公开(公告)号：US10698897B2

公开(公告)日：2020-06-30

申请号：US15714133

申请日：2017-09-25

Applicant: Splunk Inc.

Inventor： Arindam Bhattacharjee ,  Sourav Pal ,  Alexander Douglas James

IPC: G06F17/00 ,  G06F16/2455 ,  G06F16/951 ,  G06F16/22 ,  G06F21/62

Abstract: Systems and methods are disclosed for executing a distributed execution model with untrusted commands. The distributed execution model can be distributed to multiple nodes in a distributed computing environment. At least one node can process the distributed execution model to identify an untrusted command. The node can use data associated with the untrusted command to identify one or more files associated with the untrusted command. Based on the files, the node can generate a data structure, and execute at least a portion of the data structure.

公开(公告)号：US10606857B2

公开(公告)日：2020-03-31

申请号：US15339894

申请日：2016-10-31

Applicant: Splunk Inc.

Inventor： Thomas Allan Haggie ,  Clint Sharp ,  Alexander Douglas James ,  David Ryan Marquardt

IPC: G06F17/30 ,  G06F16/248 ,  G06F16/22 ,  G06F16/25 ,  G06F16/28 ,  G06F16/901 ,  G06F16/951 ,  G06F16/242 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/835 ,  G06F16/9038 ,  G06F16/9535 ,  G06F16/903 ,  H04L29/08 ,  G06F3/0481 ,  G06T11/20 ,  H04L12/26

Abstract: The disclosed embodiments include a method performed by a data intake and query system. The method includes populating each metric including a measure value, cataloging metadata in an in-memory metrics catalog, where the metadata is related to the metrics. The method further includes receiving a search query including search criteria, evaluating the search query by applying the search criteria to the metadata of the metrics catalog to obtain results that satisfy the search criteria, and causing display, on a display device, of the results or data indicative of the results.

公开(公告)号：US20190095488A1

公开(公告)日：2019-03-28

申请号：US15714133

申请日：2017-09-25

Applicant: Splunk Inc.

Inventor： Arindam Bhattacharjee ,  Sourav Pal ,  Alexander Douglas James

IPC: G06F17/30

Abstract: Systems and methods are disclosed for executing a distributed execution model with untrusted commands. The distributed execution model can be distributed to multiple nodes in a distributed computing environment. At least one node can process the distributed execution model to identify an untrusted command. The node can use data associated with the untrusted command to identify one or more files associated with the untrusted command. Based on the files, the node can generate a data structure, and execute at least a portion of the data structure.

公开(公告)号：US20180089312A1

公开(公告)日：2018-03-29

申请号：US15665159

申请日：2017-07-31

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Arindam Bhattacharjee ,  Kishore Reddy Ramasayam ,  Alexander Douglas James

IPC: G06F17/30

CPC classification number: G06F16/335 ,  G06F16/24535 ,  G06F16/2465 ,  G06F16/2471 ,  G06F16/26 ,  G06F16/328

Abstract: Systems and methods are disclosed for processing and executing queries against one or more dataset sources, where the queries identify a set of data to be processed and a manner of processing the set of data. To query the dataset sources, a query coordinator generates a query processing scheme that includes a dynamic allocation of multiple layers of partitions. The query is then executed based on the query processing scheme.

公开(公告)号：US12141143B2

公开(公告)日：2024-11-12

申请号：US17944065

申请日：2022-09-13

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  David Ryan Marquardt ,  Karthikeyan Sabhanatarajan

IPC: G06F16/20 ,  G06F16/2453 ,  G06F16/2458

Abstract: A method includes receiving an initial pipeline including a sequence of commands for execution on a computing system, and obtaining, for each command in the sequence of commands, semantic information. The sequence of commands includes a command with incomplete semantic information. The method further includes generating an abstract semantic tree (AST) with the semantic information and a placeholder for the incomplete semantic information, and manipulating the AST to generate a revised AST. The revised AST corresponds to a revised pipeline that reduces an execution time on the computing system. The method further includes executing the revised pipeline.

公开(公告)号：US20230244673A1

公开(公告)日：2023-08-03

申请号：US18192136

申请日：2023-03-29

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  Joseph Gabriel Echeverria ,  Eric Sammer

IPC: G06F16/2455 ,  G06F16/2453 ,  G06F16/901 ,  G06F16/903

CPC classification number: G06F16/24568 ,  G06F16/24542 ,  G06F16/901 ,  G06F16/90335

Abstract: Operational machine components of an information technology (IT) or other microprocessor- or microcontroller-permeated environment generate disparate forms of machine data. Network connections are established between these components and processors of data intake and query system (DIQS). The DIQS conducts network transactions on a periodic and/or continuous basis with the machine components to receive disparate data and ingest certain of the data as entries of a data store that is searchable for DIQS query processing. The DIQS may receive queries to process against the received and ingested data via an exposed network interface. In one example embodiment, the DIQS receives a query identifying data to be processed, dynamically generates a query processing scheme based on the state of the data to be processed, such as streaming or at rest, and dynamically communicates the query processing scheme to a query executor based on the state of the data to be processed.

公开(公告)号：US20230161760A1

公开(公告)日：2023-05-25

申请号：US18153299

申请日：2023-01-11

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  Andrew Peters ,  Arun Ramani

IPC: G06F16/242 ,  G06F16/9035 ,  G06F16/2458 ,  G06F16/28 ,  G06F16/25

CPC classification number: G06F16/2423 ,  G06F16/9035 ,  G06F16/2465 ,  G06F16/244 ,  G06F16/287 ,  G06F16/258

Abstract: Systems and methods are disclosed for flexibly applying a query term to heterogeneous data. A query system can receive a query that includes a data-determinant query term. As the system executes the query it can generate interim search results. As the system query processes the interim search results based on the query, it can apply the data-determinant query term to records of the interims search results based on the structure of the records.

公开(公告)号：US11657057B2

公开(公告)日：2023-05-23

申请号：US17586590

申请日：2022-01-27

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  Scott Calvert ,  Manu Jose ,  Andrew Peters ,  Christopher Madden Pride ,  Arun Ramani

IPC: G06F16/00 ,  G06F16/2457 ,  G06F16/907 ,  G06F16/2455 ,  G06F40/30

CPC classification number: G06F16/24573 ,  G06F16/2455 ,  G06F16/907 ,  G06F40/30

Abstract: Systems and methods are disclosed for annotating a metadata catalog in a data intake and query system based on a query received by the data intake and query system. The metadata catalog can store information about datasets associated with the data intake and query system, including dataset configuration records of the datasets, which can be used to process queries for execution by the data intake and query system. The data intake and query system can receive a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system can parse the query to identify datasets and/or data fields associated with the query. Based on the identified datasets and/or fields, the data intake and query system can generate one or more annotations, and use the annotations to update the metadata catalog.

公开(公告)号：US11487759B1

公开(公告)日：2022-11-01

申请号：US16669429

申请日：2019-10-30

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  David Ryan Marquardt ,  Karthikeyan Sabhanatarajan

IPC: G06F7/00 ,  G06F16/2453 ,  G06F16/2458

Abstract: A method includes receiving an initial pipeline including a sequence of commands for execution on a computing system, and obtaining, for each command in the sequence of commands, semantic information. The sequence of commands includes a command with incomplete semantic information. The method further includes generating an abstract semantic tree (AST) with the semantic information and a placeholder for the incomplete semantic information, and manipulating the AST to generate a revised AST. The revised AST corresponds to a revised pipeline that reduces an execution time on the computing system. The method further includes executing the revised pipeline.

公开(公告)号：US11314759B2

公开(公告)日：2022-04-26

申请号：US16803944

申请日：2020-02-27

Applicant: Splunk Inc.

Inventor： Thomas Allan Haggie ,  Clint Sharp ,  Alexander Douglas James ,  David Ryan Marquardt

IPC: G06F16/00 ,  G06F16/248 ,  G06F16/22 ,  G06F16/25 ,  G06F16/28 ,  G06F16/901 ,  G06F16/951 ,  G06F16/242 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/835 ,  G06F16/9038 ,  G06F16/9535 ,  G06F16/903 ,  H04L67/025 ,  G06F3/0481 ,  G06T11/20 ,  H04L67/02 ,  H04L43/08

Abstract: The disclosed embodiments include a method performed by a data intake and query system. The method includes populating each metric including a measure value, cataloging metadata in an in-memory metrics catalog, where the metadata is related to the metrics. The method further includes receiving a search query including search criteria, evaluating the search query by applying the search criteria to the metadata of the metrics catalog to obtain results that satisfy the search criteria, and causing display, on a display device, of the results or data indicative of the results.