公开(公告)号：US20150058375A1

公开(公告)日：2015-02-26

申请号：US14530680

申请日：2014-10-31

Applicant: Splunk Inc.

Inventor： Steve Yu Zhang ,  Stephen P. Sorkin

IPC: G06F17/30 ,  H04L29/08

CPC classification number: G06F17/3053 ,  G06F17/30194 ,  G06F17/30312 ,  G06F17/30353 ,  G06F17/30386 ,  G06F17/30477 ,  G06F17/30483 ,  G06F17/30486 ,  G06F17/30528 ,  G06F17/30545 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/30675 ,  G06F17/30864 ,  G06F17/30867 ,  G06F17/30973 ,  G06F17/30991 ,  H04L41/0604 ,  H04L41/22 ,  H04L67/1097

Abstract: A method, system, and processor-readable storage medium are directed towards generating a report derived from data, such as event data, stored on a plurality of distributed nodes. In one embodiment the analysis is generated using a “divide and conquer” algorithm, such that each distributed node analyzes locally stored event data while an aggregating node combines these analysis results to generate the report. In one embodiment, each distributed node also transmits a list of event data references associated with the analysis result to the aggregating node. The aggregating node may then generate a global ordered list of data references based on the list of event data references received from each distributed node. Subsequently, in response to a user selection of a range of global event data, the report may dynamically retrieve event data from one or more distributed nodes for display according to the global order.

Abstract translation: 方法，系统和处理器可读存储介质被引导为生成从存储在多个分布式节点上的诸如事件数据的数据导出的报告。 在一个实施例中，使用“分割和征服”算法生成分析，使得每个分布式节点分析本地存储的事件数据，而聚合节点组合这些分析结果以生成报告。 在一个实施例中，每个分布式节点还将与分析结果相关联的事件数据引用的列表发送到聚合节点。 然后，聚合节点可以基于从每个分布式节点接收的事件数据参考的列表来生成数据引用的全局有序列表。 随后，响应于用户选择一系列全局事件数据，报告可以动态地从一个或多个分布式节点检索事件数据，以便根据全局顺序进行显示。

公开(公告)号：US20140366001A1

公开(公告)日：2014-12-11

申请号：US14305977

申请日：2014-06-16

Applicant: Splunk Inc.

Inventor： Itay A. Neeman

IPC: G06F9/45 ,  G06F9/44

CPC classification number: G06F8/434 ,  G06F8/54 ,  G06F8/70 ,  G06F8/71

Abstract: The disclosed embodiments relate to a system that facilitates developing applications in a component-based software development environment. This system provides an execution environment comprising instances of application components and a registry that maps names to instances of application components. Within the registry, each entry is associated with a list of notification dependencies that specifies component instances to be notified when the registry entry changes. Upon receiving a command to display notification dependencies for the registry, the system generates and displays a dependency graph containing nodes representing component instances and arrows between the nodes representing notification dependencies between the component instances. Upon receiving a command to display a timeline for with the registry, the system generates and displays a timeline representing events associated with the registry in chronological order.

Abstract translation: 所公开的实施例涉及有助于在基于组件的软件开发环境中开发应用的系统。 该系统提供包括应用程序组件的实例和将名称映射到应用程序组件实例的注册表的执行环境。 在注册表中，每个条目与通知依赖关系的列表相关联，该列表指定注册表项更改时要通知的组件实例。 当接收到显示注册表的通知依赖性的命令时，系统将生成并显示包含表示组件实例和节点之间的箭头的依赖图，表示组件实例之间的通知依赖关系。 在收到与注册表显示时间表的命令之后，系统按时间顺序生成和显示表示与注册表关联的事件的时间线。

公开(公告)号：US08904389B2

公开(公告)日：2014-12-02

申请号：US13874423

申请日：2013-04-30

Applicant: Splunk Inc.

Inventor： Brian Bingham ,  Tristan Fletcher

IPC: G06F9/455 ,  G06F9/46 ,  G06F15/173 ,  G09G5/22 ,  G06F15/177 ,  G06F11/32 ,  G06F11/34

CPC classification number: G06F9/45533 ,  G06F11/323 ,  G06F11/328 ,  G06F11/3409 ,  G06F2009/45591 ,  G06F2201/815

Abstract: Techniques promote monitoring of hypervisor systems by presenting dynamic representations of hypervisor architectures that include performance indicators. A reviewer can interact with the representation to progressively view select lower-level performance indicators. Higher level performance indicators can be determined based on tower level state assessments. A reviewer can also view historical performance metrics and indicators, which can aid in understanding which configuration changes or system usages may have led to sub-optimal performance.

Abstract translation: 技术通过呈现包含性能指标的虚拟机监控程序架构的动态表示来促进对管理程序系统的监视。 评论者可以与表示进行交互，以逐步查看选择的较低级别的绩效指标。 可以根据塔级状态评估来确定更高层次的绩效指标。 审阅者还可以查看历史绩效指标和指标，这有助于了解哪些配置更改或系统使用可能导致次优性能。

公开(公告)号：US20140344256A1

公开(公告)日：2014-11-20

申请号：US14449144

申请日：2014-07-31

Applicant: Splunk Inc.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F17/30

CPC classification number: G06F17/30864 ,  G06F17/30477 ,  G06F17/30516 ,  G06F17/30545 ,  G06F17/30979

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing real-time search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.

Abstract translation: 通过分析所接收的搜索请求来识别在搜索支持系统的计算机处接收的搜索请求，以识别请求参数并连接到在请求参数中引用的搜索支持系统的系统索引。 启动外部结果提供程序（ERP）进程，在搜索支持系统和搜索支持系统外部的数据源之间建立通信，为请求参数中引用的虚拟索引。 因此，ERP过程提供了搜索支持系统和外部数据源之间的接口，如第三方。 ERP流程可以以流模式运行（以最少的处理提供实时搜索结果）和/或报告模式（提供更大的延迟和处理范围的结果），并且可以在模式之间切换。 从连接的系统索引和引用的虚拟索引接收搜索请求结果。

公开(公告)号：US20140330815A1

公开(公告)日：2014-11-06

申请号：US14266832

申请日：2014-05-01

Applicant: Splunk Inc.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F17/30

CPC classification number: G06F17/30864 ,  G06F17/30477 ,  G06F17/30516 ,  G06F17/30545 ,  G06F17/30979

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing real-time search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.

Abstract translation: 通过分析所接收的搜索请求来识别在搜索支持系统的计算机处接收的搜索请求，以识别请求参数并连接到在请求参数中引用的搜索支持系统的系统索引。 启动外部结果提供程序（ERP）进程，在搜索支持系统和搜索支持系统外部的数据源之间建立通信，为请求参数中引用的虚拟索引。 因此，ERP过程提供了搜索支持系统和外部数据源之间的接口，如第三方。 ERP流程可以以流模式运行（以最少的处理提供实时搜索结果）和/或报告模式（提供更大的延迟和处理范围的结果），并且可以在模式之间切换。 从连接的系统索引和引用的虚拟索引接收搜索请求结果。

公开(公告)号：US20140324862A1

公开(公告)日：2014-10-30

申请号：US14167316

申请日：2014-01-29

Applicant: Splunk Inc.

Inventor： Brian BINGHAM ,  Tristan FLETCHER ,  Alok BHIDE

IPC: G06F17/30 ,  G06F9/455

CPC classification number: G06F16/26 ,  G06F9/45533 ,  G06F11/323 ,  G06F11/3409 ,  G06F2201/815

Abstract: Methods and computer-program products are provided for storing a set of performance measurements relating to performance of a component in an IT environment, and associating with the performance measurement a time at which the performance measurement was obtained for each performance measurement in the set of performance measurements. The methods and computer-program products include storing portions of log data produced by the IT environment, wherein each portion of log data has an associated time; providing a graphical user interface enabling selection of a time range; and receiving through the graphical user interface a selection of a time range. The methods and computer-program products further comprise retrieving one or more performance measurements, wherein each of the retrieved performance measurements has an associated time in the selected time range; retrieving one or more portions of log data, wherein each of the retrieved portions of log data has an associated time in the selected time range; displaying an indication of the retrieved performance measurements having their associated times in the selected time range; and displaying an indication of the retrieved portions of log data having their associated times in the selected time range.

Abstract translation: 提供了方法和计算机程序产品，用于存储与IT环境中的组件的性能有关的一组性能测量，并且在性能测量中与在该组性能中的每个性能测量获得性能测量的时间相关联 测量。 方法和计算机程序产品包括存储由IT环境产生的日志数据的部分，其中日志数据的每个部分具有相关联的时间; 提供能够选择时间范围的图形用户界面; 并通过图形用户界面接收时间范围的选择。 所述方法和计算机程序产品进一步包括检索一个或多个性能测量值，其中每个所检索的性能测量值在所选择的时间范围内具有相关联的时间; 检索日志数据的一个或多个部分，其中每个检索到的日志数据部分在所选择的时间范围内具有相关联的时间; 在所选择的时间范围内显示所检索的具有其相关联时间的性能测量的指示; 以及在所选择的时间范围内显示具有其相关联时间的日志数据的检索部分的指示。

公开(公告)号：US20140317111A1

公开(公告)日：2014-10-23

申请号：US14266838

申请日：2014-05-01

Applicant: Splunk Inc.

Inventor： Steve Yu Zhang ,  Stephen Phillip Sorkin

IPC: G06F17/30

CPC classification number: G06F17/3053 ,  G06F17/30194 ,  G06F17/30312 ,  G06F17/30353 ,  G06F17/30386 ,  G06F17/30477 ,  G06F17/30483 ,  G06F17/30486 ,  G06F17/30528 ,  G06F17/30545 ,  G06F17/30551 ,  G06F17/30554 ,  G06F17/30675 ,  G06F17/30864 ,  G06F17/30867 ,  G06F17/30973 ,  G06F17/30991 ,  H04L41/0604 ,  H04L41/22 ,  H04L67/1097

Abstract: A method, system, and processor-readable storage medium are directed towards generating a report derived from data, such as event data, stored on a plurality of distributed nodes. In one embodiment the analysis is generated using a “divide and conquer” algorithm, such that each distributed node analyzes locally stored event data while an aggregating node combines these analysis results to generate the report. In one embodiment, each distributed node also transmits a list of event data references associated with the analysis result to the aggregating node. The aggregating node may then generate a global ordered list of data references based on the list of event data references received from each distributed node. Subsequently, in response to a user selection of a range of global event data, the report may dynamically retrieve event data from one or more distributed nodes for display according to the global order.

Abstract translation: 方法，系统和处理器可读存储介质被引导为生成从存储在多个分布式节点上的诸如事件数据的数据导出的报告。 在一个实施例中，使用“分割和征服”算法生成分析，使得每个分布式节点分析本地存储的事件数据，而聚合节点组合这些分析结果以生成报告。 在一个实施例中，每个分布式节点还将与分析结果相关联的事件数据引用的列表发送到聚合节点。 然后，聚合节点可以基于从每个分布式节点接收的事件数据参考的列表来生成数据引用的全局有序列表。 随后，响应于用户选择一系列全局事件数据，报告可以动态地从一个或多个分布式节点检索事件数据，以便根据全局顺序进行显示。

公开(公告)号：US20140229490A1

公开(公告)日：2014-08-14

申请号：US14052563

申请日：2013-10-11

Applicant: Splunk Inc.

Inventor： Vishal Patel ,  Jimmy John ,  Stephen Phillip Sorkin ,  Johnathon Lee Cervelli ,  Mitchell Neuman Blank, JR. ,  Robin Kumar Das

IPC: G06F17/30

CPC classification number: G06F16/2272 ,  G06F21/121 ,  G06F2221/0775 ,  G06F2221/2101 ,  H04L2463/101

Abstract: The invention is directed towards enabling data volume and data type based licensing of software in a distributed system of a plurality of remote and/or local nodes. The invention enables measuring and optionally restricting the use of software based on one or more provided licenses that restrict the amount and type of data that may be processed by the software. New and older licenses may be added together for a single, bulk entitlement for a given volume of data processing for one or all types of data. Different users in the same enterprise may combine license entitlements too. Also, a new license can be acquired repeatedly, without requiring the issuance of combined licenses by the issuing authority and/or the revocation of prior licenses.

Abstract translation: 本发明旨在实现在多个远程和/或本地节点的分布式系统中的软件的基于数据量和数据类型的许可。 本发明能够测量和可选地限制基于限制软件可能处理的数据的数量和类型的一个或多个所提供的许可证的软件的使用。 新一代和更旧的许可证可以一起添加，用于针对一种或所有类型的数据的给定数据量处理的单个批量权利。 同一企业的不同用户也可以组合许可证授权。 此外，可以重复获得新的许可证，而不需要发证机构签发合并的许可证和/或撤销先前的许可证。

公开(公告)号：US08751499B1

公开(公告)日：2014-06-10

申请号：US13747153

申请日：2013-01-22

Applicant: Splunk Inc.

Inventor： R. David Carasso ,  Micah James Delfino

IPC: G06F17/30

CPC classification number: G06F17/30563 ,  G06F3/0482 ,  G06F3/04842 ,  G06F7/24 ,  G06F17/30601 ,  G06F17/30705

Abstract: Embodiments are directed towards generating a representative sampling as a subset from a larger dataset that includes unstructured data. A graphical user interface enables a user to provide various data selection parameters, including specifying a data source and one or more subset types desired, including one or more of latest records, earliest records, diverse records, outlier records, and/or random records. Diverse and/or outlier subset types may be obtained by generating clusters from an initial selection of records obtained from the larger dataset. An iteration analysis is performed to determine whether a sufficient number of clusters and/or cluster types have been generated that exceed at least one threshold and when not exceeded, additional clustering is performed on additional records. From the resultant clusters, and/or other subtype results, a subset of records is obtained as the representative sampling subset.

Abstract translation: 实施例旨在从包括非结构化数据的较大数据集生成代表性采样作为子集。 图形用户界面使得用户能够提供各种数据选择参数，包括指定数据源和期望的一个或多个子集类型，包括最新记录，最早记录，不同记录，离群记录和/或随机记录中的一个或多个。 可以通过从从较大数据集获得的记录的初始选择生成聚类来获得不同的和/或离群子集类型。 执行迭代分析以确定是否已经生成了超过至少一个阈值的足够数量的集群和/或集群类型，并且当不超过时，对附加记录执行附加集群。 从所得到的集群和/或其他子类型结果中，获得记录的子集作为代表性抽样子集。

公开(公告)号：US08738587B1

公开(公告)日：2014-05-27

申请号：US13951273

申请日：2013-07-25

Applicant: Splunk Inc.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F17/30

CPC classification number: G06F17/30864 ,  G06F17/30477 ,  G06F17/30516 ,  G06F17/30545 ,  G06F17/30979

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing real-time search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.

Abstract translation: 通过分析所接收的搜索请求来识别在搜索支持系统的计算机处接收的搜索请求，以识别请求参数并连接到在请求参数中引用的搜索支持系统的系统索引。 启动外部结果提供程序（ERP）进程，在搜索支持系统和搜索支持系统外部的数据源之间建立通信，为请求参数中引用的虚拟索引。 因此，ERP过程提供了搜索支持系统和外部数据源之间的接口，如第三方。 ERP流程可以以流模式运行（以最少的处理提供实时搜索结果）和/或报告模式（提供更大的延迟和处理范围的结果），并且可以在模式之间切换。 从连接的系统索引和引用的虚拟索引接收搜索请求结果。