公开(公告)号：US11663212B2

公开(公告)日：2023-05-30

申请号：US17443811

申请日：2021-07-27

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  Manu Jose ,  Sourav Pal ,  Christopher Madden Pride ,  Nicholas Robert Romito ,  Igor Braylovskiy ,  Arun Ramani ,  Ankit Jain

IPC: G06F16/00 ,  G06F16/2453 ,  G06F16/242 ,  G06F16/9535 ,  G06F40/205 ,  G06F9/54

CPC classification number: G06F16/24542 ,  G06F16/2425 ,  G06F16/9535 ,  G06F40/205 ,  G06F9/547

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system parses the query and uses a metadata catalog to dynamically identify configuration parameters of datasets and/or rules associated with the query. The identified configuration parameters are communicated to a query processing component of the data intake and query system for use in executing the query.

公开(公告)号：US11003714B1

公开(公告)日：2021-05-11

申请号：US15967590

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke

IPC: G06F16/901 ,  G06F16/2458 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system uses a search node catalog to identify search nodes that are available to execute the query and uses a bucket catalog to identify buckets to be searched. The data intake and query system executes the query using the identified bucket and search nodes.

公开(公告)号：US10984044B1

公开(公告)日：2021-04-20

申请号：US15967591

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke

IPC: G06F16/901 ,  G06F16/903 ,  G06F16/907 ,  G06F3/06

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system maintains a catalog of buckets stored in a remote shared storage system. The buckets store raw machine data associated with a timestamp. The data intake and query receives a query identifying a set of data to be processed and a manner of processing the set of data, and executes the query based on the catalog of buckets.

公开(公告)号：US10776355B1

公开(公告)日：2020-09-15

申请号：US15967578

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke ,  Karthikeyan Sabhanatarajan

IPC: G06F16/2453 ,  G06F16/901 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system uses one or more containerized search nodes to execute the query and stores the results in a data store for combination with additional query results.

公开(公告)号：US10142412B2

公开(公告)日：2018-11-27

申请号：US15913079

申请日：2018-03-06

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Christopher Madden Pride

IPC: G06F15/167 ,  H04L29/08 ,  H04L12/26 ,  G06F17/30

Abstract: Multi-thread processing of search responses is disclosed. An example method may include transmitting, by a computer system, a search request to a plurality of search peers of a data aggregation and analysis system; receiving a plurality of data packets from the plurality of search peers; parsing, by a first processing thread of the computer system, one or more data packets of the plurality of data packets, to produce a partial response to the search request; and processing, by a second processing thread of the computer system, the partial response to produce a memory data structure representing an aggregated response to the search request.

公开(公告)号：US09509765B2

公开(公告)日：2016-11-29

申请号：US14448995

申请日：2014-07-31

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Christopher Madden Pride

IPC: G06F15/167 ,  H04L29/08 ,  G06F17/30

CPC classification number: H04L67/1087 ,  G06F15/167 ,  G06F17/30864 ,  H04L43/106 ,  H04L43/16 ,  H04L67/02 ,  H04L67/1004

Abstract: Systems and methods for asynchronous processing of messages that are received from multiple servers. An example method may comprise: receiving, by a first processing thread, in a non-blocking mode, a plurality of sub-application layer protocol packets from a plurality of servers; processing one or more sub-application layer protocol packets received from a first server of the plurality of servers, to produce a first application layer message; writing the first application layer message to a message queue; processing one or more sub-application layer protocol packets received from a second server of the plurality of servers, to produce a second application layer message; writing the second application layer message to the message queue; and reading, by two or more processing threads of a processing thread pool, two or more application layer messages including the first application layer message and the second application layer message from the message queue, to produce two or more memory data structures based on the read application layer messages.

Abstract translation: 用于异步处理从多个服务器接收的消息的系统和方法。 示例性方法可以包括：由第一处理线程以非阻塞模式从多个服务器接收多个子应用层协议分组; 处理从所述多个服务器的第一服务器接收的一个或多个子应用层协议分组，以产生第一应用层消息; 将第一应用层消息写入消息队列; 处理从所述多个服务器的第二服务器接收的一个或多个子应用层协议分组，以产生第二应用层消息; 将第二应用层消息写入消息队列; 并且通过处理线程池的两个或更多个处理线程从消息队列读取包括第一应用层消息和第二应用层消息的两个或多个应用层消息，以基于读取生成两个或更多个存储器数据结构 应用层消息。

公开(公告)号：US20240386053A1

公开(公告)日：2024-11-21

申请号：US18661319

申请日：2024-05-10

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke ,  Sai Krishna Sajja ,  Igor Stojanovski ,  Tameem Anwar ,  Paul J. Lucas ,  Eric Woo ,  Steve Wong

IPC: G06F16/901 ,  G06F3/06 ,  G06F16/23 ,  G06F16/27 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives raw machine data at an indexing system, and stores at least a portion of the raw machine data in buckets using containerized indexing nodes instantiated in a containerized environment. The data intake and query system stores the buckets in a shared storage system.

公开(公告)号：US11657057B2

公开(公告)日：2023-05-23

申请号：US17586590

申请日：2022-01-27

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  Scott Calvert ,  Manu Jose ,  Andrew Peters ,  Christopher Madden Pride ,  Arun Ramani

IPC: G06F16/00 ,  G06F16/2457 ,  G06F16/907 ,  G06F16/2455 ,  G06F40/30

CPC classification number: G06F16/24573 ,  G06F16/2455 ,  G06F16/907 ,  G06F40/30

Abstract: Systems and methods are disclosed for annotating a metadata catalog in a data intake and query system based on a query received by the data intake and query system. The metadata catalog can store information about datasets associated with the data intake and query system, including dataset configuration records of the datasets, which can be used to process queries for execution by the data intake and query system. The data intake and query system can receive a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system can parse the query to identify datasets and/or data fields associated with the query. Based on the identified datasets and/or fields, the data intake and query system can generate one or more annotations, and use the annotations to update the metadata catalog.

公开(公告)号：US11550847B1

公开(公告)日：2023-01-10

申请号：US15967567

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke

IPC: G06F16/903 ,  G06F3/06 ,  G06F9/54 ,  G06F16/23 ,  G06F16/901 ,  G06F16/9032

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system identifies buckets that are to be searched. The data intake and query system performs a hash on bucket identifiers of the identified buckets to identify search nodes to search the buckets.

公开(公告)号：US11275733B1

公开(公告)日：2022-03-15

申请号：US16513546

申请日：2019-07-16

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Scott Calvert ,  Alexander Douglas James ,  Bei Li ,  Ashish Mathew ,  James Monschke ,  Sogol Moshtaghi ,  Christopher Madden Pride ,  Xiaowei Wang

IPC: G06F16/00 ,  G06F16/2453 ,  G06F16/13 ,  G06F11/34

Abstract: Systems and methods are disclosed for mapping search nodes to a search head in a data intake and query system based on a tenant identifier in order to execute a query received by the data intake and query system. The mapping may allow same or similar search nodes to be used to execute queries that are associated with a particular tenant identifier, in order to take advantage of caching and local data stored with those search nodes. In some cases, search nodes can be mapped based on the tenant identifier using a hashing algorithm, such as a consistent hashing algorithm.