公开(公告)号：US11416465B1

公开(公告)日：2022-08-16

申请号：US16513378

申请日：2019-07-16

Applicant: Splunk Inc.

Inventor： Tameem Anwar ,  Alexandros Batsakis ,  Sai Krishna Sajja ,  Igor Stojanovski ,  Eric Woo

IPC: G06F16/00 ,  G06F16/14 ,  G06F16/22 ,  G06F9/455 ,  G06F16/28

Abstract: Systems and methods are described for processing incoming data. The system can receive, from a first partition manager of a data intake and query system, first data that is associated with a first identifier, and can receive, from a second partition manager of the data intake and query system, second data that is associated with a second identifier. The system can process the first data and store first results of said processing the first data in one or more first buckets associated with the first tenant identifier. The system can process the second data and store second results of said processing the second data in one or more second buckets associated with the second tenant identifier.

公开(公告)号：US11334543B1

公开(公告)日：2022-05-17

申请号：US16657924

申请日：2019-10-18

Applicant: Splunk Inc.

Inventor： Tameem Anwar ,  Tianyi Gou ,  Alexandros Batsakis ,  Abhinav Prasad Nekkanti ,  Sai Krishna Sajja ,  Jiahan Wang

IPC: G06F16/22 ,  G06F16/14 ,  G06F16/16

Abstract: Systems and methods are disclosed for scalable bucket merging in a data intake and query system. Various components of a bucket manager can be used to monitor recently-created buckets of data in common storage that are associated with a particular tenant and a particular index, apply a comprehensive bucket merge policy to determine groups of buckets that qualify for merging, merge those group of buckets into merged buckets to be stored in the common storage, and update any information associated with the merged buckets and pre-merged buckets. These components may be shared across multiple tenants, and some of these components may be dynamically scalable based on need. This approach may also provide many additional benefits, including improved search performance from merged buckets, efficient resource utilization associated with discriminate merging, and redundancy in case of component failure.

公开(公告)号：US11222066B1

公开(公告)日：2022-01-11

申请号：US15967588

申请日：2018-04-30

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Sourav Pal ,  Sai Krishna ,  Igor Stojanovski ,  Tameem Anwar ,  Paul J. Lucas ,  Eric Woo ,  Steve Wong

IPC: G06F16/901 ,  G06F16/903 ,  G06F3/06 ,  G06F16/23 ,  G06F16/27

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives raw machine data at an indexing system, and stores at least a portion of the raw machine data in buckets using containerized indexing nodes instantiated in a containerized environment. The data intake and query system stores the buckets in a shared storage system.

公开(公告)号：US11157497B1

公开(公告)日：2021-10-26

申请号：US16513555

申请日：2019-07-16

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Scott Calvert ,  Alexander Douglas James ,  Bei Li ,  Ashish Mathew ,  James Monschke ,  Sogol Moshtaghi ,  Christopher Madden Pride ,  Xiaowei Wang

IPC: G06F16/00 ,  G06F16/2453

Abstract: Systems and methods are disclosed for dynamically assigning a search head or search nodes in a data intake and query system for a query received by the data intake and query system. Existing search heads and search nodes can periodically report their status to the data intake and query system, which can use that information to help determine the need to provision additional search heads and search nodes. The data intake and query system can receive a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system can use the status information for existing search heads and search nodes to dynamically assign a search head and search nodes for the query. Dynamically assigning the search head and search nodes in this manner may provide many benefits, including improved load balancing and resource utilization.

公开(公告)号：US20180336215A1

公开(公告)日：2018-11-22

申请号：US16049357

申请日：2018-07-30

Applicant: Splunk, Inc.

Inventor： Ledion Bitincka ,  Alexandros Batsakis ,  Paul J. Lucas ,  Nicholas Robert Romito

IPC: G06F17/30 ,  G06F12/0875 ,  G06F3/06 ,  G06F12/0802 ,  G06F12/0862 ,  G06F12/0866 ,  G06F12/0873 ,  G06F12/0871 ,  G06F12/0868

Abstract: Embodiments are disclosed for a prefetching method that may include copying, in response to a search query, a first bucket from a remote storage to a cache. The first bucket may include first data associated with the search query. The method may further include identifying a first file type associated with a first file in the first bucket. The first file may be associated with a usage status. The method may further include accessing, based on the search query, a second bucket from the remote storage. The second bucket may include second data associated with the search query. The method may further include identifying a second file in the second bucket having the first file type, and copying, in response to the usage status indicating that the first file was used in processing the search query, the second file from the remote storage to the cache.

公开(公告)号：US20240386053A1

公开(公告)日：2024-11-21

申请号：US18661319

申请日：2024-05-10

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Madden Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke ,  Sai Krishna Sajja ,  Igor Stojanovski ,  Tameem Anwar ,  Paul J. Lucas ,  Eric Woo ,  Steve Wong

IPC: G06F16/901 ,  G06F3/06 ,  G06F16/23 ,  G06F16/27 ,  G06F16/903

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives raw machine data at an indexing system, and stores at least a portion of the raw machine data in buckets using containerized indexing nodes instantiated in a containerized environment. The data intake and query system stores the buckets in a shared storage system.

公开(公告)号：US12105632B2

公开(公告)日：2024-10-01

申请号：US18313239

申请日：2023-05-05

Applicant: Splunk Inc.

Inventor： Ledion Bitincka ,  Alexandros Batsakis ,  Paul J. Lucas ,  Nicholas Robert Romito

IPC: G06F12/00 ,  G06F3/06 ,  G06F12/0802 ,  G06F12/0862 ,  G06F12/0866 ,  G06F12/0868 ,  G06F12/0871 ,  G06F12/0873 ,  G06F12/0875 ,  G06F16/14 ,  G06F16/172 ,  G06F16/951 ,  G06F16/957

CPC classification number: G06F12/0875 ,  G06F3/061 ,  G06F3/0611 ,  G06F12/0802 ,  G06F12/0862 ,  G06F12/0866 ,  G06F12/0868 ,  G06F12/0871 ,  G06F12/0873 ,  G06F16/148 ,  G06F16/172 ,  G06F16/951 ,  G06F16/9574 ,  G06F2212/1021 ,  G06F2212/45 ,  G06F2212/6024 ,  G06F2212/6026 ,  G06F2212/6028

Abstract: Embodiments are disclosed for performing cache aware searching. In response to a search query, a first bucket and a second bucket in remote storage for processing the search query. A determination is made that a first file in the first bucket is present in a cache when the search query is received. In response to the search query, a search is performed using the first file based on the determination that the first file is present in the cache when the search query is received, and the search is performed using a second file from the second bucket once the second file is stored in the cache.

公开(公告)号：US12019634B1

公开(公告)日：2024-06-25

申请号：US18123758

申请日：2023-03-20

Applicant: Splunk Inc.

Inventor： Tameem Anwar ,  Alexandros Batsakis ,  Tianyi Gou ,  Mehul Goyal ,  Ashish Mathew ,  Douglas Rapp ,  Sai Krishna Sajja ,  Anish Shrigondekar ,  Igor Stojanovski ,  Eric Woo ,  Zhenghui Xie ,  Ruochen Zhang ,  Sophia Rui Zhu

IPC: G06F16/00 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/248

CPC classification number: G06F16/24554 ,  G06F16/24552 ,  G06F16/2477 ,  G06F16/248

Abstract: A data intake and query system can manage the search of large amounts of data using one or more processing nodes. When a new processing node is added or becomes available, the node coordinator can reassign duties from one or more processing nodes to the new processing node. The node coordinator can initially assign the new processing node one or more groups of data for backup purposes. At a later time, the node coordinator can reassign the new processing node to the one or more groups of data for searching purposes.

公开(公告)号：US11874691B1

公开(公告)日：2024-01-16

申请号：US16000664

申请日：2018-06-05

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Ashish Mathew ,  Christopher Pride ,  Bharath Kishore Reddy Aleti ,  Sourav Pal ,  Arindam Bhattacharjee ,  James Monschke

IPC: G06F16/2453 ,  G06F16/22

CPC classification number: G06F16/24542 ,  G06F16/2272

Abstract: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system identifies buckets that are to be searched and search nodes to execute the query. The data intake and query system maps the identified buckets to the search nodes and executes the query using the identified bucket and search nodes.

公开(公告)号：US11841827B2

公开(公告)日：2023-12-12

申请号：US17163039

申请日：2021-01-29

Applicant: SPLUNK INC.

Inventor： Alexandros Batsakis ,  Ankit Jain ,  Manu Jose ,  Jonah Pan ,  Hailun Yan

IPC: G06F16/00 ,  G06F16/13 ,  G06F16/182

CPC classification number: G06F16/13 ,  G06F16/1824

Abstract: Embodiments described herein facilitate enhancement of data model acceleration, including generating data model summaries and performing searches in an accelerated manner. In one implementation, a set of events are indexed, each of the events having a corresponding index time representing a time at which the event was indexed in an indexer. Index time parameters including an index earliest time indicating a first index time at which to begin generating a data model summary and an index latest time indicating a second index time at which to complete generating the data model summary are obtained. Thereafter, a data model summary is generated. Such a data model summary summarizes events having corresponding index times between the index earliest time and the index latest time. The data model summary is provided to a remote data store that is separate from the indexer at which at least a portion of the events were indexed.