Patents by Inventor Lucas Murphey

Lucas Murphey has filed for patents to protect the following inventions. This listing includes patent applications that are pending as well as patents that have already been granted by the United States Patent and Trademark Office (USPTO).

  • Patent number: 10382472
    Abstract: A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.
    Type: Grant
    Filed: June 4, 2018
    Date of Patent: August 13, 2019
    Assignee: SPLUNK INC.
    Inventors: John Coates, Lucas Murphey, David Hazekamp, James Hansen
  • Publication number: 20190098032
    Abstract: Techniques and mechanisms are disclosed for a data intake and query system to generate “meta-notable” events by applying a meta-notable event rule to a collection of notable event data. A meta-notable event rule specifies one or more patterns of notable event instances defined by a set of notable event states and a set of transition rules (also referred to as association rules) indicating conditions for transitioning from one notable event state to another. The set of notable event states includes at least one start state and at least one end state. A meta-notable event is generated when a set of analyzed notable events satisfies a set of transition rules linking a start state to an end state (including transitions through any intermediary states between the start state and the end state).
    Type: Application
    Filed: September 25, 2017
    Publication date: March 28, 2019
    Inventors: Lucas Murphey, Francis Gerard, Richard Barger, Bhavin Patel, Patrick Schulz, Chinmay Kulkarni
  • Publication number: 20180351990
    Abstract: A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.
    Type: Application
    Filed: June 4, 2018
    Publication date: December 6, 2018
    Inventors: John Coates, Lucas Murphey, David Hazekamp, James Hansen
  • Publication number: 20180351983
    Abstract: A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.
    Type: Application
    Filed: August 9, 2018
    Publication date: December 6, 2018
    Inventors: Munawar Monzy Merza, John Coates, James M Hansen, Lucas Murphey, David Hazekamp, Michael Kinsely, Alexander Raitz
  • Patent number: 10091227
    Abstract: A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.
    Type: Grant
    Filed: November 1, 2016
    Date of Patent: October 2, 2018
    Assignee: SPLUNK INC.
    Inventors: Munawar Monzy Merza, John Coates, James M Hansen, Lucas Murphey, David Hazekamp, Michael Kinsley, Alexander Raitz
  • Patent number: 9992220
    Abstract: A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.
    Type: Grant
    Filed: January 31, 2017
    Date of Patent: June 5, 2018
    Assignee: SPLUNK INC.
    Inventors: John Coates, Lucas Murphey, David Hazekamp, James Hansen
  • Publication number: 20170371979
    Abstract: One or more processing devices receive a definition of a search query for a correlation search of a data store, the data store comprising time-stamped events that each comprise a portion of raw machine data reflecting activity in an information technology environment and produced by a component of the information technology environment, receive a definition of a triggering condition to be applied to a dataset that is produced by the search query, receive a definition of one or more actions to be performed when the dataset produced by the search query satisfies the triggering condition, test the search query with the triggering condition, and cause, based on results of the testing, generation of the correlation search using the defined search query, the triggering condition, and the one or more actions, the correlation search comprising search processing language having the search query and a processing command for criteria on which the triggering condition is based.
    Type: Application
    Filed: August 28, 2017
    Publication date: December 28, 2017
    Inventors: Lucas Murphey, David Hazekamp
  • Publication number: 20170257292
    Abstract: A system and computer-implemented is provided for displaying a configurable metric relating to an environment in a graphical display along with a value of the metric calculated over a configurable time period. The metric is used to identify events of interest in the environment based on processing real time machine data from one or more sources. The configurable metric is selected and a corresponding value is calculated based on the events of interest over the configurable time period. The value of the metric may be continuously updated in real time based on, receiving additional real-time machine data and displayed in a graphical interface as time progresses. Statistical trends in the value of the metric may also be determined over the configurable time period and displayed in the graphical interface as well as an indication if the value of the metric exceeds a configurable threshold value.
    Type: Application
    Filed: April 28, 2017
    Publication date: September 7, 2017
    Inventors: JOHN COATES, LUCAS MURPHEY, JAMES HANSEN, DAVID HAZEKAMP
  • Publication number: 20170142149
    Abstract: A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.
    Type: Application
    Filed: January 31, 2017
    Publication date: May 18, 2017
    Inventors: John Coates, Lucas Murphey, David Hazekamp, James Hansen
  • Patent number: 9596252
    Abstract: A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.
    Type: Grant
    Filed: February 29, 2016
    Date of Patent: March 14, 2017
    Assignee: Splunk Inc.
    Inventors: John Coates, Lucas Murphey, David Hazekamp, James Hansen
  • Publication number: 20170048265
    Abstract: A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.
    Type: Application
    Filed: November 1, 2016
    Publication date: February 16, 2017
    Inventors: Munawar Monzy Merza, John Coates, James M. Hansen, Lucas Murphey, David Hazekamp, Michael Kinsley, Alexander Raitz
  • Patent number: 9516046
    Abstract: A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.
    Type: Grant
    Filed: October 31, 2015
    Date of Patent: December 6, 2016
    Assignee: Splunk Inc.
    Inventors: Munawar Monzy Merza, John Coates, James M Hansen, Lucas Murphey, David Hazekamp, Michael Kinsley, Alexander Raitz
  • Publication number: 20160182546
    Abstract: A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.
    Type: Application
    Filed: February 29, 2016
    Publication date: June 23, 2016
    Inventors: John Coates, Lucas Murphey, David Hazekamp, James Hansen
  • Publication number: 20160147769
    Abstract: Systems and methods for assigning scores to objects based on evaluating triggering conditions applied to datasets produced by search queries in data aggregation and analysis systems. An example method may comprise: executing, by one or more processing devices, a search query to produce a dataset comprising one or more data items derived from source data; and responsive to determining that at least a portion of the dataset satisfies a triggering condition, modifying a score assigned to an object to which the portion of the dataset pertains.
    Type: Application
    Filed: December 21, 2015
    Publication date: May 26, 2016
    Inventors: Lucas Murphey, David Hazekamp
  • Patent number: 9276946
    Abstract: A disclosed computer-implemented method includes receiving and indexing the raw data. Indexing includes dividing the raw data into time stamped searchable events that include information relating to computer or network security. Store the indexed data in an indexed data store and extract values from a field in the indexed data using a schema. Search the extracted field values for the security information. Determine a group of security events using the security information. Each security event includes a field value specified by a criteria. Present a graphical interface (GI) including a summary of the group of security events, other summaries of security events, and a remove element (associated with the summary). Receive input corresponding to an interaction of the remove element. Interacting with the remove element causes the summary to be removed from the GI. Update the GI to remove the summary from the GI.
    Type: Grant
    Filed: May 16, 2014
    Date of Patent: March 1, 2016
    Assignee: Splunk Inc.
    Inventors: John Coates, Lucas Murphey, David Hazekamp, James Hansen
  • Publication number: 20160057162
    Abstract: A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.
    Type: Application
    Filed: October 31, 2015
    Publication date: February 25, 2016
    Inventors: Munawar Monzy Merza, John Coates, James M Hansen, Lucas Murphey, David Hazekamp, Michael Kinsley, Alexander Raitz
  • Patent number: 9251221
    Abstract: Systems and methods for assigning scores to objects based on evaluating triggering conditions applied to datasets produced by search queries in data aggregation and analysis systems. An example method may comprise: executing, by one or more processing devices, a search query to produce a dataset comprising one or more data items derived from source data; and responsive to determining that at least a portion of the dataset satisfies a triggering condition, modifying a score assigned to an object to which the portion of the dataset pertains.
    Type: Grant
    Filed: July 31, 2014
    Date of Patent: February 2, 2016
    Assignee: Splunk Inc.
    Inventors: Lucas Murphey, David Hazekamp
  • Publication number: 20160019316
    Abstract: One or more processing devices provide a wizard for generating a correlation search, the wizard facilitating user input of (i) one or more search criteria for a search query of the correlation search, (ii) a triggering condition to be applied to a dataset produced by the search query, and (iii) one or more actions to be performed when the dataset produced by the search query satisfies the triggering condition, and causing generation of the correlation search based on the user input.
    Type: Application
    Filed: July 31, 2014
    Publication date: January 21, 2016
    Inventors: Lucas Murphey, David Hazekamp
  • Publication number: 20160019215
    Abstract: Systems and methods for assigning scores to objects based on evaluating triggering conditions applied to datasets produced by search queries in data aggregation and analysis systems. An example method may comprise: executing, by one or more processing devices, a search query to produce a dataset comprising one or more data items derived from source data; and responsive to determining that at least a portion of the dataset satisfies a triggering condition, modifying a score assigned to an object to which the portion of the dataset pertains.
    Type: Application
    Filed: July 31, 2014
    Publication date: January 21, 2016
    Inventors: Lucas Murphey, David Hazekamp
  • Patent number: 9215240
    Abstract: A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.
    Type: Grant
    Filed: July 31, 2013
    Date of Patent: December 15, 2015
    Assignee: Splunk Inc.
    Inventors: Munawar Monzy Merza, John Coates, James Hansen, Lucas Murphey, David Hazekamp, Michael Kinsley, Alexander Raitz