公开(公告)号：US20240386053A1

公开(公告)日：2024-11-21

申请号：US18661319

申请日：2024-05-10

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke ,  Sai Krishna Sajja ,  Igor Stojanovski ,  Tameem Anwar ,  Paul J. Lucas ,  Eric Woo ,  Steve Wong

IPC: G06F16/901 ,  G06F3/06 ,  G06F16/23 ,  G06F16/27 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives raw machine data at an indexing system, and stores at least a portion of the raw machine data in buckets using containerized indexing nodes instantiated in a containerized environment. The data intake and query system stores the buckets in a shared storage system.

公开(公告)号：US12019634B1

公开(公告)日：2024-06-25

申请号：US18123758

申请日：2023-03-20

Applicant: Splunk Inc.

Inventor： Tameem Anwar ,  Alexandros Batsakis ,  Tianyi Gou ,  Mehul Goyal ,  Ashish Mathew ,  Douglas Rapp ,  Sai Krishna Sajja ,  Anish Shrigondekar ,  Igor Stojanovski ,  Eric Woo ,  Zhenghui Xie ,  Ruochen Zhang ,  Sophia Rui Zhu

IPC: G06F16/00 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/248

CPC classification number: G06F16/24554 ,  G06F16/24552 ,  G06F16/2477 ,  G06F16/248

Abstract: A data intake and query system can manage the search of large amounts of data using one or more processing nodes. When a new processing node is added or becomes available, the node coordinator can reassign duties from one or more processing nodes to the new processing node. The node coordinator can initially assign the new processing node one or more groups of data for backup purposes. At a later time, the node coordinator can reassign the new processing node to the one or more groups of data for searching purposes.

公开(公告)号：US20230315785A1

公开(公告)日：2023-10-05

申请号：US18328607

申请日：2023-06-02

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Sourav Pal ,  Sai Krishna Sajja ,  Igor Stojanovski ,  Tameem Anwar ,  Paul J. Lucas ,  Eric Woo ,  Steve Wong

IPC: G06F16/901 ,  G06F3/06 ,  G06F16/23 ,  G06F16/27 ,  G06F16/903

CPC classification number: G06F16/901 ,  G06F3/0604 ,  G06F3/0644 ,  G06F3/065 ,  G06F3/0652 ,  G06F3/0656 ,  G06F3/067 ,  G06F3/0653 ,  G06F16/23 ,  G06F16/27 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives raw machine data at an indexing system, and stores at least a portion of the raw machine data in buckets using containerized indexing nodes instantiated in a containerized environment. The data intake and query system stores the buckets in a shared storage system.

公开(公告)号：US11620336B1

公开(公告)日：2023-04-04

申请号：US15967582

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Sourav Pal ,  Sai Krishna Sajja ,  Igor Stojanovski ,  Ledion Bitincka ,  John Nguyen

IPC: G06F16/901 ,  G06F3/06 ,  G06F16/27 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives raw machine data at an indexing system, and stores at least a portion of the raw machine data in buckets. Based on a determination that the size of multiple buckets satisfies a threshold size, the data intake and query system converts the buckets to non-editable buckets and stores the data in a remote shared storage system.

公开(公告)号：US20200226183A1

公开(公告)日：2020-07-16

申请号：US16830010

申请日：2020-03-25

Applicant: SPLUNK INC.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F16/951 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/903

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing real-time search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.

公开(公告)号：US12164402B1

公开(公告)日：2024-12-10

申请号：US18162273

申请日：2023-01-31

Applicant: Splunk Inc.

Inventor： Zhenghui Xie ,  Igor Stojanovski ,  Kartheek Babu Kolla ,  Sai Krishna Sajja ,  Srinivas Chowdhary Bobba ,  Tianyi Gou ,  Kai-Sern Lim ,  Tameem Anwar

IPC: G06F11/30

Abstract: A data intake and query system can manage the search of large amounts of data using one or more processing nodes. The data intake and query system can identify a group of processing nodes and assign a first processing node of the group to download and search a particular data group based on a first node map. The data intake and query system may identify an action associated with the first processing node. The data intake and query system can cause a particular processing node of the group to download the particular data group based on a second node map and transmit an authorization to perform the action to the first processing node.

公开(公告)号：US11416465B1

公开(公告)日：2022-08-16

申请号：US16513378

申请日：2019-07-16

Applicant: Splunk Inc.

Inventor： Tameem Anwar ,  Alexandros Batsakis ,  Sai Krishna Sajja ,  Igor Stojanovski ,  Eric Woo

IPC: G06F16/00 ,  G06F16/14 ,  G06F16/22 ,  G06F9/455 ,  G06F16/28

Abstract: Systems and methods are described for processing incoming data. The system can receive, from a first partition manager of a data intake and query system, first data that is associated with a first identifier, and can receive, from a second partition manager of the data intake and query system, second data that is associated with a second identifier. The system can process the first data and store first results of said processing the first data in one or more first buckets associated with the first tenant identifier. The system can process the second data and store second results of said processing the second data in one or more second buckets associated with the second tenant identifier.

公开(公告)号：US11222066B1

公开(公告)日：2022-01-11

申请号：US15967588

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Sourav Pal ,  Sai Krishna ,  Igor Stojanovski ,  Tameem Anwar ,  Paul J. Lucas ,  Eric Woo ,  Steve Wong

IPC: G06F16/901 ,  G06F16/903 ,  G06F3/06 ,  G06F16/23 ,  G06F16/27

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives raw machine data at an indexing system, and stores at least a portion of the raw machine data in buckets using containerized indexing nodes instantiated in a containerized environment. The data intake and query system stores the buckets in a shared storage system.

公开(公告)号：US11188550B2

公开(公告)日：2021-11-30

申请号：US15339912

申请日：2016-10-31

Applicant: Splunk Inc.

Inventor： Thomas Allan Haggie ,  Clint Sharp ,  Alexander Douglas James ,  David Ryan Marquardt ,  Hailun Yan ,  Christopher Pride ,  Vishal Patel ,  Amrittpal Singh Bath ,  Pratiksha Shah ,  Murugan Kandaswamy ,  Steve Yu Zhang ,  Ledion Bitincka ,  David E. Simmen ,  Marc Andre Chene ,  Esguerra Ma Kharisma ,  Igor Stojanovski

IPC: G06F16/248 ,  G06F16/22 ,  G06F16/25 ,  G06F16/28 ,  G06F16/901 ,  G06F16/951 ,  G06F16/242 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/835 ,  G06F16/9038 ,  G06F16/9535 ,  G06F16/903 ,  H04L29/08 ,  G06F3/0481 ,  G06T11/20 ,  H04L12/26

Abstract: The disclosed embodiments include a method performed by a data intake and query system. The method includes ingesting each metric including at least one key value and a measured value taken of a computing resource, and storing each metric in an index of a metrics store, where the index defines at least one dimension populated with the at least one key value and a measure populated with the measured value. The method further includes cataloging metadata in a metrics catalog, where the metadata is related to the metrics stored in the metrics store, performing an analysis of metrics data included in the metrics store and/or the metrics catalog to obtain results, and causing display of the results or an indication of the results on a display device.

公开(公告)号：US10642909B2

公开(公告)日：2020-05-05

申请号：US15885629

申请日：2018-01-31

Applicant: SPLUNK INC.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F17/30 ,  G06F16/951 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/903

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing real-time search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.