公开(公告)号：US20180314731A1

公开(公告)日：2018-11-01

申请号：US15582424

申请日：2017-04-28

Applicant: Splunk Inc.

Inventor： Ashish Mathew

IPC: G06F17/30

CPC classification number: G06F16/2272 ,  G06F16/256

Abstract: Embodiments of the present disclosure provide a method for performing search queries. The method comprises transmitting a list of active indexers in an indexer cluster from a cluster master for receipt by a first search head, wherein the cluster master is communicatively coupled with an indexer cluster comprising a plurality of indexers and the first search head. The method further comprises receiving a first slot request at the cluster master in response to a query from the first search head, wherein the first search head is operable to transmit the query to the active indexers for execution if granted the slot request. Further, the method comprises evaluating a plurality of policies to determine if the first slot request can be granted and responsive to a positive determination, transmitting an authorization token for a slot to the first search head.

公开(公告)号：US20180218045A1

公开(公告)日：2018-08-02

申请号：US15419883

申请日：2017-01-30

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Ashish Mathew ,  Xiaowei Wang ,  Christopher Pride

IPC: G06F17/30

Abstract: The disclosed embodiments include a method performed by a data intake and query system. The method includes receiving a search query by a search head, defining a search process for applying the search query to indexers, delegating a first portion of the search process to indexers and a second portion of the search process to intermediary node(s) communicatively coupled to the search head and the indexers. The first portion can define a search scope for obtaining partial search results of the indexers and the second portion can define operations for combining the partial search results by the intermediary node(s) to produce a combination of the partial search results. The search head then receives the combination of the partial search results, and outputs final search results for the search query, where the final search results are based on the combination of the partial search results.

公开(公告)号：US12072891B1

公开(公告)日：2024-08-27

申请号：US18180728

申请日：2023-03-08

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Ashish Mathew ,  Xiaowei Wang ,  Christopher Pride

IPC: G06F16/2455 ,  G06F16/22 ,  G06F16/2453 ,  G06F16/2458 ,  G06F16/248 ,  G06F16/951

CPC classification number: G06F16/24564 ,  G06F16/22 ,  G06F16/24532 ,  G06F16/2471 ,  G06F16/248 ,  G06F16/951

Abstract: The disclosed embodiments include a method performed by a data intake and query system. The method includes receiving a search query by a search head, defining a search process for applying the search query to indexers, delegating a first portion of the search process to indexers and a second portion of the search process to intermediary node(s) communicatively coupled to the search head and the indexers. The first portion can define a search scope for obtaining partial search results of the indexers and the second portion can define operations for combining the partial search results by the intermediary node(s) to produce a combination of the partial search results. The search head then receives the combination of the partial search results, and outputs final search results for the search query, where the final search results are based on the combination of the partial search results.

公开(公告)号：US12013895B2

公开(公告)日：2024-06-18

申请号：US18328607

申请日：2023-06-02

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke

IPC: G06F16/23 ,  G06F3/06 ,  G06F16/27 ,  G06F16/901 ,  G06F16/903

CPC classification number: G06F16/901 ,  G06F3/0604 ,  G06F3/0644 ,  G06F3/065 ,  G06F3/0652 ,  G06F3/0653 ,  G06F3/0656 ,  G06F3/067 ,  G06F16/23 ,  G06F16/27 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives raw machine data at an indexing system, and stores at least a portion of the raw machine data in buckets using containerized indexing nodes instantiated in a containerized environment. The data intake and query system stores the buckets in a shared storage system.

公开(公告)号：US11829415B1

公开(公告)日：2023-11-28

申请号：US16778427

申请日：2020-01-31

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Mehul Goyal ,  Ashish Mathew ,  Douglas Rapp ,  Igor Stojanovski ,  Eric Woo

IPC: G06F17/00 ,  G06F16/901 ,  G06F16/953 ,  G06F16/906 ,  G06F16/9035

CPC classification number: G06F16/901 ,  G06F16/906 ,  G06F16/9035 ,  G06F16/953

Abstract: Systems and methods are described for improving data availability and/or resiliency of indexers of a data intake and query system. Due to a lag between the time at which data is received and the time at which the data is available for searching, the data intake and query system may receive a query indicating that received (but unavailable for search) data is to be included as part of the query. A cluster master can dynamically track what data is available for searching by different indexers and map the data to filter criteria using a bucket map identifier. When a search head receives a query, it can request a bucket map identifier from the cluster master and send the bucket map identifier to the indexers that will be executing the query. The indexers can use the bucket map identifier to request the individual buckets that they are assigned to search.

公开(公告)号：US11567993B1

公开(公告)日：2023-01-31

申请号：US15967574

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke

IPC: G06F16/901 ,  G06F16/2458 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system identifies buckets that are to be searched and stores a copy of buckets in memory associated with one or more search nodes. A search node performs a search on buckets residing in its memory.

公开(公告)号：US20200250180A1

公开(公告)日：2020-08-06

申请号：US16853974

申请日：2020-04-21

Applicant: Splunk Inc.

Inventor： Ashish Mathew

IPC: G06F16/248 ,  G06F16/2455 ,  G06F9/50 ,  G06F21/62 ,  G06F21/60

Abstract: Embodiments of the present disclosure provide a method for performing search queries in a manner that avoids overloading an indexer cluster or indexers with an unwanted or unauthorized high levels of concurrent searches. The method comprises transmitting a slot request from a search head to a cluster master in response to a query, wherein the cluster master is communicatively coupled with an indexer cluster comprising a plurality of indexers. The method further comprises receiving addresses of active indexers in the indexer cluster and a response to the slot request from the cluster master. Responsive to a grant of a slot by the cluster master, the method comprises using the addresses to transmit the query to the active indexers and receiving results of the query from the active indexers. Subsequently, the method comprises releasing the slot to the cluster master.

公开(公告)号：US20180314744A1

公开(公告)日：2018-11-01

申请号：US15582372

申请日：2017-04-28

Applicant: Splunk Inc.

Inventor： Ashish Mathew

IPC: G06F17/30 ,  G06F21/60 ,  G06F21/62

Abstract: Embodiments of the present disclosure provide a method for performing search queries in a manner that avoids overloading an indexer cluster or indexers with an unwanted or unauthorized high levels of concurrent searches. The method comprises transmitting a slot request from a search head to a cluster master in response to a query, wherein the cluster master is communicatively coupled with an indexer cluster comprising a plurality of indexers. The method further comprises receiving addresses of active indexers in the indexer cluster and a response to the slot request from the cluster master. Responsive to a grant of a slot by the cluster master, the method comprises using the addresses to transmit the query to the active indexers and receiving results of the query from the active indexers. Subsequently, the method comprises releasing the slot to the cluster master.

公开(公告)号：US11934418B2

公开(公告)日：2024-03-19

申请号：US17447620

申请日：2021-09-14

Applicant: Splunk Inc.

Inventor： Ashish Mathew ,  Ledion Bitincka ,  Igor Stojanovski ,  Dhruva Kumar Bhagi

IPC: G06F16/248 ,  G06F16/21 ,  G06F16/22 ,  G06F16/28

CPC classification number: G06F16/248 ,  G06F16/2228 ,  G06F16/285 ,  G06F16/21

Abstract: Techniques and mechanisms are disclosed to optimize the size of index files to improve use of storage space available to indexers and other components of a data intake and query system. Index files of a data intake and query system may include, among other data, a keyword portion containing mappings between keywords and location references to event data containing the keywords. Optimizing an amount of storage space used by index files may include removing, modifying and/or recreating various components of index files in response to detecting one or more storage conditions related to the event data indexed by the index files. The optimization of index files generally may attempt to manage a tradeoff between an efficiency with which search requests can be processed using the index files and an amount of storage space occupied by the index files.

公开(公告)号：US11609913B1

公开(公告)日：2023-03-21

申请号：US17162536

申请日：2021-01-29

Applicant: Splunk Inc.

Inventor： Tameem Anwar ,  Alexandros Batsakis ,  Tianyi Gou ,  Mehul Goyal ,  Ashish Mathew ,  Douglas Rapp ,  Sai Krishna Sajja ,  Anish Shrigondekar ,  Igor Stojanovski ,  Eric Woo ,  Zhenghui Xie ,  Ruochen Zhang ,  Sophia Rui Zhu

IPC: G06F16/00 ,  G06F16/2455 ,  G06F16/248 ,  G06F16/2458

Abstract: A data intake and query system can manage the search of large amounts of data using one or more processing nodes. When a new processing node is added or becomes available, the node coordinator can reassign duties from one or more processing nodes to the new processing node. The node coordinator can initially assign the new processing node one or more groups of data for backup purposes. At a later time, the node coordinator can reassign the new processing node to the one or more groups of data for searching purposes.