公开(公告)号：US20200334309A1

公开(公告)日：2020-10-22

申请号：US16900628

申请日：2020-06-12

Applicant: SPLUNK INC.

Inventor： Hailun Yan ,  Ledion Bitincka ,  Kishore Reddy Ramasayam ,  Elizabeth Lin ,  David Ryan Marquardt

IPC: G06F16/9535 ,  G06F16/28 ,  G06F16/2455

Abstract: Embodiments of the present invention are directed to facilitating data model acceleration in association with an external data system. In accordance with aspects of the present disclosure, at a core engine, a search request associated with a data model is received. The data model generally designates one or more fields, from among a plurality of fields, that are of interest for subsequent searches. Thereafter, it is determined that an accelerated data model summary associated with the data model is stored at an external data system remote from the core engine that received the search request. The accelerated data model summary includes field values associated with the one or more fields designated in the data model. A search for the received search request is initiated using the accelerated data model summary at the external data. A set of search results relevant to the search request is obtained and provided to a user device for display to a user.

公开(公告)号：US10798148B2

公开(公告)日：2020-10-06

申请号：US16202990

申请日：2018-11-28

Applicant: SPLUNK INC.

Inventor： Ledion Bitincka ,  Vishal Patel ,  Geoffrey Hendrey ,  Eric Woo

IPC: G06F15/16 ,  H04L29/08 ,  H04L12/24

Abstract: In a computer-implemented method for configuring a distributed computer system comprising a plurality of nodes of a plurality of node classes, configuration files for a plurality of nodes of each of the plurality of node classes are stored in a central repository. The configuration files include information representing a desired system state of the distributed computer system, and the distributed computer system operates to keep an actual system state of the distributed computer system consistent with the desired system state. The plurality of node classes includes forwarder nodes for receiving data from an input source, indexer nodes for indexing the data, and search head nodes for searching the data. Responsive to receiving changes to the configuration files, the changes are propagated to nodes of the plurality of nodes impacted by the changes based on a node class of the nodes impacted by the changes.

公开(公告)号：US20190278868A9

公开(公告)日：2019-09-12

申请号：US15885629

申请日：2018-01-31

Applicant: SPLUNK INC.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F17/30

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing real-time search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.

公开(公告)号：US10255310B2

公开(公告)日：2019-04-09

申请号：US14530678

申请日：2014-10-31

Applicant: Splunk Inc.

Inventor： Stephen P. Sorkin ,  Steve Yu Zhang ,  Ledion Bitincka

IPC: G06F17/30

Abstract: A method and system for managing searches of a data set that is partitioned based on a plurality of events. A structure of a search query may be analyzed to determine if logical computational actions performed on the data set is reducible. Data in each partition is analyzed to determine if at least a portion of the data in the partition is reducible. In response to a subsequent or reoccurring search request, intermediate summaries of reducible data and reducible search computations may be aggregated for each partition. Next, a search result may be generated based on at least one of the aggregated intermediate summaries, the aggregated reducible search computations, and a query of adhoc non-reducible data arranged in at least one of the plurality of partitions for the data set.

公开(公告)号：US10152480B2

公开(公告)日：2018-12-11

申请号：US14611225

申请日：2015-01-31

Applicant: Splunk Inc.

Inventor： Clint Sharp ,  Petter Eriksson ,  Ledion Bitincka ,  Jason Szeto ,  Elizabeth Lin ,  Nima Haddadkaveh

IPC: G06F17/30

Abstract: Raw data in distributed servers is divided into groups of data called buckets containing raw data that have timestamps that fall within a specific time range. When a bucket becomes inactive a server can archive the bucket to an external storage system. The external storage system containing archived data may be specified in a search query. Archived data from the external storage system is obtained, processed, and a search performed on the processed archived data using the search query.

公开(公告)号：US10067944B2

公开(公告)日：2018-09-04

申请号：US15402119

申请日：2017-01-09

Applicant: Splunk, Inc.

Inventor： Ledion Bitincka ,  Alexandros Batsakis ,  Paul J. Lucas ,  Nicholas Robert Romito

IPC: G06F12/00 ,  G06F17/30 ,  G06F12/0873 ,  G06F12/0868 ,  G06F12/0866 ,  G06F12/0802 ,  G06F12/0871 ,  G06F12/0862 ,  G06F3/06

CPC classification number: G06F12/0875 ,  G06F16/172 ,  G06F16/951 ,  G06F16/9574 ,  G06F2212/1021 ,  G06F2212/45 ,  G06F2212/6024 ,  G06F2212/6026 ,  G06F2212/6028

Abstract: Embodiments are disclosed for performing cache aware searching. In response to a search query, a first bucket and a second bucket in remote storage for processing the search query. A determination is made that a first file in the first bucket is present in a cache when the search query is received. In response to the search query, a search is performed using the first file based on the determination that the first file is present in the cache when the search query is received, and the search is performed using a second file from the second bucket once the second file is stored in the cache.

公开(公告)号：US20180089290A1

公开(公告)日：2018-03-29

申请号：US15339912

申请日：2016-10-31

Applicant: Splunk Inc.

Inventor： Thomas Allan Haggie ,  Clint Sharp ,  Alexander Douglas James ,  David Ryan Marquardt ,  Hailun Yan ,  Christopher Pride ,  Vishal Patel ,  Amrittpal Singh Bath ,  Pratiksha Shah ,  Murugan Kandaswamy ,  Steve Yu Zhang ,  Ledion Bitincka ,  David E. Simmen ,  Marc Andre Chene ,  Esguerra Ma Kharisma ,  Igor Stojanovski

IPC: G06F17/30

CPC classification number: G06F16/248 ,  G06F3/0481 ,  G06F16/22 ,  G06F16/2228 ,  G06F16/2255 ,  G06F16/2425 ,  G06F16/2455 ,  G06F16/24568 ,  G06F16/2462 ,  G06F16/2477 ,  G06F16/25 ,  G06F16/285 ,  G06F16/8373 ,  G06F16/901 ,  G06F16/90335 ,  G06F16/9038 ,  G06F16/951 ,  G06F16/9535 ,  G06T11/206 ,  G06T2200/24 ,  H04L43/08 ,  H04L67/02 ,  H04L67/025

Abstract: The disclosed embodiments include a method performed by a data intake and query system. The method includes ingesting each metric including at least one key value and a measured value taken of a computing resource, and storing each metric in an index of a metrics store, where the index defines at least one dimension populated with the at least one key value and a measure populated with the measured value. The method further includes cataloging metadata in a metrics catalog, where the metadata is related to the metrics stored in the metrics store, performing an analysis of metrics data included in the metrics store and/or the metrics catalog to obtain results, and causing display of the results or an indication of the results on a display device.

公开(公告)号：US20160224570A1

公开(公告)日：2016-08-04

申请号：US14611225

申请日：2015-01-31

Applicant: Splunk Inc.

Inventor： Clint Sharp ,  Petter Eriksson ,  Ledion Bitincka ,  Jason Szeto ,  Elizabeth Lin ,  Nima Haddadkaveh

IPC: G06F17/30

CPC classification number: G06F17/30073 ,  G06F17/30336 ,  G06F17/30427

Abstract: Raw data in distributed servers is divided into groups of data called buckets containing raw data that have timestamps that fall within a specific time range. When a bucket becomes inactive a server can archive the bucket to an external storage system. The external storage system containing archived data may be specified in a search query. Archived data from the external storage system is obtained, processed, and a search performed on the processed archived data using the search query.

Abstract translation: 分布式服务器中的原始数据被划分为称为存储桶的数据组，其中包含具有落在特定时间范围内的时间戳的原始数据。 当桶变为不活动时，服务器可以将存储桶存储到外部存储系统。 可以在搜索查询中指定包含归档数据的外部存储系统。 获取，处理来自外部存储系统的存档数据，并使用搜索查询对已处理归档数据执行搜索。

公开(公告)号：US09177002B2

公开(公告)日：2015-11-03

申请号：US14168738

申请日：2014-01-30

Applicant: SPLUNK INC.

Inventor： Stephen Phillip Sorkin ,  Steve Yu Zhang ,  Ledion Bitincka

IPC: G06F17/30

CPC classification number: G06F17/30321 ,  G06F17/30424 ,  G06F17/30554 ,  G06F17/30584 ,  G06F17/30946

Abstract: A method and system for managing searches of a data set that is partitioned based on a plurality of events. A structure of a search query may be analyzed to determine if logical computational actions performed on the data set is reducible. Data in each partition is analyzed to determine if at least a portion of the data in the partition is reducible. In response to a subsequent or reoccurring search request, intermediate summaries of reducible data and reducible search computations may be aggregated for each partition. Next, a search result may be generated based on at least one of the aggregated intermediate summaries, the aggregated reducible search computations, and a query of adhoc non-reducible data arranged in at least one of the plurality of partitions for the data set.

Abstract translation: 一种用于管理基于多个事件划分的数据集的搜索的方法和系统。 可以分析搜索查询的结构以确定对数据集执行的逻辑计算动作是否可减少。 分析每个分区中的数据以确定分区中的数据的至少一部分是否可缩减。 响应于随后或重复出现的搜索请求，可以针对每个分区聚合可缩减数据和可缩减搜索计算的中间摘要。 接下来，可以基于聚合中间摘要，聚合可缩减搜索计算以及排列在用于数据集的多个分区中的至少一个分区中的adhoc不可还原数据的查询中的至少一个来生成搜索结果。

公开(公告)号：US11914562B1

公开(公告)日：2024-02-27

申请号：US18166326

申请日：2023-02-08

Applicant: SPLUNK INC.

Inventor： Ledion Bitincka ,  Stephen Phillip Sorkin ,  Steve Yu Zhang

IPC: G06F16/22 ,  G06F16/245 ,  G06F16/248 ,  G06F16/27 ,  G06F16/901

CPC classification number: G06F16/2228 ,  G06F16/245 ,  G06F16/248 ,  G06F16/278 ,  G06F16/901

Abstract: A method and system for managing searches of a data set that is partitioned based on a plurality of events. A structure of a search query may be analyzed to determine if logical computational actions performed on the data set is reducible. Data in each partition is analyzed to determine if at least a portion of the data in the partition is reducible. In response to a subsequent or reoccurring search request, intermediate summaries of reducible data and reducible search computations may be aggregated for each partition. Next, a search result may be generated based on at least one of the aggregated intermediate summaries, the aggregated reducible search computations, and a query of adhoc non-reducible data arranged in at least one of the plurality of partitions for the data set.