公开(公告)号：US11138218B2

公开(公告)日：2021-10-05

申请号：US16259975

申请日：2019-01-28

Applicant: Splunk Inc.

Inventor： Ashish Mathew ,  Ledion Bitincka ,  Igor Stojanovski ,  Dhruva Kumar Bhagi

IPC: G06F16/248 ,  G06F16/28 ,  G06F16/22 ,  G06F16/21

Abstract: Techniques and mechanisms are disclosed to optimize the size of index files to improve use of storage space available to indexers and other components of a data intake and query system. Index files of a data intake and query system may include, among other data, a keyword portion containing mappings between keywords and location references to event data containing the keywords. Optimizing an amount of storage space used by index files may include removing, modifying and/or recreating various components of index files in response to detecting one or more storage conditions related to the event data indexed by the index files. The optimization of index files generally may attempt to manage a tradeoff between an efficiency with which search requests can be processed using the index files and an amount of storage space occupied by the index files.

公开(公告)号：US11003714B1

公开(公告)日：2021-05-11

申请号：US15967590

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke

IPC: G06F16/901 ,  G06F16/2458 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system uses a search node catalog to identify search nodes that are available to execute the query and uses a bucket catalog to identify buckets to be searched. The data intake and query system executes the query using the identified bucket and search nodes.

公开(公告)号：US10984044B1

公开(公告)日：2021-04-20

申请号：US15967591

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke

IPC: G06F16/901 ,  G06F16/903 ,  G06F16/907 ,  G06F3/06

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system maintains a catalog of buckets stored in a remote shared storage system. The buckets store raw machine data associated with a timestamp. The data intake and query receives a query identifying a set of data to be processed and a manner of processing the set of data, and executes the query based on the catalog of buckets.

公开(公告)号：US10776355B1

公开(公告)日：2020-09-15

申请号：US15967578

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke ,  Karthikeyan Sabhanatarajan

IPC: G06F16/2453 ,  G06F16/901 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system uses one or more containerized search nodes to execute the query and stores the results in a data store for combination with additional query results.

公开(公告)号：US10579607B2

公开(公告)日：2020-03-03

申请号：US15582424

申请日：2017-04-28

Applicant: Splunk Inc.

Inventor： Ashish Mathew

IPC: G06F17/30 ,  G06F16/22 ,  G06F16/25

Abstract: Embodiments of the present disclosure provide a method for performing search queries. The method comprises transmitting a list of active indexers in an indexer cluster from a cluster master for receipt by a first search head, wherein the cluster master is communicatively coupled with an indexer cluster comprising a plurality of indexers and the first search head. The method further comprises receiving a first slot request at the cluster master in response to a query from the first search head, wherein the first search head is operable to transmit the query to the active indexers for execution if granted the slot request. Further, the method comprises evaluating a plurality of policies to determine if the first slot request can be granted and responsive to a positive determination, transmitting an authorization token for a slot to the first search head.

公开(公告)号：US20240386053A1

公开(公告)日：2024-11-21

申请号：US18661319

申请日：2024-05-10

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke ,  Sai Krishna Sajja ,  Igor Stojanovski ,  Tameem Anwar ,  Paul J. Lucas ,  Eric Woo ,  Steve Wong

IPC: G06F16/901 ,  G06F3/06 ,  G06F16/23 ,  G06F16/27 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives raw machine data at an indexing system, and stores at least a portion of the raw machine data in buckets using containerized indexing nodes instantiated in a containerized environment. The data intake and query system stores the buckets in a shared storage system.

公开(公告)号：US12019634B1

公开(公告)日：2024-06-25

申请号：US18123758

申请日：2023-03-20

Applicant: Splunk Inc.

Inventor： Tameem Anwar ,  Alexandros Batsakis ,  Tianyi Gou ,  Mehul Goyal ,  Ashish Mathew ,  Douglas Rapp ,  Sai Krishna Sajja ,  Anish Shrigondekar ,  Igor Stojanovski ,  Eric Woo ,  Zhenghui Xie ,  Ruochen Zhang ,  Sophia Rui Zhu

IPC: G06F16/00 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/248

CPC classification number: G06F16/24554 ,  G06F16/24552 ,  G06F16/2477 ,  G06F16/248

Abstract: A data intake and query system can manage the search of large amounts of data using one or more processing nodes. When a new processing node is added or becomes available, the node coordinator can reassign duties from one or more processing nodes to the new processing node. The node coordinator can initially assign the new processing node one or more groups of data for backup purposes. At a later time, the node coordinator can reassign the new processing node to the one or more groups of data for searching purposes.

公开(公告)号：US11874691B1

公开(公告)日：2024-01-16

申请号：US16000664

申请日：2018-06-05

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke

IPC: G06F16/2453 ,  G06F16/22

CPC classification number: G06F16/24542 ,  G06F16/2272

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system identifies buckets that are to be searched and search nodes to execute the query. The data intake and query system maps the identified buckets to the search nodes and executes the query using the identified bucket and search nodes.

公开(公告)号：US11809397B1

公开(公告)日：2023-11-07

申请号：US17680900

申请日：2022-02-25

Applicant: Splunk Inc.

Inventor： Ashish Mathew

IPC: G06F16/00 ,  G06F16/22 ,  G06F16/25

CPC classification number: G06F16/2272 ,  G06F16/256

Abstract: Embodiments of the present disclosure provide a method for performing search queries. The method comprises transmitting a list of active indexers in an indexer cluster from a cluster master for receipt by a first search head, wherein the cluster master is communicatively coupled with an indexer cluster comprising a plurality of indexers and the first search head. The method further comprises receiving a first slot request at the cluster master in response to a query from the first search head, wherein the first search head is operable to transmit the query to the active indexers for execution if granted the slot request. Further, the method comprises evaluating a plurality of policies to determine if the first slot request can be granted and responsive to a positive determination, transmitting an authorization token for a slot to the first search head.

公开(公告)号：US11625404B2

公开(公告)日：2023-04-11

申请号：US16687158

申请日：2019-11-18

Applicant: Splunk Inc.

Inventor： Sourav Pal ,  Ashish Mathew ,  Xiaowei Wang ,  Christopher Pride

IPC: G06F16/2455 ,  G06F16/248 ,  G06F16/951

Abstract: The disclosed embodiments include a method performed by a data intake and query system. The method includes receiving a search query by a search head, defining a search process for applying the search query to indexers, delegating a first portion of the search process to indexers and a second portion of the search process to intermediary node(s) communicatively coupled to the search head and the indexers. The first portion can define a search scope for obtaining partial search results of the indexers and the second portion can define operations for combining the partial search results by the intermediary node(s) to produce a combination of the partial search results. The search head then receives the combination of the partial search results, and outputs final search results for the search query, where the final search results are based on the combination of the partial search results.