公开(公告)号：US11157498B1

公开(公告)日：2021-10-26

申请号：US16147344

申请日：2018-09-28

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  Manu Jose ,  Sourav Pal ,  Christopher Madden Pride ,  Nicholas Robert Romito ,  Igor Braylovskiy ,  Arun Ramani ,  Ankit Jain

IPC: G06F17/00 ,  G06F16/2453 ,  G06F16/242 ,  G06F16/9535 ,  G06F40/205 ,  G06F9/54

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a first query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system parses the first query and uses a dataset association records of a metadata catalog to dynamically identify one or more datasets associated with the query and generate a second query. The data intake and query system executes the second query.

公开(公告)号：US11106734B1

公开(公告)日：2021-08-31

申请号：US15967587

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke

IPC: G06F16/901 ,  G06F16/903 ,  G06F16/907 ,  G06F3/06

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The query identifies a set of data to be processed and a manner of processing the set of data. The data intake and query system dynamically identifies a plurality of containerized search nodes instantiated on one or more computing devices in a containerized environment to execute the query. The data intake and query system executes the query using the containerized search nodes.

公开(公告)号：US11860940B1

公开(公告)日：2024-01-02

申请号：US17233193

申请日：2021-04-16

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke

IPC: G06F16/901 ,  G06F16/903 ,  G06F16/2458

CPC classification number: G06F16/901 ,  G06F16/2477 ,  G06F16/90335

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system uses a search node catalog to identify search nodes that are available to execute the query and uses a bucket catalog to identify buckets to be searched. The data intake and query system executes the query using the identified bucket and search nodes.

公开(公告)号：US11620288B2

公开(公告)日：2023-04-04

申请号：US17652620

申请日：2022-02-25

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Scott Calvert ,  Alexander Douglas James ,  Bei Li ,  Ashish Mathew ,  James Monschke ,  Sogol Moshtaghi ,  Christopher Madden Pride ,  Xiaowei Wang

IPC: G06F16/00 ,  G06F16/2453 ,  G06F16/13 ,  G06F11/34 ,  G06F16/2455

Abstract: Systems and methods are disclosed for mapping search nodes to a search head in a data intake and query system based on a tenant identifier in order to execute a query received by the data intake and query system. The mapping may allow same or similar search nodes to be used to execute queries that are associated with a particular tenant identifier, in order to take advantage of caching and local data stored with those search nodes. In some cases, search nodes can be mapped based on the tenant identifier using a hashing algorithm, such as a consistent hashing algorithm.

公开(公告)号：US11327992B1

公开(公告)日：2022-05-10

申请号：US16512899

申请日：2019-07-16

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Clifton Gordon ,  Brad Lovering ,  Christopher Madden Pride

IPC: G06F16/00 ,  G06F16/25 ,  H04L29/06 ,  G06F16/903 ,  H04L67/60 ,  G06F16/901 ,  G06F9/50 ,  G06F16/908

Abstract: Systems and methods are disclosed for authenticating a user to use one or more components of a data intake and query system. The data intake and query system enables the generation or searching of events that include raw machine data associated with a timestamp. The data intake and query system receives a request for access via an application programming interface (API). Based on the request, the data intake and query system authenticates the user. The data intake and query system can receive a second request via the API for a component of the data intake and query system. Based on a determination that the user is authenticated, the data intake and query system can communicate the request to the component.

公开(公告)号：US11310313B2

公开(公告)日：2022-04-19

申请号：US17014244

申请日：2020-09-08

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Christopher Madden Pride

IPC: G06F15/167 ,  H04L67/1087 ,  H04L67/1004 ,  G06F16/951 ,  H04L43/106 ,  H04L43/16 ,  H04L67/02

Abstract: Multi-threaded processing of search responses returned by search peers is disclosed. An example method may include transmitting, by a computer system, a search request to a plurality of search peers of a data aggregation and analysis system; receiving, by a first processing thread, a plurality of data packets from the plurality of search peers; parsing, by a second processing thread operating asynchronously with respect to the first processing thread, one or more data packets of the plurality of data packets, to produce a partial response to the search request; splitting the partial response into two or more fields; and generating, based on the two or more fields of the partial response, an aggregated response to the search request.

公开(公告)号：US11184467B2

公开(公告)日：2021-11-23

申请号：US16668808

申请日：2019-10-30

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Christopher Madden Pride

IPC: H04L29/08

Abstract: Systems and methods for multi-thread processing of messages. An example method comprises: receiving, by a first processing thread, a plurality of network packets from a server; processing the plurality of network packets to produce a message; writing the message to a message queue; retrieving, by a second processing thread, the message from the message queue; producing a memory data structure based on the message; placing the memory data structure into a result queue; and responsive to determining that a total size of messages in the message queue exceeds a certain threshold, causing the first processing thread to suspend receiving network packets.

公开(公告)号：US11086869B1

公开(公告)日：2021-08-10

申请号：US16177256

申请日：2018-10-31

Applicant: Splunk Inc.

Inventor： Bharath Kishore Reddy Aleti ,  Alexandros Batsakis ,  Joseph Gabriel Echeverria ,  Alexander Douglas James ,  Sourav Pal ,  Christopher Madden Pride ,  Sai Krishna Sajja ,  Eric Sammer

IPC: G06F16/00 ,  G06F16/2453 ,  G06F16/242 ,  G06F16/9535 ,  G06F40/205 ,  G06F9/54

Abstract: Systems and methods are disclosed for interfacing with one or more components of a data intake and query system. The data intake and query system includes a gateway that interfaces between one or more computer-executable applications and one or more components of the data intake and query system. The data intake and query system can include an intake system configured to ingest data, an indexing system configured to generate and store one or more events based on the data, and a query system configured to execute one or more queries. The intake system can include a streaming data processor and at least one ingestion buffer. The indexing system can include at least one containerized indexing node, and the query system can include at least one containerized search node.

公开(公告)号：US20200004794A1

公开(公告)日：2020-01-02

申请号：US16570545

申请日：2019-09-13

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Christopher Madden Pride ,  Arindam Bhattacharjee ,  Xiaowei Wang ,  James Alasdair Robert Hodge ,  Mustafa Ahamed

IPC: G06F16/951 ,  G06F16/21 ,  G06F16/25 ,  G06F16/904 ,  G06F16/901 ,  G06F16/9038 ,  G06F16/903 ,  G06F16/248 ,  G06F16/2458 ,  G06F16/27 ,  G06F16/2455

Abstract: Disclosed is a technique that can be performed in a distributed computer network. The technique can include a data index and query system that receives a search query, defines a search scheme for applying the search query on distributed data storage systems including an internal data storage system of the data index and query system and an external data storage system. The internal data storage system stores data as time-indexed events including respective segments of raw machine data. The data index and query system can transfer a portion of the search scheme to a search service, which can return search results obtained by application of the search scheme to the distributed data storage systems including the internal data storage system and the external data storage system. Lastly, the search results or data indicative of the search results can be output on a display device to the user.

公开(公告)号：US09942318B2

公开(公告)日：2018-04-10

申请号：US15334690

申请日：2016-10-26

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Christopher Madden Pride

IPC: G06F15/167 ,  H04L29/08 ,  G06F17/30 ,  H04L12/26

CPC classification number: H04L67/1087 ,  G06F15/167 ,  G06F17/30864 ,  H04L43/106 ,  H04L43/16 ,  H04L67/02 ,  H04L67/1004

Abstract: Asynchronous processing of messages that are received from multiple servers is disclosed. An example method may include transmitting, by a computer system, a search request to a plurality of search peers of a data aggregation and analysis system. The method may further include receiving a plurality of sub-application layer protocol packets from the plurality of search peers. The method may further include parsing, by a first processing thread of the computer system, one or more sub-application layer protocol packets of the plurality of sub-application layer protocol packets, to produce an application layer message representing a partial response to the search request. The method may further include processing, by a second processing thread of the computer system, the application layer message to produce a memory data structure representing an aggregated response to the search request.