公开(公告)号：US10938634B1

公开(公告)日：2021-03-02

申请号：US16264526

申请日：2019-01-31

Applicant: SPLUNK INC.

Inventor： Alexander William Cruise ,  Daniel Ferstay

IPC: H04L12/24 ,  G06F16/953

Abstract: The computerized method is shown and includes obtaining input from a data stream at an electronic device, wherein the input includes machine data, wherein the electronic device has stored thereon a first query, evaluating the query by processing the input according to the first query, responsive to detecting a failure during evaluation of the query resulting from a lack of enrichment data stored on the electronic device, recording a first identifier corresponding to the enrichment data, transmitting the first identifier to a remote server computer system, receiving a communication from the remote server computer system, wherein the communication includes the enrichment data, and evaluating the query by processing second input from the data stream according to the first query and the enrichment data. In some instances the enrichment data includes contextual information for parsing the data stream and converting extracted data into an alternative format.

公开(公告)号：US11843505B1

公开(公告)日：2023-12-12

申请号：US17866195

申请日：2022-07-15

Applicant: Splunk, Inc.

Inventor： Alexander William Cruise ,  Daniel Ferstay

IPC: H04L41/0686 ,  H04L41/147 ,  G06F16/953 ,  H04L41/22

CPC classification number: H04L41/0686 ,  G06F16/953 ,  H04L41/147 ,  H04L41/22

Abstract: A computerized method is disclosed that includes operations of receiving one or more records, wherein each of the one or more records indicates a successful search query evaluation by at least one of a plurality edge devices, building a predictive analytics model based on the one or more records, wherein the predicative analytics model is configured to perform operations configured to predict enrichment data that is to be needed by one or more edge devices in the future during evaluation of a future search query, performing predictive analytics using the predictive analytics model to determine predictive enrichment data, and transmitting a first response packet to a first edge device, wherein the first response packet includes the predictive enrichment data. The records may include one or more of a data stream identifier, a search query, enrichment data that was required at a time the search query was evaluated.

公开(公告)号：US11809395B1

公开(公告)日：2023-11-07

申请号：US17444173

申请日：2021-07-30

Applicant: Splunk Inc.

Inventor： Jeff Fan ,  Daniel Ferstay ,  Denis Vergnes

IPC: G06F16/22

CPC classification number: G06F16/2228

Abstract: Systems and methods are described for balancing workloads and reliably delivering data to a plurality of indexing systems in a data intake and query system. A topic-based indexing system load balancer may receive event data from various data sources, each of which may be associated with a topic. The event data may be entirely unparsed, unparsed but divided into events, or parsed into events. The topic-based indexing system load balancer may distribute the received event data on a per-topic or per-event basis to a set of indexing systems, and may distribute topics and events based on the volume received. Unparsed data may be divided into portions, and the topic-based indexing system load balancer may ensure that portions data associated with the same topic are delivered to the same indexer so that events split between two portions may be recombined and indexed.

公开(公告)号：US11438221B1

公开(公告)日：2022-09-06

申请号：US17148478

申请日：2021-01-13

Applicant: SPLUNK Inc.

Inventor： Alexander William Cruise ,  Daniel Ferstay

IPC: H04L41/0686 ,  G06F16/953 ,  H04L41/147 ,  H04L41/22

Abstract: A computerized method is shown and includes receiving one or more lists of identifiers, generating a batch query from the one or more lists of identifiers, querying one or more data stores using the batch query, generating one or more response packets including results from querying using the batch query, and transmitting a first response packet to a first edge device. Generating the batch query may be performed by merging a plurality of lists of identifiers to form a merged list, and removing duplicate identifiers from the merged list. Further, the first response packet may be generated for the first edge device and includes enrichment data corresponding to identifiers transmitted by the first edge device. Additionally, may be the first response packet is generated for a plurality of edge devices including the first edge device and includes enrichment data corresponding to identifiers transmitted by the plurality of edge device.

公开(公告)号：US11422873B2

公开(公告)日：2022-08-23

申请号：US17158927

申请日：2021-01-26

Applicant: SPLUNK Inc.

Inventor： Daniel Ferstay ,  Denis Vergnes

IPC: G06F9/44 ,  G06F9/54 ,  G06F11/30 ,  G06F11/34 ,  G06F9/48

Abstract: Embodiments of the present invention are directed to facilitating efficient message queueing. In particular, embodiments herein describe, among other things, a redelivery monitor used to monitor when to redeliver messages, or tasks, for reprocessing based on expiration of a redelivery deadline. In this regard, markers indicating processing states for tasks being processed are read by the redelivery monitor. When the processing state indicates that processing is ongoing, the redelivery deadline is extended such that a message or task is not redelivered for processing while the message or task is being processed.

公开(公告)号：US12079672B1

公开(公告)日：2024-09-03

申请号：US18458738

申请日：2023-08-30

Applicant: Splunk Inc.

Inventor： Daniel Ferstay ,  Denis Vergnes

IPC: G06F9/44 ,  G06F9/48 ,  G06F9/54 ,  G06F11/30 ,  G06F11/34

CPC classification number: G06F9/546 ,  G06F9/485 ,  G06F11/3006 ,  G06F11/3476

Abstract: Embodiments of the present invention are directed to facilitating efficient message queueing. In particular, embodiments herein describe, among other things, a redelivery monitor used to monitor when to redeliver messages, or tasks, for reprocessing based on expiration of a redelivery deadline. In this regard, markers indicating processing states for tasks being processed are read by the redelivery monitor. When the processing state indicates that processing is ongoing, the redelivery deadline is extended such that a message or task is not redelivered for processing while the message or task is being processed.

公开(公告)号：US20210149751A1

公开(公告)日：2021-05-20

申请号：US17158927

申请日：2021-01-26

Applicant: SPLUNK Inc.

Inventor： Daniel Ferstay ,  Denis Vergnes

IPC: G06F9/54 ,  G06F11/30 ,  G06F11/34 ,  G06F9/48

Abstract: Embodiments of the present invention are directed to facilitating efficient message queueing. In particular, embodiments herein describe, among other things, a redelivery monitor used to monitor when to redeliver messages, or tasks, for reprocessing based on expiration of a redelivery deadline. In this regard, markers indicating processing states for tasks being processed are read by the redelivery monitor. When the processing state indicates that processing is ongoing, the redelivery deadline is extended such that a message or task is not redelivered for processing while the message or task is being processed.

公开(公告)号：US11983181B1

公开(公告)日：2024-05-14

申请号：US17816322

申请日：2022-07-29

Applicant: Splunk Inc.

Inventor： Ankur Dalsukhbhai Bambharoliya ,  Ricky Burnett ,  Daniel Ferstay ,  Arthur Foelsche ,  Alexander D. James ,  Ganesh Jothikumar ,  Bei Li ,  Amy Joanna Sutedja ,  Salih Ammar Wajih Zainulabdeen

IPC: G06F16/00 ,  G06F16/2455 ,  G06F16/2457 ,  G06F16/248

CPC classification number: G06F16/24568 ,  G06F16/24573 ,  G06F16/248

Abstract: Systems and methods are described for providing previews of deployment of data stream processing instructions sets, sometimes called pipelines, to a stream data processing system. Rather than deploying such an instruction set, which may cause detrimental side effects, previews can be facilitated by conversion of a data stream processing instructions set to a batch query that is applied to an existing data set. An output of the batch query can then be provided to an end user as a preview of output of the data stream processing instructions set, when implemented.

公开(公告)号：US11755390B1

公开(公告)日：2023-09-12

申请号：US17873484

申请日：2022-07-26

Applicant: Splunk Inc.

Inventor： Daniel Ferstay ,  Denis Vergnes

IPC: G06F9/44 ,  G06F9/54 ,  G06F11/30 ,  G06F11/34 ,  G06F9/48

CPC classification number: G06F9/546 ,  G06F9/485 ,  G06F11/3006 ,  G06F11/3476

Abstract: Embodiments of the present invention are directed to facilitating efficient message queueing. In particular, embodiments herein describe, among other things, a redelivery monitor used to monitor when to redeliver messages, or tasks, for reprocessing based on expiration of a redelivery deadline. In this regard, markers indicating processing states for tasks being processed are read by the redelivery monitor. When the processing state indicates that processing is ongoing, the redelivery deadline is extended such that a message or task is not redelivered for processing while the message or task is being processed.

公开(公告)号：US10908977B1

公开(公告)日：2021-02-02

申请号：US16592647

申请日：2019-10-03

Applicant: SPLUNK INC.

Inventor： Daniel Ferstay ,  Denis Vergnes

IPC: G06F9/44 ,  G06F9/54 ,  G06F11/30 ,  G06F11/34 ,  G06F9/48

Abstract: Embodiments of the present invention are directed to facilitating efficient message queueing. In particular, embodiments herein describe, among other things, a redelivery monitor used to monitor when to redeliver messages, or tasks, for reprocessing based on expiration of a redelivery deadline. In this regard, markers indicating processing states for tasks being processed are read by the redelivery monitor. When the processing state indicates that processing is ongoing, the redelivery deadline is extended such that a message or task is not redelivered for processing while the message or task is being processed.