公开(公告)号：US11314758B2

公开(公告)日：2022-04-26

申请号：US16777592

申请日：2020-01-30

Applicant: Splunk Inc.

Inventor： David Ryan Marquardt ,  Hailun Yan ,  Christopher Pride ,  Vishal Patel

IPC: G06F16/00 ,  G06F16/248 ,  G06F16/22 ,  G06F16/25 ,  G06F16/28 ,  G06F16/901 ,  G06F16/951 ,  G06F16/242 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/835 ,  G06F16/9038 ,  G06F16/9535 ,  G06F16/903 ,  H04L67/025 ,  G06F3/0481 ,  G06T11/20 ,  H04L67/02 ,  H04L43/08

Abstract: The disclosed embodiments include a method performed by a data intake and query system to store and query metrics data. The method includes ingesting metrics, where each metric includes key values and numerical value indicative of a measured characteristic of a computing resource. The method further includes populating a first portion of a metric-series index (msidx) file with the key values and a second portion of the msidx file with numerical values indicative of a measured characteristic, where the first portion is distinct from the second portion. The method further includes receiving a query including criteria, evaluating the query by applying the criteria to the first portion of the msidx file to obtain query results indicative of metrics that satisfy the criteria, and displaying, on a display device, the query results or data indicative of the query results.

公开(公告)号：US11238057B2

公开(公告)日：2022-02-01

申请号：US16264335

申请日：2019-01-31

Applicant: Splunk Inc.

Inventor： Amrittpal Singh Bath ,  Pratiksha Shah ,  Murugan Kandaswamy ,  Vishal Patel

IPC: G06F16/00 ,  G06F16/248 ,  G06F16/22 ,  G06F16/25 ,  G06F16/28 ,  G06F16/901 ,  G06F16/951 ,  G06F16/242 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/835 ,  G06F16/9038 ,  G06F16/9535 ,  G06F16/903 ,  H04L29/08 ,  G06F3/0481 ,  G06T11/20 ,  H04L12/26

Abstract: The disclosed technique can be performed by a data intake and query system. The technique includes ingesting data including log data obtained over a network from systems, and receiving user input indicating a scope for retrieving data and a criterion expressed in a structured language. The technique further includes retrieving data based on the scope indicated by the user input and extracting a first field value and a second field value from the retrieved data based on the criterion and the scope. The first field value includes a first numerical value indicative of a measured characteristic of a computing device and the second field value includes a first dimension. The technique further includes storing a first structured metric and the first dimension in a time-series metrics store. The first structured metric includes the first numerical value. The first dimension is associated with the first numerical value.

公开(公告)号：US11093476B1

公开(公告)日：2021-08-17

申请号：US15276781

申请日：2016-09-26

Applicant: Splunk Inc.

Inventor： Itay Neeman ,  Glenn Block ,  Lin Ma ,  Mitch Blank ,  Vishal Patel

IPC: G06F16/23 ,  G06F16/22 ,  G06F16/28 ,  G06F16/951

Abstract: A data intake and query system receives a message including raw machine via an internet protocol (IP) such as the hypertext transfer protocol (HTTP). The message includes a distinct payload portion and a distinct custom field portion. The payload portion includes raw machine data, while the custom field portion includes values for fields. An event that includes the raw machine data and the values is generated from the payload portion and the values are extracted from the custom field portion. The event is then stored such that the values are associated with the event.

公开(公告)号：US20180246939A1

公开(公告)日：2018-08-30

申请号：US15967385

申请日：2018-04-30

Applicant: SPLUNK, INC.

Inventor： Vishal Patel ,  Mitchell Neuman Blank, JR. ,  Sundar Renegarajan Vasan ,  Stephen Phillip Sorkin

IPC: G06F17/30 ,  G06F11/20

CPC classification number: G06F16/24575 ,  G06F3/0617 ,  G06F3/065 ,  G06F3/067 ,  G06F11/20 ,  G06F11/2094 ,  G06F16/2272 ,  G06F16/27 ,  G06F16/275 ,  G06F16/29 ,  G06F16/9535 ,  G06F16/9537 ,  H04L67/1097

Abstract: Embodiments are directed towards managing within a cluster environment having a plurality of indexers for data storage using redundancy the data being managed using a generation identifier, such that a primary indexer is designated for a given generation of data. When a master device for the cluster fails, data may continue to be stored using redundancy, and data searches performed may still be performed.

公开(公告)号：US20180089289A1

公开(公告)日：2018-03-29

申请号：US15339909

申请日：2016-10-31

Applicant: Splunk Inc.

Inventor： Steve Yu Zhang ,  Ledion Bitincka ,  Vishal Patel ,  David E. Simmen

IPC: G06F17/30 ,  H04L29/08

CPC classification number: G06F16/248 ,  G06F3/0481 ,  G06F16/22 ,  G06F16/2228 ,  G06F16/2255 ,  G06F16/2425 ,  G06F16/2455 ,  G06F16/24568 ,  G06F16/2462 ,  G06F16/2477 ,  G06F16/25 ,  G06F16/285 ,  G06F16/8373 ,  G06F16/901 ,  G06F16/90335 ,  G06F16/9038 ,  G06F16/951 ,  G06F16/9535 ,  G06T11/206 ,  G06T2200/24 ,  H04L43/08 ,  H04L67/02 ,  H04L67/025

Abstract: The disclosed embodiments include a method performed by a data intake and query system. The method includes receiving a real-time search query including search criteria, and receiving a stream of metrics, where each metric includes a measured value taken of a computing device. The method further includes filtering the metrics to obtain filtered metrics satisfying the search criteria, creating an in-memory summarization data structure based on the filtered metrics, communicating the summarization data to a search head, and providing search results including the summarization data, where the summarization data or data indicative of the summarization data is displayed on a display of a display device.

公开(公告)号：US20170317882A1

公开(公告)日：2017-11-02

申请号：US15143472

申请日：2016-04-29

Applicant: Splunk Inc.

Inventor： Ledion Bitincka ,  Vishal Patel ,  Geoffrey Hendrey ,  Eric Woo

IPC: H04L12/24 ,  H04L29/08

CPC classification number: H04L67/06 ,  H04L29/08072 ,  H04L41/0813 ,  H04L41/0843 ,  H04L41/0856 ,  H04L67/34

Abstract: In a computer-implemented method for configuring a distributed computer system comprising a plurality of nodes of a plurality of node classes, configuration files for a plurality of nodes of each of the plurality of node classes are stored in a central repository. The configuration files include information representing a desired system state of the distributed computer system, and the distributed computer system operates to keep an actual system state of the distributed computer system consistent with the desired system state. The plurality of node classes includes forwarder nodes for receiving data from an input source, indexer nodes for indexing the data, and search head nodes for searching the data. Responsive to receiving changes to the configuration files, the changes are propagated to nodes of the plurality of nodes impacted by the changes based on a node class of the nodes impacted by the changes.

公开(公告)号：US20150339308A1

公开(公告)日：2015-11-26

申请号：US14815880

申请日：2015-07-31

Applicant: Splunk Inc.

Inventor： Sundar Rengarajan Vasan ,  Mitchell Neuman Blank, Jr. ,  Vishal Patel ,  Da Xu ,  Rama Gopalan

IPC: G06F17/30

CPC classification number: G06F17/30528 ,  G06F3/0617 ,  G06F3/065 ,  G06F3/067 ,  G06F11/20 ,  G06F11/2094 ,  G06F17/30241 ,  G06F17/30336 ,  G06F17/30575 ,  G06F17/30581 ,  G06F17/30867 ,  G06F17/3087 ,  H04L67/1097

Abstract: Techniques are described for managing data within a multi-site clustered data intake and query system. A data intake and query system as described herein generally refers to a system for collecting, retrieving, and analyzing data. In this context, a clustered data intake and query system generally refers to a system environment that is configured to provide data redundancy and other features that improve the availability of data stored by the system. For example, a clustered data intake and query system may be configured to store multiple copies of data stored by the system across multiple components such that recovery from a failure of one or more of the components is possible by using copies of the data stored elsewhere in the cluster.

Abstract translation: 描述了用于管理多站点群集数据采集和查询系统中的数据的技术。 本文所述的数据采集和查询系统通常是指用于收集，检索和分析数据的系统。 在这种情况下，集群数据采集和查询系统通常是指被配置为提供数据冗余和提高系统存储的数据的可用性的其他特征的系统环境。 例如，集群数据采集和查询系统可以被配置为存储由多个组件存储的系统的多个副本，以便可以通过使用其他地方存储的数据的副本来从一个或多个组件的故障中恢复 集群。

公开(公告)号：US20150154217A1

公开(公告)日：2015-06-04

申请号：US14611156

申请日：2015-01-30

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Mitchell Neuman Blank ,  Vishal Patel ,  Stephen Phillip Sorkin

IPC: G06F17/30

CPC classification number: G06F17/30144 ,  G06F17/3015 ,  G06F17/30286

Abstract: Embodiments are directed towards managing and tracking item identification of a plurality of items to determine if an item is a new or existing item, where an existing item has been previously processed. In some embodiments, two or more item identifiers may be generated. In one embodiment, generating the two or more item identifiers may include analyzing the item using a small item size characteristic, a compressed item, or for an identifier collision. The two or more item identifiers may be employed to determine if the item is a new or existing item. In one embodiment, the two or more item identifiers may be compared to a record about an existing item to determine if the item is a new or existing item. If the item is an existing item, then the item may be further processed to determine if the existing item has actually changed.

Abstract translation: 实施例涉及管理和跟踪多个项目的项目识别以确定项目是否是新的或现有的项目，其中已经预先处理了现有项目。 在一些实施例中，可以生成两个或多个项目标识符。 在一个实施例中，生成两个或多个项目标识符可以包括使用小项目尺寸特征，压缩项目或标识符冲突来分析项目。 可以使用两个或更多个项目标识符来确定该项目是新的还是现有的项目。 在一个实施例中，两个或多个项目标识符可以与关于现有项目的记录进行比较，以确定该项目是新项目还是现有项目。 如果项目是现有项目，则可以进一步处理该项目以确定现有项目是否已经实际改变。

公开(公告)号：US08977638B2

公开(公告)日：2015-03-10

申请号：US14034220

申请日：2013-09-23

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Mitchell Neuman Blank, Jr. ,  Vishal Patel ,  Stephen Phillip Sorkin

IPC: G06F17/30

CPC classification number: G06F17/30144 ,  G06F17/3015 ,  G06F17/30286

Abstract: Embodiments are directed towards managing and tracking item identification of a plurality of items to determine if an item is a new or existing item, where an existing item has been previously processed. In some embodiments, two or more item identifiers may be generated. In one embodiment, generating the two or more item identifiers may include analyzing the item using a small item size characteristic, a compressed item, or for an identifier collision. The two or more item identifiers may be employed to determine if the item is a new or existing item. In one embodiment, the two or more item identifiers may be compared to a record about an existing item to determine if the item is a new or existing item. If the item is an existing item, then the item may be further processed to determine if the existing item has actually changed.

Abstract translation: 实施例涉及管理和跟踪多个项目的项目识别以确定项目是否是新的或现有的项目，其中已经预先处理了现有项目。 在一些实施例中，可以生成两个或多个项目标识符。 在一个实施例中，生成两个或多个项目标识符可以包括使用小项目尺寸特征，压缩项目或标识符冲突来分析项目。 可以使用两个或更多个项目标识符来确定该项目是新的还是现有的项目。 在一个实施例中，两个或多个项目标识符可以与关于现有项目的记录进行比较，以确定该项目是新项目还是现有项目。 如果项目是现有项目，则可以进一步处理该项目以确定现有项目是否已经实际改变。

公开(公告)号：US20130311428A1

公开(公告)日：2013-11-21

申请号：US13662358

申请日：2012-10-26

Applicant: SPLUNK INC.

Inventor： Vishal Patel ,  Mitchell Neuman Blank, JR. ,  Sundar Rengarajan Vasan ,  Stephen Phillip Sorkin

IPC: G06F17/30

CPC classification number: H04L67/1097 ,  G06F11/2097 ,  G06F17/30312

Abstract: Embodiments are directed towards managing within a cluster environment having a plurality of indexers for data storage using redundancy the data being managed using a generation identifier, such that a primary indexer is designated for a given generation of data. When a master device for the cluster fails, data may continue to be stored using redundancy, and data searches performed may still be performed.