-
公开(公告)号:US11921693B1
公开(公告)日:2024-03-05
申请号:US17305650
申请日:2021-07-12
申请人: Splunk Inc.
发明人: Itay Alfred Neeman , Glenn Block , Lin Ma , Mitch Blank , Vishal Patel
IPC分类号: G06F16/23 , G06F16/22 , G06F16/28 , G06F16/951
CPC分类号: G06F16/2322 , G06F16/22 , G06F16/282 , G06F16/951
摘要: A data intake and query system receives a message including raw machine via an internet protocol (IP) such as the hypertext transfer protocol (HTTP). The message includes a distinct payload portion and a distinct custom field portion. The payload portion includes raw machine data, while the custom field portion includes values for fields. An event that includes the raw machine data and the values is generated from the payload portion and the values are extracted from the custom field portion. The event is then stored such that the values are associated with the event.
-
公开(公告)号:US11914552B1
公开(公告)日:2024-02-27
申请号:US18160123
申请日:2023-01-26
申请人: Splunk Inc.
IPC分类号: G06F17/30 , G06F16/17 , G06F16/20 , G06F16/174
CPC分类号: G06F16/1734 , G06F16/174 , G06F16/20
摘要: Embodiments are directed towards managing and tracking item identification of a plurality of items to determine if an item is a new or existing item, where an existing item has been previously processed. In some embodiments, two or more item identifiers may be generated. In one embodiment, generating the two or more item identifiers may include analyzing the item using a small item size characteristic, a compressed item, or for an identifier collision. The two or more item identifiers may be employed to determine if the item is a new or existing item. In one embodiment, the two or more item identifiers may be compared to a record about an existing item to determine if the item is a new or existing item. If the item is an existing item, then the item may be further processed to determine if the existing item has actually changed.
-
公开(公告)号:US11580071B2
公开(公告)日:2023-02-14
申请号:US17080416
申请日:2020-10-26
申请人: SPLUNK INC.
IPC分类号: G06F17/30 , G06F16/17 , G06F16/20 , G06F16/174
摘要: Embodiments are directed towards managing and tracking item identification of a plurality of items to determine if an item is a new or existing item, where an existing item has been previously processed. In some embodiments, two or more item identifiers may be generated. In one embodiment, generating the two or more item identifiers may include analyzing the item using a small item size characteristic, a compressed item, or for an identifier collision. The two or more item identifiers may be employed to determine if the item is a new or existing item. In one embodiment, the two or more item identifiers may be compared to a record about an existing item to determine if the item is a new or existing item. If the item is an existing item, then the item may be further processed to determine if the existing item has actually changed.
-
公开(公告)号:US11055300B2
公开(公告)日:2021-07-06
申请号:US15339909
申请日:2016-10-31
申请人: Splunk Inc.
发明人: Steve Yu Zhang , Ledion Bitincka , Vishal Patel , David E. Simmen
IPC分类号: G06F16/248 , G06F16/22 , G06F16/25 , G06F16/28 , G06F16/901 , G06F16/951 , G06F16/242 , G06F16/2455 , G06F16/2458 , G06F16/835 , G06F16/9038 , G06F16/9535 , G06F16/903 , H04L29/08 , G06F3/0481 , H04L12/26 , G06T11/20
摘要: The disclosed embodiments include a method performed by a data intake and query system. The method includes receiving a real-time search query including search criteria, and receiving a stream of metrics, where each metric includes a measured value taken of a computing device. The method further includes filtering the metrics to obtain filtered metrics satisfying the search criteria, creating an in-memory summarization data structure based on the filtered metrics, communicating the summarization data to a search head, and providing search results including the summarization data, where the summarization data or data indicative of the summarization data is displayed on a display of a display device.
-
公开(公告)号:US20210042269A1
公开(公告)日:2021-02-11
申请号:US17080416
申请日:2020-10-26
申请人: SPLUNK INC.
IPC分类号: G06F16/17 , G06F16/20 , G06F16/174
摘要: Embodiments are directed towards managing and tracking item identification of a plurality of items to determine if an item is a new or existing item, where an existing item has been previously processed. In some embodiments, two or more item identifiers may be generated. In one embodiment, generating the two or more item identifiers may include analyzing the item using a small item size characteristic, a compressed item, or for an identifier collision. The two or more item identifiers may be employed to determine if the item is a new or existing item. In one embodiment, the two or more item identifiers may be compared to a record about an existing item to determine if the item is a new or existing item. If the item is an existing item, then the item may be further processed to determine if the existing item has actually changed.
-
公开(公告)号:US10268755B2
公开(公告)日:2019-04-23
申请号:US14700844
申请日:2015-04-30
申请人: Splunk Inc.
发明人: Vishal Patel , Jagannath Kerai , Hasan Alayli
IPC分类号: G06F17/30
摘要: The present disclosure is directed to providing dynamic indexer discovery. An index manager, which may also be known as a cluster master, is configured to track the statuses and capabilities of indexers and provide the statuses and capabilities obtained from the indexers to data collectors, such as forwarders. The data collectors may use the statuses and capabilities associated with the indexers to load balance transmission of data to the indexers. Dynamic indexer discovery may eliminate the need to manually reconfigure data collectors when the status of an indexer changes because the information may be obtained from the index manager without the need to reinitialize the data collectors.
-
公开(公告)号:US20190098071A1
公开(公告)日:2019-03-28
申请号:US16202990
申请日:2018-11-28
申请人: Splunk Inc.
发明人: Ledion Bitincka , Vishal Patel , Geoffrey Hendrey , Eric Woo
CPC分类号: H04L67/06 , H04L29/08072 , H04L41/0813 , H04L41/0843 , H04L41/0856 , H04L67/34 , H04L69/329
摘要: In a computer-implemented method for configuring a distributed computer system comprising a plurality of nodes of a plurality of node classes, configuration files for a plurality of nodes of each of the plurality of node classes are stored in a central repository. The configuration files include information representing a desired system state of the distributed computer system, and the distributed computer system operates to keep an actual system state of the distributed computer system consistent with the desired system state. The plurality of node classes includes forwarder nodes for receiving data from an input source, indexer nodes for indexing the data, and search head nodes for searching the data. Responsive to receiving changes to the configuration files, the changes are propagated to nodes of the plurality of nodes impacted by the changes based on a node class of the nodes impacted by the changes.
-
公开(公告)号:US10083190B2
公开(公告)日:2018-09-25
申请号:US14014059
申请日:2013-08-29
申请人: Splunk Inc.
IPC分类号: G06F17/30
CPC分类号: G06F16/21 , G06F16/1734
摘要: Embodiments are directed towards a dynamic change evaluation mechanism, whereby items having a detected possible change are scheduled for re-evaluation for possible changes at a higher frequency than items detected to not have previously changed, while those items detected as not to have changed are dynamically scheduled for re-evaluation based on an evaluation backlog that may be in turn based, in part, on a time from when an item is assigned an expiration time to when the item is evaluated. In one embodiment, a possibly changed item may be assigned a new expiration time independent of the evaluation backlog. In another embodiment, if no change is detected, then the item may be assigned a new expiration time as a function of a previous expiration time and on the evaluation backlog.
-
公开(公告)号:US09984129B2
公开(公告)日:2018-05-29
申请号:US14815974
申请日:2015-08-01
申请人: Splunk Inc.
CPC分类号: G06F17/30528 , G06F3/0617 , G06F3/065 , G06F3/067 , G06F11/20 , G06F11/2094 , G06F17/30241 , G06F17/30336 , G06F17/30575 , G06F17/30581 , G06F17/30867 , G06F17/3087 , H04L67/1097
摘要: Embodiments are directed towards managing within a cluster environment having a plurality of indexers for data storage using redundancy the data being managed using a generation identifier, such that a primary indexer is designated for a given generation of data. When a master device for the cluster fails, data may continue to be stored using redundancy, and data searches performed may still be performed.
-
公开(公告)号:US09767112B2
公开(公告)日:2017-09-19
申请号:US15224649
申请日:2016-07-31
申请人: Splunk Inc.
IPC分类号: G06F17/30
CPC分类号: G06F17/30144 , G06F17/3015 , G06F17/30286
摘要: Embodiments are directed towards managing and tracking item identification of a plurality of items to determine if an item is a new or existing item, where an existing item has been previously processed. In some embodiments, two or more item identifiers may be generated. In one embodiment, generating the two or more item identifiers may include analyzing the item using a small item size characteristic, a compressed item, or for an identifier collision. The two or more item identifiers may be employed to determine if the item is a new or existing item. In one embodiment, the two or more item identifiers may be compared to a record about an existing item to determine if the item is a new or existing item. If the item is an existing item, then the item may be further processed to determine if the existing item has actually changed.
-
-
-
-
-
-
-
-
-
搜索结果
70 条记录 (耗时 0.03 秒)
