Patent · US Active

Analyzing a group of values extracted from events of machine data relative to a population statistic for those values

US9516046B2 · kind B2 · utility

7Cited by

1References

30Claims

0Family size

Assignee

Splunk Inc. · US

Inventors

Munawar Monzy Merza · Albuquerque, US
John Robert Coates · San Francisco, US
James Hansen · San Ramon, US
Lucas Murphey · Wadsworth, US
David Hazekamp · Tinley Park, US
Michael Kinsley · Reno, US
Alexander Raitz · San Francisco, US

Key dates

Filing date	Oct 31, 2015
Grant date	Dec 6, 2016
Priority date	—
Expiry date	Oct 31, 2035

Classification

Technology area (CPC G)Physics
CPC primaryG06F2221/2151
WIPO fieldDigital communication
WIPO sectorElectrical engineering

Abstract

A metric value is determined for each event in a set of events that characterizes a computational communication or object. For example, a metric value could include a length of a URL or agent string in the event. A subset criterion is generated, such that metric values within the subset are relatively separated from a population's center (e.g., within a distribution tail). Application of the criterion to metric values produces a subset. A representation of the subset is presented in an interactive dashboard. The representation can include unique values in the subset and counts of corresponding event occurrences. Clients can select particular elements in the representation to cause more detail to be presented with respect to individual events corresponding to specific values in the subset. Thus, clients can use their knowledge system operations and observance of value frequencies and underlying events to identify anomalous metric values and potential security threats.

Source: USPTO / EPO open patent data. Objective bibliographic and citation counts.