公开(公告)号：US09130971B2

公开(公告)日：2015-09-08

申请号：US14266812

申请日：2014-04-30

Applicant: Splunk Inc.

Inventor： Sundar Rengarajan Vasan ,  Mitchell Neuman Blank, Jr. ,  Vishal Patel ,  Da Xu ,  Rama Gopalan

IPC: G06F17/30 ,  H04L29/08 ,  G06F11/20 ,  G06F3/06

CPC classification number: G06F17/30528 ,  G06F3/0617 ,  G06F3/065 ,  G06F3/067 ,  G06F11/20 ,  G06F11/2094 ,  G06F17/30241 ,  G06F17/30336 ,  G06F17/30575 ,  G06F17/30581 ,  G06F17/30867 ,  G06F17/3087 ,  H04L67/1097

Abstract: According to various embodiments, techniques are described for managing data within a multi-site clustered data intake and query system. A data intake and query system as described herein generally refers to a system for collecting, retrieving, and analyzing data. In this context, a clustered data intake and query system generally refers to a system environment that is configured to provide data redundancy and other features that improve the availability of data stored by the system. For example, a clustered data intake and query system may be configured to store multiple copies of data stored by the system across multiple components such that recovery from a failure of one or more of the components is possible by using copies of the data stored elsewhere in the cluster.

Abstract translation: 根据各种实施例，描述了用于管理多站点群集数据访问和查询系统内的数据的技术。 本文所述的数据采集和查询系统通常是指用于收集，检索和分析数据的系统。 在这种情况下，集群数据采集和查询系统通常是指被配置为提供数据冗余和提高系统存储的数据的可用性的其他特征的系统环境。 例如，集群数据采集和查询系统可以被配置为存储由多个组件存储的系统的多个副本，以便可以通过使用其他地方存储的数据的副本来从一个或多个组件的故障中恢复 集群。

公开(公告)号：US11693710B1

公开(公告)日：2023-07-04

申请号：US17589722

申请日：2022-01-31

Applicant: Splunk Inc.

Inventor： Bharath Kishore Reddy Aleti ,  Alexandros Batsakis ,  Mitchell Neuman Blank ,  Rama Gopalan ,  Hongxun Liu ,  Anish Shrigondekar

IPC: G06F16/00 ,  G06F7/00 ,  G06F9/50 ,  G06F16/2455 ,  G06F16/242 ,  G06F16/22

CPC classification number: G06F9/505 ,  G06F16/22 ,  G06F16/2425 ,  G06F16/24552

Abstract: Resource management includes storing, for multiple workload pools of a data intake and query system, a workload pool hierarchy arranged in multiple workload pool layers. After storing a processing request is assigned a selected subset of workload pools in a second layer of the workload pool hierarchy based on a type of processing request. The processing request is then assigned to an individual workload pool in the selected subset to obtain a selected workload pool. Execution of the processing request is initiated on the selected workload pool.

公开(公告)号：US11630695B1

公开(公告)日：2023-04-18

申请号：US17163160

申请日：2021-01-29

Applicant: Splunk Inc.

Inventor： Bharath Kishore Reddy Aleti ,  Alexandros Batsakis ,  Mitchell Neuman Blank ,  Rama Gopalan ,  Hongxun Liu ,  Anish Shrigondekar

IPC: G06F16/00 ,  G06F9/50 ,  G06F16/22

Abstract: Dynamic reassignment of search processes into workload pools includes receiving a search query to search at least one data store, assigning the search query to a first workload pool, and executing the search query using a first hardware resource in the first workload pool, the first hardware resource corresponding to a first portion of a hardware device. Dynamic reassignment further includes receiving, while executing the search query, an update command to move the search query to a second workload pool, moving, while executing the search query, the search query to the second workload pool; and continuing execution of the search query using a second hardware resource in the second workload pool. The second hardware resource corresponds to a second portion of the hardware device.

公开(公告)号：US10942774B1

公开(公告)日：2021-03-09

申请号：US16147262

申请日：2018-09-28

Applicant: Splunk Inc.

Inventor： Bharath Kishore Reddy Aleti ,  Alexandras Batsakis ,  Mitchell Neuman Blank ,  Rama Gopalan ,  Hongxun Liu ,  Anish Shrigondekar

IPC: G06F16/00 ,  G06F9/50 ,  G06F16/22

Abstract: Dynamic reassignment of search processes into workload pools includes receiving a search query to search at least one data store, assigning the search query to a first workload pool, and executing the search query using a first hardware resource in the first workload pool, the first hardware resource corresponding to a first portion of a hardware device. Dynamic reassignment further includes receiving, while executing the search query, an update command to move the search query to a second workload pool, moving, while executing the search query, the search query to the second workload pool; and continuing execution of the search query using a second hardware resource in the second workload pool. The second hardware resource corresponds to a second portion of the hardware device.

公开(公告)号：US20160314211A1

公开(公告)日：2016-10-27

申请号：US14695827

申请日：2015-04-24

Applicant: Splunk Inc.

Inventor： Jagannath Kerai ,  Rama Gopalan

IPC: G06F17/30

CPC classification number: G06F21/45 ,  G06F21/6227

Abstract: Provided are systems and methods for verifying user credentials for performing a search. In one embodiment, a method can be provided that includes receiving a request to perform a search of machine generated data comprising time stamped events that is associated with a user, determining whether a set of cached user credentials has been updated within a period of time, querying, in response to determining that the credentials for the user have not been updated within the period of time, an identity provider server for a current set of user credentials associated with the user, receiving the current set of user credentials, determining whether the user has privileges to perform the search based at least in part on the set of user credentials, and causing, in response to determining that the user has privileges to perform the search, the search to be performed to identify one or more of the events that are responsive to the search.

Abstract translation: 提供了用于验证用于执行搜索的用户凭证的系统和方法。 在一个实施例中，可以提供一种方法，包括接收执行机器生成数据的搜索的请求，所述机器生成的数据包括与用户相关联的时间戳事件，确定在一段时间内是否更新了一组缓存的用户凭证， 响应于确定用户的证书在一段时间内未被更新的查询，用于与用户相关联的当前用户凭证集合的身份提供商服务器，接收当前用户凭证集合，确定用户是否 具有至少部分地基于所述一组用户凭证执行搜索的特权，并且响应于确定用户具有执行搜索的权限而导致要执行的搜索以识别一个或多个事件 响应搜索。

公开(公告)号：US11062016B2

公开(公告)日：2021-07-13

申请号：US14695827

申请日：2015-04-24

Applicant: Splunk Inc.

Inventor： Jagannath Kerai ,  Rama Gopalan

IPC: G06F21/45 ,  G06F21/62 ,  G06F21/30 ,  H04L29/06

Abstract: Provided are systems and methods for verifying user credentials for performing a search. In one embodiment, a method can be provided that includes receiving a request to perform a search of machine generated data comprising time stamped events that is associated with a user, determining whether a set of cached user credentials has been updated within a period of time, querying, in response to determining that the credentials for the user have not been updated within the period of time, an identity provider server for a current set of user credentials associated with the user, receiving the current set of user credentials, determining whether the user has privileges to perform the search based at least in part on the set of user credentials, and causing, in response to determining that the user has privileges to perform the search, the search to be performed to identify one or more of the events that are responsive to the search.

公开(公告)号：US20150339308A1

公开(公告)日：2015-11-26

申请号：US14815880

申请日：2015-07-31

Applicant: Splunk Inc.

Inventor： Sundar Rengarajan Vasan ,  Mitchell Neuman Blank, Jr. ,  Vishal Patel ,  Da Xu ,  Rama Gopalan

IPC: G06F17/30

CPC classification number: G06F17/30528 ,  G06F3/0617 ,  G06F3/065 ,  G06F3/067 ,  G06F11/20 ,  G06F11/2094 ,  G06F17/30241 ,  G06F17/30336 ,  G06F17/30575 ,  G06F17/30581 ,  G06F17/30867 ,  G06F17/3087 ,  H04L67/1097

Abstract: Techniques are described for managing data within a multi-site clustered data intake and query system. A data intake and query system as described herein generally refers to a system for collecting, retrieving, and analyzing data. In this context, a clustered data intake and query system generally refers to a system environment that is configured to provide data redundancy and other features that improve the availability of data stored by the system. For example, a clustered data intake and query system may be configured to store multiple copies of data stored by the system across multiple components such that recovery from a failure of one or more of the components is possible by using copies of the data stored elsewhere in the cluster.

Abstract translation: 描述了用于管理多站点群集数据采集和查询系统中的数据的技术。 本文所述的数据采集和查询系统通常是指用于收集，检索和分析数据的系统。 在这种情况下，集群数据采集和查询系统通常是指被配置为提供数据冗余和提高系统存储的数据的可用性的其他特征的系统环境。 例如，集群数据采集和查询系统可以被配置为存储由多个组件存储的系统的多个副本，以便可以通过使用其他地方存储的数据的副本来从一个或多个组件的故障中恢复 集群。

公开(公告)号：US11822640B1

公开(公告)日：2023-11-21

申请号：US17347025

申请日：2021-06-14

Applicant: Splunk Inc.

Inventor： Jagannath Kerai ,  Rama Gopalan

IPC: G06F21/45 ,  G06F21/62 ,  G06F21/30 ,  H04L9/40

CPC classification number: G06F21/45 ,  G06F21/30 ,  G06F21/62 ,  G06F21/6218 ,  G06F21/6227 ,  H04L63/10

Abstract: Provided are systems and methods for verifying user credentials for performing a search. Verifying user credentials include receiving a search request at a search server, determining, at the search server, whether a set of user credentials of a user has been updated within a threshold period of time. The set of user credentials are received from an identity provider server and cached at the search server. Responsive to determining that the cached set of user credentials have not been updated within the threshold period of time, the identity provider server is queried for a current set of user credentials associated with the user. The current set of user credentials from the identity provider server, and used to determine that the user is authorized to perform the search. The search of the datastore is launched responsive to determining that the user is authorized.

公开(公告)号：US11385936B1

公开(公告)日：2022-07-12

申请号：US16147251

申请日：2018-09-28

Applicant: Splunk Inc.

Inventor： Bharath Kishore Reddy Aleti ,  Alexandros Batsakis ,  Mitchell Neuman Blank ,  Rama Gopalan ,  Hongxun Liu ,  Anish Shrigondekar

IPC: G06F16/00 ,  G06F7/00 ,  G06F9/50 ,  G06F16/22 ,  G06F16/242 ,  G06F16/2455

Abstract: Achieving search and ingest isolation via resource management in a search and indexing system includes receiving a search query associated with at least one data store, assigning, in response to the search query being associated with the at least one data store, the search query to a first workload pool in a set of query workload pools, and processing the search query using a first hardware resource in the first workload pool. Achieving search and ingest isolation further includes receiving an ingest request comprising data associated with the at least one data store. The ingest request is assigned to a second workload pool in a set of ingest workload pools. The set of query workload pools and the set of ingest workload pools are disjoint. Achieving search and ingest isolation further includes processing the ingest request using a second hardware resource in the second workload pool.

公开(公告)号：US09984128B2

公开(公告)日：2018-05-29

申请号：US14815880

申请日：2015-07-31

Applicant: Splunk Inc.

Inventor： Sundar Rengarajan Vasan ,  Mitchell Neuman Blank, Jr. ,  Vishal Patel ,  Da Xu ,  Rama Gopalan

IPC: G06F17/30 ,  H04L29/08 ,  G06F11/20 ,  G06F3/06

CPC classification number: G06F17/30528 ,  G06F3/0617 ,  G06F3/065 ,  G06F3/067 ,  G06F11/20 ,  G06F11/2094 ,  G06F17/30241 ,  G06F17/30336 ,  G06F17/30575 ,  G06F17/30581 ,  G06F17/30867 ,  G06F17/3087 ,  H04L67/1097

Abstract: Techniques are described for managing data within a multi-site clustered data intake and query system. A data intake and query system as described herein generally refers to a system for collecting, retrieving, and analyzing data. In this context, a clustered data intake and query system generally refers to a system environment that is configured to provide data redundancy and other features that improve the availability of data stored by the system. For example, a clustered data intake and query system may be configured to store multiple copies of data stored by the system across multiple components such that recovery from a failure of one or more of the components is possible by using copies of the data stored elsewhere in the cluster.