	US 12,066,915 B1
	Systems and methods for retraining machine-learning models to perform alert grouping
William Deaderick, Austin, TX (US); William Stanton, Boulder, CO (US); and Thomas Camp Vieth, Cambridge, MA (US)
Assigned to Splunk Inc., San Francisco, CA (US)
Filed by Splunk, Inc., San Francisco, CA (US)
Filed on Jan. 31, 2022, as Appl. No. 17/589,532.
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 11/00 (2006.01); G06F 11/07 (2006.01); G06F 11/30 (2006.01); G06F 11/34 (2006.01); G06F 16/242 (2019.01); G06N 20/00 (2019.01)

CPC G06F 11/3075 (2013.01) [G06F 11/0781 (2013.01); G06F 11/3409 (2013.01); G06F 11/3447 (2013.01); G06F 11/3452 (2013.01); G06F 16/244 (2019.01); G06F 11/3082 (2013.01); G06N 20/00 (2019.01)]

20 Claims

1. A computerized method comprising:

assigning a plurality of alerts to one or more alert groupings by a machine learning model implementing a distance metric, wherein an alert grouping is a grouping of at least one alert;

generating a graphical user interface (GUI) that illustrates the plurality of alerts assigned into the one or more alert groupings;

receiving user feedback via the GUI indicating that a change is to be made to an assignment of one or more alerts of the plurality of alerts, wherein the change to be made to the assignment of the one or more alerts includes one of (i) merging of two alert groupings, (ii) splitting of a selected alert grouping into separate alert groupings at a selected time, or (iii) splitting of the selected alert grouping into two or more alert groupings according to distinct values for a selected categorical field;

constructing a convex optimization procedure to minimize an adjustment of weights used in the distance metric based on the user feedback;

retraining the machine learning model by adjusting the weights of the distance metric in accordance with the convex optimization procedure; and

evaluating one or more subsequently received alerts using the retrained machine learning model.