Abstract: A device that includes an extended reality application is employed by a user to access an extended reality environment. A selection of a first subset of dashboard panels included in a plurality of dashboard panels is received via an input device associated with the extended reality environment. Each dashboard panel included in the plurality of dashboard panels includes a visual representation of data. The first subset of dashboard panels is displayed in a foreground area of a workspace of the XR environment. A second subset of dashboard panels included in the plurality of dashboard panels is displayed in a background area of the workspace of the XR environment.

Abstract: Techniques are described for providing a threat analysis platform capable of automating actions performed to analyze security-related threats affecting IT environments. Users or applications can submit objects (e.g., URLs, files, etc.) for analysis by the threat analysis platform. Once submitted, the threat analysis platform routes the objects to dedicated engines that can perform static and dynamic analysis processes to determine a likelihood that an object is associated with malicious activity such as phishing attacks, malware, or other types of security threats.

Abstract: Systems and methods are disclosed for implementing a low-latency data stream monitoring system. The data stream monitoring system may obtain raw data from a data source as soon after the data is generated, and may classify the data according to different topics. The topics may be published in a publish-subscribe messaging model, and data enrichment systems may subscribe to the topics to receive data for enrichment. The data enrichment systems may supplement or replace the raw data with additional information, and may further classify or reclassify the enriched data into different topics. The enriched data may then be published to an alert generation system, which may apply various criteria to the enriched data to determine that alerts should be generated, generate the alerts, and publish or transmit the alerts to client devices. Individual data streams, topics, enrichments, criteria, and alarms may be added, removed, or modified as required.

Abstract: Embodiments are disclosed for performing cache aware searching. In response to a search query, a first bucket and a second bucket in remote storage for processing the search query. A determination is made that a first file in the first bucket is present in a cache when the search query is received. In response to the search query, a search is performed using the first file based on the determination that the first file is present in the cache when the search query is received, and the search is performed using a second file from the second bucket once the second file is stored in the cache.

Abstract: A data intake and query system receives raw machine via an internet protocol (IP) such as the hypertext transfer protocol (HTTP). The system has configurable global settings for the received raw machine data that determine properties such as the metadata that is associated with raw machine data. Each event is associated with a token, which is also configurable and provides settings such as metadata settings for the raw machine data. The raw machine data is stored as events based on the metadata. Electronic devices that generate raw machine data may transmit the raw machine data to the data intake and query system within HTTP messages. The HTTP messages may also include settings such as metadata for the raw machine data. The raw machine data is stored as events based on the global metadata settings, token metadata settings, and HTTP message metadata settings.

Abstract: Various implementations set forth a computer-implemented method for scanning a three-dimensional (3D) environment. The method includes generating, in a first time interval, a first extended reality (XR) stream based on a first set of meshes representing a 3D environment, transmitting, to a remote device, the first XR stream for rendering a 3D representation of a first portion of the 3D environment in a remote XR environment, determining that the 3D environment has changed based on a second set of meshes representing the 3D environment and generated subsequent to the first time interval, generating a second XR stream based on the second set of meshes, and transmitting, to the remote device, the second XR stream for rendering a 3D representation of at least a portion of the changed 3D environment in the remote XR environment.

Abstract: An identify resolution system performs actions comprises a set-up process and an identity resolution process that executes asynchronously with respect to the set-up process. the set-up process includes accessing machine data including a plurality of event data objects, each event data object of the plurality of event data objects including timestamped raw machine-generated data indicative of performance or operation of one or more entities in a computer network environment. The identity resolution process ascertains the identity of an entity associated with the computer network environment, based on the association data in the data store, wherein the identity of the entity is not expressed directly in the association data in the data store.

Abstract: A method of persisting and querying Real User Monitoring (RUM) data comprises grouping together spans associated with a user-interaction with a webpage or application that are ingested during a given time duration. The method also comprises generating one or more data sets each associated with an analysis modality using the grouped spans, wherein each analysis modality extracts a different level of detail from the spans. Further, the method comprises selecting, based on a first user query, a first analysis modality for generating a response to the first user query and accessing a data set that is associated with the first analysis modality. The method also comprises generating the response to the first user query using the data set associated with the first analysis modality, wherein the first user query requests information pertaining to a performance of the application in response to the user-interaction.

Abstract: Systems and methods include causing presentation of a first cluster in association with an event of the first cluster, the first cluster from a first set of clusters of events. Each event includes a time stamp and event data. Based on the presentation of the first cluster, an extraction rule corresponding to the event of the first cluster is received from a user. Similarities in the event data between the events are determined based on the received extraction rule. The events are grouped into a second set of clusters based on the determined similarities. Presentation is caused of a second cluster in association with an event of the second cluster, where the second cluster is from the second set of clusters.

Abstract: A computing device can receive a query that identifies a set of data to be processed and determine that a portion of the set of data resides in an external data system. The query system can request data identifiers associated with data objects of the set of data from the external data system and communicate the data identifiers to a data queue. The computing device can instruct one or more search nodes to retrieve the identifiers from the data queue. The search nodes can use the data identifiers to retrieve data objects from the external data system and process the data objects according to instructions received from the computing device. The search nodes can provide results of the processing to the computing device.

Abstract: Systems and methods are disclosed for recommending query parameters to a user based on tenant information. The system can identify a token query parameter from a portion of a query entered in a user interface. The token query parameter can correspond to a system query parameter, such as a query command, a function, etc., or to a user query parameter. The system can identify a tenant of a distributed data intake and query system that is associated with the query. Based on the token query parameter, the system can identify at least one query parameter associated with the tenant. The at least one query parameter can include one or more query parameters previously entered by the user or other users of the tenant, etc. The system can cause the user interface to display one or more recommended query parameters for inclusion in the query.

Abstract: A computerized method is disclosed for grouping alerts through machine learning. The method including receiving an alert to be assigned to any of a plurality of existing issues or to a newly created issue, wherein an issue is a grouping of alerts, determining a temporal distance between the alert and each of the existing issues, determining either of (i) a numerical distance between the alert and each of the existing issues for a particular numerical field, or (ii) a categorical distance between the alert and each of the existing issues for a particular categorical field, determining an overall distance between the alert and each of the existing issues, and assigning the alert to either (i) an existing issue having a shortest overall distance to the alert that satisfies one or more time constraints, or (ii) the newly created issue.

Abstract: Systems and methods are disclosed for generating one or more files to visualize query results. The systems and methods can include parsing one or more files that include one or more queries and computer-executable instructions for displaying results of the one or more queries. The one or more queries can identify a set of data to be processed and a manner of processing the set of data. The systems and methods can further include generating one or more files that include the results of the queries and computer-executable instructions for displaying one or more visualizations of the results.

Abstract: A process for facilitating downscaling of datastores (e.g., in a stateful system) is described herein. In embodiments, a set of metrics associated with a set of data stores of a stateful service is obtained. The set of metrics may indicate a utilization of each of the data stores of the set of data stores. Based on the set of metrics indicating underutilization associated with at least a portion of the set of data stores, a determination is made to initiate a downscaling of the set of data stores. Thereafter, a downscaler is deployed to perform downscaling operations to downscale the set of data stores. The downscaler communicates with a first data store to replicate data of the first data store onto a second data store. Based on identifying that the downscaler has completed the downscaling operations to downscale the set of data stores, the downscaler is terminated.

Abstract: A computerized method is disclosed that includes operations of obtaining historical network traffic and preparing a training set of data by: applying security rules to the historical network traffic data to obtain a first filtered subset of network transmissions representing a first set of beaconing candidates that is labeled to form a first set of labeled results, applying a clustering logic to the historical network traffic data to obtain a second filtered subset of network transmissions representing a second set of beaconing candidates that is labeled to form a second set of labeled results, applying a machine learning model to the historical network traffic data to label the historical network traffic forming a third set of labeled results, wherein the first, second and third sets of labeled results are augmented to form an augmented labeled training set, and training a machine learning model using the augmented labeled training set.

Abstract: Various implementations set forth a computer-implemented method for scanning a three-dimensional (3D) environment. The method includes generating, in a first time interval, a first extended reality (XR) stream based on a first set of meshes representing a 3D environment, transmitting, to a remote device, the first XR stream for rendering a 3D representation of a first portion of the 3D environment in a remote XR environment, determining that the 3D environment has changed based on a second set of meshes representing the 3D environment and generated subsequent to the first time interval, generating a second XR stream based on the second set of meshes, and transmitting, to the remote device, the second XR stream for rendering a 3D representation of at least a portion of the changed 3D environment in the remote XR environment.

Abstract: In various embodiments, a computer-implemented method comprises acquiring status data for settings that control operations of the edge sensor device, transmitting the status data to a backend system, receiving a command to modify settings that control the operations of the edge sensor device, the settings specifying (i) one or more subscribers, and (ii) a data collection limit, in response to receiving the command, modifying the setting, acquiring sensor data associated with a physical device operating within a physical environment, where a sensor service collects the the sensor data up to the data collection limit, and the edge sensor device is located proximal to the physical device, inputting the sensor data into an onboard message broker for publishing, and transmitting, from the onboard message broker, the sensor data, where the sensor data is addressed to a first set of one or more subscribers of the onboard message broker.

Abstract: The present invention is related to a method for providing dynamic indexer discovery. The method comprises receiving, from an index manager, a status indication associated with a plurality of indexers, wherein each of the plurality of indexers indexes events of raw machine-generated data received from a plurality of data collectors. The method further comprises determining a weight associated with each of the plurality of indexers and selecting an indexer from the plurality of indexers. Subsequently, the method comprises allocating data to the indexer in accordance with a respective weight assigned to the indexer and transmitting the allocated data to the indexer.