公开(公告)号：US12072939B1

公开(公告)日：2024-08-27

申请号：US17589712

申请日：2022-01-31

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Nir Frenkel ,  Nitilaksha Halakatti ,  Balaji Rao ,  Anish Shrigondekar ,  Ruochen Zhang ,  Steve Yu Zhang

IPC: G06F16/00 ,  G06F16/23 ,  G06F16/2458 ,  G06F16/903 ,  G06F16/9032

CPC classification number: G06F16/90335 ,  G06F16/23 ,  G06F16/2471 ,  G06F16/9032

Abstract: A data intake and query system can generate local data enrichment objects and receive federated data enrichment objects from another data intake and query system. In response to receiving a query, the data intake and query system can determine whether the query is subquery of a federated query. If the query is a subquery, the data intake and query system can use the federated data enrichment objects to execute the query.

公开(公告)号：US12013895B2

公开(公告)日：2024-06-18

申请号：US18328607

申请日：2023-06-02

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke

IPC: G06F16/23 ,  G06F3/06 ,  G06F16/27 ,  G06F16/901 ,  G06F16/903

CPC classification number: G06F16/901 ,  G06F3/0604 ,  G06F3/0644 ,  G06F3/065 ,  G06F3/0652 ,  G06F3/0653 ,  G06F3/0656 ,  G06F3/067 ,  G06F16/23 ,  G06F16/27 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives raw machine data at an indexing system, and stores at least a portion of the raw machine data in buckets using containerized indexing nodes instantiated in a containerized environment. The data intake and query system stores the buckets in a shared storage system.

公开(公告)号：US11829415B1

公开(公告)日：2023-11-28

申请号：US16778427

申请日：2020-01-31

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Mehul Goyal ,  Ashish Mathew ,  Douglas Rapp ,  Igor Stojanovski ,  Eric Woo

IPC: G06F17/00 ,  G06F16/901 ,  G06F16/953 ,  G06F16/906 ,  G06F16/9035

CPC classification number: G06F16/901 ,  G06F16/906 ,  G06F16/9035 ,  G06F16/953

Abstract: Systems and methods are described for improving data availability and/or resiliency of indexers of a data intake and query system. Due to a lag between the time at which data is received and the time at which the data is available for searching, the data intake and query system may receive a query indicating that received (but unavailable for search) data is to be included as part of the query. A cluster master can dynamically track what data is available for searching by different indexers and map the data to filter criteria using a bucket map identifier. When a search head receives a query, it can request a bucket map identifier from the cluster master and send the bucket map identifier to the indexers that will be executing the query. The indexers can use the bucket map identifier to request the individual buckets that they are assigned to search.

公开(公告)号：US11567993B1

公开(公告)日：2023-01-31

申请号：US15967574

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke

IPC: G06F16/901 ,  G06F16/2458 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system identifies buckets that are to be searched and stores a copy of buckets in memory associated with one or more search nodes. A search node performs a search on buckets residing in its memory.

公开(公告)号：US11494380B2

公开(公告)日：2022-11-08

申请号：US16657899

申请日：2019-10-18

Applicant: Splunk Inc.

Inventor： Balaji Rao ,  Jindrich Dinga ,  Kieran Cairney ,  Manuel Martinez ,  Nitilaksha Halakatti ,  Ningxuan He ,  Arindam Bhattacharjee ,  Sourav Pal ,  Alexandros Batsakis

IPC: G06F15/16 ,  G06F16/2453 ,  G06F16/2458 ,  H04L9/08 ,  H04L41/0806 ,  H04L67/10 ,  H04L67/52 ,  G06F8/61

Abstract: Systems and methods are described for establishing and managing components of a distributed computing framework implemented in a data intake and query system. The distributed computing framework may include a master and a plurality of worker nodes. The master may selectively operate on a search head captain that is chosen from the search heads of the data intake and query system. The search head captain may distribute configuration information for the master and the distributed computing framework to the other search heads, which in turn, may distribute that configuration information to indexers of the data intake and query system. Worker nodes may be selectively activated for operation on the indexers based on the configuration information, and the worker nodes may additionally use the configuration information to contact the master and join the distributed computing framework. This approach may provide numerous benefits, including improved security, flexibility in the selection of worker nodes, and redundancy for failures of physical components of the data intake and query system.

公开(公告)号：US20220245091A1

公开(公告)日：2022-08-04

申请号：US17163039

申请日：2021-01-29

Applicant: SPLUNK INC.

Inventor： Alexandros Batsakis ,  Ankit Jain ,  Manu Jose ,  Jonah Pan ,  Hailun Yan

IPC: G06F16/13 ,  G06F16/182

Abstract: Embodiments described herein facilitate enhancement of data model acceleration, including generating data model summaries and performing searches in an accelerated manner. In one implementation, a set of events are indexed, each of the events having a corresponding index time representing a time at which the event was indexed in an indexer. Index time parameters including an index earliest time indicating a first index time at which to begin generating a data model summary and an index latest time indicating a second index time at which to complete generating the data model summary are obtained. Thereafter, a data model summary is generated. Such a data model summary summarizes events having corresponding index times between the index earliest time and the index latest time. The data model summary is provided to a remote data store that is separate from the indexer at which at least a portion of the events were indexed.

公开(公告)号：US11263140B2

公开(公告)日：2022-03-01

申请号：US16888320

申请日：2020-05-29

Applicant: Splunk Inc.

Inventor： Ledion Bitincka ,  Alexandros Batsakis ,  Paul J. Lucas ,  Nicholas Robert Romito

IPC: G06F12/00 ,  G06F12/0875 ,  G06F16/172 ,  G06F16/951 ,  G06F16/957 ,  G06F3/06 ,  G06F12/0802 ,  G06F16/14 ,  G06F12/0862 ,  G06F12/0866 ,  G06F12/0868 ,  G06F12/0871 ,  G06F12/0873

Abstract: Embodiments are disclosed for performing cache aware searching. In response to a search query, a first bucket and a second bucket in remote storage for processing the search query. A determination is made that a first file in the first bucket is present in a cache when the search query is received. In response to the search query, a search is performed using the first file based on the determination that the first file is present in the cache when the search query is received, and the search is performed using a second file from the second bucket once the second file is stored in the cache.

公开(公告)号：US11892996B1

公开(公告)日：2024-02-06

申请号：US16513365

申请日：2019-07-16

Applicant: Splunk Inc.

Inventor： Tameem Anwar ,  Alexandros Batsakis ,  Sai Krishna Sajja ,  Igor Stojanovski ,  Eric Woo

IPC: G06F16/22 ,  G06F16/23 ,  G06F16/245 ,  G06F9/50 ,  G06F11/34

CPC classification number: G06F16/2255 ,  G06F9/50 ,  G06F16/2379 ,  G06F16/245 ,  G06F11/34

Abstract: Systems and methods are described for monitoring indexing nodes, populating and maintaining a resource catalog with relevant information, receiving requests for indexing node availability or assignments, identifying indexing nodes that are available to process data, and/or communicating information relating to available indexing nodes. The system can maintain the resource catalog based on communications with each of the containerized indexing nodes. The system can receive, from a partition manager of a data intake and query system, a request for a containerized indexing node that the partition manager can assign to process data received by the partition manager. The system can identify an available containerized indexing node to process the data. The system can communicate, to the partition manager, an indexing node identifier associated with the available containerized indexing node.

公开(公告)号：US11609913B1

公开(公告)日：2023-03-21

申请号：US17162536

申请日：2021-01-29

Applicant: Splunk Inc.

Inventor： Tameem Anwar ,  Alexandros Batsakis ,  Tianyi Gou ,  Mehul Goyal ,  Ashish Mathew ,  Douglas Rapp ,  Sai Krishna Sajja ,  Anish Shrigondekar ,  Igor Stojanovski ,  Eric Woo ,  Zhenghui Xie ,  Ruochen Zhang ,  Sophia Rui Zhu

IPC: G06F16/00 ,  G06F16/2455 ,  G06F16/248 ,  G06F16/2458

Abstract: A data intake and query system can manage the search of large amounts of data using one or more processing nodes. When a new processing node is added or becomes available, the node coordinator can reassign duties from one or more processing nodes to the new processing node. The node coordinator can initially assign the new processing node one or more groups of data for backup purposes. At a later time, the node coordinator can reassign the new processing node to the one or more groups of data for searching purposes.

公开(公告)号：US11500783B1

公开(公告)日：2022-11-15

申请号：US17382043

申请日：2021-07-21

Applicant: Splunk Inc.

Inventor： Bharath Aleti ,  Alexandros Batsakis ,  Paul J. Lucas ,  Igor Stojanovski

IPC: G06F12/121 ,  G06F16/22 ,  G06F16/2455

Abstract: Systems and methods are disclosed for making space available in a local storage of a data intake and query system. A cache manager of the data intake and query system may determine an amount of storage space of a local data store that is available for use to perform a query. The cache manager may then use one or more eviction policies associated with content stored at the local data store to purge content items to evict from the local storage. The system may then retrieve content for performing the query from a remote storage and store the retrieved content at the local storage.