公开(公告)号：US20230015186A1

公开(公告)日：2023-01-19

申请号：US17944065

申请日：2022-09-13

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  David Ryan Marquardt ,  Karthikeyan Sabhanatarajan

IPC: G06F16/2453 ,  G06F16/2458

Abstract: A method includes receiving an initial pipeline including a sequence of commands for execution on a computing system, and obtaining, for each command in the sequence of commands, semantic information. The sequence of commands includes a command with incomplete semantic information. The method further includes generating an abstract semantic tree (AST) with the semantic information and a placeholder for the incomplete semantic information, and manipulating the AST to generate a revised AST. The revised AST corresponds to a revised pipeline that reduces an execution time on the computing system. The method further includes executing the revised pipeline.

公开(公告)号：US20220365932A1

公开(公告)日：2022-11-17

申请号：US17876404

申请日：2022-07-28

Applicant: Splunk Inc.

Inventor： David Ryan Marquardt ,  Karthikeyan Sabhanatarajan ,  Steve Yu Zhang

IPC: G06F16/2453 ,  G06F16/2458 ,  G06F16/22

Abstract: Embodiments of the present disclosure provide techniques for using an inverted index in a pipelined search query. A field searchable data store is provided that comprises a plurality of event records, each event record comprising a time-stamped portion of raw machine data. Responsive to the reciept of an incoming search query, the search engine accesses an inverted index, wherein each entry in the inverted index comprises at least one field name, a corresponding at least one field value and a reference value associated with each field name and value pair that identifies a location in the data store where an associated event record is stored. Once the inverted index is accessed, it can be used to identify and search a subset of the plurality of event records, wherein the subset comprises one or more event records with corresponding reference values in the inverted index.

公开(公告)号：US11429608B2

公开(公告)日：2022-08-30

申请号：US16527719

申请日：2019-07-31

Applicant: Splunk Inc.

Inventor： Karthikeyan Sabhanatarajan ,  David Ryan Marquardt ,  Steve Zhang ,  Nicholas Romito ,  Sophia Zhu

IPC: G06F16/24 ,  G06F16/2453 ,  G06F16/903

Abstract: Embodiments of the present disclosure provide techniques for emitting structured and dynamic fields from an accelerated data model. The method comprises evaluating a query to search a data model, wherein the data model is defined by a set of events and at least one structured field from fields associated with the set of events. Each event comprises a time-stamped portion of raw machine data and is stored in a field searchable data store. A summarization table is associated with the data model and comprises a plurality of entries comprising reference values, wherein a respective summarization table entry comprises: the at least one structured field; a respective field value; and a reference value. The method further comprises accessing the set of events from the field searchable data store using the reference values in the summarization table and annotating the set of events with the at least one structured field and with at least one dynamic field from the fields associated with the set of events, wherein the at least one dynamic field is not defined in the data model.

公开(公告)号：US11379530B2

公开(公告)日：2022-07-05

申请号：US16527854

申请日：2019-07-31

Applicant: Splunk Inc.

Inventor： Karthikeyan Sabhanatarajan ,  David Ryan Marquardt ,  Steve Zhang ,  Nicholas Romito

IPC: G06F17/30 ,  G06F16/903 ,  G06F16/901

Abstract: Embodiments of the present disclosure provide techniques for performing searches of event records by leveraging reference values in an inverted index. A method of searching comprises accessing a query associated with a first set of event records in a field searchable data store, each event record comprising a time-stamped portion of raw machine data. The method further comprises evaluating the query and generating results for the query by accessing an inverted index, wherein each entry in the inverted index comprises at least one field, a corresponding at least one field value and a reference value that identifies a location in the field searchable data store where an associated event record is stored. The method further comprises performing a search to filter out a second set of event records and retrieving the second set of event records from the field searchable data store using reference values in the inverted index.

公开(公告)号：US10776355B1

公开(公告)日：2020-09-15

申请号：US15967578

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke ,  Karthikeyan Sabhanatarajan

IPC: G06F16/2453 ,  G06F16/901 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system uses one or more containerized search nodes to execute the query and stores the results in a data store for combination with additional query results.

公开(公告)号：US20200034363A1

公开(公告)日：2020-01-30

申请号：US16591432

申请日：2019-10-02

Applicant: Splunk Inc.

Inventor： David Ryan Marquardt ,  Karthikeyan Sabhanatarajan ,  Steve Yu Zhang

IPC: G06F16/2453 ,  G06F16/2458 ,  G06F16/22

Abstract: Embodiments of the present disclosure provide techniques for using an inverted index in a pipelined search query. A field searchable data store is provided that comprises a plurality of event records, each event record comprising a time-stamped portion of raw machine data. Responsive to the receipt of an incoming search query, the search engine accesses an inverted index, wherein each entry in the inverted index comprises at least one field name, a corresponding at least one field value and a reference value associated with each field name and value pair that identifies a location in the data store where an associated event record is stored. Once the inverted index is accessed, it can be used to identify and search a subset of the plurality of event records, wherein the subset comprises one or more event records with corresponding reference values in the inverted index.

公开(公告)号：US10474674B2

公开(公告)日：2019-11-12

申请号：US15421293

申请日：2017-01-31

Applicant: Splunk Inc.

Inventor： David Ryan Marquardt ,  Karthikeyan Sabhanatarajan ,  Steve Yu Zhang

IPC: G06F7/00 ,  G06F16/2453

Abstract: Embodiments of the present disclosure provide techniques for using an inverted index in a pipelined search query. A field searchable data store is provided that comprises a plurality of event records, each event record comprising a time-stamped portion of raw machine data. Responsive to the reciept of an incoming search query, the search engine accesses an inverted index, wherein each entry in the inverted index comprises at least one field name, a corresponding at least one field value and a reference value associated with each field name and value pair that identifies a location in the data store where an associated event record is stored. Once the inverted index is accessed, it can be used to filter out a subset of the plurality of event records, wherein the subset comprises one or more event records with corresponding reference values in the inverted index.