公开(公告)号：US20140214888A1

公开(公告)日：2014-07-31

申请号：US14170159

申请日：2014-01-31

Applicant: SPLUNK INC.

Inventor： David Ryan MARQUARDT ,  Stephen Phillip SORKIN ,  Steve Yu ZHANG

IPC: G06F17/30

CPC classification number: G06F17/30321 ,  G06F17/30 ,  G06F17/30457 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/30595 ,  G06F17/30864

Abstract: Embodiments are directed are towards the transparent summarization of events. Queries directed towards summarizing and reporting on event records may be received at a search head. Search heads may be associated with one more indexers containing event records. The search head may forward the query to the indexers the can resolve the query for concurrent execution. If a query is a collection query, indexers may generate summarization information based on event records located on the indexers. Event record fields included in the summarization information may be determined based on terms included in the collection query. If a query is a stats query, each indexer may generate a partial result set from previously generated summarization information, returning the partial result sets to the search head. Collection queries may be saved and scheduled to run and periodically update the summarization information.

Abstract translation: 实施例针对事件的透明总结。 可以在搜索头收到针对事件记录的总结和报告的查询。 搜索头可能与一个包含事件记录的索引器相关联。 搜索头可以将查询转发给索引器，可以解析用于并发执行的查询。 如果查询是集合查询，则索引器可以基于位于索引器上的事件记录生成摘要信息。 包含在汇总信息中的事件记录字段可以基于收集查询中包含的项来确定。 如果查询是统计查询，则每个索引器可以从先前生成的摘要信息生成部分结果集，将部分结果集返回到搜索头。 收集查询可以保存并计划运行，并定期更新摘要信息。