Patents Assigned to Splunk Inc.
  • Patent number: 12074901
    Abstract: Systems, methods, and software described herein provide for validating security actions before they are implemented in a computing network. In one example, a computing network may include a plurality of computing assets that provide a variety of different operations. During the operations of the network, administration systems may generate and provide security actions to prevent or mitigate the effect of a security threat on the network. However, prior to implementing the security actions within the network, computing assets may exchange security parameters with the administration systems to verify that the security actions are authentic.
    Type: Grant
    Filed: March 2, 2023
    Date of Patent: August 27, 2024
    Assignee: Splunk Inc.
    Inventors: Sourabh Satish, Oliver Friedrichs, Atif Mahadik, Govind Salinas
  • Patent number: 12072859
    Abstract: A computer system displays a graphical user interface (GUI) that includes data visualizations corresponding to data having timestamps within a time interval. A first type of input signal is mapped to a second type of input signal. The first type of input signal is associated with an input device communicatively coupled to the computer system. The second type of input signal is configured to operate a graphical user control of the GUI. Before mapping, the first type of input signal is configured to perform a function that is different from operation of the graphical user control. After receiving an input signal of the first type, an input signal of the second type is applied to the graphical user control based on the mapping. The time interval is adjusted, and the data visualizations are updated automatically to correspond to updated data having timestamps within the adjusted time interval.
    Type: Grant
    Filed: October 26, 2022
    Date of Patent: August 27, 2024
    Assignee: Splunk Inc.
    Inventor: Ryan O'Connor
  • Patent number: 12066915
    Abstract: A computerized method is disclosed for retraining machine learning models based on user feedback. The method includes receiving user feedback indicating a change is to be made to an assignment of one or more alerts, wherein the one or more alerts were assigned by a machine learning model implementing a distance metric, wherein an issue is a grouping of at least one alert, constructing a convex optimization procedure to minimize an adjustment of weights of the distance metric, retraining the machine learning model by adjusting the weights of the distance metric in accordance with the convex optimization procedure, and evaluating one or more subsequently received alert using the retrained machine learning model. Changes to be made to the assignment include any of merging of two issues, splitting of two issues based on time or an alert field, or reassignment of an alert from a first issue to a second issue.
    Type: Grant
    Filed: January 31, 2022
    Date of Patent: August 20, 2024
    Assignee: Splunk Inc.
    Inventors: William Deaderick, William Stanton, Thomas Camp Vieth
  • Patent number: 12066995
    Abstract: Embodiments are directed are towards a method for generating a query response, which comprises creating two or more partitions of event records from raw data stored in a data store, wherein each event record in the two or more partitions of event records includes a portion of the raw data and is associated with a time stamp derived from the raw data. The method also comprises generating a summarization table for each partition of the two or more partitions that: (a) identifies a field value comprising a value that corresponds to an associated field extracted from a respective event record; and (b) for the field value, includes a posting value to the respective event record within a respective partition. The method further comprises generating partial results for a received query using summarization tables in the partitions and generating a response to the query by combining the partial results.
    Type: Grant
    Filed: September 23, 2021
    Date of Patent: August 20, 2024
    Assignee: SPLUNK INC.
    Inventors: David Ryan Marquardt, Stephen Phillip Sorkin, Steve Yu Zhang
  • Patent number: 12067007
    Abstract: A method includes causing display to a user of at least one event of a first result set from a first pipelined search on events at an event source. Each event comprises a time stamp and a portion of machine data. A selection of a command is received from the user. The selection is to extend the first pipelined search with the selected command in a second pipelined search. The system selects between the first result set and the event source for execution of the second pipelined search based on an analysis of the selected command and at least one command of the first pipelined search. Based on the selecting being of the first result set, display to the user is caused of at least one event of a second result set from the execution of the second pipelined search on the first result set.
    Type: Grant
    Filed: July 26, 2022
    Date of Patent: August 20, 2024
    Assignee: Splunk Inc.
    Inventors: Jesse Brandau Miller, Marc V. Robichaud, Cory Eugene Burke
  • Patent number: 12067008
    Abstract: Systems and methods are described for display of metric data and log data in a graphical user interface. Metric data can be ingested from a first data source via a first ingestion path and log data can be ingested from a second data source via a second ingestion path. The first data source and the second data source may be distinct, disparate data sources and the first ingestion path and the second ingestion path may be distinct, disparate ingestion paths. The metric data can be displayed in a first area of the graphical user interface and the log data can be displayed in a second area of the graphical user interface. Input can be received identifying a selection of a portion of the metric data for display and the log data can be filtered based on the selection to identify a portion of the log data for display.
    Type: Grant
    Filed: January 31, 2022
    Date of Patent: August 20, 2024
    Assignee: Splunk Inc.
    Inventors: Nasim Bigdelu, Mirjana Tesic, Rebecca Tortell
  • Patent number: 12062234
    Abstract: A client device that includes a camera and an extended reality client application program is employed by a user in a physical space, such as an industrial or campus environment. The user aims the camera within the mobile device at a real-world asset, such as a computer system, classroom, or vehicle. The client device acquires a digital image via the camera and detects textual and/or pictorial content included in the acquired image that corresponds to one or more anchors. The client device queries a data intake and query system for asset content associated with the detected anchors. Upon receiving the asset content from the data intake and query system, the client device generates visualizations of the asset content and presents the visualizations via a display device.
    Type: Grant
    Filed: October 24, 2022
    Date of Patent: August 13, 2024
    Assignee: SPLUNK INC.
    Inventors: Devin Bhushan, Seunghee Han, Caelin Thomas Jackson-King, Jamie Kuppel, Stanislav Yazhenskikh, Jim Jiaming Zhu
  • Patent number: 12061638
    Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.
    Type: Grant
    Filed: October 18, 2022
    Date of Patent: August 13, 2024
    Assignee: Splunk Inc.
    Inventors: R. David Carasso, Micah James Delfino, Johnvey Hwang
  • Patent number: 12061533
    Abstract: Ingest health monitoring includes receiving an event stream of events in a data intake and query system to store on at least one storage system and obtaining an event from the event stream. Ingest health monitoring further includes transmitting the event to a selected ingest module queue for the event, updating an output rate indicator counter for the selected ingest module queue when failure to store the event in the ingest module queue occurs, obtaining the event from the selected ingest module queue, processing the event to generate a file for the event, and transmitting the file to the at least one storage system. Ingest health monitoring further includes updating the write failure indicator counter for a storage system of the at least one storage system when failure to transmit to the storage system occurs and updating the user interface based on the output rate indicator counter and the write failure indicator counter.
    Type: Grant
    Filed: July 29, 2022
    Date of Patent: August 13, 2024
    Assignee: Splunk Inc.
    Inventors: Amritpal Singh Bath, Samat Jain, Felix Jiang, Shanmugam Kailasam, Jibang Liu, Isabelle Park, Vishal Patel, Divya Vijayan, Jiahan Wang, Tingjin Xu
  • Patent number: 12061691
    Abstract: A graphical user interface (GUI) for presentation of network security risk and threat information is disclosed. A listing is generated of incidents identified by use of event data obtained from a networked computing environment. A particular incident is determined to be associated with a risk object, wherein a risk object is a component of the networked computing environment. The listing is populated with a name associated with the risk object. Risk events associated with the incident are determined, wherein each risk event contributes to a risk score for the incident. The risk score indicates a potential security issue associated with the risk object. The listing is populated with the risk score and a summary of the events. An action is associated with the listing, for triggering display of additional information associated with the risk object. The listing can be displayed in a first display screen of the GUI.
    Type: Grant
    Filed: October 29, 2021
    Date of Patent: August 13, 2024
    Assignee: Splunk Inc.
    Inventors: James Apger, Allison Lindsey Drake, James Irwin Ebeling, Orville Esoy, Bhooshan Kulkarni, Marquis L. Montgomery, Daniel Trenkner
  • Patent number: 12056169
    Abstract: A computerized method is disclosed that includes operations of training a machine learning model using a labeled training set of data, wherein the machine learning model is configured to classify domain name server (DNS) records, obtaining DNS record data including at least a first DNS Txt record, applying the trained machine learning model to the first DNS Txt record to classify the first DNS Txt record and responsive to the classification of the first DNS Txt record, generating a flag for a system administrator. The trained machine learning model may classify the first DNS Txt record using logistic regression. In some instances, applying the trained machine learning model to the first DNS Txt record includes performing a tokenizing operation on the first DNS Txt record to generate a tokenized first DNS Txt record.
    Type: Grant
    Filed: October 28, 2021
    Date of Patent: August 6, 2024
    Assignee: Splunk Inc.
    Inventors: Abhinav Mishra, Giovanni Mola, Ram Sriharsha, Abraham Starosta, Zhaohui Wang
  • Patent number: 12057208
    Abstract: Medication security and healthcare privacy analytics systems are described that enable users to search for and process stored healthcare environment data. The medication security and healthcare privacy analytics systems receive and correlate data from a plurality of data sources, including medication dispensing systems, healthcare employee records, and patient records. The medication security and healthcare privacy analytics systems generate a plurality of feature vectors from processed healthcare environment data. The visualizations are created using datasets generated by clustering algorithms and can indicate those feature vectors from the plurality of feature vectors whose data indicate anomalous interactions with various systems (e.g., indicative of unexpected or non-customary events).
    Type: Grant
    Filed: September 1, 2022
    Date of Patent: August 6, 2024
    Assignee: Splunk Inc.
    Inventor: Gleb Esman
  • Patent number: 12050597
    Abstract: An improved data intake and query system that can perform and display ingest-time and search-time field extraction, redaction, copy, and/or categorization is described herein. As described herein, ingest-time field extraction, redaction, copy, and/or categorization may refer to field or field value extraction, redaction, copy, and/or categorization that is performed by a log observer system of the data intake and query system on raw machine data as the raw machine data is ingested or received from a publisher. As described herein, search-time field extraction, redaction, copy, and/or categorization may refer to field or field value extraction, redaction, copy, and/or categorization that is performed by the log observer system and/or other components of the improved data intake and query system on historical raw machine data that has already been ingested and indexed by the improved data intake and query system.
    Type: Grant
    Filed: December 9, 2022
    Date of Patent: July 30, 2024
    Assignee: Splunk Inc.
    Inventors: Amin Moshgabadi, Baibhav Gautam, Hema Krishnamurthy Mohan, Joshua Vertes
  • Patent number: 12050507
    Abstract: A computerized method is disclosed for automated handling of data ingestion anomalies. The method features training a data model based on a first volume of data associated with a first time period. Thereafter, using the data model, a predictive analysis is conducted on a second volume of data associated with a second time period subsequent to the first time period to produce a predicted data ingestion volume. After, a correlative analysis between the predicted data ingestion volume and an actual data ingestion volume during the second time period is conducted to produce a prediction error. A notification is generated based on the prediction error.
    Type: Grant
    Filed: January 24, 2022
    Date of Patent: July 30, 2024
    Assignee: Splunk Inc.
    Inventors: Abraham Starosta, Francis Beckert, Chandrima Sarkar
  • Patent number: 12047407
    Abstract: Systems, methods, and software described herein provide security actions based on the current state of a security threat. In one example, a method of operating an advisement system in a computing environment with a plurality of computing assets includes identifying a security threat within the computing environment. The method further includes, in response to identifying the security threat, obtaining state information for the security threat within the computing environment, and determining a current state for the security threat within the computing environment. The method also provides obtaining enrichment information for the security threat and determining one or more security actions for the security threat based on the enrichment information and the current state for the security threat.
    Type: Grant
    Filed: August 1, 2023
    Date of Patent: July 23, 2024
    Assignee: Splunk Inc.
    Inventors: Sourabh Satish, Oliver Friedrichs, Atif Mahadik, Govind Salinas
  • Patent number: 12047450
    Abstract: Various embodiments of the present application set forth a computer-implemented method that includes receiving a device identifier associated with a sensor device, wherein the device identifier is receivable from a location proximal to the sensor device, assigning the device identifier to a first application executing in a first network, wherein data from the sensor device is transmitted to the first application, and transmitting, to a server, an indication of the assignment of the device identifier to the first application, wherein the server stores the assignment in conjunction with a security configuration associated with the sensor device.
    Type: Grant
    Filed: July 30, 2021
    Date of Patent: July 23, 2024
    Assignee: SPLUNK INC.
    Inventors: Jesse Chor, Tishan Mills
  • Patent number: 12045201
    Abstract: Techniques are described for automatically identifying and configuring IT and security application connectors relevant to users' IT environment by obtaining and analyzing data reflecting activity within an IT environment. The identification of types of assets within an IT environment may be based on analyzing a “source type” field included in events associated with the IT environment, where the source type field included in each event provides an indication of a type of device or service to which the event relates. The values stored in the source type field of events associated with a user's IT environment might indicate, for example, the presence of various types of computing devices, software applications, network devices, and so forth. Based on the identification of types of assets present in an IT environment, an IT and security operations application automatically configures corresponding connectors for those types of assets.
    Type: Grant
    Filed: January 31, 2020
    Date of Patent: July 23, 2024
    Assignee: Splunk Inc.
    Inventors: Sourabh Satish, Atif Mahadik, Govind Salinas
  • Patent number: 12038926
    Abstract: A computer-implemented method of determining indexed fields at query time comprises mapping data from a first source type to indexed fields in batch form using a wildcard specifier. The method also comprises receiving a query to execute on a data set comprising data from the first source type and data from a second source type. Further, the method comprises transforming the query to execute on the data from the first source type separately from the data from the second source type. Additionally, the method comprises executing the query to operate on the data from the first source type using information associated with the indexed fields and to separately operate on the data from the second source type.
    Type: Grant
    Filed: January 29, 2021
    Date of Patent: July 16, 2024
    Assignee: SPLUNK INC.
    Inventors: Jay A. Pathak, Steve Yu Zhang
  • Patent number: 12039046
    Abstract: The technology presented herein improves incident handling in an IT environment. In a particular example, a method provides identifying a first incident in the IT environment. From incident handling information that indicates how a plurality of previous incidents were handled by one or more users, the method provides identifying first information of the incident handling information corresponding to one or more first previous incidents of the plurality of previous incidents that are similar to the first incident. The method further provides determining a suggested course of action from the first information and presenting the suggested course of action to a user of the information technology environment.
    Type: Grant
    Filed: May 3, 2023
    Date of Patent: July 16, 2024
    Assignee: Splunk Inc.
    Inventors: Sourabh Satish, Trenton John Beals, Glenn Gallien, Govind Salinas
  • Patent number: 12039307
    Abstract: An instrumentation analysis system processes data streams by executing instructions specified using a data stream language program. The data stream language allows users to specify a search condition using a find block for identifying the set of data streams processed by the data stream language program. The set of identified data streams may change dynamically. The data stream language allows users to group data streams into sets of data streams based on distinct values of one or more metadata attributes associated with the input data streams. The data stream language allows users to specify a threshold block for determining whether data values of input data streams are outside boundaries specified using low/high thresholds. The elements of the set of data streams input to the threshold block can dynamically change. The low/high threshold values can be specified as data streams and can dynamically change.
    Type: Grant
    Filed: June 8, 2023
    Date of Patent: July 16, 2024
    Assignee: Splunk Inc.
    Inventors: Rajesh Raman, Arijit Mukherji, Kris Grandy, Phillip Liu