Patents Assigned to Splunk Inc.
  • Patent number: 12164522
    Abstract: An interface and improved data intake and query system is described herein that allows users to define metrics and that aggregates metric values regardless of the level at which a metric is defined and/or the level at which metric values are available. The improved data intake and query system can initialize a sketch in response to a user providing one or more metric definitions. The initialized sketch includes one or more instances, where each instance produces an output and collects metric value(s), appends the metric value(s) to the output, and forwards the appended data to a process function downstream in a data processing pipeline. The process function separates the output and the metric value(s), sending the output further downstream in the data processing pipeline and sending the metric value(s) to a parallel process function that sits outside the data processing pipeline. The parallel process function can persist the metric value(s).
    Type: Grant
    Filed: September 15, 2021
    Date of Patent: December 10, 2024
    Assignee: Splunk Inc.
    Inventors: Lin Ma, Frank Ye
  • Patent number: 12158880
    Abstract: Implementations of this disclosure provide an anomaly detection system and methods of performing anomaly detection on a time-series dataset. The anomaly detection may include utilization of a forecasting machine learning algorithm to obtain a prediction of points of the dataset and comparing the predicted value of a point in the dataset with the actual value to determine an error value associated with that point. Additionally, the anomaly detection may include determination of a sensitivity threshold that impacts whether points within the dataset associated with certain error values are flagged as anomalies. The forecasting machine learning algorithm may implement a seasonality component determination process that accounts for seasonality or patterns in the dataset. A search query statement may be automatically generated through importing the sensitivity threshold into a predetermined search query statement that implements that forecasting machine learning algorithm.
    Type: Grant
    Filed: October 31, 2022
    Date of Patent: December 3, 2024
    Assignee: Splunk Inc.
    Inventors: Kristal Curtis, William Deaderick, Tanner Gilligan, Joseph Ross, Abraham Starosta, Sichen Zhong
  • Patent number: 12141047
    Abstract: A method of computing real-time metrics for automated workflows includes aggregating a set of ingested spans into a set of traces. The method further includes executing a set of rules to determine a set of workflows associated with the set of traces, wherein each workflow of the set of workflows is associated with a respective trace of the set of traces, and wherein each workflow is operable to group together activity associated with a client process within a respective trace. The method also includes assigning a name to each workflow based on the rules and computing real-time metrics for each of the workflows.
    Type: Grant
    Filed: January 31, 2022
    Date of Patent: November 12, 2024
    Assignee: SPLUNK Inc.
    Inventors: Gergely Danyi, Sakshi Garg, Maxime Petazzoni, Sahinaz Safari Sanjani, Timothy Matthew Robin Williamson, Eric Wohlstadter
  • Patent number: 12135788
    Abstract: Techniques are described for enabling an application to automatically generate text narratives explaining risk scores assigned to risk objects. The application uses natural language generation (NLG) techniques to enable the automatic create text narratives providing context and explanation for risk scores. The described approaches use data from a variety of data sources (e.g., risk event indexes, correlation search data, attack framework data, etc.) to create compelling and useful explanations of the risk analysis associated with identified risk objects. These automatically generated text narratives can be readily presented in any number of different interfaces without the need for complex visualizations or user effort to derive the same information.
    Type: Grant
    Filed: July 30, 2021
    Date of Patent: November 5, 2024
    Assignee: Splunk Inc.
    Inventors: Namratha Sreekanta, Nikesh Padakanti
  • Patent number: 12135627
    Abstract: Embodiments described herein are directed to facilitating management of collection agents. In one embodiment, a control request is received at an agent service manager from an agent controller that manages collection agents that collect data. The agent controller and the collection agents operate on a remote computing machine. A desired agent event is identified to be executed in association with a set of collection agent of the collection agents. An indication of the desired agent event is provided to the agent controller for execution of the desired agent event in association with each collection agent of the set of collection agents.
    Type: Grant
    Filed: January 31, 2022
    Date of Patent: November 5, 2024
    Assignee: Splunk Inc.
    Inventors: Dinesh Dutt Sharma, Chaitanya Sunil Phalak, Kyung Rock Baek, Vinu K. Alazath
  • Publication number: 20240364733
    Abstract: Techniques are described for providing a threat analysis platform capable of automating actions performed to analyze security-related threats affecting IT environments. Users or applications can submit objects (e.g., URLs, files, etc.) for analysis by the threat analysis platform. Once submitted, the threat analysis platform routes the objects to dedicated engines that can perform static and dynamic analysis processes to determine a likelihood that an object is associated with malicious activity such as phishing attacks, malware, or other types of security threats.
    Type: Application
    Filed: January 31, 2023
    Publication date: October 31, 2024
    Applicant: Splunk Inc.
    Inventors: Bryan BURNS, Michael HORN, Steven Thomas JACKSON, William METCALF, Jason WILLIAMS, Gregory Lee WITTEL
  • Patent number: 12130829
    Abstract: Systems and methods are described for generation and execution of modified queries. An input can be received via a visualization of a user interface. The input may identify a first field value and a first field for execution of a query. A set of data for execution of the query can be identified based on the input. Alias data may identify a second field that is associated with the first field. Using the alias data, a modified query can be generated based on the query and the second field. The modified query can be executed to generate query results. The query results can be displayed via a visualization of the user interface based on the first field.
    Type: Grant
    Filed: October 31, 2022
    Date of Patent: October 29, 2024
    Assignee: Splunk Inc.
    Inventors: Nasim Bigdelu, Margaret Kelley, Mirjana Tesic, Rebecca Tortell, Rajesh Raman
  • Patent number: 12130866
    Abstract: One or more processing devices receive a definition of a search query for a correlation search of a data store, the data store comprising time-stamped events that each include raw machine data reflecting activity in an information technology environment and produced by a component of the information technology environment, receive a definition of a triggering condition to be evaluated based on aggregated statistics of values of one or more fields of a dataset produced by the search query, receive a definition of one or more actions to be performed when the triggering condition is satisfied, generate, using search processing language, a statement to define the search query and the triggering condition, and in view of the results of the execution of the search processing language, cause generation of the correlation search using the defined search query, the triggering condition, and the one or more actions, the correlation search comprising updated search processing language having the search query and a proce
    Type: Grant
    Filed: December 7, 2020
    Date of Patent: October 29, 2024
    Assignee: Splunk, Inc.
    Inventors: Lucas Murphey, David Hazekamp
  • Patent number: 12131233
    Abstract: A method for deployment of machine-learning based operators within a query is described. For this embodiment, a sequence of operators associated with a query is identified, which includes at least a first operator and at least a second operator. The second operator is configured to perform operations, in accordance with a machine learning (ML) component, on data received as input from execution of the first operator. Schemas associated with the machine learning component is retrieved along with schemas associated with other operators within the sequence. Compatibility between at least an output schema associated with the first operator and an input schema associated with the second operator associated with the ML component is determined. Thereafter, a portion of the sequence of operators including at least the second operator and another operator of the sequence of operators successive to the second operator may be stored within a data store for subsequent use.
    Type: Grant
    Filed: October 19, 2020
    Date of Patent: October 29, 2024
    Assignee: Splunk Inc.
    Inventors: Chinmay Madhav Kulkarni, Lin Ma, Amir Malekpour, Mohan Rajagopalan, John C. Reed, Ram Sriharsha
  • Patent number: 12124687
    Abstract: Embodiments are disclosed for a data analysis tool for facilitating iterative and exploratory analysis of large sets of data. In some embodiments a data analysis tool includes a graphical user interface through which an interactive set of field identifiers is displayed. Each of the listed field identifiers may reference fields associated with a set of events returned in response to a search query, the set of events including machine data produced by components within an information technology (IT) environment that reflects activity in the IT environment. In response to user selections of field identifiers included in the displayed set, a data analysis tool may cause display of manipulable visualizations based on values included in fields referenced by the selected field identifiers.
    Type: Grant
    Filed: May 23, 2023
    Date of Patent: October 22, 2024
    Assignee: Splunk Inc.
    Inventors: Michael Porath, Finlay Cannon, Thomas Allan Haggie
  • Patent number: 12124324
    Abstract: A method for identifying and indicating resource access faults associated with a webpage. The method includes receiving a machine-readable file that includes a plurality of instructions defining at least content and structure of a webpage. The method further comprises causing a browser to load the webpage based at least in part on the machine-readable file; determining resource utilization associated with the load of the webpage; identifying one or more resource access faults associated with the machine-readable file based at least in part on the determined resource utilization and a resource access instruction policy; for each of the one or more resource access faults, identifying an instruction of the plurality of instructions that corresponds to the particular resource access fault; and causing display of the one or more instructions.
    Type: Grant
    Filed: April 14, 2021
    Date of Patent: October 22, 2024
    Assignee: Splunk Inc.
    Inventor: William Matthew Hoffman
  • Patent number: 12124669
    Abstract: A visualization can include a set of swim lanes, each swim lane representing information about an event type. An event type can be specified, e.g., as those events having certain keywords and/or having specified value(s) for specified field(s). The swim lane can plot when (within a time range) events of the associated event type occurred. Specifically, each such event can be assigned to a bucket having a bucket time matching the event time. A swim lane can extend along a timeline axis in the visualization, and the buckets can be positioned at a point along the axis that represents the bucket time. Thus, the visualization may indicate whether events were clustered at a point in time. Because the visualization can include a plurality of swim lanes, the visualization can further indicate how timing of events of a first type compare to timing of events of a second type.
    Type: Grant
    Filed: March 7, 2022
    Date of Patent: October 22, 2024
    Assignee: Splunk Inc.
    Inventors: Cary Noel, John Coates
  • Patent number: 12124441
    Abstract: An example method of utilizing shared search queries for defining multiple key performance indicators (KPIs) comprises: receiving input specifying one or more service definitions, each service definition of the one or more service definitions specifying an entity definition for an entity providing a service of one or more services executing in an information technology (IT) environment, wherein the IT environment is monitored by the service monitoring system, wherein the service monitoring system uses first machine data of a first entity specified by a first service definition of the one or more service definitions to monitor a first KPI for a first service of the one or more services, and wherein the service monitoring system uses second machine data of a second entity specified by a second service definition of the one or more service definitions to monitor a second KPI for a second service of the one or more services; determining that the first machine data and the second machine data include common machin
    Type: Grant
    Filed: December 6, 2022
    Date of Patent: October 22, 2024
    Assignee: Splunk Inc.
    Inventors: Nicholas Matthew Tankersley, Fang I. Hsiao, Arun Ramani
  • Patent number: 12118497
    Abstract: An automatic service monitor in an information technology environment has its operation controlled by information that, in part, defines entities that perform services and defines key performance indicators (KPIs) that indicate measures of performance of the services. Additional information controls the operation of the service monitor with respect to identifying and adapting for KPIs based on the non-normal data caused by maintenance work or other causes. Such adaptation may include changes in how reported information appears to the user.
    Type: Grant
    Filed: September 27, 2022
    Date of Patent: October 15, 2024
    Assignee: Splunk Inc.
    Inventors: Anupadmaja Raghavan, George Daloukov, Alok Anant Bhide, Ross Andrew Lazerowitz, Tristan Antonio Fletcher, Alan Vincent Hardin
  • Patent number: 12120124
    Abstract: Techniques are described for providing a built-in “app” editor for an information technology (IT) and security operations application that enables users to create, modify, and test operation of apps under development within the editor. Some IT and security operations applications enable users to extend the applications by adding connectivity to third party technologies to run custom actions. For example, a user might create a custom app to enable an IT and security operations application to connect to an external service providing information about malicious Internet Protocol (IP) addresses, to connect to a relevant cloud provider service, or to interact with a firewall or other type of computing device used in a user's computing environment. Given the broad set of technologies that can be orchestrated by an IT and security operations application, apps broadly enable users to add custom functionality to interface with virtually any technology of interest.
    Type: Grant
    Filed: January 31, 2022
    Date of Patent: October 15, 2024
    Assignee: Splunk Inc.
    Inventors: Jacob Davis, Dekel Shahaff, Jeffrey Roecks, Sydney Flak, Navya Mehta, Ian Forrest, Sydney Karimi, Elton Xue
  • Patent number: 12120005
    Abstract: Network connected devices are controlled via the transmission of action messages to prevent or correct conditions that impair the operation of the networked information technology (IT) assets. The service monitoring system (SMS) monitoring the IT environment groups together related notable events that are received during system operation. Automatic processes dynamically determine grouping operations that automatically correlate the events without requiring, for example, a set of declarative grouping rules. Event grouping may be performed on a by-service basis to facilitate the complex processing of predicting undesirable system conditions that may be prevented or reduced by transmission of the action messages to the appropriate assets. Event grouping operations may be directed with control information maintained via user interface.
    Type: Grant
    Filed: June 4, 2021
    Date of Patent: October 15, 2024
    Assignee: Splunk Inc.
    Inventors: Vineetha Bettaiah, Alok Anant Bhide, Ross Andrew Lazerowitz
  • Patent number: 12118009
    Abstract: Systems and methods are described for distributed processing a query in a first query language utilizing a query execution engine intended for single-device execution. While distributed processing provides numerous benefits over single-device processing, distributed query execution engines can be significantly more difficult to develop that single-device engines. Embodiments of this disclosure enable the use of a single-device engine to support distributed processing, by dividing a query into multiple stages, each of which can be executed by multiple, concurrent executions of a single-device engine. Between stages, data can be shuffled between executions of the engine, such that individual executions of the engine are provided with a complete set of records needed to implement an individual stage. Because single-device engines can be significantly less difficult to develop, use of the techniques described herein can enable a distributed system to rapidly support multiple query languages.
    Type: Grant
    Filed: October 18, 2019
    Date of Patent: October 15, 2024
    Assignee: Splunk Inc.
    Inventors: Arindam Bhattacharjee, Sourav Pal, Timothy Tully
  • Patent number: D1046892
    Type: Grant
    Filed: October 31, 2022
    Date of Patent: October 15, 2024
    Assignee: SPLUNK Inc.
    Inventors: Iryna Vogler-Ivashchanka, Mei Chun Yeh, Tatsuya Hama
  • Patent number: D1046913
    Type: Grant
    Filed: October 31, 2022
    Date of Patent: October 15, 2024
    Assignee: SPLUNK Inc.
    Inventors: Iryna Vogler-Ivashchanka, Mei Chun Yeh, Tatsuya Hama
  • Patent number: D1046914
    Type: Grant
    Filed: October 31, 2022
    Date of Patent: October 15, 2024
    Assignee: SPLUNK Inc.
    Inventors: Iryna Vogler-Ivashchanka, Mei Chun Yeh, Tatsuya Hama