公开(公告)号：US10942774B1

公开(公告)日：2021-03-09

申请号：US16147262

申请日：2018-09-28

Applicant: Splunk Inc.

Inventor： Bharath Kishore Reddy Aleti ,  Alexandras Batsakis ,  Mitchell Neuman Blank ,  Rama Gopalan ,  Hongxun Liu ,  Anish Shrigondekar

IPC: G06F16/00 ,  G06F9/50 ,  G06F16/22

Abstract: Dynamic reassignment of search processes into workload pools includes receiving a search query to search at least one data store, assigning the search query to a first workload pool, and executing the search query using a first hardware resource in the first workload pool, the first hardware resource corresponding to a first portion of a hardware device. Dynamic reassignment further includes receiving, while executing the search query, an update command to move the search query to a second workload pool, moving, while executing the search query, the search query to the second workload pool; and continuing execution of the search query using a second hardware resource in the second workload pool. The second hardware resource corresponds to a second portion of the hardware device.

公开(公告)号：US20230244660A1

公开(公告)日：2023-08-03

申请号：US17588079

申请日：2022-01-28

Applicant: Splunk Inc.

Inventor： Jagmohan Singh ,  Hongxun Liu ,  Saketh Kurnool

IPC: G06F16/245

CPC classification number: G06F16/245

Abstract: A first processing node of a cluster of processing nodes issues a first alert when first event data satisfies a trigger condition, and sends, to an alert data store external to the cluster, a first alert record of the first alert and suppression information based at least in part on the first alert. A second processing node of the cluster determines that second event data satisfies the trigger condition, obtains, from the alert data store, the suppression information indicating that an expiration time for suppressing the first alert is unexpired, and sends, to the alert data store, a second alert record of a second alert without issuing the second alert.

公开(公告)号：US11385936B1

公开(公告)日：2022-07-12

申请号：US16147251

申请日：2018-09-28

Applicant: Splunk Inc.

Inventor： Bharath Kishore Reddy Aleti ,  Alexandros Batsakis ,  Mitchell Neuman Blank ,  Rama Gopalan ,  Hongxun Liu ,  Anish Shrigondekar

IPC: G06F16/00 ,  G06F7/00 ,  G06F9/50 ,  G06F16/22 ,  G06F16/242 ,  G06F16/2455

Abstract: Achieving search and ingest isolation via resource management in a search and indexing system includes receiving a search query associated with at least one data store, assigning, in response to the search query being associated with the at least one data store, the search query to a first workload pool in a set of query workload pools, and processing the search query using a first hardware resource in the first workload pool. Achieving search and ingest isolation further includes receiving an ingest request comprising data associated with the at least one data store. The ingest request is assigned to a second workload pool in a set of ingest workload pools. The set of query workload pools and the set of ingest workload pools are disjoint. Achieving search and ingest isolation further includes processing the ingest request using a second hardware resource in the second workload pool.

公开(公告)号：US12135710B2

公开(公告)日：2024-11-05

申请号：US17586634

申请日：2022-01-27

Applicant: Splunk Inc.

Inventor： Jagmohan Singh ,  Michael Bach Soohoo ,  Hongxun Liu ,  Manu Jose, Jr.

IPC: G06F16/23 ,  G06F16/2458

Abstract: Artifact life tracking storage techniques include performing an artifact request of an artifact at an artifact storage node. A current time to live (TTL) value is identified. A determination is made whether to increment a TTL flag of the artifact. Responsive to determining that the TTL tag should be incremented, the TTL flag is incremented to a subsequent value in a TTL extender list. Responsive to incrementing the TTL tag, the TTL modified tag value is set to the current time value.

公开(公告)号：US12197431B2

公开(公告)日：2025-01-14

申请号：US17588079

申请日：2022-01-28

Applicant: Splunk Inc.

Inventor： Jagmohan Singh ,  Hongxun Liu ,  Saketh Kurnool

IPC: G06F16/245

Abstract: A first processing node of a cluster of processing nodes issues a first alert when first event data satisfies a trigger condition, and sends, to an alert data store external to the cluster, a first alert record of the first alert and suppression information based at least in part on the first alert. A second processing node of the cluster determines that second event data satisfies the trigger condition, obtains, from the alert data store, the suppression information indicating that an expiration time for suppressing the first alert is unexpired, and sends, to the alert data store, a second alert record of a second alert without issuing the second alert.

公开(公告)号：US12182104B1

公开(公告)日：2024-12-31

申请号：US18103374

申请日：2023-01-30

Applicant: Splunk Inc.

Inventor： Jagmohan Singh ,  Hongxun Liu ,  Saketh Kurnool

IPC: G06F16/23 ,  G06F16/22 ,  G06F16/248

Abstract: A set of alert records stored in a shared alert data store that is shared amongst a cluster of processing nodes are presented in an interface. From the interface, a request is received to delete an identified alert record from the set of alert records. A delete alert record matching the identified alert record is added to the shared alert data store. The identified alert record is deleted from the shared alert data store responsive to the request. The delete alert record is transmitted to a processing node of the cluster of processing nodes, wherein the processing node deletes a local copy of the identified alert record according to the delete alert record.

公开(公告)号：US20230237049A1

公开(公告)日：2023-07-27

申请号：US17586634

申请日：2022-01-27

Applicant: Splunk Inc.

Inventor： Jagmohan Singh ,  Michael Bach Soohoo ,  Hongxun Liu ,  Manu Jose, JR.

IPC: G06F16/23

CPC classification number: G06F16/2379

Abstract: Artifact life tracking storage techniques include performing an artifact request of an artifact at an artifact storage node. A current time to live (TTL) value is identified. A determination is made whether to increment a TTL flag of the artifact. Responsive to determining that the TTL tag should be incremented, the TTL flag is incremented to a subsequent value in a TTL extender list. Responsive to incrementing the TTL tag, the TTL modified tag value is set to the current time value.

公开(公告)号：US11693710B1

公开(公告)日：2023-07-04

申请号：US17589722

申请日：2022-01-31

Applicant: Splunk Inc.

Inventor： Bharath Kishore Reddy Aleti ,  Alexandros Batsakis ,  Mitchell Neuman Blank ,  Rama Gopalan ,  Hongxun Liu ,  Anish Shrigondekar

IPC: G06F16/00 ,  G06F7/00 ,  G06F9/50 ,  G06F16/2455 ,  G06F16/242 ,  G06F16/22

CPC classification number: G06F9/505 ,  G06F16/22 ,  G06F16/2425 ,  G06F16/24552

Abstract: Resource management includes storing, for multiple workload pools of a data intake and query system, a workload pool hierarchy arranged in multiple workload pool layers. After storing a processing request is assigned a selected subset of workload pools in a second layer of the workload pool hierarchy based on a type of processing request. The processing request is then assigned to an individual workload pool in the selected subset to obtain a selected workload pool. Execution of the processing request is initiated on the selected workload pool.

公开(公告)号：US11630695B1

公开(公告)日：2023-04-18

申请号：US17163160

申请日：2021-01-29

Applicant: Splunk Inc.

Inventor： Bharath Kishore Reddy Aleti ,  Alexandros Batsakis ,  Mitchell Neuman Blank ,  Rama Gopalan ,  Hongxun Liu ,  Anish Shrigondekar

IPC: G06F16/00 ,  G06F9/50 ,  G06F16/22

Abstract: Dynamic reassignment of search processes into workload pools includes receiving a search query to search at least one data store, assigning the search query to a first workload pool, and executing the search query using a first hardware resource in the first workload pool, the first hardware resource corresponding to a first portion of a hardware device. Dynamic reassignment further includes receiving, while executing the search query, an update command to move the search query to a second workload pool, moving, while executing the search query, the search query to the second workload pool; and continuing execution of the search query using a second hardware resource in the second workload pool. The second hardware resource corresponds to a second portion of the hardware device.