公开(公告)号：US12093272B1

公开(公告)日：2024-09-17

申请号：US17661528

申请日：2022-04-29

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Nitilaksha Satyaveera Halakatti ,  Ningxuan He ,  Prem Kumar Jayaraj ,  Manuel Gregorio Martinez ,  Balaji Rao ,  Jianming Zhang ,  Steve Yu Zhang

IPC: G06F16/2458

CPC classification number: G06F16/2471

Abstract: A computing device can receive a query that identifies a set of data to be processed and determine that a portion of the set of data resides in an external data system. The query system can request data identifiers associated with data objects of the set of data from the external data system and communicate the data identifiers to a data queue. The computing device can instruct one or more search nodes to retrieve the identifiers from the data queue. The search nodes can use the data identifiers to retrieve data objects from the external data system and process the data objects according to instructions received from the computing device. The search nodes can provide results of the processing to the computing device.

公开(公告)号：US11893010B1

公开(公告)日：2024-02-06

申请号：US17734786

申请日：2022-05-02

Applicant: SPLUNK INC.

Inventor： Alice Emily Neels ,  Archana Sulochana Ganapathi ,  Marc Vincent Robichaud ,  Stephen Phillip Sorkin ,  Steve Yu Zhang

IPC: G06F16/242 ,  G06F16/27 ,  G06F16/245 ,  G06F16/248 ,  G06F16/9535 ,  G06F16/2457 ,  G06F40/186 ,  G06F3/0482

CPC classification number: G06F16/2425 ,  G06F3/0482 ,  G06F16/245 ,  G06F16/248 ,  G06F16/24575 ,  G06F16/27 ,  G06F16/9535 ,  G06F40/186

Abstract: Embodiments include generating data models that may give semantic meaning for unstructured or structured data that may include data generated and/or received by search engines, including a time series engine. A method includes generating a data model for data stored in a repository. Generating the data model includes generating an initial query string, executing the initial query string on the data, generating an initial result set based on the initial query string being executed on the data, determining one or more candidate fields from one or results of the initial result set, generating a candidate data model based on the one or more candidate fields, iteratively modifying the candidate data model until the candidate data model models the data, and using the candidate data model as the data model.

公开(公告)号：US11841853B2

公开(公告)日：2023-12-12

申请号：US17201338

申请日：2021-03-15

Applicant: SPLUNK Inc.

Inventor： Kristal Lyn Curtis ,  Archana Sulochana Ganapathi ,  Adam Oliner ,  Steve Yu Zhang

IPC: G06F16/24 ,  G06F16/242 ,  G06F16/25 ,  G06F16/31 ,  G06F16/907

CPC classification number: G06F16/2443 ,  G06F16/25 ,  G06F16/313 ,  G06F16/907

Abstract: Embodiments of the present invention are directed to identifying related data, in particular, data associated with different source types. In embodiments, a first source type related to a second source type associated with a search query is identified. Field set pairs are identified from a first data set associated with the first source type and a second data set associated with the second source type. Each field set pair can include one field set associated with the first source type and another field set associated with the second source type. For each field set pair, an extent of similarity is determined between the corresponding field sets. Based on the extent of similarities between the corresponding field sets, at least one pair of related field sets is identified. An indication of the at least one pair of related field sets is provided, for example, for presentation to a user.

公开(公告)号：US11188550B2

公开(公告)日：2021-11-30

申请号：US15339912

申请日：2016-10-31

Applicant: Splunk Inc.

Inventor： Thomas Allan Haggie ,  Clint Sharp ,  Alexander Douglas James ,  David Ryan Marquardt ,  Hailun Yan ,  Christopher Pride ,  Vishal Patel ,  Amrittpal Singh Bath ,  Pratiksha Shah ,  Murugan Kandaswamy ,  Steve Yu Zhang ,  Ledion Bitincka ,  David E. Simmen ,  Marc Andre Chene ,  Esguerra Ma Kharisma ,  Igor Stojanovski

IPC: G06F16/248 ,  G06F16/22 ,  G06F16/25 ,  G06F16/28 ,  G06F16/901 ,  G06F16/951 ,  G06F16/242 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/835 ,  G06F16/9038 ,  G06F16/9535 ,  G06F16/903 ,  H04L29/08 ,  G06F3/0481 ,  G06T11/20 ,  H04L12/26

Abstract: The disclosed embodiments include a method performed by a data intake and query system. The method includes ingesting each metric including at least one key value and a measured value taken of a computing resource, and storing each metric in an index of a metrics store, where the index defines at least one dimension populated with the at least one key value and a measure populated with the measured value. The method further includes cataloging metadata in a metrics catalog, where the metadata is related to the metrics stored in the metrics store, performing an analysis of metrics data included in the metrics store and/or the metrics catalog to obtain results, and causing display of the results or an indication of the results on a display device.

公开(公告)号：US11100172B2

公开(公告)日：2021-08-24

申请号：US16050616

申请日：2018-07-31

Applicant: SPLUNK INC.

Inventor： Kristal Lyn Curtis ,  Archana Sulochana Ganapathi ,  Adam Oliner ,  Steve Yu Zhang

IPC: G06F16/00 ,  G06F16/903 ,  G06F3/0482 ,  G06N5/02 ,  G06F16/907

Abstract: Embodiments of the present invention are directed to identifying and providing related data field sets. In one embodiment, a first portion of a graphical user interface (GUI) configured to receive a search query is displayed. The GUI enables user interaction to specify a source type in association with the search query. In accordance with a first source type specified in the search query, a first field set associated with the first source type is identified as related to a second field set associated with a second source type. A second portion of the GUI is displayed that includes a relationship indication that indicates the first field set associated with the first source type is related to the second field set associated with a second source type. Further, a third portion of the GUI is displayed that includes an explanation or recommendation associated with the relationship indication.

公开(公告)号：US20210200755A1

公开(公告)日：2021-07-01

申请号：US17201338

申请日：2021-03-15

Applicant: SPLUNK Inc.

Inventor： Kristal Lyn Curtis ,  Archana Sulochana Ganapathi ,  Adam Oliner ,  Steve Yu Zhang

IPC: G06F16/242 ,  G06F16/25 ,  G06F16/31 ,  G06F16/907

Abstract: Embodiments of the present invention are directed to identifying related data, in particular, data associated with different source types. In embodiments, a first source type related to a second source type associated with a search query is identified. Field set pairs are identified from a first data set associated with the first source type and a second data set associated with the second source type. Each field set pair can include one field set associated with the first source type and another field set associated with the second source type. For each field set pair, an extent of similarity is determined between the corresponding field sets. Based on the extent of similarities between the corresponding field sets, at least one pair of related field sets is identified. An indication of the at least one pair of related field sets is provided, for example, for presentation to a user.

公开(公告)号：US10685001B2

公开(公告)日：2020-06-16

申请号：US15967400

申请日：2018-04-30

Applicant: SPLUNK, INC.

Inventor： David Ryan Marquardt ,  Stephen Phillip Sorkin ,  Steve Yu Zhang

IPC: G06F16/00 ,  G06F16/22 ,  G06F16/248 ,  G06F16/28 ,  G06F16/951 ,  G06F16/2455 ,  G06F16/2453

Abstract: Embodiments are directed are towards the transparent summarization of events. Queries directed towards summarizing and reporting on event records may be received at a search head. Search heads may be associated with one more indexers containing event records. The search head may forward the query to the indexers the can resolve the query for concurrent execution. If a query is a collection query, indexers may generate summarization information based on event records located on the indexers. Event record fields included in the summarization information may be determined based on terms included in the collection query. If a query is a stats query, each indexer may generate a partial result set from previously generated summarization information, returning the partial result sets to the search head. Collection queries may be saved and scheduled to run and periodically update the summarization information.

公开(公告)号：US20200042626A1

公开(公告)日：2020-02-06

申请号：US16050487

申请日：2018-07-31

Applicant: SPLUNK INC.

Inventor： Kristal Lyn Curtis ,  Archana Sulochana Ganapathi ,  Adam Oliner ,  Steve Yu Zhang

IPC: G06F17/30

Abstract: Embodiments of the present invention are directed to identifying related data, in particular, data associated with different source types. In embodiments, a first source type related to a second source type associated with a search query is identified. Field set pairs are identified from a first data set associated with the first source type and a second data set associated with the second source type. Each field set pair can include one field set associated with the first source type and another field set associated with the second source type. For each field set pair, an extent of similarity is determined between the corresponding field sets. Based on the extent of similarities between the corresponding field sets, at least one pair of related field sets is identified. An indication of the at least one pair of related field sets is provided, for example, for presentation to a user.

公开(公告)号：US20190251092A1

公开(公告)日：2019-08-15

申请号：US16397429

申请日：2019-04-29

Applicant: SPLUNK INC.

Inventor： Steve Yu Zhang ,  Stephen Phillip Sorkin

IPC: G06F16/2457 ,  G06F16/9032 ,  H04L12/24 ,  G06F16/2455 ,  G06F16/9535 ,  G06F16/9038 ,  G06F16/2458 ,  G06F16/23 ,  G06F16/951 ,  G06F16/33 ,  G06F16/248 ,  G06F16/182 ,  G06F16/24 ,  G06F16/22 ,  H04L29/08

CPC classification number: G06F16/24578 ,  G06F16/182 ,  G06F16/22 ,  G06F16/2322 ,  G06F16/24 ,  G06F16/2455 ,  G06F16/24553 ,  G06F16/24554 ,  G06F16/24575 ,  G06F16/2471 ,  G06F16/2477 ,  G06F16/248 ,  G06F16/334 ,  G06F16/90328 ,  G06F16/9038 ,  G06F16/951 ,  G06F16/9535 ,  H04L41/0604 ,  H04L41/22 ,  H04L67/1097

Abstract: A method, system, and processor-readable storage medium are directed towards generating a report derived from data, such as event data, stored on a plurality of distributed nodes. In one embodiment the analysis is generated using a “divide and conquer” algorithm, such that each distributed node analyzes locally stored event data while an aggregating node combines these analysis results to generate the report. In one embodiment, each distributed node also transmits a list of event data references associated with the analysis result to the aggregating node. The aggregating node may then generate a global ordered list of data references based on the list of event data references received from each distributed node. Subsequently, in response to a user selection of a range of global event data, the report may dynamically retrieve event data from one or more distributed nodes for display according to the global order.

公开(公告)号：US20190251091A1

公开(公告)日：2019-08-15

申请号：US16396569

申请日：2019-04-26

Applicant: SPLUNK INC.

Inventor： Steve Yu Zhang ,  Stephen Phillip Sorkin

IPC: G06F16/2457 ,  G06F16/9032 ,  H04L12/24 ,  G06F16/2455 ,  G06F16/9535 ,  G06F16/9038 ,  G06F16/2458 ,  G06F16/23 ,  G06F16/951 ,  G06F16/33 ,  G06F16/248 ,  G06F16/182 ,  G06F16/24 ,  G06F16/22 ,  H04L29/08

CPC classification number: G06F16/24578 ,  G06F16/182 ,  G06F16/22 ,  G06F16/2322 ,  G06F16/24 ,  G06F16/2455 ,  G06F16/24553 ,  G06F16/24554 ,  G06F16/24575 ,  G06F16/2471 ,  G06F16/2477 ,  G06F16/248 ,  G06F16/334 ,  G06F16/90328 ,  G06F16/9038 ,  G06F16/951 ,  G06F16/9535 ,  H04L41/0604 ,  H04L41/22 ,  H04L67/1097

Abstract: A method, system, and processor-readable storage medium are directed towards generating a report derived from data, such as event data, stored on a plurality of distributed nodes. In one embodiment the analysis is generated using a “divide and conquer” algorithm, such that each distributed node analyzes locally stored event data while an aggregating node combines these analysis results to generate the report. In one embodiment, each distributed node also transmits a list of event data references associated with the analysis result to the aggregating node. The aggregating node may then generate a global ordered list of data references based on the list of event data references received from each distributed node. Subsequently, in response to a user selection of a range of global event data, the report may dynamically retrieve event data from one or more distributed nodes for display according to the global order.