公开(公告)号：US20220269727A1

公开(公告)日：2022-08-25

申请号：US17646841

申请日：2022-01-03

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Sourav Pal ,  Sai Krishna Sajja ,  Igor Stojanovski ,  Tameem Anwar ,  Paul J. Lucas ,  Eric Woo ,  Steve Wong

IPC: G06F16/901 ,  G06F3/06 ,  G06F16/23 ,  G06F16/27 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives raw machine data at an indexing system, and stores at least a portion of the raw machine data in buckets using containerized indexing nodes instantiated in a containerized environment. The data intake and query system stores the buckets in a shared storage system.

公开(公告)号：US20220245093A1

公开(公告)日：2022-08-04

申请号：US17163047

申请日：2021-01-29

Applicant: SPLUNK INC.

Inventor： Alexandros Batsakis ,  Ankit Jain ,  Manu Jose ,  Jonah Pan ,  Hailun Yan

IPC: G06F16/14 ,  G06F16/182

Abstract: Embodiments described herein facilitate enhancement of data model acceleration, including generating data model summaries and performing searches in an accelerated manner. In one implementation, obtaining a search query from a user device. A determination may be made to execute a search, in association with the search query, via an external computing service. As such, the search query, or a variant thereof, can be provided to the external computing service, wherein the external computing service executes the search using data model summaries stored in a remote data store that is separate from a set of events from which the data model summaries were generated. A set of search results are received from the external computing service, and such search results are provided to the user device.

公开(公告)号：US11250056B1

公开(公告)日：2022-02-15

申请号：US15967573

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Sourav Pal ,  Sai Krishna Sajja ,  Igor Stojanovski ,  Tameem Anwar ,  Eric Woo ,  Steve Wong

IPC: G06F16/901 ,  G06F3/06 ,  G06F16/23 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. An indexing system of the data intake and query system receives data from an ingestion buffer that includes a marker that indicates data that is made available to the indexing system. The data intake and query system stores at least a portion of the data in buckets and stores the buckets in a shared storage system. Based on the storage of the buckets in the shared storage system, the indexing system indicates to the ingestion buffer that the marker can be updated.

公开(公告)号：US11003714B1

公开(公告)日：2021-05-11

申请号：US15967590

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke

IPC: G06F16/901 ,  G06F16/2458 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system uses a search node catalog to identify search nodes that are available to execute the query and uses a bucket catalog to identify buckets to be searched. The data intake and query system executes the query using the identified bucket and search nodes.

公开(公告)号：US10984044B1

公开(公告)日：2021-04-20

申请号：US15967591

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke

IPC: G06F16/901 ,  G06F16/903 ,  G06F16/907 ,  G06F3/06

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system maintains a catalog of buckets stored in a remote shared storage system. The buckets store raw machine data associated with a timestamp. The data intake and query receives a query identifying a set of data to be processed and a manner of processing the set of data, and executes the query based on the catalog of buckets.

公开(公告)号：US10776355B1

公开(公告)日：2020-09-15

申请号：US15967578

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke ,  Karthikeyan Sabhanatarajan

IPC: G06F16/2453 ,  G06F16/901 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system uses one or more containerized search nodes to execute the query and stores the results in a data store for combination with additional query results.

公开(公告)号：US10067944B2

公开(公告)日：2018-09-04

申请号：US15402119

申请日：2017-01-09

Applicant: Splunk, Inc.

Inventor： Ledion Bitincka ,  Alexandros Batsakis ,  Paul J. Lucas ,  Nicholas Robert Romito

IPC: G06F12/00 ,  G06F17/30 ,  G06F12/0873 ,  G06F12/0868 ,  G06F12/0866 ,  G06F12/0802 ,  G06F12/0871 ,  G06F12/0862 ,  G06F3/06

CPC classification number: G06F12/0875 ,  G06F16/172 ,  G06F16/951 ,  G06F16/9574 ,  G06F2212/1021 ,  G06F2212/45 ,  G06F2212/6024 ,  G06F2212/6026 ,  G06F2212/6028

Abstract: Embodiments are disclosed for performing cache aware searching. In response to a search query, a first bucket and a second bucket in remote storage for processing the search query. A determination is made that a first file in the first bucket is present in a cache when the search query is received. In response to the search query, a search is performed using the first file based on the determination that the first file is present in the cache when the search query is received, and the search is performed using a second file from the second bucket once the second file is stored in the cache.

公开(公告)号：US20250103604A1

公开(公告)日：2025-03-27

申请号：US18748595

申请日：2024-06-20

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Nitilaksha Satyaveera Halakatti ,  Ningxuan He ,  Prem Kumar Jayaraj ,  Manuel Gregorio Martinez ,  Balaji Rao ,  Jianming Zhang ,  Steve Yu Zhang

IPC: G06F16/2458

Abstract: A computing device can receive a query that identifies a set of data to be processed and determine that a portion of the set of data resides in an external data system. The query system can request data identifiers associated with data objects of the set of data from the external data system and communicate the data identifiers to a data queue. The computing device can instruct one or more search nodes to retrieve the identifiers from the data queue. The search nodes can use the data identifiers to retrieve data objects from the external data system and process the data objects according to instructions received from the computing device. The search nodes can provide results of the processing to the computing device.

公开(公告)号：US12007996B2

公开(公告)日：2024-06-11

申请号：US18051481

申请日：2022-10-31

Applicant: Splunk Inc.

Inventor： Balaji Rao ,  Jindrich Dinga ,  Kieran Cairney ,  Manuel Martinez ,  Nitilaksha Halakatti ,  Ningxuan He ,  Arindam Bhattacharjee ,  Sourav Pal ,  Alexandros Batsakis

IPC: G06F15/16 ,  G06F8/61 ,  G06F16/2453 ,  G06F16/2458 ,  H04L9/08 ,  H04L41/0806 ,  H04L67/10 ,  H04L67/52

CPC classification number: G06F16/24547 ,  G06F8/61 ,  G06F16/2465 ,  H04L9/0866 ,  H04L41/0806 ,  H04L67/10 ,  H04L67/52

Abstract: Systems and methods are described for establishing and managing components of a distributed computing framework implemented in a data intake and query system. The distributed computing framework may include a master and a plurality of worker nodes. The master may selectively operate on a search head captain that is chosen from the search heads of the data intake and query system. The search head captain may distribute configuration information for the master and the distributed computing framework to the other search heads, which in turn, may distribute that configuration information to indexers of the data intake and query system. Worker nodes may be selectively activated for operation on the indexers based on the configuration information, and the worker nodes may additionally use the configuration information to contact the master and join the distributed computing framework. This approach may provide numerous benefits, including improved security, flexibility in the selection of worker nodes, and redundancy for failures of physical components of the data intake and query system.

公开(公告)号：US11860940B1

公开(公告)日：2024-01-02

申请号：US17233193

申请日：2021-04-16

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke

IPC: G06F16/901 ,  G06F16/903 ,  G06F16/2458

CPC classification number: G06F16/901 ,  G06F16/2477 ,  G06F16/90335

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system uses a search node catalog to identify search nodes that are available to execute the query and uses a bucket catalog to identify buckets to be searched. The data intake and query system executes the query using the identified bucket and search nodes.