公开(公告)号：US20220121689A1

公开(公告)日：2022-04-21

申请号：US17072833

申请日：2020-10-16

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  Shyam Mundhra ,  Manikandan Vellore Muneeswaran ,  Arun Ramani ,  Thor Taylor ,  Steve Zhang

IPC: G06F16/28 ,  G06F16/2455 ,  G06F16/2453 ,  G06F9/30

Abstract: Systems and methods for rule-based data stream processing by data collection, indexing, and visualization systems. An example method includes: receiving, by the computer system, an input data stream comprising raw machine data; processing the raw machine data by a data processing pipeline that produces transformed machine data, wherein the data processing pipeline comprises an ordered plurality of pipeline stages, wherein a pipeline stage of the ordered plurality of pipeline stages applies a rule of a set of rules to an input of the pipeline stage, wherein the rule specifies an action to be performed on the input of the pipeline stage responsive to evaluating a conditional expression applied to the input of the pipeline stage, wherein the action generates an output of the pipeline stage, and wherein the rule is selected based on a source type associated with the input data stream; and supplying the transformed machine data to a data collection, indexing, and visualization system.

公开(公告)号：US10642909B2

公开(公告)日：2020-05-05

申请号：US15885629

申请日：2018-01-31

Applicant: SPLUNK INC.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F17/30 ,  G06F16/951 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/903

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing real-time search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.

公开(公告)号：US20190354559A1

公开(公告)日：2019-11-21

申请号：US16527854

申请日：2019-07-31

Applicant: Splunk Inc.

Inventor： Karthikeyan Sabhanatarajan ,  David Ryan Marquardt ,  Steve Zhang ,  Nicholas Romito

IPC: G06F16/903 ,  G06F16/901

Abstract: Embodiments of the present disclosure provide techniques for performing searches of event records by leveraging reference values in an inverted index. A method of searching comprises accessing a query associated with a first set of event records in a field searchable data store, each event record comprising a time-stamped portion of raw machine data. The method further comprises evaluating the query and generating results for the query by accessing an inverted index, wherein each entry in the inverted index comprises at least one field, a corresponding at least one field value and a reference value that identifies a location in the field searchable data store where an associated event record is stored. The method further comprises performing a search to filter out a second set of event records and retrieving the second set of event records from the field searchable data store using reference values in the inverted index.

公开(公告)号：US20180322202A1

公开(公告)日：2018-11-08

申请号：US16032890

申请日：2018-07-11

Applicant: SPLUNK INC.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F17/30

CPC classification number: G06F17/30864 ,  G06F17/30477 ,  G06F17/30516 ,  G06F17/30545 ,  G06F17/30979

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing realtime search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.

公开(公告)号：US09514189B2

公开(公告)日：2016-12-06

申请号：US14449144

申请日：2014-07-31

Applicant: Splunk Inc.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F17/30

CPC classification number: G06F17/30864 ,  G06F17/30477 ,  G06F17/30516 ,  G06F17/30545 ,  G06F17/30979

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing real-time search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.

Abstract translation: 通过分析所接收的搜索请求来识别在搜索支持系统的计算机处接收的搜索请求，以识别请求参数并连接到在请求参数中引用的搜索支持系统的系统索引。 启动外部结果提供程序（ERP）进程，在搜索支持系统和搜索支持系统外部的数据源之间建立通信，为请求参数中引用的虚拟索引。 因此，ERP过程提供了搜索支持系统和外部数据源之间的接口，如第三方。 ERP流程可以以流模式运行（以最少的处理提供实时搜索结果）和/或报告模式（提供更大的延迟和处理范围的结果），并且可以在模式之间切换。 从连接的系统索引和引用的虚拟索引接收搜索请求结果。

公开(公告)号：US20160034525A1

公开(公告)日：2016-02-04

申请号：US14449051

申请日：2014-07-31

Applicant: Splunk Inc.

Inventor： Alice Neels ,  Steve Zhang ,  Marc Robichaud

IPC: G06F17/30

CPC classification number: G06F17/30389 ,  G06F17/30598

Abstract: A processing device performs a preliminary grouping of data items in a dataset to define one or more clusters and for each cluster, identifies a set of search terms for a search query that would retrieve data items in the cluster upon execution of the search query against the dataset.

Abstract translation: 处理设备执行数据集中的数据项的初步分组以定义一个或多个集群，并且对于每个集群，识别搜索查询的搜索项集合，该搜索查询将在针对所述集群执行搜索查询时检索集群中的数据项。 数据集

公开(公告)号：US11782920B1

公开(公告)日：2023-10-10

申请号：US17163118

申请日：2021-01-29

Applicant: Splunk Inc.

Inventor： Phil Yonghui Wang ,  Steve Zhang

IPC: G06F16/24 ,  G06F16/245 ,  G06F16/2453 ,  G06F16/2458

CPC classification number: G06F16/24535 ,  G06F16/2477 ,  G06F16/24542

Abstract: A data intake and query system executes a search query at a first execution time for querying events having associated time stamps within a first time period characterized by a first start time and a first end time. The first start time is computed based upon a time indicated by reference time information stored prior to execution of the search query. The system determines whether execution of the search query completed successfully based upon a first search result obtained from executing the search query. If the first execution of the search query was not successful, the system computes for a second execution of the search query after the first execution, a second time period using the reference time information. The second execution is configured to query events with associated timestamps that fall within a second time period that includes the first time period and an additional time period.

公开(公告)号：US20210149912A1

公开(公告)日：2021-05-20

申请号：US17158880

申请日：2021-01-26

Applicant: SPLUNK INC.

Inventor： Jesse Brandau Miller ,  Katherine Kyle Feeney ,  Yuan Xie ,  Steve Zhang ,  Adam Jamison Oliner ,  Jindrich Dinga ,  Jacob Leverich

IPC: G06F16/26

Abstract: Systems and methods include causing presentation of a first cluster in association with an event of the first cluster, the first cluster from a first set of clusters of events. Each event includes a time stamp and event data. Based on the presentation of the first cluster, an extraction rule corresponding to the event of the first cluster is received from a user. Similarities in the event data between the events are determined based on the received extraction rule. The events are grouped into a second set of clusters based on the determined similarities. Presentation is caused of a second cluster in association with an event of the second cluster, where the second cluster is from the second set of clusters.

公开(公告)号：US10726080B2

公开(公告)日：2020-07-28

申请号：US15885629

申请日：2018-01-31

Applicant: SPLUNK INC.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F17/30 ,  G06F16/951 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/903

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing real-time search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.

公开(公告)号：US10296616B2

公开(公告)日：2019-05-21

申请号：US14449051

申请日：2014-07-31

Applicant: Splunk Inc.

Inventor： Alice Neels ,  Steve Zhang ,  Marc Robichaud

IPC: G06F17/30 ,  G06F17/00

Abstract: A processing device performs a preliminary grouping of data items in a dataset to define one or more clusters and for each cluster, identifies a set of search terms for a search query that would retrieve data items in the cluster upon execution of the search query against the dataset.