公开(公告)号：US20210279251A1

公开(公告)日：2021-09-09

申请号：US17228429

申请日：2021-04-12

Applicant: SPLUNK, INC.

Inventor： Da Xu ,  Sundar Vasan ,  Dhruva Kumar Bhagi

IPC: G06F16/27 ,  G06F16/22 ,  G06F11/30 ,  G06F11/20 ,  G06F11/34 ,  H04L29/08 ,  G06F11/32

Abstract: A method for performing disaster recovery in a clustered environment comprises identifying, at a master device, a first indexer from a set of indexers to serve as a primary indexer for responding to queries pertaining to a subset of data. The method also comprises assigning, at the master device, a generation identifier indicating that the first indexer is the primary indexer for the subset of data. Responsive to an event prompting a change in a primary indexer designation for the subset of data, the method comprises identifying, at the master device, a second indexer from the set of indexers to serve as the primary indexer for responding to queries pertaining to the subset of data. Further, the method comprises assigning, at the master device, a new generation identifier indicating that the second indexer is the primary indexer for the subset of data.

公开(公告)号：US20190073409A1

公开(公告)日：2019-03-07

申请号：US16159893

申请日：2018-10-15

Applicant: Splunk Inc.

Inventor： Anirban Rahut ,  Sundar Vasan

IPC: G06F17/30

Abstract: Systems and methods for search result replication in a search head cluster of a data aggregation and analysis system. An example method may comprise maintaining a replication count in a data store associated with at least one of the plurality of search heads, the replication count corresponding to how many of the replicas of the search result are stored in the search head cluster, determining that the replication count is greater than a target replication count, based on determining that the replication count is greater than the target replication count, initiating a deletion of at least one replica of the replicas of the search result from a target search head of the plurality of search heads storing the replicas, receiving an indication that the deletion is complete, and based on receiving the indication that the deletion is complete, decreasing the replication count corresponding to the search result.

公开(公告)号：US09582585B2

公开(公告)日：2017-02-28

申请号：US14448937

申请日：2014-07-31

Applicant: Splunk Inc.

Inventor： Alice Emily Neels ,  Sundar Vasan ,  Simon Fishel ,  Marc Vincent Robichaud

IPC: G06F3/0482 ,  G06F3/0484 ,  G06F17/30

CPC classification number: G06F17/30867 ,  G06F3/0482 ,  G06F3/04842 ,  G06F17/30424 ,  G06F17/3053

Abstract: Fields may be discovered in events that are returned in response to an initial search. The events may comprise portions of raw data. Furthermore, the fields may be defined by extraction rules for extracting values from corresponding portions of raw data. The displaying of a graphical user interface (GUI) may be caused where the GUI enables a user to select or enter criteria for a subset of the discovered fields without entering a search query in a search bar. At least one criterion for at least one field from the subset of the discovered fields may be received through a portion of the GUI that does not include a search bar for entering a search query. The events returned in response to the initial search query may be caused to be filtered based on the received criterion.

Abstract translation: 可以在响应初始搜索返回的事件中发现字段。 事件可以包括原始数据的部分。 此外，这些字段可以由用于从原始数据的相应部分提取值的提取规则来定义。 图形用户界面（GUI）的显示可能是在GUI允许用户选择或输入所发现的字段的子集的标准而不在搜索栏中输入搜索查询的情况下引起的。 可以通过不包括用于输入搜索查询的搜索栏的GUI的一部分来接收来自所发现字段的子集的至少一个字段的至少一个标准。 响应于初始搜索查询而返回的事件可能被导致根据接收到的标准进行过滤。

公开(公告)号：US20160055225A1

公开(公告)日：2016-02-25

申请号：US14929089

申请日：2015-10-30

Applicant: Splunk Inc.

Inventor： Da Xu ,  Sundar Vasan ,  Dhruva Kumar Bhagi

IPC: G06F17/30

CPC classification number: G06F16/27 ,  G06F3/0617 ,  G06F3/065 ,  G06F3/067 ,  G06F11/2094 ,  G06F11/3006 ,  G06F11/3072 ,  G06F11/32 ,  G06F11/3409 ,  G06F11/3476 ,  G06F16/2272 ,  G06F2201/86 ,  G06F2201/875 ,  H04L67/1097

Abstract: Techniques and mechanisms are disclosed to increase the availability of summary data within a clustered data intake and query system by replicating the summary data within the cluster. In general, summary data may store “pre-computed” results for one or more search queries and can be used by indexers of a cluster to process subsequent instances of the same search queries. At a high level, replication of summary data within a cluster may include ensuring that each instance of summary data created by an indexer of a cluster is replicated to other indexers within the cluster that store copies of the same grouped subset(s) of data to which the summary data relates. In this manner, if one or more indexers of an indexer cluster fail, other indexers of the cluster can make immediate use of replicated copies of the summary data without re-creating it.

Abstract translation: 公开了技术和机制，以通过复制集群内的摘要数据来增加集群数据采集和查询系统内的摘要数据的可用性。 通常，摘要数据可以存储一个或多个搜索查询的“预先计算的”结果，并且可以由群集的索引器使用来处理相同搜索查询的后续实例。 在高级别中，集群内的摘要数据的复制可以包括确保由集群的索引器创建的每个概要数据实例被复制到集群内的其他索引器，其将相同的分组数据子集的副本存储到 摘要数据与之相关。 以这种方式，如果索引器集群的一个或多个索引器失败，集群的其他索引器可以立即使用摘要数据的复制副本，而无需重新创建。

公开(公告)号：US20160034555A1

公开(公告)日：2016-02-04

申请号：US14449069

申请日：2014-07-31

Applicant: Splunk Inc.

Inventor： Anirban Rahut ,  Sundar Vasan

IPC: G06F17/30

CPC classification number: G06F17/30598 ,  G06F17/30575 ,  G06F17/30864

Abstract: Systems and methods for search result replication in a search head cluster of a data aggregation and analysis system. An example method may comprise maintaining a replication count corresponding to how many replicas of a result of a particular map-reduce search exist in a search head cluster comprising a plurality of search heads that are each configured to enable them to manage a reduce phase of a map-reduce search, determining that the replication count is less than a target replication count, selecting, based the determining, a target search head from the search head cluster to receive a replica of the search result, initiating a replication of the search result from a source search head in the search head cluster to the selected target search head, receiving an indication that the replication is complete, and based on receiving the indication, increasing the replication count corresponding to the search result.

Abstract translation: 在数据聚合和分析系统的搜索头集群中搜索结果复制的系统和方法。 示例性方法可以包括维持与包括多个搜索头的搜索头集合中存在特定地图减少搜索的结果的多少副本相对应的复制计数，所述多个搜索头被配置为使得它们能够管理 映射减少搜索，确定复制计数小于目标复制计数，基于确定搜索头集群中的目标搜索头来选择以接收搜索结果的副本，从而启动搜索结果的复制 搜索头集群中的源搜索头到所选择的目标搜索头，接收复制完成的指示，并且基于接收到该指示，增加与搜索结果对应的复制计数。

公开(公告)号：US20150026167A1

公开(公告)日：2015-01-22

申请号：US14448937

申请日：2014-07-31

Applicant: Splunk Inc.

Inventor： Alice Neels ,  Sundar Vasan ,  Simon Fishel ,  Marc Robichaud

IPC: G06F17/30 ,  G06F3/0482 ,  G06F3/0484

CPC classification number: G06F17/30867 ,  G06F3/0482 ,  G06F3/04842 ,  G06F17/30424 ,  G06F17/3053

Abstract: Fields may be discovered in events that are returned in response to an initial search. The events may comprise portions of raw data. Furthermore, the fields may be defined by extraction rules for extracting values from corresponding portions of raw data. The displaying of a graphical user interface (GUI) may be caused where the GUI enables a user to select or enter criteria for a subset of the discovered fields without entering a search query in a search bar. At least one criterion for at least one field from the subset of the discovered fields may be received through a portion of the GUI that does not include a search bar for entering a search query. The events returned in response to the initial search query may be caused to be filtered based on the received criterion.

Abstract translation: 可以在响应初始搜索返回的事件中发现字段。 事件可以包括原始数据的部分。 此外，这些字段可以由用于从原始数据的相应部分提取值的提取规则来定义。 图形用户界面（GUI）的显示可能是在GUI允许用户选择或输入所发现的字段的子集的标准而不在搜索栏中输入搜索查询的情况下引起的。 可以通过不包括用于输入搜索查询的搜索栏的GUI的一部分来接收来自所发现字段的子集的至少一个字段的至少一个标准。 响应于初始搜索查询而返回的事件可能被导致根据接收到的标准进行过滤。

公开(公告)号：US12026176B2

公开(公告)日：2024-07-02

申请号：US18313240

申请日：2023-05-05

Applicant: SPLUNK INC.

Inventor： Da Xu ,  Sundar Vasan ,  Dhruva Kumar Bhagi

IPC: G06F16/27 ,  G06F3/06 ,  G06F11/20 ,  G06F11/30 ,  G06F11/32 ,  G06F11/34 ,  G06F16/22 ,  H04L67/1097

CPC classification number: G06F16/27 ,  G06F11/2094 ,  G06F11/3006 ,  G06F11/3072 ,  G06F11/32 ,  G06F11/3409 ,  G06F11/3476 ,  G06F16/2272 ,  H04L67/1097 ,  G06F3/0617 ,  G06F2201/86

Abstract: A method for performing disaster recovery in a clustered environment comprises identifying, at a master device, a first indexer from a set of indexers to serve as a primary indexer for responding to queries pertaining to a subset of data. The method also comprises assigning, at the master device, a generation identifier indicating that the first indexer is the primary indexer for the subset of data. Responsive to an event prompting a change in a primary indexer designation for the subset of data, the method comprises identifying, at the master device, a second indexer from the set of indexers to serve as the primary indexer for responding to queries pertaining to the subset of data. Further, the method comprises assigning, at the master device, a new generation identifier indicating that the second indexer is the primary indexer for the subset of data.

公开(公告)号：US11675810B2

公开(公告)日：2023-06-13

申请号：US17228429

申请日：2021-04-12

Applicant: SPLUNK, INC.

Inventor： Da Xu ,  Sundar Vasan ,  Dhruva Kumar Bhagi

IPC: G06F16/27 ,  G06F16/22 ,  G06F11/30 ,  G06F11/20 ,  G06F11/34 ,  H04L67/1097 ,  G06F11/32 ,  G06F3/06

CPC classification number: G06F16/27 ,  G06F11/2094 ,  G06F11/3006 ,  G06F11/3072 ,  G06F11/32 ,  G06F11/3409 ,  G06F11/3476 ,  G06F16/2272 ,  H04L67/1097 ,  G06F3/0617 ,  G06F2201/86

Abstract: A method for performing disaster recovery in a clustered environment comprises identifying, at a master device, a first indexer from a set of indexers to serve as a primary indexer for responding to queries pertaining to a subset of data. The method also comprises assigning, at the master device, a generation identifier indicating that the first indexer is the primary indexer for the subset of data. Responsive to an event prompting a change in a primary indexer designation for the subset of data, the method comprises identifying, at the master device, a second indexer from the set of indexers to serve as the primary indexer for responding to queries pertaining to the subset of data. Further, the method comprises assigning, at the master device, a new generation identifier indicating that the second indexer is the primary indexer for the subset of data.

公开(公告)号：US11386133B1

公开(公告)日：2022-07-12

申请号：US16430708

申请日：2019-06-04

Applicant: SPLUNK INC.

Inventor： Alice Emily Neels ,  Sundar Vasan ,  Simon Fishel ,  Marc Vincent Robichaud ,  Divanny Lamas

IPC: G06F16/338 ,  G06F3/0482 ,  G06F16/901 ,  G06F16/2458 ,  G06F16/34 ,  G06F16/335 ,  G06F16/33 ,  G06F16/248 ,  G06F16/26 ,  G06F3/04847 ,  G06F3/04842 ,  G06F16/9535 ,  G06T11/20 ,  G06F16/2457

Abstract: The disclosure relates to certain system and method embodiments for generating reports from unstructured data. In one embodiment, a method can include identifying events matching criteria of an initial search query (each of the events including a portion of raw machine data that is associated with a time), identifying a set of fields, each field defined for one or more of the identified events, causing display of an interactive graphical user interface (GUI) that includes one or more interactive elements enabling a user to define a report for providing information relating to the matching events (each interactive element enabling processing or presentation of information in the matching events using one or more fields in the identified set of fields), receiving, via the GUI, a report definition indicating how to report information relating to the matching events, and generating, based on the report definition, a report including information relating to the matching events.

公开(公告)号：US11003687B2

公开(公告)日：2021-05-11

申请号：US16451582

申请日：2019-06-25

Applicant: SPLUNK, INC.

Inventor： Da Xu ,  Sundar Vasan ,  Dhruva Kumar Bhagi

IPC: G06F16/27 ,  G06F16/22 ,  G06F11/30 ,  G06F11/20 ,  G06F11/34 ,  H04L29/08 ,  G06F11/32 ,  G06F3/06

Abstract: Techniques and mechanisms are disclosed to execute data searches using generation identifiers. In general, a method of executing the searches comprises broadcasting, from a search head, a first query to a plurality of indexers in a cluster, wherein a portion of the first query is directed to a set of data, and wherein the set of data comprises time-stamps within a particular time frame. The method further comprises providing, with the first query, a first generation identifier for the set of data, wherein the first generation identifier identifies a first indexer from the plurality of indexers to serve as a primary indexer for responding to queries that comprise the first generation identifier and that pertain to the set of data, wherein one or more indexers in the cluster other than the first indexer are designated as secondary indexers, wherein the secondary indexers are configured to ignore queries that pertain to the set of data and that comprise the first generation identifier. Subsequently, the method comprises receiving a response to the first query from the plurality of indexers.