-
公开(公告)号:US20160140238A1
公开(公告)日:2016-05-19
申请号:US15007176
申请日:2016-01-26
申请人: Splunk Inc.
发明人: Erik M. Swan , R. David Carasso , Robin Kumar Das , Rory Greene , Bradley Hall , Nicholas Christian Mealy , Brian Philip Murphy , Stephen Phillip Sorkin , Andre David Stechert , Michael Joseph Baum
IPC分类号: G06F17/30
CPC分类号: G06F17/30336 , G06F17/30321 , G06F17/30342 , G06F17/30353 , G06F17/30516 , G06F17/30528 , G06F17/3053 , G06F17/30551 , G06F17/30554 , G06F17/30864
摘要: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.
摘要翻译: 根据本发明的方法和设备提供了基于搜索来组织,索引,搜索和呈现时间序列数据的能力。 时间序列数据是在一个或多个通常连续的流中发生的时间戳记录的序列,表示某种类型的活动。 在一个实施例中,时间序列数据被组织成具有归一化时间戳的离散事件,并且事件由时间和关键字索引。 完全或部分地基于搜索时计算的时间索引机制,关键字索引机制或统计索引,检索相关的事件信息。
-
公开(公告)号:US20160070736A1
公开(公告)日:2016-03-10
申请号:US14929248
申请日:2015-10-30
申请人: Splunk Inc.
发明人: Erik M. Swan , R. David Carasso , Robin Kumar Das , Rory Greene , Bradley Hall , Nicholas Christian Mealy , Brian Philip Murphy , Stephen Phillip Sorkin , Andre David Stechert , Michael Joseph Baum
IPC分类号: G06F17/30
CPC分类号: G06F17/30336 , G06F17/30321 , G06F17/30342 , G06F17/30353 , G06F17/30516 , G06F17/30528 , G06F17/3053 , G06F17/30551 , G06F17/30554 , G06F17/30864
摘要: Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.
摘要翻译: 根据本发明的方法和设备提供了基于搜索来组织,索引,搜索和呈现时间序列数据的能力。 时间序列数据是在一个或多个通常连续的流中发生的时间戳记录的序列,表示某种类型的活动。 在一个实施例中,时间序列数据被组织成具有归一化时间戳的离散事件,并且事件由时间和关键字索引。 完全或部分地基于搜索时计算的时间索引机制,关键字索引机制或统计索引,检索相关的事件信息。
-
公开(公告)号:US20160055214A1
公开(公告)日:2016-02-25
申请号:US14929332
申请日:2015-10-31
申请人: Splunk Inc.
发明人: Mitchell Neuman Blank, JR. , Leonid Budchenko , David Carasso , Micah James Delfino , Johnvey Hwang , Stephen Phillip Sorkin , Eric Timothy Woo
IPC分类号: G06F17/30 , G06F3/0482 , G06F17/27 , G06F3/0484
CPC分类号: G06F17/30867 , G06F3/0482 , G06F3/04842 , G06F3/0485 , G06F17/2705 , G06F17/30321 , G06F17/30507 , G06F17/30551 , G06F17/30554 , G06F17/3056 , G06F17/30619 , G06F17/30864
摘要: Embodiments are directed towards previewing results generated from indexing data raw data before the corresponding index data is added to an index store. Raw data may be received from a preview data source. After an initial set of configuration information may be established, the preview data may be submitted to an index processing pipeline. A previewing application may generate preview results based on the preview index data and the configuration information. The preview results may enable previewing how the data is being processed by the indexing application. If the preview results are not acceptable, the configuration information may be modified. The preview application enables modification of the configuration information until the generated preview results may be acceptable. If the configuration information is acceptable, the preview data may be processed and indexed in one or more index stores.
摘要翻译: 实施例针对在将对应的索引数据添加到索引存储之前预览从索引数据原始数据生成的结果。 可以从预览数据源接收原始数据。 在可以建立一组初始配置信息之后,可以将预览数据提交给索引处理流水线。 预览应用可以基于预览索引数据和配置信息生成预览结果。 预览结果可能可以预览索引应用程序如何处理数据。 如果预览结果不可接受,则可以修改配置信息。 预览应用程序可以修改配置信息,直到生成的预览结果可以接受。 如果配置信息是可接受的,则预览数据可以在一个或多个索引存储中被处理和索引。
-
公开(公告)号:US20150339344A1
公开(公告)日:2015-11-26
申请号:US14815884
申请日:2015-07-31
申请人: Splunk Inc.
发明人: Alice Emily Neels , Archana Sulochana Ganapathi , Marc Vincent Robichaud , Stephen Phillip Sorkin , Steve Yu Zhang
IPC分类号: G06F17/30
CPC分类号: G06F17/30395 , G06F3/0482 , G06F17/248 , G06F17/30283 , G06F17/30424 , G06F17/30528 , G06F17/30554 , G06F17/30867
摘要: Embodiments include generating data models that may give semantic meaning for unstructured or structured data that may include data generated and/or received by search engines, including a time series engine. A method includes generating a data model for data stored in a repository. Generating the data model includes generating an initial query string, executing the initial query string on the data, generating an initial result set based on the initial query string being executed on the data, determining one or more candidate fields from one or results of the initial result set, generating a candidate data model based on the one or more candidate fields, iteratively modifying the candidate data model until the candidate data model models the data, and using the candidate data model as the data model.
摘要翻译: 实施例包括生成可以给非结构化或结构化数据赋予语义意义的数据模型,其可以包括由搜索引擎(包括时间序列引擎)生成和/或接收的数据。 一种方法包括为存储在存储库中的数据生成数据模型。 生成数据模型包括生成初始查询字符串,对数据执行初始查询字符串,基于对数据执行的初始查询字符串生成初始结果集,从一个或多个初始查询字符串的结果确定一个或多个候选字段 生成基于一个或多个候选字段的候选数据模型,迭代地修改候选数据模型,直到候选数据模型对数据建模,并使用候选数据模型作为数据模型。
-
25.发明申请SEARCHING OF EVENTS DERIVED FROM MACHINE DATA USING FIELD AND KEYWORD CRITERIA 有权使用现场和关键字标准搜索从机器数据中获取的事件公开(公告)号:US20150149460A1
公开(公告)日:2015-05-28
申请号:US14611191
申请日:2015-01-31
申请人: Splunk Inc.
发明人: Michael Joseph Baum , R. David Carasso , Robin Kumar Das , Bradley Hall , Brian Phillip Murphy , Stephen Phillip Sorkin , Andre David Stechert , Erik M. Swan , Rory Greene , Nicholas Christian Mealy , Christina Frances Regina Noren
IPC分类号: G06F17/30
CPC分类号: G06F17/30604 , G06F11/3476 , G06F17/2785 , G06F17/30368 , G06F17/30477 , G06F17/30507 , G06F17/30525 , G06F17/30551 , G06F17/30598 , G06F17/30619 , G06F17/30657 , G06F17/30705 , G06K9/6217 , H04L63/1425 , H04L63/20
摘要: Methods and apparatus consistent with the invention provide the ability to organize and build understandings of machine data generated by a variety of information-processing environments. Machine data is a product of information-processing systems (e.g., activity logs, configuration files, messages, database records) and represents the evidence of particular events that have taken place and been recorded in raw data format. In one embodiment, machine data is turned into a machine data web by organizing machine data into events and then linking events together.
摘要翻译: 与本发明一致的方法和设备提供组织和构建由各种信息处理环境生成的机器数据的理解的能力。 机器数据是信息处理系统(例如,活动日志,配置文件,消息,数据库记录)的产物,并且表示已经发生并以原始数据格式记录的特定事件的证据。 在一个实施例中,机器数据通过将机器数据组织到事件中并将事件链接在一起而变成机器数据网。
-
26.发明申请UNIFORM STORAGE AND SEARCH OF EVENTS DERIVED FROM MACHINE DATA FROM DIFFERENT SOURCES 有权从不同来源的机器数据中获取的均匀存储和搜索公开(公告)号:US20150142842A1
公开(公告)日:2015-05-21
申请号:US14611188
申请日:2015-01-31
申请人: Splunk Inc.
发明人: Michael Joseph Baum , R. David Carasso , Robin Kumar Das , Bradley Hall , Brian Phillip Murphy , Stephen Phillip Sorkin , Andre David Stechert , Erik M. Swan , Rory Greene , Nicholas Christian Mealy , Christina Frances Regina Noren
IPC分类号: G06F17/30
CPC分类号: G06F17/30604 , G06F11/3476 , G06F17/2785 , G06F17/30368 , G06F17/30477 , G06F17/30507 , G06F17/30525 , G06F17/30551 , G06F17/30598 , G06F17/30619 , G06F17/30657 , G06F17/30705 , G06K9/6217 , H04L63/1425 , H04L63/20
摘要: Methods and apparatus consistent with the invention provide the ability to organize and build understandings of machine data generated by a variety of information-processing environments. Machine data is a product of information-processing systems (e.g., activity logs, configuration files, messages, database records) and represents the evidence of particular events that have taken place and been recorded in raw data format. In one embodiment, machine data is turned into a machine data web by organizing machine data into events and then linking events together.
摘要翻译: 与本发明一致的方法和设备提供组织和构建由各种信息处理环境生成的机器数据的理解的能力。 机器数据是信息处理系统(例如,活动日志,配置文件,消息,数据库记录)的产物,并且表示已经发生并以原始数据格式记录的特定事件的证据。 在一个实施例中,机器数据通过将机器数据组织到事件中并将事件链接在一起而变成机器数据网。
-
公开(公告)号:US20140317111A1
公开(公告)日:2014-10-23
申请号:US14266838
申请日:2014-05-01
申请人: Splunk Inc.
IPC分类号: G06F17/30
CPC分类号: G06F17/3053 , G06F17/30194 , G06F17/30312 , G06F17/30353 , G06F17/30386 , G06F17/30477 , G06F17/30483 , G06F17/30486 , G06F17/30528 , G06F17/30545 , G06F17/30551 , G06F17/30554 , G06F17/30675 , G06F17/30864 , G06F17/30867 , G06F17/30973 , G06F17/30991 , H04L41/0604 , H04L41/22 , H04L67/1097
摘要: A method, system, and processor-readable storage medium are directed towards generating a report derived from data, such as event data, stored on a plurality of distributed nodes. In one embodiment the analysis is generated using a “divide and conquer” algorithm, such that each distributed node analyzes locally stored event data while an aggregating node combines these analysis results to generate the report. In one embodiment, each distributed node also transmits a list of event data references associated with the analysis result to the aggregating node. The aggregating node may then generate a global ordered list of data references based on the list of event data references received from each distributed node. Subsequently, in response to a user selection of a range of global event data, the report may dynamically retrieve event data from one or more distributed nodes for display according to the global order.
摘要翻译: 方法,系统和处理器可读存储介质被引导为生成从存储在多个分布式节点上的诸如事件数据的数据导出的报告。 在一个实施例中,使用“分割和征服”算法生成分析,使得每个分布式节点分析本地存储的事件数据,而聚合节点组合这些分析结果以生成报告。 在一个实施例中,每个分布式节点还将与分析结果相关联的事件数据引用的列表发送到聚合节点。 然后,聚合节点可以基于从每个分布式节点接收的事件数据参考的列表来生成数据引用的全局有序列表。 随后,响应于用户选择一系列全局事件数据,报告可以动态地从一个或多个分布式节点检索事件数据,以便根据全局顺序进行显示。
-
公开(公告)号:US20140229490A1
公开(公告)日:2014-08-14
申请号:US14052563
申请日:2013-10-11
申请人: Splunk Inc.
发明人: Vishal Patel , Jimmy John , Stephen Phillip Sorkin , Johnathon Lee Cervelli , Mitchell Neuman Blank, JR. , Robin Kumar Das
IPC分类号: G06F17/30
CPC分类号: G06F16/2272 , G06F21/121 , G06F2221/0775 , G06F2221/2101 , H04L2463/101
摘要: The invention is directed towards enabling data volume and data type based licensing of software in a distributed system of a plurality of remote and/or local nodes. The invention enables measuring and optionally restricting the use of software based on one or more provided licenses that restrict the amount and type of data that may be processed by the software. New and older licenses may be added together for a single, bulk entitlement for a given volume of data processing for one or all types of data. Different users in the same enterprise may combine license entitlements too. Also, a new license can be acquired repeatedly, without requiring the issuance of combined licenses by the issuing authority and/or the revocation of prior licenses.
摘要翻译: 本发明旨在实现在多个远程和/或本地节点的分布式系统中的软件的基于数据量和数据类型的许可。 本发明能够测量和可选地限制基于限制软件可能处理的数据的数量和类型的一个或多个所提供的许可证的软件的使用。 新一代和更旧的许可证可以一起添加,用于针对一种或所有类型的数据的给定数据量处理的单个批量权利。 同一企业的不同用户也可以组合许可证授权。 此外,可以重复获得新的许可证,而不需要发证机构签发合并的许可证和/或撤销先前的许可证。
-
公开(公告)号:US20140074817A1
公开(公告)日:2014-03-13
申请号:US13662369
申请日:2012-10-26
申请人: SPLUNK INC.
发明人: Alice Emily Neels , Archara Sulochana Ganapathi , Marc Vincent Robichaud , Stephen Phillip Sorkin , Steve Yu Zhang
IPC分类号: G06F17/30
CPC分类号: G06F17/30395 , G06F3/0482 , G06F17/248 , G06F17/30283 , G06F17/30424 , G06F17/30528 , G06F17/30554 , G06F17/30867
摘要: Embodiments are directed towards generating data models that may give semantic meaning for unstructured data or structured data that may include data generated and/or received by search engines, including a time series engine. Data models also may be generated to provide semantic meaning to structured data. A data model may be composed of a hierarchical data model objects analogous to an object-oriented programming class hierarchy. Users may employ a data modeling application to produce reports using search objects that may be part of, or associated with the data model. The data modeling application may employ the search object and the data model to generate a query string for searching a data repository to produce a result set. A data modeling application may map the result set data to data model objects that may be used to generate reports.
摘要翻译: 实施例涉及生成可能给非结构化数据或结构化数据提供语义意义的数据模型,这些结构化数据或结构化数据可能包括由搜索引擎(包括时间序列引擎)生成和/或接收的数据。 也可以生成数据模型以为结构化数据提供语义。 数据模型可以由类似于面向对象的编程类层次结构的分层数据模型对象组成。 用户可以使用数据建模应用程序来生成使用可能是数据模型的一部分或与数据模型相关联的搜索对象的报告。 数据建模应用程序可以使用搜索对象和数据模型来生成用于搜索数据存储库以产生结果集的查询字符串。 数据建模应用程序可将结果集数据映射到可用于生成报告的数据模型对象。
-
公开(公告)号:US20130311427A1
公开(公告)日:2013-11-21
申请号:US13648116
申请日:2012-10-09
申请人: SPLUNK INC.
IPC分类号: G06F17/30
CPC分类号: H04L67/1097 , G06F11/2097 , G06F17/30312
摘要: Embodiments are directed towards managing within a cluster environment having a plurality of indexers for data storage using redundancy the data being managed using a generation identifier, such that a primary indexer is designated for a given generation of data. When a master device for the cluster fails, data may continue to be stored using redundancy, and data searches performed may still be performed.
摘要翻译: 实施例旨在在具有多个索引器的集群环境内管理,用于使用生成标识符来管理数据的冗余来进行数据存储,从而为指定的生成数据指定主索引器。 当集群的主设备发生故障时,可以继续使用冗余来存储数据,并且仍然可以执行数据搜索。
-
-
-
-
-
-
-
-
-
搜索结果
204 条记录 (耗时 0.033 秒)
