公开(公告)号：US20210042269A1

公开(公告)日：2021-02-11

申请号：US17080416

申请日：2020-10-26

Applicant: SPLUNK INC.

Inventor： Amritpal Singh Bath ,  Mitchell Neuman Blank, JR. ,  Vishal Patel ,  Stephen Phillip Sorkin

IPC: G06F16/17 ,  G06F16/20 ,  G06F16/174

Abstract: Embodiments are directed towards managing and tracking item identification of a plurality of items to determine if an item is a new or existing item, where an existing item has been previously processed. In some embodiments, two or more item identifiers may be generated. In one embodiment, generating the two or more item identifiers may include analyzing the item using a small item size characteristic, a compressed item, or for an identifier collision. The two or more item identifiers may be employed to determine if the item is a new or existing item. In one embodiment, the two or more item identifiers may be compared to a record about an existing item to determine if the item is a new or existing item. If the item is an existing item, then the item may be further processed to determine if the existing item has actually changed.

公开(公告)号：US10891284B2

公开(公告)日：2021-01-12

申请号：US15582458

申请日：2017-04-28

Applicant: SPLUNK INC.

Inventor： Amritpal Singh Bath ,  Yuan Xu, Jr. ,  Bharath Aleti ,  Manu Jose

IPC: G06F16/00 ,  G06F16/23 ,  G06F16/27 ,  G06F16/951 ,  G06F16/22 ,  G06F16/2458

Abstract: The present disclosure provides solutions for determining the divergence (delta) between the current and previous reference data structures for mutable data in a search head. A method is provided that includes updating a pre-existing lookup table in a search head, generating a delta file that identifies the divergence between the updated and previous lookup table, and distributing the delta file to other components in the search environment. The compatibility of the delta file is checked with the local instance of the lookup table in each search component, and the lookup table is applied if compatibility is determined. However, if the delta file is determined to not be compatible with the current version of a local lookup table in an indexer, the entire lookup table sent to the requesting indexer instead.

公开(公告)号：US20190235941A1

公开(公告)日：2019-08-01

申请号：US15885640

申请日：2018-01-31

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Bharath Kishore Reddy Aleti ,  Octavio Enrique Di Sciullo ,  Tingjin Xu ,  Jason Andrew Beyers ,  Kartheek Babu Kolla ,  Chaithra Nataraj ,  Clara Elizabeth Lee

IPC: G06F11/07 ,  G06F17/30

Abstract: Systems and methods are disclosed for monitoring features of a computing device of a distributed computing system using a self-monitoring module. The self-monitoring module can include multiple feature-specific monitoring modules and one or more parent nodes for the feature-specific monitoring modules. A feature-specific monitoring module can identify or detect a fault status change, such as a fault condition or fault resolution, for one or more features. Based on the identified fault conditions or fault resolutions, the feature-specific monitoring module can determine an internal status and communicate an updated status to a parent node.

公开(公告)号：US20180314726A1

公开(公告)日：2018-11-01

申请号：US15582458

申请日：2017-04-28

Applicant: SPLUNK INC.

Inventor： Amritpal Singh Bath ,  Yuan Xu, JR. ,  Bharath Aleti ,  Manu Jose

IPC: G06F17/30

Abstract: The present disclosure provides solutions for determining the divergence (delta) between the current and previous reference data structures for mutable data in a search head. A method is provided that includes updating a pre-existing lookup table in a search head, generating a delta file that identifies the divergence between the updated and previous lookup table, and distributing the delta file to other components in the search environment. The compatibility of the delta file is checked with the local instance of the lookup table in each search component, and the lookup table is applied if compatibility is determined. However, if the delta file is determined to not be compatible with the current version of a local lookup table in an indexer, the entire lookup table sent to the requesting indexer instead.

公开(公告)号：US10083190B2

公开(公告)日：2018-09-25

申请号：US14014059

申请日：2013-08-29

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Mitchell Neuman Blank ,  Vishal Patel ,  Stephen Phillip Sorkin

IPC: G06F17/30

CPC classification number: G06F16/21 ,  G06F16/1734

Abstract: Embodiments are directed towards a dynamic change evaluation mechanism, whereby items having a detected possible change are scheduled for re-evaluation for possible changes at a higher frequency than items detected to not have previously changed, while those items detected as not to have changed are dynamically scheduled for re-evaluation based on an evaluation backlog that may be in turn based, in part, on a time from when an item is assigned an expiration time to when the item is evaluated. In one embodiment, a possibly changed item may be assigned a new expiration time independent of the evaluation backlog. In another embodiment, if no change is detected, then the item may be assigned a new expiration time as a function of a previous expiration time and on the evaluation backlog.

公开(公告)号：US09767112B2

公开(公告)日：2017-09-19

申请号：US15224649

申请日：2016-07-31

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Mitchell Neuman Blank, Jr. ,  Vishal Patel ,  Stephen Phillip Sorkin

IPC: G06F17/30

CPC classification number: G06F17/30144 ,  G06F17/3015 ,  G06F17/30286

Abstract: Embodiments are directed towards managing and tracking item identification of a plurality of items to determine if an item is a new or existing item, where an existing item has been previously processed. In some embodiments, two or more item identifiers may be generated. In one embodiment, generating the two or more item identifiers may include analyzing the item using a small item size characteristic, a compressed item, or for an identifier collision. The two or more item identifiers may be employed to determine if the item is a new or existing item. In one embodiment, the two or more item identifiers may be compared to a record about an existing item to determine if the item is a new or existing item. If the item is an existing item, then the item may be further processed to determine if the existing item has actually changed.

公开(公告)号：US12174797B1

公开(公告)日：2024-12-24

申请号：US18103323

申请日：2023-01-30

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Sarah Harun ,  Samat Jain ,  Felix Jiang ,  Shanmugam Kailasam ,  Li-Jen Liu ,  Jiahan Wang ,  Tingjin Xu

IPC: G06F16/00 ,  G06F16/13 ,  G06F16/16 ,  G06F16/17

Abstract: A method for file system destinations includes obtaining events for storage on one or more of the storage systems. For each event, the method includes extracting at least one field value from the event, comparing the at least one field value to configurations of the storage systems to identify at least one storage system of the plurality of storage systems having a matching configuration, transmitting the event to an ingest module queue for the at least one storage system, selecting a partition for the event based on the at least one field value to obtain a selected partition, mapping the selected partition to a file using a partition mapping, and appending the event to the file on the at least one storage system.

公开(公告)号：US20220291984A1

公开(公告)日：2022-09-15

申请号：US17804545

申请日：2022-05-27

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Bharath Kishore Reddy Aleti ,  Octavio Enrique Di Sciullo ,  Tingjin Xu ,  Jason Andrew Beyers ,  Kartheek Babu Kolla ,  Chaithra Nataraj ,  Clara Elizabeth Lee

IPC: G06F11/07 ,  G06F16/2455

Abstract: Systems and methods are disclosed for monitoring features of a computing device of a distributed computing system using a self-monitoring module. The self-monitoring module can include multiple feature-specific monitoring modules and one or more parent nodes for the feature-specific monitoring modules. A feature-specific monitoring module can identify or detect a fault status change, such as a fault condition or fault resolution, for one or more features. Based on the identified fault conditions or fault resolutions, the feature-specific monitoring module can determine an internal status and communicate an updated status to a parent node.

公开(公告)号：US11042515B2

公开(公告)日：2021-06-22

申请号：US16141913

申请日：2018-09-25

Applicant: Splunk Inc.

Inventor： Amritpal Singh Bath ,  Mitchell Neuman Blank ,  Vishal Patel ,  Stephen Phillip Sorkin

IPC: G06F16/21 ,  G06F16/17

Abstract: Embodiments are directed towards managing and tracking item identification of a plurality of items to determine if an item is a new or existing item, where an existing item has been previously processed. In some embodiments, two or more item identifiers may be generated. In one embodiment, generating the two or more item identifiers may include analyzing the item using a small item size characteristic, a compressed item, or for an identifier collision. The two or more item identifiers may be employed to determine if the item is a new or existing item. In one embodiment, the two or more item identifiers may be compared to a record about an existing item to determine if the item is a new or existing item. If the item is an existing item, then the item may be further processed to determine if the existing item has actually changed.

公开(公告)号：US20210149773A1

公开(公告)日：2021-05-20

申请号：US17161480

申请日：2021-01-28

Applicant: SPLUNK INC.

Inventor： Ankit Jain ,  Manu Jose, JR. ,  Bharath Kishore Reddy Aleti ,  Amritpal Singh Bath ,  Yuan Xu

IPC: G06F11/14 ,  G06F16/21 ,  G06F11/34 ,  H04L12/26 ,  H04L12/24 ,  G06F11/30 ,  G06F16/27

Abstract: Embodiments of the present disclosure provide solutions for determining an elected search head captain is unqualified for the position, identifying a more qualified search head, and transferring the captain position to the more qualified search head. A method is provided that includes referencing qualification parameters in an elected search head captain, determining whether the newly elected search head captain is qualified for the position based on the parameters, identifying a more qualified search head to be the search head captain if the newly elected search head captain is determined to be unqualified for the position, and transferring the position of captain to the more qualified search head. The qualification parameters may include, for example, a pre-determined static flag set by an administrator of the search environment, and configuration replication status that corresponds to the most recent configuration state of the search head as recorded by the previous search head captain.