US 11,886,464 B1
Triage model in service monitoring system
Adam Jamison Oliner, San Francisco, CA (US); Kristal Curtis, San Francisco, CA (US); Iman Makaremi, San Francisco, CA (US); and Ross Andrew Lazerowitz, San Francisco, CA (US)
Assigned to Splunk Inc., San Francisco, CA (US)
Filed by Splunk Inc., San Francisco, CA (US)
Filed on Jan. 23, 2023, as Appl. No. 18/100,329.
Application 18/100,329 is a continuation of application No. 17/158,638, filed on Jan. 26, 2021, granted, now 11,593,400.
Application 17/158,638 is a continuation of application No. 16/049,757, filed on Jul. 30, 2018, granted, now 10,942,946, issued on Mar. 9, 2021.
Application 16/049,757 is a continuation in part of application No. 15/276,750, filed on Sep. 26, 2016, granted, now 10,193,775, issued on Jan. 29, 2019.
Int. Cl. H04L 41/0604 (2022.01); G06F 16/28 (2019.01); G06F 16/21 (2019.01); G06F 9/54 (2006.01); H04L 41/22 (2022.01); H04L 41/069 (2022.01); H04L 41/5009 (2022.01); H04L 41/0681 (2022.01); G06Q 10/0639 (2023.01); G06Q 10/20 (2023.01); G06F 16/903 (2019.01); G06Q 10/10 (2023.01); H04L 67/50 (2022.01)
CPC G06F 16/282 (2019.01) [G06F 9/542 (2013.01); G06F 16/213 (2019.01); G06F 16/903 (2019.01); G06Q 10/06393 (2013.01); G06Q 10/10 (2013.01); G06Q 10/20 (2013.01); H04L 41/0604 (2013.01); H04L 41/069 (2013.01); H04L 41/0681 (2013.01); H04L 41/22 (2013.01); H04L 41/5009 (2013.01); H04L 67/535 (2022.05)] 19 Claims
OG exemplary drawing
 
1. A method implemented by one or more computing devices, comprising:
generating a plurality of notable events using machine data obtained from an information technology environment, the machine data reflecting activity of one or more components in the information technology environment;
applying, to the plurality of notable events, a score model defined by one or more values of respective substitution variables referenced by a score model template, wherein the one or more values of respective substitution variables are derived from historical data, and wherein the score model produces a set of numeric values, each numeric value reflecting a ranking of a respective notable event against other notable events of the plurality of notable events;
identifying a subset of the plurality of notable events by filtering the plurality of notable events based on a selection criterion applied to the numeric values;
identifying, by applying an action model to the subset of notable events, an action to be performed in response to the subset of notable events; and
generating a display identifying the action to be performed in response to the subset of notable events.