公开(公告)号：US11620288B2

公开(公告)日：2023-04-04

申请号：US17652620

申请日：2022-02-25

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Scott Calvert ,  Alexander Douglas James ,  Bei Li ,  Ashish Mathew ,  James Monschke ,  Sogol Moshtaghi ,  Christopher Madden Pride ,  Xiaowei Wang

IPC: G06F16/00 ,  G06F16/2453 ,  G06F16/13 ,  G06F11/34 ,  G06F16/2455

Abstract: Systems and methods are disclosed for mapping search nodes to a search head in a data intake and query system based on a tenant identifier in order to execute a query received by the data intake and query system. The mapping may allow same or similar search nodes to be used to execute queries that are associated with a particular tenant identifier, in order to take advantage of caching and local data stored with those search nodes. In some cases, search nodes can be mapped based on the tenant identifier using a hashing algorithm, such as a consistent hashing algorithm.

公开(公告)号：US11562023B1

公开(公告)日：2023-01-24

申请号：US15967585

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Sourav Pal ,  Sai Krishna Sajja ,  Hasan Alayli ,  Vishal Patel ,  Igor Stojanovski ,  Eric Woo ,  Steve Wong ,  Tameem Anwar

IPC: G06F16/901 ,  G06F3/06 ,  G06F16/23 ,  G06F16/27

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. An indexing system of the data intake and query system receives data and stores at least a portion of it in buckets, which are then stored in a shared storage system. The indexing system merges multiple buckets to generate merged buckets and uploads the merged buckets to the shared storage system.

公开(公告)号：US20220292021A1

公开(公告)日：2022-09-15

申请号：US17652635

申请日：2022-02-25

Applicant: Splunk Inc.

Inventor： Ledion Bitincka ,  Alexandros Batsakis ,  Paul J. Lucas ,  Nicholas Robert Romito

IPC: G06F12/0875 ,  G06F16/172 ,  G06F16/951 ,  G06F16/957 ,  G06F3/06 ,  G06F12/0802 ,  G06F16/14 ,  G06F12/0862 ,  G06F12/0866 ,  G06F12/0868 ,  G06F12/0871 ,  G06F12/0873

Abstract: Embodiments are disclosed for performing cache aware searching. In response to a search query, a first bucket and a second bucket in remote storage for processing the search query. A determination is made that a first file in the first bucket is present in a cache when the search query is received. In response to the search query, a search is performed using the first file based on the determination that the first file is present in the cache when the search query is received, and the search is performed using a second file from the second bucket once the second file is stored in the cache.

公开(公告)号：US11436116B1

公开(公告)日：2022-09-06

申请号：US16778511

申请日：2020-01-31

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Mehul Goyal ,  Ashish Mathew ,  Douglas Rapp ,  Igor Stojanovski ,  Eric Woo

IPC: G06F11/00 ,  G06F11/30 ,  G06F16/182 ,  G06F11/32 ,  G06F16/17

Abstract: Systems and methods are described for improving data availability and/or resiliency of indexers of a data intake and query system. A data intake and query system can index large amounts of data using one or more indexers. An indexer can store a copy of the data that the indexer is assigned to process in the shared storage system, and a cluster master can track the storage of the data and the indexer assigned to process the data. In the event an indexer fails or is otherwise unable to index data that it has been assigned to index, the cluster master can assign one or more second indexers to process the data. The second indexer can download the data from the shared storage system.

公开(公告)号：US11385936B1

公开(公告)日：2022-07-12

申请号：US16147251

申请日：2018-09-28

Applicant: Splunk Inc.

Inventor： Bharath Kishore Reddy Aleti ,  Alexandros Batsakis ,  Mitchell Neuman Blank ,  Rama Gopalan ,  Hongxun Liu ,  Anish Shrigondekar

IPC: G06F16/00 ,  G06F7/00 ,  G06F9/50 ,  G06F16/22 ,  G06F16/242 ,  G06F16/2455

Abstract: Achieving search and ingest isolation via resource management in a search and indexing system includes receiving a search query associated with at least one data store, assigning, in response to the search query being associated with the at least one data store, the search query to a first workload pool in a set of query workload pools, and processing the search query using a first hardware resource in the first workload pool. Achieving search and ingest isolation further includes receiving an ingest request comprising data associated with the at least one data store. The ingest request is assigned to a second workload pool in a set of ingest workload pools. The set of query workload pools and the set of ingest workload pools are disjoint. Achieving search and ingest isolation further includes processing the ingest request using a second hardware resource in the second workload pool.

公开(公告)号：US11327992B1

公开(公告)日：2022-05-10

申请号：US16512899

申请日：2019-07-16

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Clifton Gordon ,  Brad Lovering ,  Christopher Madden Pride

IPC: G06F16/00 ,  G06F16/25 ,  H04L29/06 ,  G06F16/903 ,  H04L67/60 ,  G06F16/901 ,  G06F9/50 ,  G06F16/908

Abstract: Systems and methods are disclosed for authenticating a user to use one or more components of a data intake and query system. The data intake and query system enables the generation or searching of events that include raw machine data associated with a timestamp. The data intake and query system receives a request for access via an application programming interface (API). Based on the request, the data intake and query system authenticates the user. The data intake and query system can receive a second request via the API for a component of the data intake and query system. Based on a determination that the user is authenticated, the data intake and query system can communicate the request to the component.

公开(公告)号：US11086869B1

公开(公告)日：2021-08-10

申请号：US16177256

申请日：2018-10-31

Applicant: Splunk Inc.

Inventor： Bharath Kishore Reddy Aleti ,  Alexandros Batsakis ,  Joseph Gabriel Echeverria ,  Alexander Douglas James ,  Sourav Pal ,  Christopher Madden Pride ,  Sai Krishna Sajja ,  Eric Sammer

IPC: G06F16/00 ,  G06F16/2453 ,  G06F16/242 ,  G06F16/9535 ,  G06F40/205 ,  G06F9/54

Abstract: Systems and methods are disclosed for interfacing with one or more components of a data intake and query system. The data intake and query system includes a gateway that interfaces between one or more computer-executable applications and one or more components of the data intake and query system. The data intake and query system can include an intake system configured to ingest data, an indexing system configured to generate and store one or more events based on the data, and a query system configured to execute one or more queries. The intake system can include a streaming data processor and at least one ingestion buffer. The indexing system can include at least one containerized indexing node, and the query system can include at least one containerized search node.

公开(公告)号：US20210117425A1

公开(公告)日：2021-04-22

申请号：US16657899

申请日：2019-10-18

Applicant: Splunk Inc.

Inventor： Balaji Rao ,  Jindrich Dinga ,  Kieran Cairney ,  Manuel Martinez ,  Nitilaksha Halakatti ,  Ningxuan He ,  Arindam Bhattacharjee ,  Sourav Pal ,  Alexandros Batsakis

IPC: G06F16/2453 ,  G06F16/2458 ,  H04L9/08 ,  G06F8/61 ,  H04L29/08 ,  H04L12/24

Abstract: Systems and methods are described for establishing and managing components of a distributed computing framework implemented in a data intake and query system. The distributed computing framework may include a master and a plurality of worker nodes. The master may selectively operate on a search head captain that is chosen from the search heads of the data intake and query system. The search head captain may distribute configuration information for the master and the distributed computing framework to the other search heads, which in turn, may distribute that configuration information to indexers of the data intake and query system. Worker nodes may be selectively activated for operation on the indexers based on the configuration information, and the worker nodes may additionally use the configuration information to contact the master and join the distributed computing framework. This approach may provide numerous benefits, including improved security, flexibility in the selection of worker nodes, and redundancy for failures of physical components of the data intake and query system.

公开(公告)号：US10671540B2

公开(公告)日：2020-06-02

申请号：US16049609

申请日：2018-07-30

Applicant: Splunk, Inc.

Inventor： Ledion Bitincka ,  Alexandros Batsakis ,  Paul J. Lucas ,  Nicholas Robert Romito

IPC: G06F12/00 ,  G06F12/0875 ,  G06F16/172 ,  G06F16/951 ,  G06F16/957 ,  G06F3/06 ,  G06F12/0802

Abstract: Embodiments are disclosed for performing cache aware searching. In response to a search query, a first bucket and a second bucket in remote storage for processing the search query. A determination is made that a first file in the first bucket is present in a cache when the search query is received. In response to the search query, a search is performed using the first file based on the determination that the first file is present in the cache when the search query is received, and the search is performed using a second file from the second bucket once the second file is stored in the cache.

公开(公告)号：US10067876B2

公开(公告)日：2018-09-04

申请号：US15402105

申请日：2017-01-09

Applicant: Splunk, Inc.

Inventor： Ledion Bitincka ,  Alexandros Batsakis ,  Paul J. Lucas ,  Nicholas Robert Romito

IPC: G06F12/00 ,  G06F12/0875 ,  G06F17/30 ,  G06F12/0862 ,  G06F3/06 ,  G06F12/0873 ,  G06F12/0802 ,  G06F12/0866 ,  G06F12/0868 ,  G06F12/0871

CPC classification number: G06F12/0875 ,  G06F16/172 ,  G06F16/951 ,  G06F16/9574 ,  G06F2212/1021 ,  G06F2212/45 ,  G06F2212/6024 ,  G06F2212/6026 ,  G06F2212/6028

Abstract: Embodiments are disclosed for a prefetching method that may include copying, in response to a search query, a first bucket from a remote storage to a cache. The first bucket may include first data associated with the search query. The method may further include identifying a first file type associated with a first file in the first bucket. The first file may be associated with a usage status. The method may further include accessing, based on the search query, a second bucket from the remote storage. The second bucket may include second data associated with the search query. The method may further include identifying a second file in the second bucket having the first file type, and copying, in response to the usage status indicating that the first file was used in processing the search query, the second file from the remote storage to the cache.