公开(公告)号：US10353965B2

公开(公告)日：2019-07-16

申请号：US15276717

申请日：2016-09-26

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Christopher Pride ,  Arindam Bhattacharjee ,  Xiaowei Wang ,  James Alasdair Robert Hodge ,  Mustafa Ahamed

IPC: G06F16/00 ,  G06F16/951 ,  G06F16/21 ,  G06F16/25 ,  G06F16/904 ,  G06F16/901 ,  G06F16/9038 ,  G06F16/903

Abstract: Disclosed is a technique that can be performed in a distributed computer network. The technique can include a data index and query system that receives search query, defines a search scheme for applying the search query on distributed data storage systems including an internal data storage system of the data index and query system and an external data storage system. The internal data storage system stores data as time-indexed events including respective segments of raw machine data. The data index and query system can transfer a portion of the search scheme to a search service, which can return search results obtained by application of the search scheme to the distributed data storage systems including the internal data storage system and the external data storage system. Lastly, the search results or data indicative of the search results can be output on a display device to the user.

公开(公告)号：US20190171678A1

公开(公告)日：2019-06-06

申请号：US16264462

申请日：2019-01-31

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Christopher Pride ,  Arindam Bhattacharjee ,  Xiaowei Wang ,  James Alasdair Robert Hodge ,  Mustafa Ahamed

IPC: G06F16/951 ,  G06F16/21 ,  G06F16/903 ,  G06F16/9038 ,  G06F16/904 ,  G06F16/25 ,  G06F16/901

Abstract: Disclosed is a technique that can be performed in a distributed computer network. The technique can include a worker node that receives search instructions defined by a search service based on at least a portion of a search scheme defined by a data intake and query system, to cause the worker node to obtain search results from distributed data storage systems communicatively coupled to the worker node over a network. The distributed data storage systems include an external data storage system and/or an internal data storage system of the data intake and query system. The worker node obtains the search results by searching the distributed data storage systems in accordance with the search instructions, and communicating, over the network to the search service, a combination of search results based on the search results to cause an output by the data intake and query system in accordance with the search scheme.

公开(公告)号：US20190163840A1

公开(公告)日：2019-05-30

申请号：US15339840

申请日：2016-10-31

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Arindam Bhattacharjee ,  Christopher Pride

IPC: G06F17/30

CPC classification number: G06F16/951 ,  G06F16/211 ,  G06F16/212 ,  G06F16/2455 ,  G06F16/2471 ,  G06F16/248 ,  G06F16/252 ,  G06F16/258 ,  G06F16/27 ,  G06F16/9024 ,  G06F16/90335 ,  G06F16/9038 ,  G06F16/904

Abstract: The disclosed embodiments include techniques for organizing and presenting search results obtained from within a big data ecosystem via a data intake and query system. In particular, a data intake and query system may cause output of the search results or data indicative of the search results on a display device.

公开(公告)号：US20190163824A1

公开(公告)日：2019-05-30

申请号：US15339853

申请日：2016-10-31

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Arindam Bhattacharjee ,  Christopher Pride

IPC: G06F17/30

CPC classification number: G06F16/951 ,  G06F16/211 ,  G06F16/212 ,  G06F16/2455 ,  G06F16/2471 ,  G06F16/248 ,  G06F16/252 ,  G06F16/258 ,  G06F16/27 ,  G06F16/9024 ,  G06F16/90335 ,  G06F16/9038 ,  G06F16/904

Abstract: The disclosed embodiments include a technique to obtain search results from the application of transformation operations on partial search results obtained from across internal and/or external data sources. Examples of transformation operations include arithmetic operations such as an average, mean, count, or the like. Examples of reporting transformations include join operations, statistics, sort, top head. Hence, the search results of a search query can be derived from partial search result rather than include the actual partial search results. In this case, the ordering of the search results may be nonessential. An example of a search query that requires a transformation operation is a “batch” or “reporting” search query. The related disclosed techniques involve obtaining data stored in the bid data ecosystem, and returning that data or data derived from that data.

公开(公告)号：US20190163823A1

公开(公告)日：2019-05-30

申请号：US15339835

申请日：2016-10-31

Applicant: Splunk Inc.

Inventor： Arindam Bhattacharjee ,  Sourav Pal ,  Xiaowei Wang ,  Christopher Pride ,  James Alasdair Robert Hodge

IPC: G06F17/30

CPC classification number: G06F16/951 ,  G06F16/211 ,  G06F16/212 ,  G06F16/2455 ,  G06F16/2471 ,  G06F16/248 ,  G06F16/252 ,  G06F16/258 ,  G06F16/27 ,  G06F16/9024 ,  G06F16/90335 ,  G06F16/9038 ,  G06F16/904

Abstract: The disclosed embodiments include techniques for exporting partial search results in parallel from peer indexers of a data intake and query system to the worker nodes. In particular, partial search results (e.g., time-indexed events) obtained from peer indexers can be exported in parallel from the peer indexers to worker nodes. Exporting the partial search results from the peer indexers in parallel can improve the rate at which the partial search results are transferred to the worker nodes for subsequent combination with partial search results of the external data systems. As such, the rate at which the search results of a search query can be obtained from the distributed data system can be improved by implementing parallel export techniques.

公开(公告)号：US20190147092A1

公开(公告)日：2019-05-16

申请号：US16051223

申请日：2018-07-31

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Arindam Bhattacharjee

IPC: G06F17/30 ,  H04L29/08

Abstract: Systems and methods are disclosed for executing a query that includes an indication to process data managed by an external data system. The system identifies the external data system that manages the data to be processed, and generates a subquery for the external data system indicating that the results of the subquery are to be sent to multiple worker nodes. The system also generates instructions for multiple worker nodes to receive and process results of the subquery from the external data system.

公开(公告)号：US20190095494A1

公开(公告)日：2019-03-28

申请号：US15714029

申请日：2017-09-25

Applicant: Splunk Inc.

Inventor： Arindam Bhattacharjee ,  Sourav Pal ,  Christopher Pride

IPC: G06F17/30 ,  G06F7/53 ,  G06F11/30

Abstract: Systems and methods are disclosed for processing and executing queries against one or more dataset. As part of processing the query, the system determines whether the query is susceptible to a significantly imbalanced partition. In the event, the query is susceptible to an imbalanced partition, the system monitors the query and determines whether to perform a multi-partitioning determination to avoid a significantly imbalanced partition.

公开(公告)号：US20190095488A1

公开(公告)日：2019-03-28

申请号：US15714133

申请日：2017-09-25

Applicant: Splunk Inc.

Inventor： Arindam Bhattacharjee ,  Sourav Pal ,  Alexander Douglas James

IPC: G06F17/30

Abstract: Systems and methods are disclosed for executing a distributed execution model with untrusted commands. The distributed execution model can be distributed to multiple nodes in a distributed computing environment. At least one node can process the distributed execution model to identify an untrusted command. The node can use data associated with the untrusted command to identify one or more files associated with the untrusted command. Based on the files, the node can generate a data structure, and execute at least a portion of the data structure.

公开(公告)号：US20190068702A1

公开(公告)日：2019-02-28

申请号：US16174883

申请日：2018-10-30

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Christopher Madden Pride

IPC: H04L29/08 ,  G06F15/167 ,  H04L12/26 ,  G06F17/30

CPC classification number: H04L67/1087 ,  G06F15/167 ,  G06F16/951 ,  H04L43/106 ,  H04L43/16 ,  H04L67/02 ,  H04L67/1004

Abstract: Processing of search responses returned by search peers is disclosed. An example method may include transmitting, by a computer system, a search request to a plurality of search peers of a data aggregation and analysis system; receiving a plurality of data packets from the plurality of search peers; parsing one or more data packets of the plurality of data packets, to produce a response to the search request; and splitting the response into two or more fields based on at least one of: a defined set of bit positions or a defined separator.

公开(公告)号：US20180198858A1

公开(公告)日：2018-07-12

申请号：US15913079

申请日：2018-03-06

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Christopher Madden Pride

IPC: H04L29/08 ,  H04L12/26 ,  G06F15/167 ,  G06F17/30

CPC classification number: H04L67/1087 ,  G06F15/167 ,  G06F17/30864 ,  H04L43/106 ,  H04L43/16 ,  H04L67/02 ,  H04L67/1004

Abstract: Multi-thread processing of search responses is disclosed. An example method may include transmitting, by a computer system, a search request to a plurality of search peers of a data aggregation and analysis system; receiving a plurality of data packets from the plurality of search peers; parsing, by a first processing thread of the computer system, one or more data packets of the plurality of data packets, to produce a partial response to the search request; and processing, by a second processing thread of the computer system, the partial response to produce a memory data structure representing an aggregated response to the search request.