公开(公告)号：US11474673B1

公开(公告)日：2022-10-18

申请号：US16945657

申请日：2020-07-31

Applicant: Splunk Inc.

Inventor： Bashar Abdul-Jawad ,  Matthew Dailey ,  Joseph Gabriel Echeverria ,  Arthur Foelsche ,  Eric Sammer ,  Sarah Stanger

IPC: G06F3/00 ,  G06F3/0484 ,  G06F3/0482 ,  G06F16/9535 ,  G06F9/54

Abstract: Systems and methods are described for graphical user interfaces that enable users to graphically design nodes and interconnections of pipelines for preprocessing data later ingested into an indexing system. The preprocessing can include receiving messages published to a first publish-subscribe messaging system, the messages containing raw machine data generated by one or more components in an information technology environment, performing one or more processing operations on at least some of the messages to generate preprocessed messages, republishing the preprocessed messages to a second publish-subscribe messaging system, and providing to the indexing system, a subset of the messages from the second publish-subscribe messaging system. Nodes in the pipeline can specify the preprocessing operations, and interconnections in the pipeline can represent data flow through the nodes of the pipeline.

公开(公告)号：US11086869B1

公开(公告)日：2021-08-10

申请号：US16177256

申请日：2018-10-31

Applicant: Splunk Inc.

Inventor： Bharath Kishore Reddy Aleti ,  Alexandros Batsakis ,  Joseph Gabriel Echeverria ,  Alexander Douglas James ,  Sourav Pal ,  Christopher Madden Pride ,  Sai Krishna Sajja ,  Eric Sammer

IPC: G06F16/00 ,  G06F16/2453 ,  G06F16/242 ,  G06F16/9535 ,  G06F40/205 ,  G06F9/54

Abstract: Systems and methods are disclosed for interfacing with one or more components of a data intake and query system. The data intake and query system includes a gateway that interfaces between one or more computer-executable applications and one or more components of the data intake and query system. The data intake and query system can include an intake system configured to ingest data, an indexing system configured to generate and store one or more events based on the data, and a query system configured to execute one or more queries. The intake system can include a streaming data processor and at least one ingestion buffer. The indexing system can include at least one containerized indexing node, and the query system can include at least one containerized search node.

公开(公告)号：US12013852B1

公开(公告)日：2024-06-18

申请号：US18190815

申请日：2023-03-27

Applicant: Splunk Inc.

Inventor： Joseph Gabriel Echeverria ,  Arthur Foelsche ,  Eric Sammer ,  Sarah Stanger

IPC: G06F16/30 ,  G05B13/00 ,  G06F16/14 ,  G06F16/178 ,  G06F16/24 ,  G06F16/2453 ,  G06F16/2455 ,  G06F16/248 ,  G06F16/25 ,  G06N3/00 ,  G06N5/00

CPC classification number: G06F16/24532 ,  G05B13/00 ,  G06F16/156 ,  G06F16/178 ,  G06F16/24 ,  G06F16/24556 ,  G06F16/24566 ,  G06F16/24568 ,  G06F16/248 ,  G06F16/258 ,  G06N3/00 ,  G06N5/00

Abstract: Systems and methods are described for unified processing of indexed and streaming data. A system enables users to query indexed data or specify processing pipelines to be applied to streaming data. In some instances, a user may specify a query intended to be run against indexed data, but may specify criteria that includes not-yet-indexed data (e.g., a future time frame). The system may convert the query into a data processing pipeline applied to not-yet-indexed data, thus increasing the efficiency of the system. Similarly, in some instances, a user may specify a data processing pipeline to be applied to a data stream, but specify criteria including data items outside the data stream. For example, a user may wish to apply the pipeline retroactively, to data items that have already exited the data stream. The system can convert the pipeline into a query against indexed data to satisfy the users processing requirements.

公开(公告)号：US20220121628A1

公开(公告)日：2022-04-21

申请号：US17074426

申请日：2020-10-19

Applicant: Splunk Inc.

Inventor： Poornima Devaraj ,  Joseph Gabriel Echeverria ,  Venkata SreeKrishna Koganti ,  Shyam Mundhra ,  Hardik Shah ,  Xiangyu Wu ,  Ryan Konrad Yee

IPC: G06F16/18 ,  G06F16/17 ,  G06F16/182 ,  G06F11/32 ,  G06F11/30

Abstract: Systems and methods are described herein for synthesizing traces from logs of a distributed computing system. A trace represents a single transaction, such as handling of a user request, on the distributed computing system. The transaction can include multiple underlying operations on the distributed computing system, which are represented as spans within the trace and may be hierarchically arranged within the trace. In instances where a distributed computing system does not provide for tracing natively, a trace can be synthesized from log entries of the distributed computing system. A streaming data processing system can ingest a data stream including log entries, and identify within the data stream those log entries relating to a given transaction. The streaming data processing system can further identify log entries that demark the beginnings and endings of operations for that transaction, and can utilize the identified log entries to build a trace for the transaction.

公开(公告)号：US10776441B1

公开(公告)日：2020-09-15

申请号：US16148840

申请日：2018-10-01

Applicant: Splunk Inc.

Inventor： Joseph Gabriel Echeverria ,  Arthur Foelsche ,  Eric Sammer ,  Sarah Stanger

IPC: G06F9/54 ,  G06F16/9535 ,  H04L29/08 ,  G06F21/62 ,  G06F9/451

Abstract: Systems and methods are described for graphical user interfaces that enable users to graphically design nodes and interconnections of pipelines for preprocessing data later ingested into an indexing system. The preprocessing can include receiving messages published to a first publish-subscribe messaging system, the messages containing raw machine data generated by one or more components in an information technology environment, performing one or more processing operations on at least some of the messages to generate preprocessed messages, republishing the preprocessed messages to a second publish-subscribe messaging system, and providing to the indexing system, a subset of the messages from the second publish-subscribe messaging system. Nodes in the pipeline can specify the preprocessing operations, and interconnections in the pipeline can represent data flow through the nodes of the pipeline.

公开(公告)号：US20230244673A1

公开(公告)日：2023-08-03

申请号：US18192136

申请日：2023-03-29

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  Joseph Gabriel Echeverria ,  Eric Sammer

IPC: G06F16/2455 ,  G06F16/2453 ,  G06F16/901 ,  G06F16/903

CPC classification number: G06F16/24568 ,  G06F16/24542 ,  G06F16/901 ,  G06F16/90335

Abstract: Operational machine components of an information technology (IT) or other microprocessor- or microcontroller-permeated environment generate disparate forms of machine data. Network connections are established between these components and processors of data intake and query system (DIQS). The DIQS conducts network transactions on a periodic and/or continuous basis with the machine components to receive disparate data and ingest certain of the data as entries of a data store that is searchable for DIQS query processing. The DIQS may receive queries to process against the received and ingested data via an exposed network interface. In one example embodiment, the DIQS receives a query identifying data to be processed, dynamically generates a query processing scheme based on the state of the data to be processed, such as streaming or at rest, and dynamically communicates the query processing scheme to a query executor based on the state of the data to be processed.

公开(公告)号：US11614923B2

公开(公告)日：2023-03-28

申请号：US16864054

申请日：2020-04-30

Applicant: Splunk Inc.

Inventor： Ricky Gene Burnett ,  Joseph Gabriel Echeverria ,  Max Feng ,  Arthur Foelsche ,  Anush Kumar Jayaraman ,  Eric Prokop ,  Jeremiah Reichardt ,  Ran Xie

IPC: G06F9/44 ,  G06F9/455 ,  G06F8/34 ,  G06F16/2453 ,  G06F16/901 ,  G06F9/54

Abstract: Systems and methods are disclosed for implementing dual textual/graphical programming interfaces for programming streaming data processing pipelines. A user interface is provided that enables a user to author a processing pipeline as a query in a query language, and to request conversion of that query language into a graph data structure representation of the pipeline, which can be visualized in the interface. The interface further enables modification of the graph via interaction with the visualization. On request, the modified graph can be converted back into the query language, with the querying being modified to reflect the modifications to the graph.

公开(公告)号：US10997180B2

公开(公告)日：2021-05-04

申请号：US15885645

申请日：2018-01-31

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  Joseph Gabriel Echeverria ,  Eric Sammer

IPC: G06F16/2455 ,  G06F16/2453 ,  G06F16/901 ,  G06F16/903

Abstract: Operational machine components of an information technology (IT) or other microprocessor- or microcontroller-permeated environment generate disparate forms of machine data. Network connections are established between these components and processors of data intake and query system (DIQS). The DIQS conducts network transactions on a periodic and/or continuous basis with the machine components to receive disparate data and ingest certain of the data as entries of a data store that is searchable for DIQS query processing. The DIQS may receive queries to process against the received and ingested data via an exposed network interface. In one example embodiment, the DIQS receives a query identifying data to be processed, dynamically generates a query processing scheme based on the state of the data to be processed, such as streaming or at rest, and dynamically communicates the query processing scheme to a query executor based on the state of the data to be processed.

公开(公告)号：US10775976B1

公开(公告)日：2020-09-15

申请号：US16148703

申请日：2018-10-01

Applicant: Splunk Inc.

Inventor： Bashar Abdul-Jawad ,  Matthew Dailey ,  Joseph Gabriel Echeverria ,  Arthur Foelsche ,  Eric Sammer ,  Sarah Stanger

IPC: G06F3/00 ,  G06F3/0484 ,  G06F3/0482 ,  G06F16/9535 ,  G06F9/54

Abstract: Systems and methods are described for graphical user interfaces that enable users to graphically design nodes and interconnections of pipelines for preprocessing data later ingested into an indexing system. The preprocessing can include receiving messages published to a first publish-subscribe messaging system, the messages containing raw machine data generated by one or more components in an information technology environment, performing one or more processing operations on at least some of the messages to generate preprocessed messages, republishing the preprocessed messages to a second publish-subscribe messaging system, and providing to the indexing system, a subset of the messages from the second publish-subscribe messaging system. Nodes in the pipeline can specify the preprocessing operations, and interconnections in the pipeline can represent data flow through the nodes of the pipeline.

公开(公告)号：US12079175B2

公开(公告)日：2024-09-03

申请号：US17074426

申请日：2020-10-19

Applicant: Splunk Inc.

Inventor： Poornima Devaraj ,  Joseph Gabriel Echeverria ,  Venkata SreeKrishna Koganti ,  Shyam Mundhra ,  Hardik Shah ,  Xiangyu Wu ,  Ryan Konrad Yee

IPC: G06F16/18 ,  G06F11/30 ,  G06F11/32 ,  G06F16/17 ,  G06F16/182

CPC classification number: G06F16/1865 ,  G06F11/3034 ,  G06F11/323 ,  G06F16/1734 ,  G06F16/1824

Abstract: Systems and methods are described herein for synthesizing traces from logs of a distributed computing system. A trace represents a single transaction, such as handling of a user request, on the distributed computing system. The transaction can include multiple underlying operations on the distributed computing system, which are represented as spans within the trace and may be hierarchically arranged within the trace. In instances where a distributed computing system does not provide for tracing natively, a trace can be synthesized from log entries of the distributed computing system. A streaming data processing system can ingest a data stream including log entries, and identify within the data stream those log entries relating to a given transaction. The streaming data processing system can further identify log entries that demark the beginnings and endings of operations for that transaction, and can utilize the identified log entries to build a trace for the transaction.