Abstract: A method of normalizing URLs associated with a real user session comprises extracting uniform resource locators (URLs) from ingested spans where at least a portion of the URLs comprise unique URL strings. The method also comprises decomposing each of the URLs into a sequence of tokens and grouping together subsets of related URLs. Also, the method comprises representing each subset of related URLs with a normalized URL string.

Abstract: Techniques are disclosed for generating a three-dimensional (3D) visualization of data in an extended reality (XR) environment. One embodiment provides a computer-implemented method that includes receiving, via an input device, a repositioning of a first panel displayed within an XR environment and determining that, subsequent to the repositioning, at least one portion of the first panel overlaps with a second panel displayed within the XR environment. The method further includes, subsequent to the determination, generating a first 3D visualization of first data associated with the first panel and second data associated with the second panel. In addition, the method includes causing the first 3D visualization to be displayed within the XR environment.

Abstract: Implementations described herein identify and exploit opportunities for offloading search-time and/or index-time operations to programmed offloading hardware accelerators (POHAs). An event-based data intake and query system is implemented in an enterprise core that is in communication with the POHAs over network interfaces. The system receives search requests associated with search-time operations classified into off-loadable operations and non-off-loadable operations. Non-off-loadable operations are distributed to local processing resources, and off-loadable operations are distributed to the POHAs for offloaded processing. The system can post-process both the locally processed and offload-processed results to generate search results responsive to at least some of the received search requests.

Abstract: A system and computer-implemented is provided for displaying a configurable metric relating to an environment in a graphical display along with a value of the metric calculated over a configurable time period. The metric is used to identify events of interest in the environment based on processing real time machine data from one or more sources. The configurable metric is selected and a corresponding value is calculated based on the events of interest over the configurable time period. The value of the metric may be continuously updated in real time based on receiving additional real-time machine data and displayed in a graphical interface as time progresses. Statistical trends in the value of the metric may also be determined over the configurable time period and displayed in the graphical interface as well as an indication if the value of the metric exceeds a configurable threshold value.

Abstract: An example method of entity lifecycle management in a service monitoring system includes: receiving, by a software application of a service monitoring system, a policy definition specifying an entity lifecycle management policy, wherein the entity lifecycle management policy defines management rules for a plurality of entities in the network environment, wherein each entity of the plurality of entities is represented by one of: a device, an application, a service, or a user account; identifying, by applying the entity lifecycle management policy to a plurality of active entities, one or more candidate entities for retirement; retiring at least a subset of the one or more candidate entities; and excluding the retired entities from the plurality of active entities, thus preventing the retired entities from interacting with other components of the service monitoring system.

Abstract: Systems and methods are disclosed for processing data associated with isolated execution environments. A chunk of data associated with an isolated execution environment can include log data and non-log data. At least a portion of the log data can include log data generated by the isolated execution environment. The system can parse the chunk of data to identify the log data and the non-log data and extract at least a portion of the log data from the chunk of data. The extracted data can be further processed to generate one or more events.

Abstract: Systems and methods are disclosed for providing a multi-component application, including a first and second component. Functionality of the application may be easily and rapidly modified by modification to the first component, without requiring modification to the second component. The first component may be implemented locally at a client device, while the second component is implemented remotely. While modification of the second component may require privileges of a remote location, a user of a client device may modify the first component while maintaining interoperability and compatibility with the second component, thereby enabling the end user to modify functionality of the multi-component application. In some instances, different versions of a first component are provided, and an end user of a client device is enabled to specify which version of the first component should be used.

Abstract: Embodiments are directed towards a system and method for a cloud-based front end that may abstract and enable access to the underlying cloud-hosted elements and objects that may be part of a multi-tenant application, such as a search application. Search objects may be employed to access indexed objects. An amount of indexed data accessible to a user may be based on an index storage limit selected by the user, such that data that exceeds the index storage limit may continue to be indexed. Also, one or more projects can be elastically scaled for a user to provide resources that may meet the specific needs of each project.

Abstract: A data processing platform generates visualizations for data streams to visually represent a portion of data in the data stream. The platform performs an analysis of a change in values of data contained in the data stream and generates, using a result of the analysis, metadata identifying an insight into the data in the data stream. The insight indicates a characteristic of the change in values. A natural language representation of the insight is generated using the metadata and output for display in association with the visualization.

Abstract: A method is disclosed that includes receiving, at a computing device, an event log including events derived from machine data, and determining a score by comparing an event from the event log with frequent patterns of features. Determining the score includes determining a length of a frequent pattern within the event in the event log and a count of occurrences of the frequent pattern within the events, determining a contribution of the frequent pattern based on the length and the count, determining a penalty for an unmatched feature of the first event based on a cardinality of the events, and averaging the contribution and the penalty to obtain the score. The method further includes issuing an alert identifying the first event as an anomaly using the first score and an anomaly score threshold.

Abstract: Systems and methods are described for improving data availability and/or resiliency of indexers of a data intake and query system. Due to a lag between the time at which data is received and the time at which the data is available for searching, the data intake and query system may receive a query indicating that received (but unavailable for search) data is to be included as part of the query. A cluster master can dynamically track what data is available for searching by different indexers and map the data to filter criteria using a bucket map identifier. When a search head receives a query, it can request a bucket map identifier from the cluster master and send the bucket map identifier to the indexers that will be executing the query. The indexers can use the bucket map identifier to request the individual buckets that they are assigned to search.

Abstract: Systems and methods are disclosed for monitoring features of a computing device of a distributed computing system using a self-monitoring module. The self-monitoring module can include multiple feature-specific monitoring modules and one or more parent nodes for the feature-specific monitoring modules. A feature-specific monitoring module can identify or detect a fault status change, such as a fault condition or fault resolution, for one or more features. Based on the identified fault conditions or fault resolutions, the feature-specific monitoring module can determine an internal status and communicate an updated status to a parent node.

Abstract: A data intake and query system processes and stores events, which are associated with token identifiers for tokens corresponding to data sources for the messages that the events are generated from. Thus, the data intake and query system can receive a request to provide analyses and visualizations regarding stored events associated with a particular component associated with a plurality of events, such as a data source for the messages from which the plurality of events are generated from. These requests and the resulting visualizations can be customized based on selected tokens and selected components.

Abstract: Embodiments of the present disclosure provide solutions for determining an elected search head captain is unqualified for the position, identifying a more qualified search head, and transferring the captain position to the more qualified search head. A method is provided that includes referencing qualification parameters in an elected search head captain, determining whether the newly elected search head captain is qualified for the position based on the parameters, identifying a more qualified search head to be the search head captain if the newly elected search head captain is determined to be unqualified for the position, and transferring the position of captain to the more qualified search head. The qualification parameters may include, for example, a pre-determined static flag set by an administrator of the search environment, and configuration replication status that corresponds to the most recent configuration state of the search head as recorded by the previous search head captain.

Abstract: A graphical user interface allows a customer to specify delimiters and/or patterns that occur in event data and indicate the presence of a particular field. The graphical user interface applies a customer's delimiter specifications directly to event data and displays the resulting event data in real time. Delimiter specifications may be saved as configuration settings and systems in a distributed setting may use the delimiter specifications to extract field values as the systems process raw data into event data. Extracted field values are used to accelerate search queries that a system receives.

Abstract: A security platform employs a variety techniques and mechanisms to detect security related anomalies and threats in a computer network environment. The security platform is “big data” driven and employs machine learning to perform security analytics. The security platform performs user/entity behavioral analytics (UEBA) to detect the security related anomalies and threats, regardless of whether such anomalies/threats were previously known. The security platform can include both real-time and batch paths/modes for detecting anomalies and threats. By visually presenting analytical results scored with risk ratings and supporting evidence, the security platform enables network security administrators to respond to a detected anomaly or threat, and to take action promptly.

Abstract: A mobile device that includes a camera and an extended reality software application program is employed by a user in an operating environment, such as an industrial environment. One or more objects within a geofence may be identified. A device crosses within the geofence and acquires sensor data associated with an object within the geofence. The sensor data may include image data and/or audio data. The device or a server system may then determine an object identifier associated with the object based on a comparison of the sensor data with data associated with object identifiers corresponding to objects within the geofence. Based on the object identifier, data associated with the object are obtained. The data associated with the object may be presented via the device, such as an extended reality overlay over a view of the object in the device.

Abstract: In accordance with some implementations of the present disclosure, a cityscape generator is disclosed herein that may generate a three-dimensional cityscape including at least one neighborhood that represents the at least one stack of the cloud computing system, the at least one neighborhood includes a cluster of nodes associated with a set of compute resources of the at least one stack. The cluster of nodes may be located within a subdivision of the at least one neighborhood and may include a plurality of worker nodes associated with compute resources that provide services and one or more administrative nodes associated with one or more compute resources that monitor and manage the compute resources associated with the worker nodes. The subdivision further includes a beacon to indicate overall health of the subdivision.

Abstract: Embodiments are directed towards real time display of event records and extracted values based on at least one extraction rule, such as a regular expression. A user interface may be employed to enable a user to have an extraction rule automatically generate and/or to manually enter an extraction rule. The user may be enabled to manually edit a previously provided extraction rule, which may result in real time display of updated extracted values. The extraction rule may be utilized to extract values from each of a plurality of records, including event records of unstructured machine data. Statistics may be determined for each unique extracted value, and may be displayed to the user in real time. The user interface may also enable the user to select at least one unique extracted value to display those event records that include an extracted value that matches the selected value.