Patents by Inventor David M. Andrzejewski
David M. Andrzejewski has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Publication number: 20250077582Abstract: Methods, systems, and computer programs are presented for providing contextual suggestions and automated responses to users managing incidents within production or security environments. The system utilizes a combination of user-provided data and contextual analysis to proactively offer solutions and insights without requiring explicit queries from the user. The system integrates out-of-the-box insights, natural language interactions, and remediation flows into a cohesive user experience, incorporating playbooks enhanced by automation while leveraging user data and interaction history to tailor suggestions. The system includes a predictive analysis mechanism that runs analyses on relevant data sources, identifying unusual results and generating potential queries. A large language model (LLM) is integrated for generating questions and analyses, with a ranking system prioritizing insights based on machine learning models.Type: ApplicationFiled: January 10, 2024Publication date: March 6, 2025Inventors: Bashyam TCA, David M. Andrzejewski, Tejaswi Redkar, Aaishwarya Bansal, Rohith Kumar Poshala, Michael J. Haskell, Ayan Ghatak
-
Patent number: 12210629Abstract: Methods, systems, and computer programs are presented for automatic evaluation of security incidents. One method includes receiving a resolution status, for a set of insights, indicating if each insight was a true or a false positive. A global training set, comprising the resolution status for the insights, is generated, and a local training set with a subset of the insights associated with a first user. A machine-learning (ML) program is trained, using the global training set, to obtain a global model, and using the local training set to obtain a local model for the first user. When a new insight for the first user is detected, a global score is obtained using the global model, and a local score is obtained using the local model. A confidence score, calculated based on the global and local scores, is presented as an indication of an estimated severity of the new insight.Type: GrantFiled: December 28, 2022Date of Patent: January 28, 2025Assignee: SUMO LOGIC, INC.Inventors: David M. Andrzejewski, Bashyam Tca, Joshua Richard Williams
-
Patent number: 12182111Abstract: Techniques are presented for recommending queries to search log information. The system provides useful insights and recommendations based on user needs and queries by utilizing the user context, with information about the user activities (e.g., recent alerts) and the user configuration in the system (e.g., applications configured by the user), to provide recommendations. There may not be enough context for a new user to provide good recommendations, so the system determines the context based on the activities of other users, such as more experienced users or users investigating the same type of problem. Based on the context, the user recommends natural language queries (NLQ) or system queries to accelerate the search process and assist the user during an investigation. Further, NLQs may be converted to complex search queries that use the search query language, and the NLQs may also be used as part of the context for the subsequent recommendations.Type: GrantFiled: September 1, 2023Date of Patent: December 31, 2024Assignee: Sumo Logic, Inc.Inventors: Bashyam Tca, David M. Andrzejewski, Tejaswi Redkar, Aaishwarya Bansal, Rohith Kumar Poshala, Michael J. Haskell, Ayan Ghatak
-
Publication number: 20240412620Abstract: Methods, systems, and computer programs are presented to generate response information for an alert. One method includes an operation for detecting an alert based on incoming log data or metric data and for calculating information for panels to be presented on a response-alert page. Calculating the information includes calculating first performance values for a period associated with the alert, calculating second performance values for a background period where the alert condition was not present, and calculating a difference between the first performance values and the second performance values. Further, the method includes an operation for selecting, based on the difference, relevant performance values for presentation in one of the panels. The response-alert page is presented with at least one of the panels based on the selected relevant performance values.Type: ApplicationFiled: August 19, 2024Publication date: December 12, 2024Inventors: David M. Andrzejewski, Bashyam TCA, Apoorv Gang, Ryley SK Higa, Naveen Ramchandrappa
-
Publication number: 20240356973Abstract: Methods, systems, and computer programs are presented for generating recommendations to update the severity of a rule for incident-detection. One method includes accessing a resolution status for insights generated based on an evaluation of rules, each rule associated with a weight. The method determines, based on the resolution status, if each insight corresponds to a true positive (TP) or a false positive (FP), and optimizing values for the weights of the one or more rules to lower the number of FPs. The optimizing comprises identifying an objective function based on predicted values for the insights and the insights resolution status, identifying one or more constraints, and using a solver to obtain the optimized values for the weights. A recommendation to change the weight associated with at least one rule is presented on a user interface based on the optimized values for the at least one rule.Type: ApplicationFiled: April 24, 2023Publication date: October 24, 2024Inventors: David M. Andrzejewski, Bashyam TCA, Naveen Ramachandrappa, Rohith Kumar Poshala, Sourabh Bhosale
-
Patent number: 12106658Abstract: Methods, systems, and computer programs are presented to generate response information for an alert. One method includes an operation for detecting an alert based on incoming log data or metric data and for calculating information for panels to be presented on a response-alert page. Calculating the information includes calculating first performance values for a period associated with the alert, calculating second performance values for a background period where the alert condition was not present, and calculating a difference between the first performance values and the second performance values. Further, the method includes an operation for selecting, based on the difference, relevant performance values for presentation in one of the panels. The response-alert page is presented with at least one of the panels based on the selected relevant performance values.Type: GrantFiled: November 15, 2022Date of Patent: October 1, 2024Assignee: Sumo Logic, Inc.Inventors: David M. Andrzejewski, Bashyam Tca, Apoorv Garg, Ryley S K Higa, Naveen Ramachandrappa
-
Patent number: 12086021Abstract: Clustering structured log data by key-values includes receiving, via a user interface, a request to apply an operator to cluster log messages according to values for keys associated with the request. At least a portion of each log message comprises structured machine data including a set of key-value pairs. The method further includes receiving a log message and determining whether to include the log message in a cluster based at least in part on an evaluation of values in the structured machine data of the log message for the keys associated with the request. The cluster is included in a set of clusters. Each cluster in the set is associated with a different combination of values for the keys associated with the request. The method further includes providing, via the user interface, information associated with the cluster.Type: GrantFiled: April 12, 2023Date of Patent: September 10, 2024Assignee: Sumo Logic, Inc.Inventors: Udit Saxena, Reetika Roy, Ryley Higa, David M. Andrzejewski, Bashyam Tca
-
Publication number: 20240281673Abstract: Methods, systems, and computer programs are presented for problem detection based on deviations from the forecasted behavior of a metric. One method includes an operation for selecting a machine learning (ML) model for predicting future values of a time series for a metric. Further, the method includes forecasting, using the ML model, values of the metric for a forecast period. Afterwards, actual values of the metric are collected during the forecast period, and the actual values are compared to the forecasted values. The method further includes operations for determining an anomaly in a behavior of the metric based on the comparison, and causing presentation in a computer user interface (UI) of the anomaly.Type: ApplicationFiled: February 22, 2023Publication date: August 22, 2024Inventors: David M. Andrzejewski, Bashyam TCA, Ryley SK Higa, Aaishwarya Bansal
-
Patent number: 12045229Abstract: Data enrichment and augmentation is disclosed. Machine data comprising at least one of a log message and a metrics data point is received. The received machine data comprises an identifier of an instance of a virtual machine. Based at least in part on the identifier of the instance of the virtual machine, a query for tags associated with the instance of the virtual machine is performed. At least one key-value pair is generated based at least in part on tags received in response to the query performed based at least in part on the identifier of the instance of the virtual machine. The received machine data is augmented with the at least one key-value pair generated based at least in part on the tags received in response to the query based at least in part on the identifier of the instance of the virtual machine.Type: GrantFiled: June 22, 2022Date of Patent: July 23, 2024Assignee: Sumo Logic, Inc.Inventors: Christian Friedrich Beedgen, David M. Andrzejewski, Benjamin Everette Newton, Kumar Avijit, Stefan Christoph Zier
-
Publication number: 20240220629Abstract: Methods, systems, and computer programs are presented for automatic evaluation of security incidents. One method includes receiving a resolution status, for a set of insights, indicating if each insight was a true or a false positive. A global training set, comprising the resolution status for the insights, is generated, and a local training set with a subset of the insights associated with a first user. A machine-learning (ML) program is trained, using the global training set, to obtain a global model, and using the local training set to obtain a local model for the first user. When a new insight for the first user is detected, a global score is obtained using the global model, and a local score is obtained using the local model. A confidence score, calculated based on the global and local scores, is presented as an indication of an estimated severity of the new insight.Type: ApplicationFiled: December 28, 2022Publication date: July 4, 2024Inventors: David M. Andrzejewski, Bashyam TCA, Joshua Richard Williams
-
Publication number: 20240105050Abstract: Methods, systems, and computer programs are presented to generate response information for an alert. One method includes an operation for detecting an alert based on incoming log data or metric data and for calculating information for panels to be presented on a response-alert page. Calculating the information includes calculating first performance values for a period associated with the alert, calculating second performance values for a background period where the alert condition was not present, and calculating a difference between the first performance values and the second performance values. Further, the method includes an operation for selecting, based on the difference, relevant performance values for presentation in one of the panels. The response-alert page is presented with at least one of the panels based on the selected relevant performance values.Type: ApplicationFiled: November 15, 2022Publication date: March 28, 2024Inventors: David M. Andrzejewski, Bashyam TCA, Apoorv Garg, Ryley SK Higa, Raveen Ramachandrappa
-
Patent number: 11921791Abstract: Querying of time-aware metrics time series includes receiving a query, the query comprising a set of query metadata and a query time range. It further includes, based at least in part on the set of query metadata and the query time range, selecting a time series from a plurality of metrics time series. Each metrics time series in the plurality of metrics time series is associated with a set of metadata and an active interval of time. A set of metadata associated with the selected time series matches the set of query metadata, and an active interval of time associated with the selected metrics time series intersects with the query time range. The selected metrics time series is returned.Type: GrantFiled: August 27, 2021Date of Patent: March 5, 2024Assignee: Sumo Logic, Inc.Inventors: Christian Friedrich Beedgen, David M. Andrzejewski, Weijia Che
-
Patent number: 11853294Abstract: Key name synthesis is disclosed. A metrics data point is received. Based at least in part on a translation statement, at least a portion of the received metrics data point is associated with a key specified by the translation statement such that the specified key and the associated at least portion of the received metrics data point form a key-value pair. The key-value pair is associated with the received metrics data point.Type: GrantFiled: August 9, 2022Date of Patent: December 26, 2023Assignee: Sumo Logic, Inc.Inventors: Christian Friedrich Beedgen, David M. Andrzejewski, Benjamin Everette Newton, Kumar Avijit, Stefan Christoph Zier
-
Patent number: 11853290Abstract: Analyzing log data, such as security log data and machine data, is disclosed. A baseline is built for a set of machine data. The baseline is built at least in part by determining a plurality of signature profiles for a plurality of respective time slices. An occurrence of an anomaly associated with the source of the machine data is determined. The occurrence is determined at least in part by determining that received machine data does not conform to the baseline within a threshold.Type: GrantFiled: March 17, 2022Date of Patent: December 26, 2023Assignee: Sumo Logic, Inc.Inventors: Kumar Saurabh, David M. Andrzejewski, Yuchen Zhao, Christian Friedrich Beedgen, Bruno Kurtic
-
Patent number: 11829189Abstract: Clustering structured log data by key schema includes receiving a raw log message. At least a portion of the raw log message comprises structured machine data including a set of key-value pairs. It further includes receiving a map of keys to values. It further includes using the received map of keys to values to determine a key schema of the structured machine data. The key schema is associated with a corresponding cluster. It further includes associating the raw log message with the cluster corresponding to the determined key schema.Type: GrantFiled: March 15, 2022Date of Patent: November 28, 2023Assignee: Sumo Logic, Inc.Inventors: Udit Saxena, Reetika Roy, Ryley Higa, David M. Andrzejewski, Bashyam T C A
-
Publication number: 20230315558Abstract: Clustering structured log data by key-values includes receiving, via a user interface, a request to apply an operator to cluster log messages according to values for keys associated with the request. At least a portion of each log message comprises structured machine data including a set of key-value pairs. The method further includes receiving a log message and determining whether to include the log message in a cluster based at least in part on an evaluation of values in the structured machine data of the log message for the keys associated with the request. The cluster is included in a set of clusters. Each cluster in the set is associated with a different combination of values for the keys associated with the request. The method further includes providing, via the user interface, information associated with the cluster.Type: ApplicationFiled: April 12, 2023Publication date: October 5, 2023Inventors: Udit Saxena, Reetika Roy, Ryley Higa, David M. Andrzejewski, Bashyam TCA
-
Patent number: 11663066Abstract: Clustering structured log data by key-values includes receiving, via a user interface, a request to apply an operator to cluster a set of raw log messages according to values for a set of keys associated with the request. At least a portion of each raw log message comprises structured machine data including a set of key-value pairs. It further includes receiving a raw log message in the set of raw log messages. It further includes determining whether to include the raw log message in a cluster based at least in part on an evaluation of values in the structured machine data of the raw log message for the set of keys associated with the request. The cluster is included in a plurality of clusters. Each cluster in the plurality is associated with a different combination of values for the set of keys associated with the request. It further includes providing, via the user interface, information associated with the cluster.Type: GrantFiled: September 1, 2020Date of Patent: May 30, 2023Assignee: Sumo Logic, Inc.Inventors: Udit Saxena, Reetika Roy, Ryley Higa, David M. Andrzejewski, Bashyam Tca
-
Patent number: 11615075Abstract: Logs to metrics synthesis includes receiving a log message. It further includes translating the log message into a metrics data point comprising a timestamp, a metric name, a metric value, and a set of metadata key-value pairs. It further includes determining a time series in which to insert the metrics data point into which the log message was translated. It further includes inserting the metrics data point into the determined time series. It further includes updating a metadata catalog based at least in part on the metrics data point.Type: GrantFiled: December 3, 2020Date of Patent: March 28, 2023Assignee: Sumo Logic, Inc.Inventors: Christian Friedrich Beedgen, David M. Andrzejewski, Benjamin Everette Newton, Kumar Avijit, Stefan Christoph Zier
-
Publication number: 20220398243Abstract: Key name synthesis is disclosed. A metrics data point is received. Based at least in part on a translation statement, at least a portion of the received metrics data point is associated with a key specified by the translation statement such that the specified key and the associated at least portion of the received metrics data point form a key-value pair. The key-value pair is associated with the received metrics data point.Type: ApplicationFiled: August 9, 2022Publication date: December 15, 2022Inventors: Christian Friedrich Beedgen, David M. Andrzejewski, Benjamin Everette Newton, Kumar Avijit, Stefan Christoph Zier
-
Patent number: 11481383Abstract: Key name synthesis is disclosed. A metrics data point is received. Based at least in part on a translation statement, at least a portion of the received metrics data point is associated with a key specified by the translation statement such that the specified key and the associated at least portion of the received metrics data point form a key-value pair. The key-value pair is associated with the received metrics data point.Type: GrantFiled: July 10, 2018Date of Patent: October 25, 2022Assignee: Sumo Logic, Inc.Inventors: Christian Friedrich Beedgen, David M Andrzejewski, Benjamin Everette Newton, Kumar Avijit, Stefan Christoph Zier