公开(公告)号：US12197968B1

公开(公告)日：2025-01-14

申请号：US17875172

申请日：2022-07-27

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Samat Jain ,  Isabelle Park ,  Vishal Patel ,  Siegfried Puchbauer ,  Tingjin Xu

IPC: G06F15/16 ,  G06F9/54 ,  G06F16/26 ,  G06F16/28

Abstract: A computing device receives an ingest preview request to preview events to be stored by at least one indexer. Responsive to the ingest preview request, the computing device sends a subscription request to the forwarders. The forwarders receive the subscription request and intercept the events that are being sent to at least one of the indexers. The forwarders then clone matching events to the subscription request and responds to the computing device with the matching events. When the computing device receives the matching events, the computing device adds the matching events to a dispatch directory. The user interface is then populated with events in the dispatch directory.

公开(公告)号：US12073103B1

公开(公告)日：2024-08-27

申请号：US17877743

申请日：2022-07-29

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Samat Jain ,  Felix Jiang ,  Shanmugam Kailasam ,  Jibang Liu ,  Isabelle Park ,  Vishal Patel ,  Divya Vijayan ,  Jiahan Wang ,  Tingjin Xu

IPC: G06F16/00 ,  G06F3/06

CPC classification number: G06F3/0644 ,  G06F3/0604 ,  G06F3/0643 ,  G06F3/0683

Abstract: Multiple storage system event handling includes obtaining multiple events for storage on multiple storage systems. For each of the multiple events, field values from each event are extracted. The field values are matched to configurations of the storage systems to identify a subset of the storage system having a matching configuration. The event is transmitted to the subset. The multiple events are transmitted to heterogeneous subsets.

公开(公告)号：US11934256B1

公开(公告)日：2024-03-19

申请号：US17336013

申请日：2021-06-01

Applicant: Splunk Inc.

Inventor： Vitaly Akulov ,  Amritpal Singh Bath ,  William King Colgate ,  Sarah Harun ,  Jibang Liu ,  Vishal Patel ,  Tingjin Xu

IPC: G06F16/24 ,  G06F11/07 ,  G06F11/32 ,  G06F11/34 ,  H04L43/0852 ,  H04L43/10

CPC classification number: G06F11/0757 ,  G06F11/079 ,  G06F11/328 ,  G06F11/3452 ,  G06F11/3476 ,  G06F2201/80 ,  H04L43/0852 ,  H04L43/10

Abstract: In accordance with various embodiments of the present disclosure, a first instance of a data intake and query system (DIQS) may receive latency data that indicates latency states of second instances of the DIQS, the latency states indicative of latencies associated with processing of event data by the plurality of second instances. The first instance may then determine overall latency state of the first instance based, at least in part, on determining number or percentage of the first instance and the second instances of the DIQS having one or more particular latency states, and determining whether the number or percentage of the first instance and the f second instances of the DIQS having the one or more particular latency states is equal to or exceeds a threshold. The first instance may then present the overall latency state of the first instance.

公开(公告)号：US20210049150A1

公开(公告)日：2021-02-18

申请号：US17084965

申请日：2020-10-30

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Yuan Xu, Jr. ,  Bharath Aleti ,  Manu Jose

IPC: G06F16/23 ,  G06F16/27 ,  G06F16/951 ,  G06F16/22 ,  G06F16/2458

Abstract: The present disclosure provides solutions for determining the divergence (delta) between the current and previous reference data structures for mutable data in a search head. A method is provided that includes updating a pre-existing lookup table in a search head, generating a delta file that identifies the divergence between the updated and previous lookup table, and distributing the delta file to other components in the search environment. The compatibility of the delta file is checked with the local instance of the lookup table in each search component, and the lookup table is applied if compatibility is determined. However, if the delta file is determined to not be compatible with the current version of a local lookup table in an indexer, the entire lookup table sent to the requesting indexer instead.

公开(公告)号：US20190026319A1

公开(公告)日：2019-01-24

申请号：US16141913

申请日：2018-09-25

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Mitchell Neuman Blank ,  Vishal Patel ,  Stephen Phillip Sorkin

IPC: G06F17/30

Abstract: Embodiments are directed towards managing and tracking item identification of a plurality of items to determine if an item is a new or existing item, where an existing item has been previously processed. In some embodiments, two or more item identifiers may be generated. In one embodiment, generating the two or more item identifiers may include analyzing the item using a small item size characteristic, a compressed item, or for an identifier collision. The two or more item identifiers may be employed to determine if the item is a new or existing item. In one embodiment, the two or more item identifiers may be compared to a record about an existing item to determine if the item is a new or existing item. If the item is an existing item, then the item may be further processed to determine if the existing item has actually changed.

公开(公告)号：US11829236B2

公开(公告)日：2023-11-28

申请号：US17804545

申请日：2022-05-27

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Bharath Kishore Reddy Aleti ,  Octavio Enrique Di Sciullo ,  Tingjin Xu ,  Jason Andrew Beyers ,  Kartheek Babu Kolla ,  Chaithra Nataraj ,  Clara Elizabeth Lee

IPC: G06F11/00 ,  G06F11/07 ,  G06F16/2455

CPC classification number: G06F11/079 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/0772 ,  G06F16/24553 ,  G06F16/24564

Abstract: Systems and methods are disclosed for monitoring features of a computing device of a distributed computing system using a self-monitoring module. The self-monitoring module can include multiple feature-specific monitoring modules and one or more parent nodes for the feature-specific monitoring modules. A feature-specific monitoring module can identify or detect a fault status change, such as a fault condition or fault resolution, for one or more features. Based on the identified fault conditions or fault resolutions, the feature-specific monitoring module can determine an internal status and communicate an updated status to a parent node.

公开(公告)号：US11809405B2

公开(公告)日：2023-11-07

申请号：US17084965

申请日：2020-10-30

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Yuan Xu ,  Bharath Aleti ,  Manu Jose

IPC: G06F16/00 ,  G06F16/23 ,  G06F16/27 ,  G06F16/951 ,  G06F16/22 ,  G06F16/2458

CPC classification number: G06F16/2365 ,  G06F16/2255 ,  G06F16/2465 ,  G06F16/27 ,  G06F16/951

Abstract: The present disclosure provides solutions for determining the divergence (delta) between the current and previous reference data structures for mutable data in a search head. A method is provided that includes updating a pre-existing lookup table in a search head, generating a delta file that identifies the divergence between the updated and previous lookup table, and distributing the delta file to other components in the search environment. The compatibility of the delta file is checked with the local instance of the lookup table in each search component, and the lookup table is applied if compatibility is determined. However, if the delta file is determined to not be compatible with the current version of a local lookup table in an indexer, the entire lookup table sent to the requesting indexer instead.

公开(公告)号：US20150154217A1

公开(公告)日：2015-06-04

申请号：US14611156

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Mitchell Neuman Blank ,  Vishal Patel ,  Stephen Phillip Sorkin

IPC: G06F17/30

CPC classification number: G06F17/30144 ,  G06F17/3015 ,  G06F17/30286

Abstract: Embodiments are directed towards managing and tracking item identification of a plurality of items to determine if an item is a new or existing item, where an existing item has been previously processed. In some embodiments, two or more item identifiers may be generated. In one embodiment, generating the two or more item identifiers may include analyzing the item using a small item size characteristic, a compressed item, or for an identifier collision. The two or more item identifiers may be employed to determine if the item is a new or existing item. In one embodiment, the two or more item identifiers may be compared to a record about an existing item to determine if the item is a new or existing item. If the item is an existing item, then the item may be further processed to determine if the existing item has actually changed.

Abstract translation: 实施例涉及管理和跟踪多个项目的项目识别以确定项目是否是新的或现有的项目，其中已经预先处理了现有项目。 在一些实施例中，可以生成两个或多个项目标识符。 在一个实施例中，生成两个或多个项目标识符可以包括使用小项目尺寸特征，压缩项目或标识符冲突来分析项目。 可以使用两个或更多个项目标识符来确定该项目是新的还是现有的项目。 在一个实施例中，两个或多个项目标识符可以与关于现有项目的记录进行比较，以确定该项目是新项目还是现有项目。 如果项目是现有项目，则可以进一步处理该项目以确定现有项目是否已经实际改变。

公开(公告)号：US08977638B2

公开(公告)日：2015-03-10

申请号：US14034220

申请日：2013-09-23

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Mitchell Neuman Blank, Jr. ,  Vishal Patel ,  Stephen Phillip Sorkin

IPC: G06F17/30

CPC classification number: G06F17/30144 ,  G06F17/3015 ,  G06F17/30286

Abstract: Embodiments are directed towards managing and tracking item identification of a plurality of items to determine if an item is a new or existing item, where an existing item has been previously processed. In some embodiments, two or more item identifiers may be generated. In one embodiment, generating the two or more item identifiers may include analyzing the item using a small item size characteristic, a compressed item, or for an identifier collision. The two or more item identifiers may be employed to determine if the item is a new or existing item. In one embodiment, the two or more item identifiers may be compared to a record about an existing item to determine if the item is a new or existing item. If the item is an existing item, then the item may be further processed to determine if the existing item has actually changed.

Abstract translation: 实施例涉及管理和跟踪多个项目的项目识别以确定项目是否是新的或现有的项目，其中已经预先处理了现有项目。 在一些实施例中，可以生成两个或多个项目标识符。 在一个实施例中，生成两个或多个项目标识符可以包括使用小项目尺寸特征，压缩项目或标识符冲突来分析项目。 可以使用两个或更多个项目标识符来确定该项目是新的还是现有的项目。 在一个实施例中，两个或多个项目标识符可以与关于现有项目的记录进行比较，以确定该项目是新项目还是现有项目。 如果项目是现有项目，则可以进一步处理该项目以确定现有项目是否已经实际改变。

公开(公告)号：US11914552B1

公开(公告)日：2024-02-27

申请号：US18160123

申请日：2023-01-26

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Mitchell Neuman Blank, Jr. ,  Vishal Patel ,  Stephen Phillip Sorkin

IPC: G06F17/30 ,  G06F16/17 ,  G06F16/20 ,  G06F16/174

CPC classification number: G06F16/1734 ,  G06F16/174 ,  G06F16/20

Abstract: Embodiments are directed towards managing and tracking item identification of a plurality of items to determine if an item is a new or existing item, where an existing item has been previously processed. In some embodiments, two or more item identifiers may be generated. In one embodiment, generating the two or more item identifiers may include analyzing the item using a small item size characteristic, a compressed item, or for an identifier collision. The two or more item identifiers may be employed to determine if the item is a new or existing item. In one embodiment, the two or more item identifiers may be compared to a record about an existing item to determine if the item is a new or existing item. If the item is an existing item, then the item may be further processed to determine if the existing item has actually changed.