公开(公告)号：US11604779B1

公开(公告)日：2023-03-14

申请号：US17316444

申请日：2021-05-10

Applicant: Splunk Inc.

Inventor： Ledion Bitincka ,  Stephen Phillip Sorkin ,  Steve Yu Zhang

IPC: G06F16/22 ,  G06F16/245 ,  G06F16/248 ,  G06F16/27 ,  G06F16/901

Abstract: A method and system for managing searches of a data set that is partitioned based on a plurality of events. A structure of a search query may be analyzed to determine if logical computational actions performed on the data set is reducible. Data in each partition is analyzed to determine if at least a portion of the data in the partition is reducible. In response to a subsequent or reoccurring search request, intermediate summaries of reducible data and reducible search computations may be aggregated for each partition. Next, a search result may be generated based on at least one of the aggregated intermediate summaries, the aggregated reducible search computations, and a query of adhoc non-reducible data arranged in at least one of the plurality of partitions for the data set.

公开(公告)号：US11263140B2

公开(公告)日：2022-03-01

申请号：US16888320

申请日：2020-05-29

Applicant: Splunk Inc.

Inventor： Ledion Bitincka ,  Alexandros Batsakis ,  Paul J. Lucas ,  Nicholas Robert Romito

IPC: G06F12/00 ,  G06F12/0875 ,  G06F16/172 ,  G06F16/951 ,  G06F16/957 ,  G06F3/06 ,  G06F12/0802 ,  G06F16/14 ,  G06F12/0862 ,  G06F12/0866 ,  G06F12/0868 ,  G06F12/0871 ,  G06F12/0873

Abstract: Embodiments are disclosed for performing cache aware searching. In response to a search query, a first bucket and a second bucket in remote storage for processing the search query. A determination is made that a first file in the first bucket is present in a cache when the search query is received. In response to the search query, a search is performed using the first file based on the determination that the first file is present in the cache when the search query is received, and the search is performed using a second file from the second bucket once the second file is stored in the cache.

公开(公告)号：US11144608B2

公开(公告)日：2021-10-12

申请号：US16900628

申请日：2020-06-12

Applicant: SPLUNK INC.

Inventor： Hailun Yan ,  Ledion Bitincka ,  Kishore Reddy Ramasayam ,  Elizabeth Lin ,  David Ryan Marquardt

IPC: G06F16/9535 ,  G06F16/28 ,  G06F16/2455

Abstract: Embodiments of the present invention are directed to facilitating data model acceleration in association with an external data system. In accordance with aspects of the present disclosure, at a core engine, a search request associated with a data model is received. The data model generally designates one or more fields, from among a plurality of fields, that are of interest for subsequent searches. Thereafter, it is determined that an accelerated data model summary associated with the data model is stored at an external data system remote from the core engine that received the search request. The accelerated data model summary includes field values associated with the one or more fields designated in the data model. A search for the received search request is initiated using the accelerated data model summary at the external data. A set of search results relevant to the search request is obtained and provided to a user device for display to a user.

公开(公告)号：US11055300B2

公开(公告)日：2021-07-06

申请号：US15339909

申请日：2016-10-31

Applicant: Splunk Inc.

Inventor： Steve Yu Zhang ,  Ledion Bitincka ,  Vishal Patel ,  David E. Simmen

IPC: G06F16/248 ,  G06F16/22 ,  G06F16/25 ,  G06F16/28 ,  G06F16/901 ,  G06F16/951 ,  G06F16/242 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/835 ,  G06F16/9038 ,  G06F16/9535 ,  G06F16/903 ,  H04L29/08 ,  G06F3/0481 ,  H04L12/26 ,  G06T11/20

Abstract: The disclosed embodiments include a method performed by a data intake and query system. The method includes receiving a real-time search query including search criteria, and receiving a stream of metrics, where each metric includes a measured value taken of a computing device. The method further includes filtering the metrics to obtain filtered metrics satisfying the search criteria, creating an in-memory summarization data structure based on the filtered metrics, communicating the summarization data to a search head, and providing search results including the summarization data, where the summarization data or data indicative of the summarization data is displayed on a display of a display device.

公开(公告)号：US10860665B2

公开(公告)日：2020-12-08

申请号：US16032890

申请日：2018-07-11

Applicant: SPLUNK INC.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F16/30 ,  G06F16/951 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/903

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing realtime search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.

公开(公告)号：US10860596B2

公开(公告)日：2020-12-08

申请号：US15885521

申请日：2018-01-31

Applicant: SPLUNK INC.

Inventor： Elizabeth Lin ,  Nils Petter Eriksson ,  Ledion Bitincka

IPC: G06F16/30 ,  G06F16/2458

Abstract: In embodiments, a computer-implemented method may entail receiving a search request. A first data store and a second data store, that contains data archived from the first data store, may be identified. Data from the first data store may remain available in the first data store for a limited period of time once archived to the second data store. The first data store storing data in a first format and the second data store storing data in a second format, the first format and the second format being different from one another. Determining that a subset of data that has been archived into the second data store and is to be searched as part of the search request is still available from the first data store, and executing the search request on the subset of data utilizing the first data store. Additional embodiments are described and/or claimed.

公开(公告)号：US10719493B2

公开(公告)日：2020-07-21

申请号：US16155746

申请日：2018-10-09

Applicant: Splunk Inc.

Inventor： Stephen Phillip Sorkin ,  Steve Yu Zhang ,  Ledion Bitincka

IPC: G06F16/22 ,  G06F16/245 ,  G06F16/248 ,  G06F16/27 ,  G06F16/901

Abstract: A method and system for managing searches of a data set that is partitioned based on a plurality of events. A structure of a search query may be analyzed to determine if logical computational actions performed on the data set is reducible. Data in each partition is analyzed to determine if at least a portion of the data in the partition is reducible. In response to a subsequent or reoccurring search request, intermediate summaries of reducible data and reducible search computations may be aggregated for each partition. Next, a search result may be generated based on at least one of the aggregated intermediate summaries, the aggregated reducible search computations, and a query of adhoc non-reducible data arranged in at least one of the plurality of partitions for the data set.

公开(公告)号：US10713314B2

公开(公告)日：2020-07-14

申请号：US15011361

申请日：2016-01-29

Applicant: Splunk Inc.

Inventor： Hailun Yan ,  Ledion Bitincka ,  Kishore Reddy Ramasayam ,  Elizabeth Lin ,  David Ryan Marquardt

IPC: G06F16/9535 ,  G06F16/28 ,  G06F16/2455

Abstract: Embodiments are directed to facilitating data model acceleration in association with an external data system. In some embodiments, at a core engine, a search request associated with a data model is received. The data model generally designates one or more fields, from among a plurality of fields of interest for subsequent searches. Thereafter, it is determined that an accelerated data model summary associated with the data model is stored at an external data system remote from the core engine that received the search request. The accelerated data model summary includes field values associated with the one or more fields designated in the data model. A search for the received search request is initiated using the accelerated data model summary at the external data. A set of search results relevant to the search request is obtained and provided to a user device for display to a user.

公开(公告)号：US20190098071A1

公开(公告)日：2019-03-28

申请号：US16202990

申请日：2018-11-28

Applicant: Splunk Inc.

Inventor： Ledion Bitincka ,  Vishal Patel ,  Geoffrey Hendrey ,  Eric Woo

IPC: H04L29/08 ,  H04L12/24

CPC classification number: H04L67/06 ,  H04L29/08072 ,  H04L41/0813 ,  H04L41/0843 ,  H04L41/0856 ,  H04L67/34 ,  H04L69/329

Abstract: In a computer-implemented method for configuring a distributed computer system comprising a plurality of nodes of a plurality of node classes, configuration files for a plurality of nodes of each of the plurality of node classes are stored in a central repository. The configuration files include information representing a desired system state of the distributed computer system, and the distributed computer system operates to keep an actual system state of the distributed computer system consistent with the desired system state. The plurality of node classes includes forwarder nodes for receiving data from an input source, indexer nodes for indexing the data, and search head nodes for searching the data. Responsive to receiving changes to the configuration files, the changes are propagated to nodes of the plurality of nodes impacted by the changes based on a node class of the nodes impacted by the changes.

公开(公告)号：US10049160B2

公开(公告)日：2018-08-14

申请号：US14266832

申请日：2014-05-01

Applicant: Splunk Inc.

Inventor： Ledion Bitincka ,  Steve Zhang ,  Igor Stojanovski ,  Stephen Sorkin

IPC: G06F17/30

Abstract: A search request received at a computer of a search support system is processed by analyzing the received search request to identify request parameters and connecting to a system index of the search support system that is referenced in the request parameters. An external result provider (ERP) process is initiated that establishes communication between the search support system and a data source external to the search support system, for a virtual index referenced in the request parameters. Thus, the ERP process provides an interface between the search support system and external data sources, such as by third parties. The ERP process can operate in a streaming mode (providing real-time search results with minimal processing) and/or a reporting mode (providing results with a greater delay and processing extent) and can switch between modes. The search request results are received from the connected system indexes and the referenced virtual indexes.