公开(公告)号：US20190278754A1

公开(公告)日：2019-09-12

申请号：US16424358

申请日：2019-05-28

Applicant: SPLUNK INC.

Inventor： David Ryan Marquardt ,  Mitchell Neuman Blank, JR. ,  Stephen Phillip Sorkin

IPC: G06F16/22 ,  G06F16/2453 ,  G06F16/2458 ,  G06F16/23 ,  G06F16/338 ,  G06F16/2455 ,  G06F16/28 ,  G06F16/248 ,  G06F16/242 ,  G06F16/33 ,  G06F16/31

Abstract: Embodiments are directed towards a method for searching data. The method comprises providing an inverted index that comprises at least one record, wherein the at least one record comprises at least one field name and a corresponding at least one field value. The at least one field name and corresponding value are extracted from time-stamped searchable events that are stored in a field searchable datastore and comprise portions of raw data. The at least one record further comprises a posting value that identifies a location in the field searchable datastore where an event associated with the at least one record is stored. The method further comprises receiving an incoming search query that references a field name and evaluating the incoming search query. Furthermore, responsive to the evaluating, the method comprises determining results for the incoming search query using the field searchable datastore or the inverted index.

公开(公告)号：US20190278753A1

公开(公告)日：2019-09-12

申请号：US16424311

申请日：2019-05-28

Applicant: SPLUNK INC.

Inventor： David Ryan Marquardt ,  Mitchell Neuman Blank, JR. ,  Stephen Phillip Sorkin

IPC: G06F16/22 ,  G06F16/2453 ,  G06F16/2458 ,  G06F16/23 ,  G06F16/338 ,  G06F16/2455 ,  G06F16/28 ,  G06F16/248 ,  G06F16/242 ,  G06F16/33 ,  G06F16/31

Abstract: Embodiments are directed towards a method for searching data. The method comprises generating an inverted index that comprises at least one record, wherein the at least one record comprises at least one field name and a corresponding at least one field value. The at least one field name and corresponding value are extracted from time-stamped searchable events that are stored in a field searchable datastore and comprise portions of raw data. The at least one record further comprises a posting value that identifies a location in the field searchable datastore where an event associated with the at least one record is stored. The method further comprises receiving an incoming search query that references a field name. Furthermore, the method comprises generating results to the incoming search query based on the field searchable datastore, wherein the field searchable datastore is directly searchable by the field name.

公开(公告)号：US20210042269A1

公开(公告)日：2021-02-11

申请号：US17080416

申请日：2020-10-26

Applicant: SPLUNK INC.

Inventor： Amritpal Singh Bath ,  Mitchell Neuman Blank, JR. ,  Vishal Patel ,  Stephen Phillip Sorkin

IPC: G06F16/17 ,  G06F16/20 ,  G06F16/174

Abstract: Embodiments are directed towards managing and tracking item identification of a plurality of items to determine if an item is a new or existing item, where an existing item has been previously processed. In some embodiments, two or more item identifiers may be generated. In one embodiment, generating the two or more item identifiers may include analyzing the item using a small item size characteristic, a compressed item, or for an identifier collision. The two or more item identifiers may be employed to determine if the item is a new or existing item. In one embodiment, the two or more item identifiers may be compared to a record about an existing item to determine if the item is a new or existing item. If the item is an existing item, then the item may be further processed to determine if the existing item has actually changed.

公开(公告)号：US20170139965A1

公开(公告)日：2017-05-18

申请号：US15421212

申请日：2017-01-31

Applicant: Splunk Inc.

Inventor： David Ryan Marquardt ,  Mitchell Neuman Blank, JR. ,  Stephen Phillip Sorkin

IPC: G06F17/30

Abstract: Embodiments are directed towards a method for searching data. The method comprises providing an inverted index that comprises at least one record, wherein the at least one record comprises at least one field name and a corresponding at least one field value. The at least one field name and corresponding value are extracted from time-stamped searchable events that are stored in a field searchable datastore and comprise portions of raw data. The at least one record further comprises a posting value that identifies a location in the field searchable datastore where an event associated with the at least one record is stored. The method further comprises receiving an incoming search query that references a field name and evaluating the incoming search query. Furthermore, responsive to the evaluating, the method comprises determining results for the incoming search query using both of the field searchable datastore and the inverted index.

公开(公告)号：US20140337354A1

公开(公告)日：2014-11-13

申请号：US14445001

申请日：2014-07-28

Applicant: Splunk Inc.

Inventor： Mitchell Neuman Blank, JR. ,  Leonid Budchenko ,  David Carasso ,  Micah James Delfino ,  Johnvey Hwang ,  Stephen Phillip Sorkin ,  Eric Timothy Woo

IPC: G06F17/30 ,  G06F3/0484

CPC classification number: G06F17/30867 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/0485 ,  G06F17/2705 ,  G06F17/30321 ,  G06F17/30507 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30619 ,  G06F17/30864

Abstract: Embodiments are directed towards previewing results generated from indexing data raw data before the corresponding index data is added to an index store. Raw data may be received from a preview data source. After an initial set of configuration information may be established, the preview data may be submitted to an index processing pipeline. A previewing application may generate preview results based on the preview index data and the configuration information. The preview results may enable previewing how the data is being processed by the indexing application. If the preview results are not acceptable, the configuration information may be modified. The preview application enables modification of the configuration information until the generated preview results may be acceptable. If the configuration information is acceptable, the preview data may be processed and indexed in one or more index stores.

Abstract translation: 实施例针对在将对应的索引数据添加到索引存储之前预览从索引数据原始数据生成的结果。 可以从预览数据源接收原始数据。 在可以建立一组初始配置信息之后，可以将预览数据提交给索引处理流水线。 预览应用可以基于预览索引数据和配置信息生成预览结果。 预览结果可能可以预览索引应用程序如何处理数据。 如果预览结果不可接受，则可以修改配置信息。 预览应用程序可以修改配置信息，直到生成的预览结果可以接受。 如果配置信息是可接受的，则预览数据可以在一个或多个索引存储中被处理和索引。

公开(公告)号：US20160055214A1

公开(公告)日：2016-02-25

申请号：US14929332

申请日：2015-10-31

Applicant: Splunk Inc.

Inventor： Mitchell Neuman Blank, JR. ,  Leonid Budchenko ,  David Carasso ,  Micah James Delfino ,  Johnvey Hwang ,  Stephen Phillip Sorkin ,  Eric Timothy Woo

IPC: G06F17/30 ,  G06F3/0482 ,  G06F17/27 ,  G06F3/0484

CPC classification number: G06F17/30867 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/0485 ,  G06F17/2705 ,  G06F17/30321 ,  G06F17/30507 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/3056 ,  G06F17/30619 ,  G06F17/30864

Abstract: Embodiments are directed towards previewing results generated from indexing data raw data before the corresponding index data is added to an index store. Raw data may be received from a preview data source. After an initial set of configuration information may be established, the preview data may be submitted to an index processing pipeline. A previewing application may generate preview results based on the preview index data and the configuration information. The preview results may enable previewing how the data is being processed by the indexing application. If the preview results are not acceptable, the configuration information may be modified. The preview application enables modification of the configuration information until the generated preview results may be acceptable. If the configuration information is acceptable, the preview data may be processed and indexed in one or more index stores.

Abstract translation: 实施例针对在将对应的索引数据添加到索引存储之前预览从索引数据原始数据生成的结果。 可以从预览数据源接收原始数据。 在可以建立一组初始配置信息之后，可以将预览数据提交给索引处理流水线。 预览应用可以基于预览索引数据和配置信息生成预览结果。 预览结果可能可以预览索引应用程序如何处理数据。 如果预览结果不可接受，则可以修改配置信息。 预览应用程序可以修改配置信息，直到生成的预览结果可以接受。 如果配置信息是可接受的，则预览数据可以在一个或多个索引存储中被处理和索引。

公开(公告)号：US20140229490A1

公开(公告)日：2014-08-14

申请号：US14052563

申请日：2013-10-11

Applicant: Splunk Inc.

Inventor： Vishal Patel ,  Jimmy John ,  Stephen Phillip Sorkin ,  Johnathon Lee Cervelli ,  Mitchell Neuman Blank, JR. ,  Robin Kumar Das

IPC: G06F17/30

CPC classification number: G06F16/2272 ,  G06F21/121 ,  G06F2221/0775 ,  G06F2221/2101 ,  H04L2463/101

Abstract: The invention is directed towards enabling data volume and data type based licensing of software in a distributed system of a plurality of remote and/or local nodes. The invention enables measuring and optionally restricting the use of software based on one or more provided licenses that restrict the amount and type of data that may be processed by the software. New and older licenses may be added together for a single, bulk entitlement for a given volume of data processing for one or all types of data. Different users in the same enterprise may combine license entitlements too. Also, a new license can be acquired repeatedly, without requiring the issuance of combined licenses by the issuing authority and/or the revocation of prior licenses.

Abstract translation: 本发明旨在实现在多个远程和/或本地节点的分布式系统中的软件的基于数据量和数据类型的许可。 本发明能够测量和可选地限制基于限制软件可能处理的数据的数量和类型的一个或多个所提供的许可证的软件的使用。 新一代和更旧的许可证可以一起添加，用于针对一种或所有类型的数据的给定数据量处理的单个批量权利。 同一企业的不同用户也可以组合许可证授权。 此外，可以重复获得新的许可证，而不需要发证机构签发合并的许可证和/或撤销先前的许可证。

公开(公告)号：US20130311427A1

公开(公告)日：2013-11-21

申请号：US13648116

申请日：2012-10-09

Applicant: SPLUNK INC.

Inventor： Vishal Patel ,  Mitchell Neuman Blank, JR. ,  Sundar Rengarajan Vasan ,  Stephen Phillip Sorkin

IPC: G06F17/30

CPC classification number: H04L67/1097 ,  G06F11/2097 ,  G06F17/30312

Abstract: Embodiments are directed towards managing within a cluster environment having a plurality of indexers for data storage using redundancy the data being managed using a generation identifier, such that a primary indexer is designated for a given generation of data. When a master device for the cluster fails, data may continue to be stored using redundancy, and data searches performed may still be performed.

Abstract translation: 实施例旨在在具有多个索引器的集群环境内管理，用于使用生成标识符来管理数据的冗余来进行数据存储，从而为指定的生成数据指定主索引器。 当集群的主设备发生故障时，可以继续使用冗余来存储数据，并且仍然可以执行数据搜索。

公开(公告)号：US20130060937A1

公开(公告)日：2013-03-07

申请号：US13662315

申请日：2012-10-26

Applicant: SPLUNK INC.

Inventor： Amritpal Singh Bath ,  Mitchell Neuman Blank, JR. ,  Vishal Patel ,  Stephen Phillip Sorkin

IPC: G06F11/30

CPC classification number: G06F16/21 ,  G06F16/1734

Abstract: Embodiments are directed towards a dynamic change evaluation mechanism, whereby items having a detected possible change are scheduled for re-evaluation for possible changes at a higher frequency than items detected to not have previously changed, while those items detected as not to have changed are dynamically scheduled for re-evaluation based on an evaluation backlog that may be in turn based, in part, on a time from when an item is assigned an expiration time to when the item is evaluated. In one embodiment, a possibly changed item may be assigned a new expiration time independent of the evaluation backlog. In another embodiment, if no change is detected, then the item may be assigned a new expiration time as a function of a previous expiration time and on the evaluation backlog.

Abstract translation: 实施例针对动态变化评估机制，由此调度具有检测到的可能变化的项目，以便以比检测到的未被改变的项目更高的频率重新评估可能的改变，而被检测为未改变的那些项目是动态的 计划根据评估积压进行重新评估，该评估积压部分可以部分地基于从物品被分配到期时间到评估物品的时间。 在一个实施例中，可以为可能改变的项目分配与评估积压无关的新的期满时间。 在另一个实施例中，如果没有检测到改变，则可以将该项目分配为作为先前的到期时间的函数的新的期满时间，以及评估积压。

公开(公告)号：US20210326316A1

公开(公告)日：2021-10-21

申请号：US17364617

申请日：2021-06-30

Applicant: SPLUNK INC.

Inventor： David Ryan Marquardt ,  Mitchell Neuman Blank, JR. ,  Stephen Phillip Sorkin

IPC: G06F16/22 ,  G06F16/2453 ,  G06F16/33 ,  G06F16/242 ,  G06F16/248 ,  G06F16/28 ,  G06F16/31 ,  G06F16/338 ,  G06F16/23 ,  G06F16/2458 ,  G06F16/2455

Abstract: Embodiments are directed towards a method for searching data. The method comprises providing an inverted index that comprises at least one record, wherein the at least one record comprises at least one field name and a corresponding at least one field value. The at least one field name and corresponding value are extracted from time-stamped searchable events that are stored in a field searchable datastore and comprise portions of raw data. The at least one record further comprises a posting value that identifies a location in the field searchable datastore where an event associated with the at least one record is stored. The method further comprises evaluating an incoming search query that references a field name. Responsive to the evaluating, the method comprises determining results for the incoming search query by executing the incoming search query across the field searchable datastore or the inverted index.