公开(公告)号：US11562023B1

公开(公告)日：2023-01-24

申请号：US15967585

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Sourav Pal ,  Sai Krishna Sajja ,  Hasan Alayli ,  Vishal Patel ,  Igor Stojanovski ,  Eric Woo ,  Steve Wong ,  Tameem Anwar

IPC: G06F16/901 ,  G06F3/06 ,  G06F16/23 ,  G06F16/27

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. An indexing system of the data intake and query system receives data and stores at least a portion of it in buckets, which are then stored in a shared storage system. The indexing system merges multiple buckets to generate merged buckets and uploads the merged buckets to the shared storage system.

公开(公告)号：US11086869B1

公开(公告)日：2021-08-10

申请号：US16177256

申请日：2018-10-31

Applicant: Splunk Inc.

Inventor： Bharath Kishore Reddy Aleti ,  Alexandros Batsakis ,  Joseph Gabriel Echeverria ,  Alexander Douglas James ,  Sourav Pal ,  Christopher Madden Pride ,  Sai Krishna Sajja ,  Eric Sammer

IPC: G06F16/00 ,  G06F16/2453 ,  G06F16/242 ,  G06F16/9535 ,  G06F40/205 ,  G06F9/54

Abstract: Systems and methods are disclosed for interfacing with one or more components of a data intake and query system. The data intake and query system includes a gateway that interfaces between one or more computer-executable applications and one or more components of the data intake and query system. The data intake and query system can include an intake system configured to ingest data, an indexing system configured to generate and store one or more events based on the data, and a query system configured to execute one or more queries. The intake system can include a streaming data processor and at least one ingestion buffer. The indexing system can include at least one containerized indexing node, and the query system can include at least one containerized search node.

公开(公告)号：US11892996B1

公开(公告)日：2024-02-06

申请号：US16513365

申请日：2019-07-16

Applicant: Splunk Inc.

Inventor： Tameem Anwar ,  Alexandros Batsakis ,  Sai Krishna Sajja ,  Igor Stojanovski ,  Eric Woo

IPC: G06F16/22 ,  G06F16/23 ,  G06F16/245 ,  G06F9/50 ,  G06F11/34

CPC classification number: G06F16/2255 ,  G06F9/50 ,  G06F16/2379 ,  G06F16/245 ,  G06F11/34

Abstract: Systems and methods are described for monitoring indexing nodes, populating and maintaining a resource catalog with relevant information, receiving requests for indexing node availability or assignments, identifying indexing nodes that are available to process data, and/or communicating information relating to available indexing nodes. The system can maintain the resource catalog based on communications with each of the containerized indexing nodes. The system can receive, from a partition manager of a data intake and query system, a request for a containerized indexing node that the partition manager can assign to process data received by the partition manager. The system can identify an available containerized indexing node to process the data. The system can communicate, to the partition manager, an indexing node identifier associated with the available containerized indexing node.

公开(公告)号：US11609913B1

公开(公告)日：2023-03-21

申请号：US17162536

申请日：2021-01-29

Applicant: Splunk Inc.

Inventor： Tameem Anwar ,  Alexandros Batsakis ,  Tianyi Gou ,  Mehul Goyal ,  Ashish Mathew ,  Douglas Rapp ,  Sai Krishna Sajja ,  Anish Shrigondekar ,  Igor Stojanovski ,  Eric Woo ,  Zhenghui Xie ,  Ruochen Zhang ,  Sophia Rui Zhu

IPC: G06F16/00 ,  G06F16/2455 ,  G06F16/248 ,  G06F16/2458

Abstract: A data intake and query system can manage the search of large amounts of data using one or more processing nodes. When a new processing node is added or becomes available, the node coordinator can reassign duties from one or more processing nodes to the new processing node. The node coordinator can initially assign the new processing node one or more groups of data for backup purposes. At a later time, the node coordinator can reassign the new processing node to the one or more groups of data for searching purposes.

公开(公告)号：US20220269727A1

公开(公告)日：2022-08-25

申请号：US17646841

申请日：2022-01-03

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Sourav Pal ,  Sai Krishna Sajja ,  Igor Stojanovski ,  Tameem Anwar ,  Paul J. Lucas ,  Eric Woo ,  Steve Wong

IPC: G06F16/901 ,  G06F3/06 ,  G06F16/23 ,  G06F16/27 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives raw machine data at an indexing system, and stores at least a portion of the raw machine data in buckets using containerized indexing nodes instantiated in a containerized environment. The data intake and query system stores the buckets in a shared storage system.

公开(公告)号：US11250056B1

公开(公告)日：2022-02-15

申请号：US15967573

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Sourav Pal ,  Sai Krishna Sajja ,  Igor Stojanovski ,  Tameem Anwar ,  Eric Woo ,  Steve Wong

IPC: G06F16/901 ,  G06F3/06 ,  G06F16/23 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. An indexing system of the data intake and query system receives data from an ingestion buffer that includes a marker that indicates data that is made available to the indexing system. The data intake and query system stores at least a portion of the data in buckets and stores the buckets in a shared storage system. Based on the storage of the buckets in the shared storage system, the indexing system indicates to the ingestion buffer that the marker can be updated.

公开(公告)号：US20250028698A1

公开(公告)日：2025-01-23

申请号：US18414157

申请日：2024-01-16

Applicant: Splunk Inc.

Inventor： Brent Davis ,  David Johns DeWitt ,  Derek Feriancek ,  Oleksandr Gyryk ,  Ankit Jain ,  Balaji Rao ,  Douglas Rapp ,  Sai Krishna Sajja

IPC: G06F16/22 ,  G06F16/2455 ,  G06F16/28

Abstract: A data intake and query system can manage the search of data stored at an external location relative to the data intake and query system using one or more indexers. The data intake and query system can receive data stored at the external location. The data intake and query system can process the data and generate an index using the one or more indexers. The data intake and query system can discard the data and store the index and a location identifier of the external location in one or more buckets. In response to a query, the data intake and query system can identify that at least a subset of the data is responsive to the query using the index and can obtain the at least the subset of the data from the external location using the location identifier.

公开(公告)号：US12164402B1

公开(公告)日：2024-12-10

申请号：US18162273

申请日：2023-01-31

Applicant: Splunk Inc.

Inventor： Zhenghui Xie ,  Igor Stojanovski ,  Kartheek Babu Kolla ,  Sai Krishna Sajja ,  Srinivas Chowdhary Bobba ,  Tianyi Gou ,  Kai-Sern Lim ,  Tameem Anwar

IPC: G06F11/30

Abstract: A data intake and query system can manage the search of large amounts of data using one or more processing nodes. The data intake and query system can identify a group of processing nodes and assign a first processing node of the group to download and search a particular data group based on a first node map. The data intake and query system may identify an action associated with the first processing node. The data intake and query system can cause a particular processing node of the group to download the particular data group based on a second node map and transmit an authorization to perform the action to the first processing node.

公开(公告)号：US11720537B2

公开(公告)日：2023-08-08

申请号：US17661510

申请日：2022-04-29

Applicant: Splunk Inc.

Inventor： Tameem Anwar ,  Tianyi Gou ,  Alexandros Batsakis ,  Abhinav Prasad Nekkanti ,  Sai Krishna Sajja ,  Jiahan Wang

IPC: G06F16/22 ,  G06F16/14 ,  G06F16/16

CPC classification number: G06F16/2228 ,  G06F16/14 ,  G06F16/16

Abstract: Systems and methods are disclosed for scalable bucket merging in a data intake and query system. Various components of a bucket manager can be used to monitor recently-created buckets of data in common storage that are associated with a particular tenant and a particular index, apply a comprehensive bucket merge policy to determine groups of buckets that qualify for merging, merge those group of buckets into merged buckets to be stored in the common storage, and update any information associated with the merged buckets and pre-merged buckets. These components may be shared across multiple tenants, and some of these components may be dynamically scalable based on need. This approach may also provide many additional benefits, including improved search performance from merged buckets, efficient resource utilization associated with discriminate merging, and redundancy in case of component failure.

公开(公告)号：US11416465B1

公开(公告)日：2022-08-16

申请号：US16513378

申请日：2019-07-16

Applicant: Splunk Inc.

Inventor： Tameem Anwar ,  Alexandros Batsakis ,  Sai Krishna Sajja ,  Igor Stojanovski ,  Eric Woo

IPC: G06F16/00 ,  G06F16/14 ,  G06F16/22 ,  G06F9/455 ,  G06F16/28

Abstract: Systems and methods are described for processing incoming data. The system can receive, from a first partition manager of a data intake and query system, first data that is associated with a first identifier, and can receive, from a second partition manager of the data intake and query system, second data that is associated with a second identifier. The system can process the first data and store first results of said processing the first data in one or more first buckets associated with the first tenant identifier. The system can process the second data and store second results of said processing the second data in one or more second buckets associated with the second tenant identifier.