公开(公告)号：US20220171736A1

公开(公告)日：2022-06-02

申请号：US17669156

申请日：2022-02-10

Applicant: Splunk Inc.

Inventor： Qianjie Zhong ,  Ting Wang ,  Margaret Lee ,  Dawei Li ,  Nick Filippi ,  Yue Ni ,  Shiming Yuan

IPC: G06F16/11 ,  G06F16/16 ,  G06F16/245 ,  G06F16/2458 ,  G06F16/9535 ,  G06F16/2455 ,  G06F11/07 ,  G06F16/25 ,  G08B21/18

Abstract: An example method for managing datasets produced by alert-triggering search queries may include producing a dataset by executing a search query on a portion of data associated with a time window defined relative to a current time. The method may further include responsive to determining that a portion of the dataset satisfies a condition defining an alert, generating an instance of the alert. The method may further include associating, by a memory data structure, the instance of the alert with an identifier of the query and a parameter specifying a time of execution of the query that has triggered the instance. The method may further include receiving a request for the dataset portion. The method may further include substituting, in a definition of the time window, the current time with the time parameter. The method may further include reproducing the dataset portion by re-executing the query using the time window.

公开(公告)号：US11288231B2

公开(公告)日：2022-03-29

申请号：US16777357

申请日：2020-01-30

Applicant: Splunk Inc.

Inventor： Qianjie Zhong ,  Ting Wang ,  Margaret Lee ,  Dawei Li ,  Nick Filippi ,  Yue Ni ,  Shiming Yuan

IPC: G06F16/11 ,  G06F16/16 ,  G06F16/245 ,  G06F16/2458 ,  G06F16/9535 ,  G06F16/2455 ,  G06F11/07 ,  G06F16/25 ,  G08B21/18

Abstract: An example method for managing datasets produced by alert-triggering search queries may include producing a dataset by executing a search query on a portion of data associated with a time window defined relative to a current time. The method may further include responsive to determining that a portion of the dataset satisfies a condition defining an alert, generating an instance of the alert. The method may further include associating, by a memory data structure, the instance of the alert with an identifier of the query and a parameter specifying a time of execution of the query that has triggered the instance. The method may further include receiving a request for the dataset portion. The method may further include substituting, in a definition of the time window, the current time with the time parameter. The method may further include reproducing the dataset portion by re-executing the query using the time window.

公开(公告)号：US10585851B2

公开(公告)日：2020-03-10

申请号：US15461076

申请日：2017-03-16

Applicant: Splunk Inc.

Inventor： Qianjie Zhong ,  Ting Wang ,  Margaret Lee ,  Dawei Li ,  Nick Filippi ,  Yue Ni ,  Shiming Yuan

IPC: G06F16/11 ,  G06F16/16 ,  G06F16/245 ,  G06F16/2458 ,  G06F16/9535 ,  G06F16/2455 ,  G06F11/07 ,  G06F16/25 ,  G08B21/18

Abstract: An example method for managing datasets produced by alert-triggering search queries may include producing a dataset by executing a search query on a portion of data associated with a time window defined relative to a current time. The method may further include responsive to determining that a portion of the dataset satisfies a condition defining an alert, generating an instance of the alert. The method may further include associating, by a memory data structure, the instance of the alert with an identifier of the query and a parameter specifying a time of execution of the query that has triggered the instance. The method may further include receiving a request for the dataset portion. The method may further include substituting, in a definition of the time window, the current time with the time parameter. The method may further include reproducing the dataset portion by re-executing the query using the time window.

公开(公告)号：US12169471B2

公开(公告)日：2024-12-17

申请号：US17669156

申请日：2022-02-10

Applicant: Splunk Inc.

Inventor： Qianjie Zhong ,  Ting Wang ,  Margaret Lee ,  Dawei Li ,  Nick Filippi ,  Yue Ni ,  Shiming Yuan

IPC: G06F16/11 ,  G06F11/07 ,  G06F16/16 ,  G06F16/245 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/25 ,  G06F16/9535 ,  G08B21/18

Abstract: An example method for managing datasets produced by alert-triggering search queries may include producing a dataset by executing a search query on a portion of data associated with a time window defined relative to a current time. The method may further include responsive to determining that a portion of the dataset satisfies a condition defining an alert, generating an instance of the alert. The method may further include associating, by a memory data structure, the instance of the alert with an identifier of the query and a parameter specifying a time of execution of the query that has triggered the instance. The method may further include receiving a request for the dataset portion. The method may further include substituting, in a definition of the time window, the current time with the time parameter. The method may further include reproducing the dataset portion by re-executing the query using the time window.

公开(公告)号：US20170185607A1

公开(公告)日：2017-06-29

申请号：US15461076

申请日：2017-03-16

Applicant: Splunk Inc.

Inventor： Qianjie Zhong ,  Ting Wang ,  Margaret Lee ,  Dawei Li ,  Nick Filippi ,  Yue Ni ,  Shiming Yuan

IPC: G06F17/30

CPC classification number: G06F16/125 ,  G06F11/0727 ,  G06F11/0775 ,  G06F16/162 ,  G06F16/245 ,  G06F16/2455 ,  G06F16/24565 ,  G06F16/2477 ,  G06F16/254 ,  G06F16/9535 ,  G08B21/18

Abstract: An example method for managing datasets produced by alert-triggering search queries may include producing a dataset by executing a search query on a portion of data associated with a time window defined relative to a current time. The method may further include responsive to determining that a portion of the dataset satisfies a condition defining an alert, generating an instance of the alert. The method may further include associating, by a memory data structure, the instance of the alert with an identifier of the query and a parameter specifying a time of execution of the query that has triggered the instance. The method may further include receiving a request for the dataset portion. The method may further include substituting, in a definition of the time window, the current time with the time parameter. The method may further include reproducing the dataset portion by re-executing the query using the time window.

公开(公告)号：US20200167311A1

公开(公告)日：2020-05-28

申请号：US16777357

申请日：2020-01-30

Applicant: Splunk Inc.

Inventor： Qianjie Zhong ,  Ting Wang ,  Margaret Lee ,  Dawei Li ,  Nick Filippi ,  Yue Ni ,  Shiming Yuan

IPC: G06F16/11 ,  G08B21/18 ,  G06F16/2455 ,  G06F16/9535 ,  G06F16/2458 ,  G06F16/245 ,  G06F16/16 ,  G06F16/25 ,  G06F11/07

Abstract: An example method for managing datasets produced by alert-triggering search queries may include producing a dataset by executing a search query on a portion of data associated with a time window defined relative to a current time. The method may further include responsive to determining that a portion of the dataset satisfies a condition defining an alert, generating an instance of the alert. The method may further include associating, by a memory data structure, the instance of the alert with an identifier of the query and a parameter specifying a time of execution of the query that has triggered the instance. The method may further include receiving a request for the dataset portion. The method may further include substituting, in a definition of the time window, the current time with the time parameter. The method may further include reproducing the dataset portion by re-executing the query using the time window.

公开(公告)号：US20160147830A1

公开(公告)日：2016-05-26

申请号：US14396367

申请日：2014-07-09

Applicant: SPLUNK INC.

Inventor： Qianjie Zhong ,  Ting Wang ,  Margaret Lee ,  Dawei Li ,  Nick Filippi ,  Yue Ni ,  Shiming Yuan

IPC: G06F17/30 ,  G08B21/18

CPC classification number: G06F16/125 ,  G06F11/0727 ,  G06F11/0775 ,  G06F16/162 ,  G06F16/245 ,  G06F16/2455 ,  G06F16/24565 ,  G06F16/2477 ,  G06F16/254 ,  G06F16/9535 ,  G08B21/18

Abstract: Systems and methods for managing datasets produced by alert-triggering search queries in data aggregation and analysis systems. An example method may comprise: executing, by one or more processing devices, a search query on a portion of searchable data associated with a time window to produce a dataset comprising one or more results; responsive to determining that at least a portion of the dataset satisfies a triggering condition defining an alert associated with the search query, generating an instance of the alert; associating, by a memory data structure, the instance of the alert with an identifier of the search query and a time parameter specifying the time window; receiving, from a client computing device, a request for the portion of the dataset; and responsive to determining that the portion of the dataset is not stored in the memory in a manner associating it with the instance of the alert, reproducing the portion of the dataset by re-executing the search query in view of the time parameter.

Abstract translation: 用于管理在数据聚合和分析系统中由警报触发搜索查询产生的数据集的系统和方法。 示例性方法可以包括：由一个或多个处理设备执行与时间窗口相关联的可搜索数据的一部分上的搜索查询，以产生包括一个或多个结果的数据集; 响应于确定所述数据集的至少一部分满足定义与所述搜索查询相关联的警报的触发条件，生成所述警报的实例; 通过存储器数据结构将警报的实例与搜索查询的标识符和指定时间窗口的时间参数相关联; 从客户端计算设备接收对所述数据集的所述部分的请求; 并且响应于确定所述数据集的所述部分未以与所述警报的实例相关联的方式存储在所述存储器中，通过根据所述时间参数重新执行所述搜索查询来再现所述数据集的所述部分。