commands in a query to process at an external computing service is identified. For each command in the set of commands, at least one compute unit including at least one operation to perform at the external computing service is identified. Each of the at least one compute unit associated with each command is analyzed to identify an optimized manner in which to execute the set of commands at the external computing service. An indication of the optimized manner in which to execute the set of commands and a corresponding set of data is provided to the external computing service to utilize for executing the set of commands at the external computing service.

Abstract: Systems and methods are disclosed for efficiently uploading event data of a data intake and processing system and building journey instances using the uploaded event data in a distributed manner. Each journey instance is illustratively associated with a series of events within the event data occurring over a journey duration. For example, a cloud-based hosting system can implement a cloud-based distributed system that receives fragmented uploads of event data from the data intake and query system. Once received, the cloud-based hosting system can combine the event data from one or more uploads and re-stitch portions of the uploaded event data using a set of worker nodes to build journey instances.

Abstract: A search interface is displayed in a table format that includes one or more columns, each column including data items of an event attribute, the data items being of a set of events, and a plurality of rows forming cells with the one or more columns, each cell displaying a textual representation of at least one of the data items of the event attribute of a corresponding column. Based on a user selecting a portion of the textual representation in a corresponding cell, a list of options is displayed that corresponds to the selected portion of the textual representation. Furthermore, one or more commands are added to a search query that corresponds to the set of events, the one or more commands being based on at least an option that is selected from the list of options and the selected portion of the textual representation in the corresponding cell.

Abstract: A data intake and query system may store raw machine data that includes location information. A client system may include a user interface for searching the data intake and query system. The user interface allows a user to define a field search query and to define one or more ad-hoc boundary regions on a map. A combined query is transmitted to the data intake and query system, the combined query including both the field search query and location search information that is based on the ad-hoc boundary regions. The data intake and query system runs the combined query and returns responsive results, which are displayed at the client user interface.

Abstract: Techniques and mechanisms are disclosed enabling efficient collection of forensic data from client devices, also referred to herein as endpoint devices, of a networked computer system. Embodiments described herein further enable correlating forensic data with other types of non-forensic data from other data sources. A network security application described herein further enables generating various dashboards, visualizations, and other interfaces for managing forensic data collection, and displaying information related to collected forensic data and information related to identified correlations between items of forensic data and other items of non-forensic data.

Abstract: In various embodiments, a method comprises generating, based on first sensor data captured by a depth sensor on a mobile device, three-dimensional data representing a physical space that includes a real-world asset, generating, based on second sensor data captured by an image sensor, two-dimensional data representing the physical space, generating an adaptable 3D representation of the physical space based on the three-dimensional and two-dimensional data, the adaptable representation including coordinates representing different positions in a 3D-coordinate space corresponding to the physical space and the coordinates encapsulate a digital representation of the asset, transforming the adaptable representation into geometry data comprising a set of vertices and a set of faces comprising edges between vertices, applying, based on a first input, a first color along a specified path that appears on a face to generate a first paint path, and transmitting, to a remote device, data corresponding to the first input.

Abstract: In some embodiments, in response to the user selecting a first node in the tree to be pinned, the system displays a first detail panel for the first node, wherein the first detail panel displays state information for the first node, wherein the state information is frozen at the time of pinning. Moreover, in response to the user selecting a second node in the tree to be pinned, the system displays a second detail panel for the second node, wherein the second detail panel displays state information for the second node, wherein the state information is frozen at the time of pinning. Note that the first detail panel is displayed concurrently with the second detail panel to facilitate comparing state information between the first and second nodes.

Abstract: A system that displays a set of polygons is described. This system obtains a set of line segments that defines the set of polygons. The system forms a horizontal index that keeps track of where line segments vertically project onto a horizontal reference line and similarly forms a vertical index for horizontal projections onto a vertical reference line. The system obtains a clip rectangle that defines a view into the set of polygons and uses the horizontal and vertical indexes to determine intersections between borders of the clip rectangle and line segments in the set of line segments. Next, the system uses the determined intersections to clip polygons in the set of polygons that intersect the clip rectangle. Finally, the system transfers the clipped polygons, and also unclipped polygons that fit completely within the clip rectangle, to a display device that displays the view into the set of polygons.

Abstract: A computer implemented method includes establishing, by a data intake and query system, a network connection between the data intake and query system and an application and infrastructure monitoring platform. The data intake and query system receives a data stream from the application and infrastructure monitoring platform. The computer implemented method further includes transforming the data stream while receiving the data stream to obtain a transformed data stream. Further, the transformed data stream is analyzed while receiving the data stream to generate analysis results, which are presented.

Abstract: Information technology environment monitoring systems, for example, perform analytics over machine data received from networked entities. Outputs of such a system may be useful to help a user identify a problem and resolve an incident. Inventive aspects enable user interactions to trigger automatic connection with network servers to establish communication channels for conveying analytics and other information related to the problem between and among network nodes participating in the resolution of the problem or incident.

Abstract: An instrumentation analysis system processes data streams by executing instructions specified using a data stream language program. The data stream language allows users to specify a search condition using a find block for identifying the set of data streams processed by the data stream language program. The set of identified data streams may change dynamically. The data stream language allows users to group data streams into sets of data streams based on distinct values of one or more metadata attributes associated with the input data streams. The data stream language allows users to specify a threshold block for determining whether data values of input data streams are outside boundaries specified using low/high thresholds. The elements of the set of data streams input to the threshold block can dynamically change. The low/high threshold values can be specified as data streams and can dynamically change.