公开(公告)号：US11281706B2

公开(公告)日：2022-03-22

申请号：US15665159

申请日：2017-07-31

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Arindam Bhattacharjee ,  Kishore Reddy Ramasayam ,  Alexander Douglas James

IPC: G06F16/335 ,  G06F16/26 ,  G06F16/31 ,  G06F16/2458 ,  G06F16/2453

Abstract: Systems and methods are disclosed for processing and executing queries against one or more dataset sources, where the queries identify a set of data to be processed and a manner of processing the set of data. To query the dataset sources, a query coordinator generates a query processing scheme that includes a dynamic allocation of multiple layers of partitions. The query is then executed based on the query processing scheme.

公开(公告)号：US11275733B1

公开(公告)日：2022-03-15

申请号：US16513546

申请日：2019-07-16

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Scott Calvert ,  Alexander Douglas James ,  Bei Li ,  Ashish Mathew ,  James Monschke ,  Sogol Moshtaghi ,  Christopher Madden Pride ,  Xiaowei Wang

IPC: G06F16/00 ,  G06F16/2453 ,  G06F16/13 ,  G06F11/34

Abstract: Systems and methods are disclosed for mapping search nodes to a search head in a data intake and query system based on a tenant identifier in order to execute a query received by the data intake and query system. The mapping may allow same or similar search nodes to be used to execute queries that are associated with a particular tenant identifier, in order to take advantage of caching and local data stored with those search nodes. In some cases, search nodes can be mapped based on the tenant identifier using a hashing algorithm, such as a consistent hashing algorithm.

公开(公告)号：US11157498B1

公开(公告)日：2021-10-26

申请号：US16147344

申请日：2018-09-28

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  Manu Jose ,  Sourav Pal ,  Christopher Madden Pride ,  Nicholas Robert Romito ,  Igor Braylovskiy ,  Arun Ramani ,  Ankit Jain

IPC: G06F17/00 ,  G06F16/2453 ,  G06F16/242 ,  G06F16/9535 ,  G06F40/205 ,  G06F9/54

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a first query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system parses the first query and uses a dataset association records of a metadata catalog to dynamically identify one or more datasets associated with the query and generate a second query. The data intake and query system executes the second query.

公开(公告)号：US10997180B2

公开(公告)日：2021-05-04

申请号：US15885645

申请日：2018-01-31

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  Joseph Gabriel Echeverria ,  Eric Sammer

IPC: G06F16/2455 ,  G06F16/2453 ,  G06F16/901 ,  G06F16/903

Abstract: Operational machine components of an information technology (IT) or other microprocessor- or microcontroller-permeated environment generate disparate forms of machine data. Network connections are established between these components and processors of data intake and query system (DIQS). The DIQS conducts network transactions on a periodic and/or continuous basis with the machine components to receive disparate data and ingest certain of the data as entries of a data store that is searchable for DIQS query processing. The DIQS may receive queries to process against the received and ingested data via an exposed network interface. In one example embodiment, the DIQS receives a query identifying data to be processed, dynamically generates a query processing scheme based on the state of the data to be processed, such as streaming or at rest, and dynamically communicates the query processing scheme to a query executor based on the state of the data to be processed.

公开(公告)号：US20180089278A1

公开(公告)日：2018-03-29

申请号：US15665197

申请日：2017-07-31

Applicant: Splunk Inc.

Inventor： Arindam Bhattacharjee ,  Sourav Pal ,  Alexander Douglas James ,  Christopher Pride

IPC: G06F17/30 ,  H04L12/26 ,  G06F11/20 ,  H04L29/06 ,  H04L29/08

CPC classification number: G06F16/24568 ,  G06F3/0617 ,  G06F3/065 ,  G06F11/20 ,  G06F11/3409 ,  G06F16/2471 ,  G06F16/27 ,  G06F16/278 ,  G06F16/90335 ,  G06F16/951 ,  H04L43/028 ,  H04L43/08 ,  H04L43/12 ,  H04L43/14 ,  H04L67/1097 ,  H04L69/22

Abstract: Systems and methods are disclosed for processing queries against one or more dataset sources utilizing dynamically allocated partitions operating on one or more worker nodes. The results of the processing are stored in a dataset destination. The queries can identify data in the one or more dataset sources for processing and a manner for processing the data. In addition, the queries can identify the dataset destination for storing results of the query. To process the query, a query coordinator can dynamically allocate partitions operating on worker nodes to retrieve data for processing, process the data, and communicate the data to the dataset sources. In addition, the query coordinator can dynamically allocate partitions based on an identification of the dataset destination.

公开(公告)号：US12141183B2

公开(公告)日：2024-11-12

申请号：US17655302

申请日：2022-03-17

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Arindam Bhattacharjee ,  Kishore Reddy Ramasayam ,  Alexander Douglas James

IPC: G06F16/335 ,  G06F16/2453 ,  G06F16/2458 ,  G06F16/26 ,  G06F16/31

Abstract: Systems and methods are disclosed for processing and executing queries against one or more dataset sources, where the queries identify a set of data to be processed and a manner of processing the set of data. To query the dataset sources, a query coordinator generates a query processing scheme that includes a dynamic allocation of multiple layers of partitions. The query is then executed based on the query processing scheme.

公开(公告)号：US11645286B2

公开(公告)日：2023-05-09

申请号：US17236925

申请日：2021-04-21

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  Joseph Gabriel Echeverria ,  Eric Sammer

IPC: G06F16/2455 ,  G06F16/2453 ,  G06F16/901 ,  G06F16/903

CPC classification number: G06F16/24568 ,  G06F16/24542 ,  G06F16/901 ,  G06F16/90335

Abstract: Operational machine components of an information technology (IT) or other microprocessor- or microcontroller-permeated environment generate disparate forms of machine data. Network connections are established between these components and processors of data intake and query system (DIQS). The DIQS conducts network transactions on a periodic and/or continuous basis with the machine components to receive disparate data and ingest certain of the data as entries of a data store that is searchable for DIQS query processing. The DIQS may receive queries to process against the received and ingested data via an exposed network interface. In one example embodiment, the DIQS receives a query identifying data to be processed, dynamically generates a query processing scheme based on the state of the data to be processed, such as streaming or at rest, and dynamically communicates the query processing scheme to a query executor based on the state of the data to be processed.

公开(公告)号：US11573955B1

公开(公告)日：2023-02-07

申请号：US16657664

申请日：2019-10-18

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  Andrew Peters ,  Arun Ramani

IPC: G06F16/00 ,  G06F7/04 ,  G06F16/242 ,  G06F16/9035 ,  G06F16/2458 ,  G06F16/28 ,  G06F16/25

Abstract: Systems and methods are disclosed for flexibly applying a query term to heterogeneous data. A query system can receive a query that includes a data-determinant query term. As the system executes the query it can generate interim search results. As the system query processes the interim search results based on the query, it can apply the data-determinant query term to records of the interims search results based on the structure of the records.

公开(公告)号：US20220382755A1

公开(公告)日：2022-12-01

申请号：US17652620

申请日：2022-02-25

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Scott Calvert ,  Alexander Douglas James ,  Bei Li ,  Ashish Mathew ,  James Monschke ,  Sogol Moshtaghi ,  Christopher Madden Pride ,  Xiaowei Wang

IPC: G06F16/2453 ,  G06F16/13

Abstract: Systems and methods are disclosed for mapping search nodes to a search head in a data intake and query system based on a tenant identifier in order to execute a query received by the data intake and query system. The mapping may allow same or similar search nodes to be used to execute queries that are associated with a particular tenant identifier, in order to take advantage of caching and local data stored with those search nodes. In some cases, search nodes can be mapped based on the tenant identifier using a hashing algorithm, such as a consistent hashing algorithm.

公开(公告)号：US11461334B2

公开(公告)日：2022-10-04

申请号：US15665197

申请日：2017-07-31

Applicant: Splunk Inc.

Inventor： Arindam Bhattacharjee ,  Sourav Pal ,  Alexander Douglas James ,  Christopher Pride

IPC: G06F16/2455 ,  H04L43/08 ,  G06F11/20 ,  H04L43/12 ,  H04L69/22 ,  H04L67/1097 ,  G06F16/27 ,  G06F16/951 ,  G06F16/2458 ,  G06F16/903 ,  H04L43/028 ,  H04L43/00 ,  G06F3/06 ,  G06F11/34

Abstract: Systems and methods are disclosed for processing queries against one or more dataset sources utilizing dynamically allocated partitions operating on one or more worker nodes. The results of the processing are stored in a dataset destination. The queries can identify data in the one or more dataset sources for processing and a manner for processing the data. In addition, the queries can identify the dataset destination for storing results of the query. To process the query, a query coordinator can dynamically allocate partitions operating on worker nodes to retrieve data for processing, process the data, and communicate the data to the dataset sources. In addition, the query coordinator can dynamically allocate partitions based on an identification of the dataset destination.