公开(公告)号：US10402384B2

公开(公告)日：2019-09-03

申请号：US15421127

申请日：2017-01-31

Applicant: SPLUNK INC.

Inventor： David Ryan Marquardt ,  Mitchell Neuman Blank, Jr. ,  Stephen Phillip Sorkin

IPC: G06F16/00 ,  G06F16/22 ,  G06F16/2453 ,  G06F16/33 ,  G06F16/242 ,  G06F16/248 ,  G06F16/28 ,  G06F16/31 ,  G06F16/338 ,  G06F16/23 ,  G06F16/2458 ,  G06F16/2455

Abstract: Embodiments are directed towards a method for searching data. The method comprises providing an inverted index that comprises at least one record, wherein the at least one record comprises at least one field name and a corresponding at least one field value. The at least one field name and corresponding value are extracted from time-stamped searchable events that are stored in a field searchable datastore and comprise portions of raw data. The at least one record further comprises a posting value that identifies a location in the field searchable datastore where an event associated with the at least one record is stored. The method further comprises receiving an incoming search query that references a field name and evaluating the incoming search query. Furthermore, responsive to the evaluating, the method comprises determining results for the incoming search query using the field searchable datastore or the inverted index.

公开(公告)号：US09984128B2

公开(公告)日：2018-05-29

申请号：US14815880

申请日：2015-07-31

Applicant: Splunk Inc.

Inventor： Sundar Rengarajan Vasan ,  Mitchell Neuman Blank, Jr. ,  Vishal Patel ,  Da Xu ,  Rama Gopalan

IPC: G06F17/30 ,  H04L29/08 ,  G06F11/20 ,  G06F3/06

CPC classification number: G06F17/30528 ,  G06F3/0617 ,  G06F3/065 ,  G06F3/067 ,  G06F11/20 ,  G06F11/2094 ,  G06F17/30241 ,  G06F17/30336 ,  G06F17/30575 ,  G06F17/30581 ,  G06F17/30867 ,  G06F17/3087 ,  H04L67/1097

Abstract: Techniques are described for managing data within a multi-site clustered data intake and query system. A data intake and query system as described herein generally refers to a system for collecting, retrieving, and analyzing data. In this context, a clustered data intake and query system generally refers to a system environment that is configured to provide data redundancy and other features that improve the availability of data stored by the system. For example, a clustered data intake and query system may be configured to store multiple copies of data stored by the system across multiple components such that recovery from a failure of one or more of the components is possible by using copies of the data stored elsewhere in the cluster.

公开(公告)号：US20170140013A1

公开(公告)日：2017-05-18

申请号：US15421297

申请日：2017-01-31

Applicant: Splunk Inc.

Inventor： David Ryan Marquardt ,  Mitchell Neuman Blank, Jr. ,  Stephen Phillip Sorkin

IPC: G06F17/30

CPC classification number: G06F16/221 ,  G06F16/2228 ,  G06F16/2322 ,  G06F16/243 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/2477 ,  G06F16/248 ,  G06F16/282 ,  G06F16/319 ,  G06F16/33 ,  G06F16/338

Abstract: Embodiments are directed towards a method for searching data. The method comprises generating an inverted index that comprises at least one record, wherein the at least one record comprises at least one field name and a corresponding at least one field value. The at least one field name and corresponding value are extracted from time-stamped searchable events that are stored in a field searchable datastore and comprise portions of raw data. The at least one record further comprises a posting value that identifies a location in the field searchable datastore where an event associated with the at least one record is stored. The method further comprises receiving an incoming search query that references a field name. Furthermore, the method comprises generating results to the incoming search query based on the field searchable datastore, wherein the field searchable datastore is directly searchable by the field name.

公开(公告)号：US11182367B1

公开(公告)日：2021-11-23

申请号：US16388812

申请日：2019-04-18

Applicant: SPLUNK INC.

Inventor： Vishal Patel ,  Jimmy John ,  Stephen Phillip Sorkin ,  Johnathon Lee Cervelli ,  Mitchell Neuman Blank, Jr. ,  Robin Kumar Das

IPC: G06Q20/00 ,  G06F16/22 ,  G06F21/12

Abstract: The invention is directed towards enabling data volume and data type based licensing of software in a distributed system of a plurality of remote and/or local nodes. The invention enables measuring and optionally restricting the use of software based on one or more provided licenses that restrict the amount and type of data that may be processed by the software. New and older licenses may be added together for a single, bulk entitlement for a given volume of data processing for one or all types of data. Different users in the same enterprise may combine license entitlements too. Also, a new license can be acquired repeatedly, without requiring the issuance of combined licenses by the issuing authority and/or the revocation of prior licenses.

公开(公告)号：US11010390B2

公开(公告)日：2021-05-18

申请号：US16444593

申请日：2019-06-18

Applicant: SPLUNK, INC.

Inventor： Vishal Patel ,  Mitchell Neuman Blank, Jr. ,  Sundar Renegarajan Vasan ,  Stephen Phillip Sorkin

IPC: G06F16/2457 ,  G06F16/9537 ,  G06F16/9535 ,  G06F16/22 ,  G06F16/27 ,  G06F16/29 ,  H04L29/08 ,  G06F11/20 ,  G06F3/06

Abstract: Embodiments are directed towards managing within a cluster environment having a plurality of indexers for data storage using redundancy the data being managed using a generation identifier, such that a primary indexer is designated for a given generation of data. When a master device for the cluster fails, data may continue to be stored using redundancy, and data searches performed may still be performed.

公开(公告)号：US10474682B2

公开(公告)日：2019-11-12

申请号：US15967385

申请日：2018-04-30

Applicant: SPLUNK, INC.

Inventor： Vishal Patel ,  Mitchell Neuman Blank, Jr. ,  Sundar Renegarajan Vasan ,  Stephen Phillip Sorkin

IPC: G06F16/2457 ,  G06F16/27 ,  G06F16/29 ,  G06F16/22 ,  G06F16/9535 ,  G06F16/9537 ,  H04L29/08 ,  G06F11/20 ,  G06F3/06

Abstract: Embodiments are directed towards managing within a cluster environment having a plurality of indexers for data storage using redundancy the data being managed using a generation identifier, such that a primary indexer is designated for a given generation of data. When a master device for the cluster fails, data may continue to be stored using redundancy, and data searches performed may still be performed.

公开(公告)号：US09442981B2

公开(公告)日：2016-09-13

申请号：US14929332

申请日：2015-10-31

Applicant: Splunk Inc.

Inventor： Mitchell Neuman Blank, Jr. ,  Leonid Budchenko ,  David Carasso ,  Micah James Delfino ,  Johnvey Hwang ,  Stephen Phillip Sorkin ,  Eric Timothy Woo

IPC: G06F17/30 ,  G06F3/0484 ,  G06F3/0482 ,  G06F17/27

CPC classification number: G06F17/30867 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/0485 ,  G06F17/2705 ,  G06F17/30321 ,  G06F17/30507 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30619 ,  G06F17/30864

Abstract: Embodiments are directed towards previewing results generated from indexing data raw data before the corresponding index data is added to an index store. Raw data may be received from a preview data source. After an initial set of configuration information may be established, the preview data may be submitted to an index processing pipeline. A previewing application may generate preview results based on the preview index data and the configuration information. The preview results may enable previewing how the data is being processed by the indexing application. If the preview results are not acceptable, the configuration information may be modified. The preview application enables modification of the configuration information until the generated preview results may be acceptable. If the configuration information is acceptable, the preview data may be processed and indexed in one or more index stores.

Abstract translation: 实施例针对在将对应的索引数据添加到索引存储之前预览从索引数据原始数据生成的结果。 可以从预览数据源接收原始数据。 在可以建立一组初始配置信息之后，可以将预览数据提交给索引处理流水线。 预览应用可以基于预览索引数据和配置信息生成预览结果。 预览结果可能可以预览索引应用程序如何处理数据。 如果预览结果不可接受，则可以修改配置信息。 预览应用程序可以修改配置信息，直到生成的预览结果可以接受。 如果配置信息是可接受的，则预览数据可以在一个或多个索引存储中被处理和索引。

公开(公告)号：US09160798B2

公开(公告)日：2015-10-13

申请号：US13662358

申请日：2012-10-26

Applicant: SPLUNK INC.

Inventor： Vishal Patel ,  Mitchell Neuman Blank, Jr. ,  Sundar Rengarajan Vasan ,  Stephen Phillip Sorkin

IPC: G06F17/30 ,  H04L29/08 ,  G06F11/20

CPC classification number: H04L67/1097 ,  G06F11/2097 ,  G06F17/30312

Abstract: Embodiments are directed towards managing within a cluster environment having a plurality of indexers for data storage using redundancy the data being managed using a generation identifier, such that a primary indexer is designated for a given generation of data. When a master device for the cluster fails, data may continue to be stored using redundancy, and data searches performed may still be performed.

Abstract translation: 实施例旨在在具有多个索引器的集群环境内管理，用于使用生成标识符来管理数据的冗余来进行数据存储，从而为指定的生成数据指定主索引器。 当集群的主设备发生故障时，可以继续使用冗余来存储数据，并且仍然可以执行数据搜索。

公开(公告)号：US09130971B2

公开(公告)日：2015-09-08

申请号：US14266812

申请日：2014-04-30

Applicant: Splunk Inc.

Inventor： Sundar Rengarajan Vasan ,  Mitchell Neuman Blank, Jr. ,  Vishal Patel ,  Da Xu ,  Rama Gopalan

IPC: G06F17/30 ,  H04L29/08 ,  G06F11/20 ,  G06F3/06

CPC classification number: G06F17/30528 ,  G06F3/0617 ,  G06F3/065 ,  G06F3/067 ,  G06F11/20 ,  G06F11/2094 ,  G06F17/30241 ,  G06F17/30336 ,  G06F17/30575 ,  G06F17/30581 ,  G06F17/30867 ,  G06F17/3087 ,  H04L67/1097

Abstract: According to various embodiments, techniques are described for managing data within a multi-site clustered data intake and query system. A data intake and query system as described herein generally refers to a system for collecting, retrieving, and analyzing data. In this context, a clustered data intake and query system generally refers to a system environment that is configured to provide data redundancy and other features that improve the availability of data stored by the system. For example, a clustered data intake and query system may be configured to store multiple copies of data stored by the system across multiple components such that recovery from a failure of one or more of the components is possible by using copies of the data stored elsewhere in the cluster.

Abstract translation: 根据各种实施例，描述了用于管理多站点群集数据访问和查询系统内的数据的技术。 本文所述的数据采集和查询系统通常是指用于收集，检索和分析数据的系统。 在这种情况下，集群数据采集和查询系统通常是指被配置为提供数据冗余和提高系统存储的数据的可用性的其他特征的系统环境。 例如，集群数据采集和查询系统可以被配置为存储由多个组件存储的系统的多个副本，以便可以通过使用其他地方存储的数据的副本来从一个或多个组件的故障中恢复 集群。

公开(公告)号：US11940967B2

公开(公告)日：2024-03-26

申请号：US17364617

申请日：2021-06-30

Applicant: SPLUNK INC.

Inventor： David Ryan Marquardt ,  Mitchell Neuman Blank, Jr. ,  Stephen Phillip Sorkin

IPC: G06F16/00 ,  G06F16/22 ,  G06F16/23 ,  G06F16/242 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/248 ,  G06F16/28 ,  G06F16/31 ,  G06F16/33 ,  G06F16/338

CPC classification number: G06F16/221 ,  G06F16/2228 ,  G06F16/2322 ,  G06F16/243 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/2477 ,  G06F16/248 ,  G06F16/282 ,  G06F16/319 ,  G06F16/33 ,  G06F16/338

Abstract: Embodiments are directed towards a method for searching data. The method comprises providing an inverted index that comprises at least one record, wherein the at least one record comprises at least one field name and a corresponding at least one field value. The at least one field name and corresponding value are extracted from time-stamped searchable events that are stored in a field searchable datastore and comprise portions of raw data. The at least one record further comprises a posting value that identifies a location in the field searchable datastore where an event associated with the at least one record is stored. The method further comprises evaluating an incoming search query that references a field name. Responsive to the evaluating, the method comprises determining results for the incoming search query by executing the incoming search query across the field searchable datastore or the inverted index.