公开(公告)号：US20220156267A1

公开(公告)日：2022-05-19

申请号：US17586590

申请日：2022-01-27

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  Scott Calvert ,  Manu Jose ,  Andrew Peters ,  Christopher Madden Pride ,  Arun Ramani

IPC: G06F16/2457 ,  G06F16/907 ,  G06F16/2455 ,  G06F40/30

Abstract: Systems and methods are disclosed for annotating a metadata catalog in a data intake and query system based on a query received by the data intake and query system. The metadata catalog can store information about datasets associated with the data intake and query system, including dataset configuration records of the datasets, which can be used to process queries for execution by the data intake and query system. The data intake and query system can receive a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system can parse the query to identify datasets and/or data fields associated with the query. Based on the identified datasets and/or fields, the data intake and query system can generate one or more annotations, and use the annotations to update the metadata catalog.

公开(公告)号：US20220121689A1

公开(公告)日：2022-04-21

申请号：US17072833

申请日：2020-10-16

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  Shyam Mundhra ,  Manikandan Vellore Muneeswaran ,  Arun Ramani ,  Thor Taylor ,  Steve Zhang

IPC: G06F16/28 ,  G06F16/2455 ,  G06F16/2453 ,  G06F9/30

Abstract: Systems and methods for rule-based data stream processing by data collection, indexing, and visualization systems. An example method includes: receiving, by the computer system, an input data stream comprising raw machine data; processing the raw machine data by a data processing pipeline that produces transformed machine data, wherein the data processing pipeline comprises an ordered plurality of pipeline stages, wherein a pipeline stage of the ordered plurality of pipeline stages applies a rule of a set of rules to an input of the pipeline stage, wherein the rule specifies an action to be performed on the input of the pipeline stage responsive to evaluating a conditional expression applied to the input of the pipeline stage, wherein the action generates an output of the pipeline stage, and wherein the rule is selected based on a source type associated with the input data stream; and supplying the transformed machine data to a data collection, indexing, and visualization system.

公开(公告)号：US11238049B1

公开(公告)日：2022-02-01

申请号：US16264019

申请日：2019-01-31

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  Scott Calvert ,  Manu Jose ,  Andrew Peters ,  Christopher Madden Pride ,  Arun Ramani

IPC: G06F16/00 ,  G06F16/2457 ,  G06F16/907 ,  G06F16/2455 ,  G06F40/30

Abstract: Systems and methods are disclosed for annotating a metadata catalog in a data intake and query system based on a query received by the data intake and query system. The metadata catalog can store information about datasets associated with the data intake and query system, including dataset configuration records of the datasets, which can be used to process queries for execution by the data intake and query system. The data intake and query system can receive a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system can parse the query to identify datasets and/or data fields associated with the query. Based on the identified datasets and/or fields, the data intake and query system can generate one or more annotations, and use the annotations to update the metadata catalog.

公开(公告)号：US20220004557A1

公开(公告)日：2022-01-06

申请号：US17236925

申请日：2021-04-21

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  Joseph Gabriel Echeverria ,  Eric Sammer

IPC: G06F16/2455 ,  G06F16/2453 ,  G06F16/901 ,  G06F16/903

Abstract: Operational machine components of an information technology (IT) or other microprocessor- or microcontroller-permeated environment generate disparate forms of machine data. Network connections are established between these components and processors of data intake and query system (DIQS). The DIQS conducts network transactions on a periodic and/or continuous basis with the machine components to receive disparate data and ingest certain of the data as entries of a data store that is searchable for DIQS query processing. The DIQS may receive queries to process against the received and ingested data via an exposed network interface. In one example embodiment, the DIQS receives a query identifying data to be processed, dynamically generates a query processing scheme based on the state of the data to be processed, such as streaming or at rest, and dynamically communicates the query processing scheme to a query executor based on the state of the data to be processed.

公开(公告)号：US11188550B2

公开(公告)日：2021-11-30

申请号：US15339912

申请日：2016-10-31

Applicant: Splunk Inc.

Inventor： Thomas Allan Haggie ,  Clint Sharp ,  Alexander Douglas James ,  David Ryan Marquardt ,  Hailun Yan ,  Christopher Pride ,  Vishal Patel ,  Amrittpal Singh Bath ,  Pratiksha Shah ,  Murugan Kandaswamy ,  Steve Yu Zhang ,  Ledion Bitincka ,  David E. Simmen ,  Marc Andre Chene ,  Esguerra Ma Kharisma ,  Igor Stojanovski

IPC: G06F16/248 ,  G06F16/22 ,  G06F16/25 ,  G06F16/28 ,  G06F16/901 ,  G06F16/951 ,  G06F16/242 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/835 ,  G06F16/9038 ,  G06F16/9535 ,  G06F16/903 ,  H04L29/08 ,  G06F3/0481 ,  G06T11/20 ,  H04L12/26

Abstract: The disclosed embodiments include a method performed by a data intake and query system. The method includes ingesting each metric including at least one key value and a measured value taken of a computing resource, and storing each metric in an index of a metrics store, where the index defines at least one dimension populated with the at least one key value and a measure populated with the measured value. The method further includes cataloging metadata in a metrics catalog, where the metadata is related to the metrics stored in the metrics store, performing an analysis of metrics data included in the metrics store and/or the metrics catalog to obtain results, and causing display of the results or an indication of the results on a display device.

公开(公告)号：US11157497B1

公开(公告)日：2021-10-26

申请号：US16513555

申请日：2019-07-16

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Scott Calvert ,  Alexander Douglas James ,  Bei Li ,  Ashish Mathew ,  James Monschke ,  Sogol Moshtaghi ,  Christopher Madden Pride ,  Xiaowei Wang

IPC: G06F16/00 ,  G06F16/2453

Abstract: Systems and methods are disclosed for dynamically assigning a search head or search nodes in a data intake and query system for a query received by the data intake and query system. Existing search heads and search nodes can periodically report their status to the data intake and query system, which can use that information to help determine the need to provision additional search heads and search nodes. The data intake and query system can receive a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system can use the status information for existing search heads and search nodes to dynamically assign a search head and search nodes for the query. Dynamically assigning the search head and search nodes in this manner may provide many benefits, including improved load balancing and resource utilization.

公开(公告)号：US11093564B1

公开(公告)日：2021-08-17

申请号：US16147129

申请日：2018-09-28

Applicant: Splunk Inc.

Inventor： Alexander Douglas James ,  Manu Jose ,  Sourav Pal ,  Christopher Madden Pride ,  Nicholas Robert Romito ,  Igor Braylovskiy ,  Arun Ramani ,  Ankit Jain

IPC: G06F16/00 ,  G06F16/9535 ,  G06F9/54 ,  G06F16/242 ,  G06F40/205

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system parses the query and uses a metadata catalog to dynamically identify configuration parameters of datasets and/or rules associated with the query. The identified configuration parameters are communicated to a query processing component of the data intake and query system for use in executing the query.

公开(公告)号：US20200257691A1

公开(公告)日：2020-08-13

申请号：US16851979

申请日：2020-04-17

Applicant: Splunk Inc.

Inventor： Arindam Bhattacharjee ,  Sourav Pal ,  Alexander Douglas James

IPC: G06F16/2455 ,  G06F16/13 ,  G06F16/23 ,  G06F16/242 ,  G06F16/903 ,  G06F16/901

Abstract: Systems and methods are disclosed for generating a distributed execution model with untrusted commands. The system can receive a query, and process the query to identify the untrusted commands. The system can use data associated with the untrusted command to identify one or more files associated with the untrusted command. Based on the files, the system can generate a data structure and include one or more identifiers associated with the data structure in the distributed execution model. The system can distribute the distributed execution model to one or more nodes in a distributed computing environment for execution.

公开(公告)号：US10509784B2

公开(公告)日：2019-12-17

申请号：US15582519

申请日：2017-04-28

Applicant: Splunk, Inc.

Inventor： Alexander Douglas James ,  David Ryan Marquardt ,  Karthikeyan Sabhanatarajan

IPC: G06F16/2453

Abstract: A method includes receiving an initial pipeline including a sequence of commands for execution on a computing system, and obtaining, for each command in the sequence of commands, semantic information. The sequence of commands includes a command with incomplete semantic information. The method further includes generating an abstract semantic tree (AST) with the semantic information and a placeholder for the incomplete semantic information, and manipulating the AST to generate a revised AST. The revised AST corresponds to a revised pipeline that reduces an execution time on the computing system. The method further includes executing the revised pipeline.

公开(公告)号：US20180089287A1

公开(公告)日：2018-03-29

申请号：US15339894

申请日：2016-10-31

Applicant: Splunk Inc.

Inventor： Thomas Allan Haggie ,  Clint Sharp ,  Alexander Douglas James ,  David Ryan Marquardt

IPC: G06F17/30

CPC classification number: G06F16/248 ,  G06F3/0481 ,  G06F16/22 ,  G06F16/2228 ,  G06F16/2255 ,  G06F16/2425 ,  G06F16/2455 ,  G06F16/24568 ,  G06F16/2462 ,  G06F16/2477 ,  G06F16/25 ,  G06F16/285 ,  G06F16/8373 ,  G06F16/901 ,  G06F16/90335 ,  G06F16/9038 ,  G06F16/951 ,  G06F16/9535 ,  G06T11/206 ,  G06T2200/24 ,  H04L43/08 ,  H04L67/02 ,  H04L67/025

Abstract: The disclosed embodiments include a method performed by a data intake and query system. The method includes populating each metric including a measure value, cataloging metadata in an in-memory metrics catalog, where the metadata is related to the metrics. The method further includes receiving a search query including search criteria, evaluating the search query by applying the search criteria to the metadata of the metrics catalog to obtain results that satisfy the search criteria, and causing display, on a display device, of the results or data indicative of the results.