Patents by Inventor John Robert Coates
John Robert Coates has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).
-
Patent number: 11907244Abstract: A field extraction template simplifies the creation of field extraction rules by providing a user with a set of field names commonly assigned to a certain type of data, as well as guidance on how to extract values for those fields. These field extraction rules, in turn, facilitate access to certain “chunks” of the data, or to information derived from those chunks, through named fields. A field extraction template comprises at least a set of field names and ordering data for the field names. The ordering data indicates index positions that are associated with at least some of the field names. A delimiter is specified for splitting data items into arrays of chunks. The chunk of a data item that belongs to a given field name is the chunk whose position within the item's array of chunks is equivalent to the index position associated with the given field name.Type: GrantFiled: June 29, 2022Date of Patent: February 20, 2024Assignee: Splunk Inc.Inventors: Michael Kinsely, Alex Raitz, John Robert Coates, Shirley Wu
-
Patent number: 11868404Abstract: One or more processing devices cause display of a user interface that identifies a service definition representing a service, receive input identifying an entity, where the service is performed at least in part by the entity, and store the service definition representing the service in association with an entity definition representing the entity. The entity definition comprises information identifying data pertaining to the entity in a datastore of machine data that reflects activity in an information technology environment produced by a plurality of components of the information technology environment. The one or more processing devices receive input pertaining to a search definition representing a search producing a measure of the service, and store the search definition representing the search, where the search produces the measure of the service using at least a portion of the data pertaining to the entity.Type: GrantFiled: December 14, 2020Date of Patent: January 9, 2024Assignee: Splunk Inc.Inventors: Brent Boe, Brian Bingham, John Robert Coates, Tristan Antonio Fletcher
-
Patent number: 11677760Abstract: Techniques and mechanisms are disclosed for configuring actions to be performed by a network security application in response to the detection of potential security incidents, and for causing a network security application to report on the performance of those actions. For example, users may use such a network security application to configure one or more “modular alerts.” As used herein, a modular alert generally represents a component of a network security application which enables users to specify security modular alert actions to be performed in response to the detection of defined triggering conditions, and which further enables tracking information related to the performance of modular alert actions and reporting on the performance of those actions.Type: GrantFiled: July 31, 2020Date of Patent: June 13, 2023Assignee: Splunk Inc.Inventors: Banipal Shahbaz, Siri Atma Oaklander De Licori, John Robert Coates, David Hazekamp, Devendra Badhani, Luke Murphey, Patrick Schulz
-
Publication number: 20220327137Abstract: A field extraction template simplifies the creation of field extraction rules by providing a user with a set of field names commonly assigned to a certain type of data, as well as guidance on how to extract values for those fields. These field extraction rules, in turn, facilitate access to certain “chunks” of the data, or to information derived from those chunks, through named fields. A field extraction template comprises at least a set of field names and ordering data for the field names. The ordering data indicates index positions that are associated with at least some of the field names. A delimiter is specified for splitting data items into arrays of chunks. The chunk of a data item that belongs to a given field name is the chunk whose position within the item's array of chunks is equivalent to the index position associated with the given field name.Type: ApplicationFiled: June 29, 2022Publication date: October 13, 2022Inventors: Michael Kinsely, Alex Raitz, John Robert Coates, Shirley Wu
-
Patent number: 11392604Abstract: A field extraction template simplifies the creation of field extraction rules by providing a user with a set of field names commonly assigned to a certain type of data, as well as guidance on how to extract values for those fields. These field extraction rules, in turn, facilitate access to certain “chunks” of the data, or to information derived from those chunks, through named fields. A field extraction template comprises at least a set of field names and ordering data for the field names. The ordering data indicates index positions that are associated with at least some of the field names. A delimiter is specified for splitting data items into arrays of chunks. The chunk of a data item that belongs to a given field name is the chunk whose position within the item's array of chunks is equivalent to the index position associated with the given field name.Type: GrantFiled: January 31, 2018Date of Patent: July 19, 2022Assignee: Splunk Inc.Inventors: Michael Kinsely, Alex Raitz, John Robert Coates, Shirley Wu
-
Publication number: 20220121410Abstract: The operation of an automatic data input and query system is controlled by well-defined control data. The system exposes user interfaces enabling an administrator to interact with control data to modify the ongoing operation of the system. Certain control data determines the collection and treatment of data from various technology sources. A robust control interface is provided enabling the efficient and reliable adding on of new technology data sources. Once established, control data for a new technology data source may be packaged in a form for archiving or distribution. The system may support the export and import of such packages. Such packages may be created independently of the system.Type: ApplicationFiled: December 29, 2021Publication date: April 21, 2022Applicant: Splunk Inc.Inventors: Li Li, Gang Tao, Yongxin Su, Junqing Hao, Ting Wang, John Robert Coates, Elias Haddad, Guodong Wang
-
Publication number: 20220083572Abstract: Determining a set of extraction rules include clustering event segments into at least a first group of event segments, and determining, using first field data in the first group of event segments, a first set of extraction rules for extracting the first field data from each event segment of the first group of event segments. A determination is made that the first set of extraction rules fails to successfully extract all of the first field data. Responsive to the determination, the event segments are re-clustered into at least a second group of event segments and a third group of event segments until a successful set of extraction rules are identified. The successful set of extraction rules are stored in computer memory.Type: ApplicationFiled: November 30, 2021Publication date: March 17, 2022Applicant: Splunk Inc.Inventors: Li Li, Gang Tao, Yongxin Su, Junqing Hao, Ting Wang, John Robert Coates, Elias Haddad, Guodong Wang
-
Patent number: 11249710Abstract: The operation of an automatic data input and query system is controlled by well-defined control data. The system exposes user interfaces enabling an administrator to interact with control data to modify the ongoing operation of the system. Certain control data determines the collection and treatment of data from various technology sources. A robust control interface is provided enabling the efficient and reliable adding on of new technology data sources. Once established, control data for a new technology data source may be packaged in a form for archiving or distribution. The system may support the export and import of such packages. Such packages may be created independently of the system.Type: GrantFiled: March 31, 2016Date of Patent: February 15, 2022Assignee: SPLUNK INC.Inventors: Li Li, Gang Tao, Yongxin Su, Junqing Hao, Ting Wang, John Robert Coates, Elias Haddad, Guodong Wang
-
Patent number: 11216491Abstract: The operation of an automatic data input and query system is controlled by well-defined control data. Certain control data may relate to data schemas and direct operations performed by the system to extract fields from machine data. Automatic methods may determine proper field extraction control information by analyzing a sample of data from a source, breaking the sample data into event segments, classifying the segments into groups based on a measure of similarity, determining an operable extraction rule for each group, and storing the resulting extraction model. Data patterns known by the system can be leveraged to perform the event breaking and field identification for the classifying. Embodiments may provide a user interface to view, interact with, and approve the computer-generated extraction model.Type: GrantFiled: April 30, 2016Date of Patent: January 4, 2022Assignee: Splunk Inc.Inventors: Li Li, Gang Tao, Yongxin Su, Junqing Hao, Ting Wang, John Robert Coates, Elias Haddad, Guodong Wang
-
Patent number: 11196756Abstract: Systems and methods are provided for identifying network addresses and/or IDs of a deduplicated list among network data, machine data, and/or events derived from network data and/or machine data, and for identifying notable events by searching for the presence of network addresses and/or network IDs that are deduplicated across lists received from multiple external sources. One method includes receiving a plurality of lists of network locations, wherein each list is received from over a network, wherein each of the network locations includes a domain name or an IP address, and wherein at least two of the plurality of lists each include a same network location; aggregating the plurality of lists of network locations into a deduplicated list of unique network locations; and searching network data or machine data for a network location included in the deduplicated list of unique network locations.Type: GrantFiled: January 31, 2017Date of Patent: December 7, 2021Assignee: Splunk Inc.Inventors: Mark Seward, John Robert Coates
-
Publication number: 20210021614Abstract: Techniques and mechanisms are disclosed for configuring actions to be performed by a network security application in response to the detection of potential security incidents, and for causing a network security application to report on the performance of those actions. For example, users may use such a network security application to configure one or more “modular alerts.” As used herein, a modular alert generally represents a component of a network security application which enables users to specify security modular alert actions to be performed in response to the detection of defined triggering conditions, and which further enables tracking information related to the performance of modular alert actions and reporting on the performance of those actions.Type: ApplicationFiled: July 31, 2020Publication date: January 21, 2021Applicant: Splunk Inc.Inventors: Banipal Shahbaz, Siri Atma Oaklander De Licori, John Robert Coates, David Hazekamp, Devendra Badhani, Luke Murphey, Patrick Schulz
-
Patent number: 10866991Abstract: One or more processing devices create one or more entity definitions that each associate an entity with machine data pertaining to that entity and create a service definition for a service provided by one or more entities. The service definition includes an entity definition for each of the one or more entities. The one or more processing devices create one or more search queries that each produce a value derived from the machine data identified in one or more of the entity definitions included in the service definition. Each value is indicative of how the service is performing at a point in time or during a period of time and may be a key performance indicator for the service.Type: GrantFiled: June 30, 2019Date of Patent: December 15, 2020Assignee: SPLUNK INC.Inventors: Brent Boe, Brian Bingham, John Robert Coates, Tristan Antonio Fletcher
-
Patent number: 10771479Abstract: Techniques and mechanisms are disclosed for configuring actions to be performed by a network security application in response to the detection of potential security incidents, and for causing a network security application to report on the performance of those actions. For example, users may use such a network security application to configure one or more “modular alerts.” As used herein, a modular alert generally represents a component of a network security application which enables users to specify security modular alert actions to be performed in response to the detection of defined triggering conditions, and which further enables tracking information related to the performance of modular alert actions and reporting on the performance of those actions.Type: GrantFiled: September 26, 2016Date of Patent: September 8, 2020Assignee: Splunk Inc.Inventors: Banipal Shahbaz, Siri Atma Oaklander De Licori, John Robert Coates, David Hazekamp, Devendra Badhani, Luke Murphey, Patrick Schulz
-
Patent number: 10380189Abstract: One or more processing devices create one or more entity definitions that each associate an entity with machine data pertaining to that entity and create a service definition for a service provided by one or more entities. The service definition includes an entity definition for each of the one or more entities. The one or more processing devices create one or more key performance indicators (KPIs). Each KPI is defined by a search query that produces a value derived from the machine data identified in one or more of the entity definitions included in the service definition. Each value is indicative of how the service is performing at a point in time or during a period of time.Type: GrantFiled: August 31, 2017Date of Patent: August 13, 2019Assignee: Splunk Inc.Inventors: Brent Boe, Brian Bingham, John Robert Coates, Tristan Antonio Fletcher
-
Using network locations obtained from multiple threat lists to evaluate network data or machine data
Patent number: 10367827Abstract: Systems and methods are provided for identifying network addresses and/or IDs of a deduplicated list among network data, machine data, and/or events derived from network data and/or machine data, and for identifying notable events by searching for the presence of network addresses and/or network IDs that are deduplicated across lists received from multiple external sources. One method includes receiving a plurality of lists of network locations, wherein each list is received from over a network, wherein each of the network locations includes a domain name or an IP address, and wherein at least two of the plurality of lists each include a same network location; aggregating the plurality of lists of network locations into a deduplicated list of unique network locations; and searching network data or machine data for a network location included in the deduplicated list of unique network locations.Type: GrantFiled: December 19, 2013Date of Patent: July 30, 2019Assignee: SPLUNK INC.Inventors: Mark Seward, John Robert Coates -
Publication number: 20180157724Abstract: A field extraction template simplifies the creation of field extraction rules by providing a user with a set of field names commonly assigned to a certain type of data, as well as guidance on how to extract values for those fields. These field extraction rules, in turn, facilitate access to certain “chunks” of the data, or to information derived from those chunks, through named fields. A field extraction template comprises at least a set of field names and ordering data for the field names. The ordering data indicates index positions that are associated with at least some of the field names. A delimiter is specified for splitting data items into arrays of chunks. The chunk of a data item that belongs to a given field name is the chunk whose position within the item's array of chunks is equivalent to the index position associated with the given field name.Type: ApplicationFiled: January 31, 2018Publication date: June 7, 2018Inventors: Michael Kinsely, Alex Raitz, John Robert Coates, Shirley Wu
-
Publication number: 20180091528Abstract: Techniques and mechanisms are disclosed for configuring actions to be performed by a network security application in response to the detection of potential security incidents, and for causing a network security application to report on the performance of those actions. For example, users may use such a network security application to configure one or more “modular alerts.” As used herein, a modular alert generally represents a component of a network security application which enables users to specify security modular alert actions to be performed in response to the detection of defined triggering conditions, and which further enables tracking information related to the performance of modular alert actions and reporting on the performance of those actions.Type: ApplicationFiled: September 26, 2016Publication date: March 29, 2018Inventors: Banipal Shahbaz, Siri Atma Oaklander De Licori, John Robert Coates, David Hazekamp, Devendra Badhani, Luke Murphey, Patrick Schulz
-
Patent number: 9922102Abstract: A field extraction template simplifies the creation of field extraction rules by providing a user with a set of field names commonly assigned to a certain type of data, as well as guidance on how to extract values for those fields. These field extraction rules, in turn, facilitate access to certain “chunks” of the data, or to information derived from those chunks, through named fields. A field extraction template comprises at least a set of field names and ordering data for the field names. The ordering data indicates index positions that are associated with at least some of the field names. A delimiter is specified for splitting data items into arrays of chunks. The chunk of a data item that belongs to a given field name is the chunk whose position within the item's array of chunks is equivalent to the index position associated with the given field name.Type: GrantFiled: April 30, 2014Date of Patent: March 20, 2018Assignee: Splunk Inc.Inventors: Michael Kinsely, Alex Raitz, John Robert Coates, Shirley Wu
-
Publication number: 20180041402Abstract: One or more processing devices create one or more entity definitions that each associate an entity with machine data pertaining to that entity and create a service definition for a service provided by one or more entities. The service definition includes an entity definition for each of the one or more entities. The one or more processing devices create one or more key performance indicators (KPIs). Each KPI is defined by a search query that produces a value derived from the machine data identified in one or more of the entity definitions included in the service definition. Each value is indicative of how the service is performing at a point in time or during a period of time.Type: ApplicationFiled: August 31, 2017Publication date: February 8, 2018Inventors: Brent Boe, Brian Bingham, John Robert Coates, Tristan Antonio Fletcher
-
Publication number: 20170286038Abstract: The operation of an automatic data input and query system is controlled by well-defined control data. The system exposes user interfaces enabling an administrator to interact with control data to modify the ongoing operation of the system. Certain control data determines the collection and treatment of data from various technology sources. A robust control interface is provided enabling the efficient and reliable adding on of new technology data sources. Once established, control data for a new technology data source may be packaged in a form for archiving or distribution. The system may support the export and import of such packages. Such packages may be created independently of the system.Type: ApplicationFiled: March 31, 2016Publication date: October 5, 2017Inventors: Li Li, Gang Tao, Yongxin Su, Junqing Hao, Ting Wang, John Robert Coates, Elias Haddad, Guodong Wang