公开(公告)号：US20160321352A1

公开(公告)日：2016-11-03

申请号：US14700844

申请日：2015-04-30

Applicant: Splunk Inc.

Inventor： Vishal Patel ,  Jagannath Kerai ,  Hasan Alayli

IPC: G06F17/30

CPC classification number: G06F17/30631 ,  G06F17/30144

Abstract: The present disclosure is directed to providing dynamic indexer discovery. An index manager, which may also be known as a cluster master, is configured to track the statuses and capabilities of indexers and provide the statuses and capabilities obtained from the indexers to data collectors, such as forwarders. The data collectors may use the statuses and capabilities associated with the indexers to load balance transmission of data to the indexers. Dynamic indexer discovery may eliminate the need to manually reconfigure data collectors when the status of an indexer changes because the information may be obtained from the index manager without the need to reinitialize the data collectors.

Abstract translation: 本公开旨在提供动态索引器发现。 索引管理器也可以被称为集群主机，被配置为跟踪索引器的状态和能力，并将从索引器获得的状态和功能提供给诸如转发器之类的数据收集器。 数据收集器可以使用与索引器相关联的状态和功能将数据的传输负载平衡到索引器。 当索引器的状态发生变化时，动态索引器发现可能会消除手动重新配置数据收集器的需要，因为可以从索引管理器获取信息，而无需重新初始化数据收集器。

公开(公告)号：US11062016B2

公开(公告)日：2021-07-13

申请号：US14695827

申请日：2015-04-24

Applicant: Splunk Inc.

Inventor： Jagannath Kerai ,  Rama Gopalan

IPC: G06F21/45 ,  G06F21/62 ,  G06F21/30 ,  H04L29/06

Abstract: Provided are systems and methods for verifying user credentials for performing a search. In one embodiment, a method can be provided that includes receiving a request to perform a search of machine generated data comprising time stamped events that is associated with a user, determining whether a set of cached user credentials has been updated within a period of time, querying, in response to determining that the credentials for the user have not been updated within the period of time, an identity provider server for a current set of user credentials associated with the user, receiving the current set of user credentials, determining whether the user has privileges to perform the search based at least in part on the set of user credentials, and causing, in response to determining that the user has privileges to perform the search, the search to be performed to identify one or more of the events that are responsive to the search.

公开(公告)号：US12079255B1

公开(公告)日：2024-09-03

申请号：US17978681

申请日：2022-11-01

Applicant: SPLUNK INC.

Inventor： Vishal Patel ,  Jagannath Kerai ,  Hasan Alayli

IPC: G06F17/00 ,  G06F16/17 ,  G06F16/31

CPC classification number: G06F16/328 ,  G06F16/1734

Abstract: The present invention is related to a method for providing dynamic indexer discovery. The method comprises receiving, from an index manager, a status indication associated with a plurality of indexers, wherein each of the plurality of indexers indexes events of raw machine-generated data received from a plurality of data collectors. The method further comprises determining a weight associated with each of the plurality of indexers and selecting an indexer from the plurality of indexers. Subsequently, the method comprises allocating data to the indexer in accordance with a respective weight assigned to the indexer and transmitting the allocated data to the indexer.

公开(公告)号：US11030254B2

公开(公告)日：2021-06-08

申请号：US16248626

申请日：2019-01-15

Applicant: Splunk Inc.

Inventor： Anish A. Shrigondekar ,  Eric Bond ,  Dhananjay Koshe ,  Jagannath Kerai ,  Michael C. Lin

IPC: G06F7/00 ,  G06F16/903 ,  G06F16/901 ,  G06F16/904 ,  G06F16/25

Abstract: Disclosed herein is a data estimation technique for a data intake and query system. The system receives user inputs indicative that a first data source is to be the subject of a storage related estimate. The system receives a first plurality of events generated by the first data source. The system indexes only a sample of the received first plurality of events, based on a sampling criterion, where the sample is fewer than all of the first plurality of events. The system generates the storage related estimate based on at least some of the first plurality of events, and causes an indication of the estimate to be output to a user.

公开(公告)号：US20190213206A1

公开(公告)日：2019-07-11

申请号：US16353886

申请日：2019-03-14

Applicant: Splunk Inc

Inventor： Vishal Patel ,  Jagannath Kerai ,  Hasan Alayli

IPC: G06F16/31 ,  G06F16/17

CPC classification number: G06F16/328 ,  G06F16/1734

Abstract: The present invention is related to a method for providing dynamic indexer discovery. The method comprises receiving, from an index manager, a status indication associated with a plurality of indexers, wherein each of the plurality of indexers indexes events of raw machine-generated data received from a plurality of data collectors. The method further comprises determining a weight associated with each of the plurality of indexers and selecting an indexer from the plurality of indexers. Subsequently, the method comprises allocating data to the indexer in accordance with a respective weight assigned to the indexer and transmitting the allocated data to the indexer.

公开(公告)号：US20190147002A1

公开(公告)日：2019-05-16

申请号：US16248626

申请日：2019-01-15

Applicant: Splunk Inc.

Inventor： Anish A. Shrigondekar ,  Eric Bond ,  Dhananjay Koshe ,  Jagannath Kerai ,  Michael C. Lin

IPC: G06F16/903 ,  G06F16/901 ,  G06F16/904

Abstract: Disclosed herein is a data estimation technique for a data intake and query system. The system receives user inputs indicative that a first data source is to be the subject of a storage related estimate. The system receives a first plurality of events generated by the first data source. The system indexes only a sample of the received first plurality of events, based on a sampling criterion, where the sample is fewer than all of the first plurality of events. The system generates the storage related estimate based on at least some of the first plurality of events, and causes an indication of the estimate to be output to a user.

公开(公告)号：US10268755B2

公开(公告)日：2019-04-23

申请号：US14700844

申请日：2015-04-30

Applicant: Splunk Inc.

Inventor： Vishal Patel ,  Jagannath Kerai ,  Hasan Alayli

IPC: G06F17/30

Abstract: The present disclosure is directed to providing dynamic indexer discovery. An index manager, which may also be known as a cluster master, is configured to track the statuses and capabilities of indexers and provide the statuses and capabilities obtained from the indexers to data collectors, such as forwarders. The data collectors may use the statuses and capabilities associated with the indexers to load balance transmission of data to the indexers. Dynamic indexer discovery may eliminate the need to manually reconfigure data collectors when the status of an indexer changes because the information may be obtained from the index manager without the need to reinitialize the data collectors.

公开(公告)号：US10216862B1

公开(公告)日：2019-02-26

申请号：US15276652

申请日：2016-09-26

Applicant: Splunk Inc.

Inventor： Anish A. Shrigondekar ,  Eric Bond ,  Dhananjay Koshe ,  Jagannath Kerai ,  Michael C. Lin

IPC: G06F7/00 ,  G06F17/30

Abstract: Disclosed herein is a data estimation technique for a data intake and query system. The system receives user inputs indicative that a first data source is to be the subject of a storage related estimate. The system receives a first plurality of events generated by the first data source. The system indexes only a sample of the received first plurality of events, based on a sampling criterion, where the sample is fewer than all of the first plurality of events. The system generates the storage related estimate based on at least some of the first plurality of events, and causes an indication of the estimate to be output to a user.

公开(公告)号：US20160314211A1

公开(公告)日：2016-10-27

申请号：US14695827

申请日：2015-04-24

Applicant: Splunk Inc.

Inventor： Jagannath Kerai ,  Rama Gopalan

IPC: G06F17/30

CPC classification number: G06F21/45 ,  G06F21/6227

Abstract: Provided are systems and methods for verifying user credentials for performing a search. In one embodiment, a method can be provided that includes receiving a request to perform a search of machine generated data comprising time stamped events that is associated with a user, determining whether a set of cached user credentials has been updated within a period of time, querying, in response to determining that the credentials for the user have not been updated within the period of time, an identity provider server for a current set of user credentials associated with the user, receiving the current set of user credentials, determining whether the user has privileges to perform the search based at least in part on the set of user credentials, and causing, in response to determining that the user has privileges to perform the search, the search to be performed to identify one or more of the events that are responsive to the search.

Abstract translation: 提供了用于验证用于执行搜索的用户凭证的系统和方法。 在一个实施例中，可以提供一种方法，包括接收执行机器生成数据的搜索的请求，所述机器生成的数据包括与用户相关联的时间戳事件，确定在一段时间内是否更新了一组缓存的用户凭证， 响应于确定用户的证书在一段时间内未被更新的查询，用于与用户相关联的当前用户凭证集合的身份提供商服务器，接收当前用户凭证集合，确定用户是否 具有至少部分地基于所述一组用户凭证执行搜索的特权，并且响应于确定用户具有执行搜索的权限而导致要执行的搜索以识别一个或多个事件 响应搜索。

公开(公告)号：US09124612B2

公开(公告)日：2015-09-01

申请号：US14266817

申请日：2014-04-30

Applicant: Splunk Inc.

Inventor： Sundar Rengarajan Vasan ,  Mitchell Neuman Blank, Jr. ,  Vishal Patel ,  Da Xu ,  Jagannath Kerai

IPC: G06F17/30 ,  H04L29/08 ,  G06F11/20

CPC classification number: H04L67/1097 ,  G06F11/20 ,  G06F17/30575

Abstract: According to various embodiments, techniques are described for managing data within a multi-site clustered data intake and query system. A data intake and query system as described herein generally refers to a system for collecting, retrieving, and analyzing data. In this context, a clustered data intake and query system generally refers to a system environment that is configured to provide data redundancy and other features that improve the availability of data stored by the system. For example, a clustered data intake and query system may be configured to store multiple copies of data stored by the system across multiple components such that recovery from a failure of one or more of the components is possible by using copies of the data stored elsewhere in the cluster.

Abstract translation: 根据各种实施例，描述了用于管理多站点群集数据访问和查询系统内的数据的技术。 本文所述的数据采集和查询系统通常是指用于收集，检索和分析数据的系统。 在这种情况下，集群数据采集和查询系统通常是指被配置为提供数据冗余和提高系统存储的数据的可用性的其他特征的系统环境。 例如，集群数据采集和查询系统可以被配置为存储由多个组件存储的系统的多个副本，以便可以通过使用其他地方存储的数据的副本来从一个或多个组件的故障中恢复 集群。