公开(公告)号：US20130311509A1

公开(公告)日：2013-11-21

申请号：US13664239

申请日：2012-10-30

Applicant: SPLUNK INC.

Inventor： Stephen Phillip Sorkin ,  Steve Yu Zhang ,  Ledion Bitincka

IPC: G06F17/30

CPC classification number: G06F17/30321 ,  G06F17/30424 ,  G06F17/30554 ,  G06F17/30584 ,  G06F17/30946

Abstract: A method and system for managing searches of a data set that is partitioned based on a plurality of events. A structure of a search query may be analyzed to determine if logical computational actions performed on the data set is reducible. Data in each partition is analyzed to determine if at least a portion of the data in the partition is reducible. In response to a subsequent or reoccurring search request, intermediate summaries of reducible data and reducible search computations may be aggregated for each partition. Next, a search result may be generated based on at least one of the aggregated intermediate summaries, the aggregated reducible search computations, and a query of adhoc non-reducible data arranged in at least one of the plurality of partitions for the data set.

Abstract translation: 一种用于管理基于多个事件划分的数据集的搜索的方法和系统。 可以分析搜索查询的结构以确定对数据集执行的逻辑计算动作是否可减少。 分析每个分区中的数据以确定分区中的数据的至少一部分是否可缩减。 响应于随后或重复出现的搜索请求，可以针对每个分区聚合可缩减数据和可缩减搜索计算的中间摘要。 接下来，可以基于聚合中间摘要，聚合可缩减搜索计算以及排列在用于数据集的多个分区中的至少一个分区中的adhoc不可还原数据的查询中的至少一个来生成搜索结果。

公开(公告)号：US20220292021A1

公开(公告)日：2022-09-15

申请号：US17652635

申请日：2022-02-25

Applicant: Splunk Inc.

Inventor： Ledion Bitincka ,  Alexandros Batsakis ,  Paul J. Lucas ,  Nicholas Robert Romito

IPC: G06F12/0875 ,  G06F16/172 ,  G06F16/951 ,  G06F16/957 ,  G06F3/06 ,  G06F12/0802 ,  G06F16/14 ,  G06F12/0862 ,  G06F12/0866 ,  G06F12/0868 ,  G06F12/0871 ,  G06F12/0873

Abstract: Embodiments are disclosed for performing cache aware searching. In response to a search query, a first bucket and a second bucket in remote storage for processing the search query. A determination is made that a first file in the first bucket is present in a cache when the search query is received. In response to the search query, a search is performed using the first file based on the determination that the first file is present in the cache when the search query is received, and the search is performed using a second file from the second bucket once the second file is stored in the cache.

公开(公告)号：US10726080B2

公开(公告)日：2020-07-28

申请号：US15885629

申请日：2018-01-31

Applicant: SPLUNK INC.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F17/30 ,  G06F16/951 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/903

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing real-time search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.

公开(公告)号：US10671540B2

公开(公告)日：2020-06-02

申请号：US16049609

申请日：2018-07-30

Applicant: Splunk, Inc.

Inventor： Ledion Bitincka ,  Alexandros Batsakis ,  Paul J. Lucas ,  Nicholas Robert Romito

IPC: G06F12/00 ,  G06F12/0875 ,  G06F16/172 ,  G06F16/951 ,  G06F16/957 ,  G06F3/06 ,  G06F12/0802

Abstract: Embodiments are disclosed for performing cache aware searching. In response to a search query, a first bucket and a second bucket in remote storage for processing the search query. A determination is made that a first file in the first bucket is present in a cache when the search query is received. In response to the search query, a search is performed using the first file based on the determination that the first file is present in the cache when the search query is received, and the search is performed using a second file from the second bucket once the second file is stored in the cache.

公开(公告)号：US10235431B2

公开(公告)日：2019-03-19

申请号：US15011473

申请日：2016-01-29

Applicant: Splunk Inc.

Inventor： Ashish Mathew ,  Ledion Bitincka ,  Igor Stojanovski ,  Dhruva Kumar Bhagi

IPC: G06F17/30

Abstract: Techniques and mechanisms are disclosed to optimize the size of index files to improve use of storage space available to indexers and other components of a data intake and query system. Index files of a data intake and query system may include, among other data, a keyword portion containing mappings between keywords and location references to event data containing the keywords. Optimizing an amount of storage space used by index files may include removing, modifying and/or recreating various components of index files in response to detecting one or more storage conditions related to the event data indexed by the index files. The optimization of index files generally may attempt to manage a tradeoff between an efficiency with which search requests can be processed using the index files and an amount of storage space occupied by the index files.

公开(公告)号：US10178152B2

公开(公告)日：2019-01-08

申请号：US15143472

申请日：2016-04-29

Applicant: Splunk Inc.

Inventor： Ledion Bitincka ,  Vishal Patel ,  Geoffrey Hendrey ,  Eric Woo

IPC: H04L12/24 ,  G06F15/16 ,  H04L29/08

Abstract: In a computer-implemented method for configuring a distributed computer system comprising a plurality of nodes of a plurality of node classes, configuration files for a plurality of nodes of each of the plurality of node classes are stored in a central repository. The configuration files include information representing a desired system state of the distributed computer system, and the distributed computer system operates to keep an actual system state of the distributed computer system consistent with the desired system state. The plurality of node classes includes forwarder nodes for receiving data from an input source, indexer nodes for indexing the data, and search head nodes for searching the data. Responsive to receiving changes to the configuration files, the changes are propagated to nodes of the plurality of nodes impacted by the changes based on a node class of the nodes impacted by the changes.

公开(公告)号：US10067876B2

公开(公告)日：2018-09-04

申请号：US15402105

申请日：2017-01-09

Applicant: Splunk, Inc.

Inventor： Ledion Bitincka ,  Alexandros Batsakis ,  Paul J. Lucas ,  Nicholas Robert Romito

IPC: G06F12/00 ,  G06F12/0875 ,  G06F17/30 ,  G06F12/0862 ,  G06F3/06 ,  G06F12/0873 ,  G06F12/0802 ,  G06F12/0866 ,  G06F12/0868 ,  G06F12/0871

CPC classification number: G06F12/0875 ,  G06F16/172 ,  G06F16/951 ,  G06F16/9574 ,  G06F2212/1021 ,  G06F2212/45 ,  G06F2212/6024 ,  G06F2212/6026 ,  G06F2212/6028

Abstract: Embodiments are disclosed for a prefetching method that may include copying, in response to a search query, a first bucket from a remote storage to a cache. The first bucket may include first data associated with the search query. The method may further include identifying a first file type associated with a first file in the first bucket. The first file may be associated with a usage status. The method may further include accessing, based on the search query, a second bucket from the remote storage. The second bucket may include second data associated with the search query. The method may further include identifying a second file in the second bucket having the first file type, and copying, in response to the usage status indicating that the first file was used in processing the search query, the second file from the remote storage to the cache.

公开(公告)号：US20180196824A1

公开(公告)日：2018-07-12

申请号：US15402119

申请日：2017-01-09

Applicant: Splunk, Inc.

Inventor： Ledion Bitincka ,  Alexandros Batsakis ,  Paul J. Lucas ,  Nicholas Robert Romito

IPC: G06F17/30

CPC classification number: G06F12/0875 ,  G06F12/0802 ,  G06F12/0862 ,  G06F12/0866 ,  G06F12/0868 ,  G06F12/0871 ,  G06F12/0873 ,  G06F17/30106 ,  G06F17/30132 ,  G06F17/30864 ,  G06F17/30902 ,  G06F2212/1021 ,  G06F2212/45 ,  G06F2212/6024 ,  G06F2212/6026 ,  G06F2212/6028

Abstract: Embodiments are disclosed for performing cache aware searching. In response to a search query, a first bucket and a second bucket in remote storage for processing the search query. A determination is made that a first file in the first bucket is present in a cache when the search query is received. In response to the search query, a search is performed using the first file based on the determination that the first file is present in the cache when the search query is received, and the search is performed using a second file from the second bucket once the second file is stored in the cache.

公开(公告)号：US20180157755A1

公开(公告)日：2018-06-07

申请号：US15885629

申请日：2018-01-31

Applicant: SPLUNK INC.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F17/30

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing real-time search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.

公开(公告)号：US09916385B2

公开(公告)日：2018-03-13

申请号：US15339951

申请日：2016-11-01

Applicant: Splunk Inc.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F17/30

CPC classification number: G06F17/30864 ,  G06F17/30477 ,  G06F17/30516 ,  G06F17/30545 ,  G06F17/30979

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing real-time search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.