Abstract: An application development and deployment system allows an application developer to develop applications for a distributed data intake and query system. The application may include information that associates portions of the application with particular server groups of the distributed data intake and query system. The application may be partitioned to generate target application packages for each of the server groups of the data intake and query system.

Abstract: A device executes a visualization application program on a processor. Via the visualization application, a technique for visualizing data paths are performed. The technique includes receiving a data structure from a data intake and query system, where the data stream includes event stream data associated with the data path. The data path includes a set of entities, including an origin entity and a destination entity. The technique further includes generating visualizations of the origin entity, destination entity, and the event stream data. The visualization of the event stream data includes visualizations of events streaming between the visualization of the origin entity and visualization of the destination entity. The technique also includes causing the visualizations of the origin entity, destination entity, and the event stream data to be presented in an extended reality environment.

Abstract: A method of aggregating metrics associated with a user interaction during a real user session comprises identifying a span comprising a tag associated with a workflow from ingested spans associated with the real user session, where the workflow comprises spans generated in response to the user interaction. The method also comprises identifying other spans associated with the workflow from the ingested spans. The method further comprises grouping the other spans associated with the workflow with the tagged span and aggregating metrics for the workflow over a duration of time.

Abstract: A device that includes an extended reality application is employed by a user to access an extended reality environment. A selection of a first user interface object included in a plurality of user interface objects displayed in the extended reality environment is received via an input device associated with the extended reality environment. Each user interface object included in the plurality of user interface objects is associated with a different set of dashboard panels. At least a first portion of a first set of dashboard panels associated with the first user interface object is displayed in a foreground area of a workspace of the XR environment. The foreground area has a first depth relative to a user viewpoint within the XR environment. The workspace further comprises a background area having a second depth relative to the user viewpoint within the XR environment.

Abstract: Embodiments are directed towards a system and method for a cloud-based front end that may abstract and enable access to the underlying cloud-hosted elements and objects that may be part of a multi-tenant application, such as a search application. Search objects may be employed to access indexed objects. An amount of indexed data accessible to a user may be based on an index storage limit selected by the user, such that data that exceeds the index storage limit may continue to be indexed. Also, one or more projects can be elastically scaled for a user to provide resources that may meet the specific needs of each project.

Abstract: Various embodiments of the present application set forth a computer-implemented method comprising detecting a tag associated with a real-world object, determining a object identifier (ID) associated with the tag, determining a first user role associated with a user of an XR environment, receiving a set of values associated with the object ID and the user role from a data source, wherein the set of values is provided by the data source based on the object ID and on a query executed on raw machine data associated with the real-world object, and displaying, by a client device within the XR environment, a visualization that displays the set of values.

Abstract: Techniques and mechanisms are disclosed for generating visualizations which graphically depict network activity occurring between pairs of networked computing devices. The visualizations are based on data indicating the network activity, where the network activity can involve devices having any network addresses within an entire network address space (e.g., any address within the Internet Protocol version v4 (IPv4) or IPv6 network address space), or within some subset of an entire network address space. The ability to visualize high-level information related to network activity occurring across an entire network address space enables network analysts and other users to readily analyze characteristics of computer networks which otherwise might not be evident or difficult to obtain using other types of visualizations.

Abstract: Techniques are described for enabling analysts and other users of an IT operations platform to identify certain data objects managed by the platform (for example, events, files, notes, actions results, etc.) as “evidence” when such data objects are believed to be of particular significance to an investigation or other matter. For example, an event generated based on data ingested from an anti-virus service and representing a security-related incident might include artifacts indicating an asset identifier, a hash value of a suspected malicious file, a file path on the infected endpoint, and so forth. An analyst can use various interfaces and interface elements of an IT operations platform to indicate which of such events and/or artifacts, if any, represent evidence in the context of the investigation that the analyst is conducting. In response, the IT operations platform can perform various automated actions.

Abstract: A service monitoring system executing on one or more processors may have operations that are determined by control information. Control over the operation of the service monitoring system can be exerted through the use of a graphical interface. The graphical interface may present the control information of a new or existing correlation search definition for user interaction. The service monitoring system may maintain a data store of key performance indicator (KPI) data, where a KPI value in the data store is produced by a KPI-defining search query that derives the value from machine data associated with one or more entities that perform a monitored service. A correlation search definition of the service monitoring system determines how a search of the KPI data is conducted, how its data is evaluated to determine whether a triggering condition has been met, and, if so, determines what triggered action is to be initiated.

Abstract: As described herein, a portion of machine data of a message may be analyzed to infer, using an inference model, a sourcetype of the message. The portion of machine data may be generated by one or more components in an information technology environment. Based on the inference, a set of extraction rules associated with the sourcetype may be selected. Each extraction rule may define criteria for identifying a sub-portion of text from the portion of machine data of the message to produce a value. The set of extraction rules may be applied to the portion of machine data of the message to produce a result set that indicates a number of values identified using the set of extraction rules. Based on the result set, at least one action may be performed on one or more of inference data associated with the inference model and one or more messages.

Abstract: According to embodiments, a method for navigating clusters of a data structure includes gathering data from the data structure by instrumenting instances of application software executing on the data structure. The method also includes identifying clusters of the data structure based on the gathered data. The method also includes causing display of a cluster map of the data structure, the cluster map comprising a plurality of clusters, each cluster of the plurality of clusters comprising a plurality of nodes, each node of the plurality of nodes comprising a plurality of pods, each pod of the plurality of pods comprising a plurality of containers. The method also includes providing a status for each node, each pod, and each container of each cluster. The method also includes causing display of analysis of each cluster of the cluster map, the analysis comprising granular information for each cluster.

Abstract: A mobile device that includes a camera and an extended reality software application program is employed by a user in an operating environment, such as an industrial environment. One or more objects within a geofence may be identified. A device crosses within the geofence and acquires sensor data associated with an object within the geofence. The sensor data may include image data and/or audio data. The device or a server system may then determine an object identifier associated with the object based on a comparison of the sensor data with data associated with object identifiers corresponding to objects within the geofence. Based on the object identifier, data associated with the object are obtained. The data associated with the object may be presented via the device, such as an extended reality overlay over a view of the object in the device.

Abstract: In various embodiments, a computer-implemented method comprises receiving an artifact manifest representing at least a portion of a shared session between a first application and at least a second application, where the artifact manifest identifies a set of data visualization artifacts that are generated by the first application, transmitting the artifact manifest to the second application, receiving, from the second application accessing the shared session, a modification to a first data visualization artifact in the set of data visualization artifacts, and causing, based on the modification, the first data visualization artifact to be updated by the first application.

Abstract: Various implementations set forth a computer-implemented method for scanning a three-dimensional (3D) environment. The method includes generating, in a first time interval, a first extended reality (XR) stream based on a first set of meshes representing a 3D environment, transmitting, to a remote device, the first XR stream for rendering a 3D representation of a first portion of the 3D environment in a remote XR environment, determining that the 3D environment has changed based on a second set of meshes representing the 3D environment and generated subsequent to the first time interval, generating a second XR stream based on the second set of meshes, and transmitting, to the remote device, the second XR stream for rendering a 3D representation of at least a portion of the changed 3D environment in the remote XR environment.

Abstract: One or more lower-tier system monitoring components are installed and operated prior to installing a higher-tier system monitoring component. A lower-tier system may be an individual server, network device, or local area network. A higher-tier system may include an enterprise or organization wide network or service that includes at least a part of the lower-tier system. Once the higher-tier system monitoring component is installed, the higher-tier and lower-tier system monitoring components use an interface to operate with one another to form a single larger instance of an organization wide monitoring system. The combination of the higher-tier system monitoring component and the one or more lower-tier system operating components performs monitoring aspects of the overall information technology environment based at least in part on machine data produced and made searchable to provide monitoring results.

Abstract: Based on a selection by a user of first one or more values of one or more events displayed in a graphical interface, an extraction rule is automatically determined that is capable of extracting a field label-value pair at least partially within at least the selected one or more values. An option is displayed that correspond to the determined extraction rule in the graphical interface. Based on the user selecting the option in the graphical interface, display is caused of second one or more values of one or more field label-value pairs extracted from the one or more events using the extraction rule. The one or more events may be displayed in a table format, and the first one or more value may be selected by the user selecting one or more cells, columns, or text portions in the table format.

Abstract: Embodiments described herein facilitate enhancement of data model acceleration, including generating data model summaries and performing searches in an accelerated manner. In one implementation, a set of events are indexed, each of the events having a corresponding index time representing a time at which the event was indexed in an indexer. Index time parameters including an index earliest time indicating a first index time at which to begin generating a data model summary and an index latest time indicating a second index time at which to complete generating the data model summary are obtained. Thereafter, a data model summary is generated. Such a data model summary summarizes events having corresponding index times between the index earliest time and the index latest time. The data model summary is provided to a remote data store that is separate from the indexer at which at least a portion of the events were indexed.

Abstract: Embodiments of the present disclosure provide techniques for efficiently and accurately performing propagation of search-head specific configuration customizations across multiple individual configuration files of search heads of a cluster for a consistent user experience. The cluster of search heads may be synchronized such that the search heads operate to receive the configuration or knowledge object customizations from one or more clients from a central or lead search head. To reduce the amount of data that is transferred during propagation, the list of configuration or knowledge object customizations maintained in each search head is filtered from the list of the lead search head until a divergence point is determined. Once determined and communicated to the lead search head, the lead search head sends the configuration and knowledge object customization data that is absent from the internal list of the member search head.

Abstract: A computerized method is disclosed that includes operations of receiving one or more records, wherein each of the one or more records indicates a successful search query evaluation by at least one of a plurality edge devices, building a predictive analytics model based on the one or more records, wherein the predicative analytics model is configured to perform operations configured to predict enrichment data that is to be needed by one or more edge devices in the future during evaluation of a future search query, performing predictive analytics using the predictive analytics model to determine predictive enrichment data, and transmitting a first response packet to a first edge device, wherein the first response packet includes the predictive enrichment data. The records may include one or more of a data stream identifier, a search query, enrichment data that was required at a time the search query was evaluated.

Abstract: Techniques are described for providing users of a data intake and query system with pre-trained ML models capable of identifying malicious threats (e.g., malware, botnets, ransomware, etc.) in users' computing environments based on an analysis of Domain Name System (DNS) log data collected from DNS servers in users' environments. DNS log data is ingested by a data intake and query system and processed to obtain searchable timestamped event data. This event data can then be used as input to ML models provided by a security ML application described herein to detect potential occurrences of malicious activity within users' computing environments.