公开(公告)号：US09160798B2

公开(公告)日：2015-10-13

申请号：US13662358

申请日：2012-10-26

Applicant: SPLUNK INC.

Inventor： Vishal Patel ,  Mitchell Neuman Blank, Jr. ,  Sundar Rengarajan Vasan ,  Stephen Phillip Sorkin

IPC: G06F17/30 ,  H04L29/08 ,  G06F11/20

CPC classification number: H04L67/1097 ,  G06F11/2097 ,  G06F17/30312

Abstract: Embodiments are directed towards managing within a cluster environment having a plurality of indexers for data storage using redundancy the data being managed using a generation identifier, such that a primary indexer is designated for a given generation of data. When a master device for the cluster fails, data may continue to be stored using redundancy, and data searches performed may still be performed.

Abstract translation: 实施例旨在在具有多个索引器的集群环境内管理，用于使用生成标识符来管理数据的冗余来进行数据存储，从而为指定的生成数据指定主索引器。 当集群的主设备发生故障时，可以继续使用冗余来存储数据，并且仍然可以执行数据搜索。

公开(公告)号：US09130971B2

公开(公告)日：2015-09-08

申请号：US14266812

申请日：2014-04-30

Applicant: Splunk Inc.

Inventor： Sundar Rengarajan Vasan ,  Mitchell Neuman Blank, Jr. ,  Vishal Patel ,  Da Xu ,  Rama Gopalan

IPC: G06F17/30 ,  H04L29/08 ,  G06F11/20 ,  G06F3/06

CPC classification number: G06F17/30528 ,  G06F3/0617 ,  G06F3/065 ,  G06F3/067 ,  G06F11/20 ,  G06F11/2094 ,  G06F17/30241 ,  G06F17/30336 ,  G06F17/30575 ,  G06F17/30581 ,  G06F17/30867 ,  G06F17/3087 ,  H04L67/1097

Abstract: According to various embodiments, techniques are described for managing data within a multi-site clustered data intake and query system. A data intake and query system as described herein generally refers to a system for collecting, retrieving, and analyzing data. In this context, a clustered data intake and query system generally refers to a system environment that is configured to provide data redundancy and other features that improve the availability of data stored by the system. For example, a clustered data intake and query system may be configured to store multiple copies of data stored by the system across multiple components such that recovery from a failure of one or more of the components is possible by using copies of the data stored elsewhere in the cluster.

Abstract translation: 根据各种实施例，描述了用于管理多站点群集数据访问和查询系统内的数据的技术。 本文所述的数据采集和查询系统通常是指用于收集，检索和分析数据的系统。 在这种情况下，集群数据采集和查询系统通常是指被配置为提供数据冗余和提高系统存储的数据的可用性的其他特征的系统环境。 例如，集群数据采集和查询系统可以被配置为存储由多个组件存储的系统的多个副本，以便可以通过使用其他地方存储的数据的副本来从一个或多个组件的故障中恢复 集群。

公开(公告)号：US12079255B1

公开(公告)日：2024-09-03

申请号：US17978681

申请日：2022-11-01

Applicant: SPLUNK INC.

Inventor： Vishal Patel ,  Jagannath Kerai ,  Hasan Alayli

IPC: G06F17/00 ,  G06F16/17 ,  G06F16/31

CPC classification number: G06F16/328 ,  G06F16/1734

Abstract: The present invention is related to a method for providing dynamic indexer discovery. The method comprises receiving, from an index manager, a status indication associated with a plurality of indexers, wherein each of the plurality of indexers indexes events of raw machine-generated data received from a plurality of data collectors. The method further comprises determining a weight associated with each of the plurality of indexers and selecting an indexer from the plurality of indexers. Subsequently, the method comprises allocating data to the indexer in accordance with a respective weight assigned to the indexer and transmitting the allocated data to the indexer.

公开(公告)号：US12003572B1

公开(公告)日：2024-06-04

申请号：US17804260

申请日：2022-05-26

Applicant: SPLUNK INC.

Inventor： Ledion Bitincka ,  Vishal Patel ,  Geoffrey Hendrey ,  Eric Woo

IPC: H04L41/0813 ,  H04L41/084 ,  H04L41/0853 ,  H04L67/00 ,  H04L67/06 ,  H04L69/329

CPC classification number: H04L67/06 ,  H04L41/0813 ,  H04L41/0843 ,  H04L41/0856 ,  H04L67/34 ,  H04L69/329

Abstract: In a computer-implemented method for configuring a distributed computer system comprising a plurality of nodes of a plurality of node classes, configuration files for a plurality of nodes of each of the plurality of node classes are stored in a central repository. The configuration files include information representing a desired system state of the distributed computer system, and the distributed computer system operates to keep an actual system state of the distributed computer system consistent with the desired system state. The plurality of node classes includes forwarder nodes for receiving data from an input source, indexer nodes for indexing the data, and search head nodes for searching the data. Responsive to receiving changes to the configuration files, the changes are propagated to nodes of the plurality of nodes impacted by the changes based on a node class of the nodes impacted by the changes.

公开(公告)号：US11915044B2

公开(公告)日：2024-02-27

申请号：US17343508

申请日：2021-06-09

Applicant: Splunk Inc.

Inventor： Manu Jose, Jr. ,  Sanish N. Mahadik ,  Vishal Patel ,  Joshua Weinstein

IPC: G06F9/48 ,  G06F9/54 ,  G06F9/50

CPC classification number: G06F9/4881 ,  G06F9/5072 ,  G06F9/542

Abstract: A processing node selects a first task from a task list and sends, to a task assignment repository, a first write operation with a first task identifier of the first task to assign the first task to the processing node. The processing node detects failure of the first write operation based on the first task already being assigned and selects a second task from the task list. The processing node sends, to the task assignment repository, a second write operation with a second task identifier of the second task to assign the second task to the processing node. The processing node detects success of the second write operation and executes the second task.

公开(公告)号：US11599547B2

公开(公告)日：2023-03-07

申请号：US17230646

申请日：2021-04-14

Applicant: SPLUNK INC.

Inventor： Vishal Patel ,  Mitchell Neuman Blank, Jr. ,  Sundar Renegarajan Vasan ,  Stephen Phillip Sorkin

IPC: G06F16/2457 ,  G06F16/9537 ,  G06F16/9535 ,  G06F16/22 ,  G06F16/27 ,  G06F16/29 ,  H04L67/1097 ,  G06F11/20 ,  G06F3/06

Abstract: A method of data replication in a clustered computing environment comprises receiving, at a selected indexer within a plurality of indexers in a cluster, data from a forwarder indexer, wherein the selected indexer is designated as a primary indexer for the data, wherein the primary indexer has primary responsibility for responding to search queries pertaining to the data, wherein the cluster comprises a plurality of sites. The method further comprises receiving, at the selected indexer, data replication instructions, wherein the data replication instructions comprise a number of other indexers in the cluster for storing a replicated copy of the data and further comprise a number of sites from the plurality of sites across which to store a replicated copy of the data determined in accordance with a site replication factor.

公开(公告)号：US11226964B1

公开(公告)日：2022-01-18

申请号：US16147438

申请日：2018-09-28

Applicant: Splunk Inc.

Inventor： Kieran Nicholas Cairney ,  Jindrich Dinga ,  Murugan Kandaswamy ,  Vishal Patel

IPC: G06F7/00 ,  G06F16/2455 ,  G06F16/23

Abstract: A log-to-metrics transformation system includes a log-to-metrics application executing on a processor. The log-to-metrics transformation system receives a format associated with machine data, and further receives, via a first graphical control, a first set of metric identifiers corresponding to a first set of metrics associated with the machine data. The log-to-metrics transformation system generates a first set of mappings between the first set of metric identifiers and a first set of field values included in the machine data. The log-to-metrics transformation system stores the first set of mappings and an association with the format of the machine data. The log-to-metrics transformation system, based on the first set of mappings, causes the first set of field values to be extracted from the machine data. Further, a first metric included in the first set of metrics is determined based on at least a portion of the first set of field values.

公开(公告)号：US11188550B2

公开(公告)日：2021-11-30

申请号：US15339912

申请日：2016-10-31

Applicant: Splunk Inc.

Inventor： Thomas Allan Haggie ,  Clint Sharp ,  Alexander Douglas James ,  David Ryan Marquardt ,  Hailun Yan ,  Christopher Pride ,  Vishal Patel ,  Amrittpal Singh Bath ,  Pratiksha Shah ,  Murugan Kandaswamy ,  Steve Yu Zhang ,  Ledion Bitincka ,  David E. Simmen ,  Marc Andre Chene ,  Esguerra Ma Kharisma ,  Igor Stojanovski

IPC: G06F16/248 ,  G06F16/22 ,  G06F16/25 ,  G06F16/28 ,  G06F16/901 ,  G06F16/951 ,  G06F16/242 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/835 ,  G06F16/9038 ,  G06F16/9535 ,  G06F16/903 ,  H04L29/08 ,  G06F3/0481 ,  G06T11/20 ,  H04L12/26

Abstract: The disclosed embodiments include a method performed by a data intake and query system. The method includes ingesting each metric including at least one key value and a measured value taken of a computing resource, and storing each metric in an index of a metrics store, where the index defines at least one dimension populated with the at least one key value and a measure populated with the measured value. The method further includes cataloging metadata in a metrics catalog, where the metadata is related to the metrics stored in the metrics store, performing an analysis of metrics data included in the metrics store and/or the metrics catalog to obtain results, and causing display of the results or an indication of the results on a display device.

公开(公告)号：US20210279244A1

公开(公告)日：2021-09-09

申请号：US17230646

申请日：2021-04-14

Applicant: SPLUNK INC.

Inventor： Vishal Patel ,  Mitchell Neuman Blank, JR. ,  Sundar Renegarajan Vasan ,  Stephen Phillip Sorkin

IPC: G06F16/2457 ,  G06F16/9537 ,  G06F16/9535 ,  G06F16/22 ,  G06F16/27 ,  G06F16/29 ,  H04L29/08 ,  G06F11/20

Abstract: A method of data replication in a clustered computing environment comprises receiving, at a selected indexer within a plurality of indexers in a cluster, data from a forwarder indexer, wherein the selected indexer is designated as a primary indexer for the data, wherein the primary indexer has primary responsibility for responding to search queries pertaining to the data, wherein the cluster comprises a plurality of sites. The method further comprises receiving, at the selected indexer, data replication instructions, wherein the data replication instructions comprise a number of other indexers in the cluster for storing a replicated copy of the data and further comprise a number of sites from the plurality of sites across which to store a replicated copy of the data determined in accordance with a site replication factor.

公开(公告)号：US11042515B2

公开(公告)日：2021-06-22

申请号：US16141913

申请日：2018-09-25

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Mitchell Neuman Blank ,  Vishal Patel ,  Stephen Phillip Sorkin

IPC: G06F16/21 ,  G06F16/17

Abstract: Embodiments are directed towards managing and tracking item identification of a plurality of items to determine if an item is a new or existing item, where an existing item has been previously processed. In some embodiments, two or more item identifiers may be generated. In one embodiment, generating the two or more item identifiers may include analyzing the item using a small item size characteristic, a compressed item, or for an identifier collision. The two or more item identifiers may be employed to determine if the item is a new or existing item. In one embodiment, the two or more item identifiers may be compared to a record about an existing item to determine if the item is a new or existing item. If the item is an existing item, then the item may be further processed to determine if the existing item has actually changed.