公开(公告)号：US20250103604A1

公开(公告)日：2025-03-27

申请号：US18748595

申请日：2024-06-20

Applicant: Splunk Inc.

Inventor： Alexandros Batsakis ,  Nitilaksha Satyaveera Halakatti ,  Ningxuan He ,  Prem Kumar Jayaraj ,  Manuel Gregorio Martinez ,  Balaji Rao ,  Jianming Zhang ,  Steve Yu Zhang

IPC: G06F16/2458

Abstract: A computing device can receive a query that identifies a set of data to be processed and determine that a portion of the set of data resides in an external data system. The query system can request data identifiers associated with data objects of the set of data from the external data system and communicate the data identifiers to a data queue. The computing device can instruct one or more search nodes to retrieve the identifiers from the data queue. The search nodes can use the data identifiers to retrieve data objects from the external data system and process the data objects according to instructions received from the computing device. The search nodes can provide results of the processing to the computing device.

公开(公告)号：US11176146B2

公开(公告)日：2021-11-16

申请号：US16396569

申请日：2019-04-26

Applicant: SPLUNK INC.

Inventor： Steve Yu Zhang ,  Stephen Phillip Sorkin

IPC: G06F16/00 ,  G06F16/2457 ,  G06F16/22 ,  G06F16/24 ,  G06F16/182 ,  G06F16/248 ,  G06F16/33 ,  G06F16/951 ,  G06F16/23 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/9038 ,  G06F16/9535 ,  G06F16/9032 ,  H04L12/24 ,  H04L29/08

Abstract: A method, system, and processor-readable storage medium are directed towards generating a report derived from data, such as event data, stored on a plurality of distributed nodes. In one embodiment the analysis is generated using a “divide and conquer” algorithm, such that each distributed node analyzes locally stored event data while an aggregating node combines these analysis results to generate the report. In one embodiment, each distributed node also transmits a list of event data references associated with the analysis result to the aggregating node. The aggregating node may then generate a global ordered list of data references based on the list of event data references received from each distributed node. Subsequently, in response to a user selection of a range of global event data, the report may dynamically retrieve event data from one or more distributed nodes for display according to the global order.

公开(公告)号：US10860591B2

公开(公告)日：2020-12-08

申请号：US16193781

申请日：2018-11-16

Applicant: Splunk Inc.

Inventor： Steve Yu Zhang ,  Stephen P. Sorkin

IPC: G06F16/2457 ,  G06F16/22 ,  G06F16/24 ,  G06F16/182 ,  G06F16/248 ,  G06F16/33 ,  G06F16/951 ,  G06F16/23 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/9038 ,  G06F16/9535 ,  G06F16/9032 ,  H04L12/24 ,  H04L29/08

Abstract: A method, system, and processor-readable storage medium are directed towards generating a report derived from data, such as event data, stored on a plurality of distributed nodes. In one embodiment the analysis is generated using a “divide and conquer” algorithm, such that each distributed node analyzes locally stored event data while an aggregating node combines these analysis results to generate the report. In one embodiment, each distributed node also transmits a list of event data references associated with the analysis result to the aggregating node. The aggregating node may then generate a global ordered list of data references based on the list of event data references received from each distributed node. Subsequently, in response to a user selection of a range of global event data, the report may dynamically retrieve event data from one or more distributed nodes for display according to the global order.

公开(公告)号：US20190317943A1

公开(公告)日：2019-10-17

申请号：US16455193

申请日：2019-06-27

Applicant: SPLUNK INC.

Inventor： Steve Yu Zhang ,  Stephen Phillip Sorkin

IPC: G06F16/2457 ,  G06F16/9032 ,  H04L12/24 ,  G06F16/2455 ,  G06F16/9535 ,  G06F16/9038 ,  G06F16/2458 ,  G06F16/23 ,  G06F16/951 ,  G06F16/33 ,  G06F16/248 ,  G06F16/182 ,  G06F16/24 ,  G06F16/22 ,  H04L29/08

Abstract: A method, system, and processor-readable storage medium are directed towards generating a report derived from data, such as event data, stored on a plurality of distributed nodes. In one embodiment the analysis is generated using a “divide and conquer” algorithm, such that each distributed node analyzes locally stored event data while an aggregating node combines these analysis results to generate the report. In one embodiment, each distributed node also transmits a list of event data references associated with the analysis result to the aggregating node. The aggregating node may then generate a global ordered list of data references based on the list of event data references received from each distributed node. Subsequently, in response to a user selection of a range of global event data, the report may dynamically retrieve event data from one or more distributed nodes for display according to the global order.

公开(公告)号：US10318535B2

公开(公告)日：2019-06-11

申请号：US15006055

申请日：2016-01-25

Applicant: Splunk Inc.

Inventor： Steve Yu Zhang ,  Stephen Phillip Sorkin

IPC: G06F16/2458 ,  G06F16/2457 ,  G06F16/22 ,  G06F16/24 ,  G06F16/182 ,  G06F16/248 ,  G06F16/33 ,  G06F16/951 ,  G06F16/23 ,  G06F16/2455 ,  G06F16/9038 ,  G06F16/9535 ,  G06F16/9032 ,  H04L12/24 ,  H04L29/08

Abstract: A method, system, and processor-readable storage medium are directed towards generating a report derived from data, such as event data, stored on a plurality of distributed nodes. In one embodiment the analysis is generated using a “divide and conquer” algorithm, such that each distributed node analyzes locally stored event data while an aggregating node combines these analysis results to generate the report. In one embodiment, each distributed node also transmits a list of event data references associated with the analysis result to the aggregating node. The aggregating node may then generate a global ordered list of data references based on the list of event data references received from each distributed node. Subsequently, in response to a user selection of a range of global event data, the report may dynamically retrieve event data from one or more distributed nodes for display according to the global order.

公开(公告)号：US20190163721A1

公开(公告)日：2019-05-30

申请号：US16264581

申请日：2019-01-31

Applicant: Splunk Inc.

Inventor： Steve Yu Zhang

IPC: G06F17/18 ,  G06K9/62 ,  G06F7/22 ,  G06F16/2458 ,  G06F7/483 ,  G06F7/544

Abstract: A method, system, and processor-readable storage medium are directed towards calculating approximate order statistics on a collection of real numbers. In one embodiment, the collection of real numbers is processed to create a digest comprising hierarchy of buckets. Each bucket is assigned a real number N having P digits of precision and ordinality O. The hierarchy is defined by grouping buckets into levels, where each level contains all buckets of a given ordinality. Each individual bucket in the hierarchy defines a range of numbers—all numbers that, after being truncated to that bucket's P digits of precision, are equal to that bucket's N. Each bucket additionally maintains a count of how many numbers have fallen within that bucket's range. Approximate order statistics may then be calculated by traversing the hierarchy and performing an operation on some or all of the ranges and counts associated with each bucket

公开(公告)号：US10235345B2

公开(公告)日：2019-03-19

申请号：US15476899

申请日：2017-03-31

Applicant: Splunk Inc.

Inventor： Steve Yu Zhang

IPC: G06F17/18 ,  G06F7/544 ,  G06F17/30 ,  G06F7/22 ,  G06F7/483 ,  G06K9/62

Abstract: A method, system, and processor-readable storage medium are directed towards calculating approximate order statistics on a collection of real numbers. In one embodiment, the collection of real numbers is processed to create a digest comprising hierarchy of buckets. Each bucket is assigned a real number N having P digits of precision and ordinality O. The hierarchy is defined by grouping buckets into levels, where each level contains all buckets of a given ordinality. Each individual bucket in the hierarchy defines a range of numbers—all numbers that, after being truncated to that bucket's P digits of precision, are equal to that bucket's N. Each bucket additionally maintains a count of how many numbers have fallen within that bucket's range. Approximate order statistics may then be calculated by traversing the hierarchy and performing an operation on some or all of the ranges and counts associated with each bucket.

公开(公告)号：US10162863B2

公开(公告)日：2018-12-25

申请号：US14530692

申请日：2014-11-01

Applicant: Splunk Inc.

Inventor： Steve Yu Zhang ,  Stephen P. Sorkin

IPC: G06F17/30 ,  H04L12/24 ,  H04L29/08

Abstract: A method, system, and processor-readable storage medium are directed towards generating a report derived from data, such as event data, stored on a plurality of distributed nodes. In one embodiment the analysis is generated using a “divide and conquer” algorithm, such that each distributed node analyzes locally stored event data while an aggregating node combines these analysis results to generate the report. In one embodiment, each distributed node also transmits a list of event data references associated with the analysis result to the aggregating node. The aggregating node may then generate a global ordered list of data references based on the list of event data references received from each distributed node. Subsequently, in response to a user selection of a range of global event data, the report may dynamically retrieve event data from one or more distributed nodes for display according to the global order.

公开(公告)号：US10061821B2

公开(公告)日：2018-08-28

申请号：US15224657

申请日：2016-07-31

Applicant: Splunk Inc.

Inventor： Steve Yu Zhang ,  Stephen Phillip Sorkin

IPC: G06F17/30 ,  H04L12/24 ,  H04L29/08

CPC classification number: G06F16/24578 ,  G06F16/182 ,  G06F16/22 ,  G06F16/2322 ,  G06F16/24 ,  G06F16/2455 ,  G06F16/24553 ,  G06F16/24554 ,  G06F16/24575 ,  G06F16/2471 ,  G06F16/2477 ,  G06F16/248 ,  G06F16/334 ,  G06F16/90328 ,  G06F16/9038 ,  G06F16/951 ,  G06F16/9535 ,  H04L41/0604 ,  H04L41/22 ,  H04L67/1097

Abstract: A method, system, and processor-readable storage medium are directed towards generating a report derived from data, such as event data, stored on a plurality of distributed nodes. In one embodiment the analysis is generated using a “divide and conquer” algorithm, such that each distributed node analyzes locally stored event data while an aggregating node combines these analysis results to generate the report. In one embodiment, each distributed node also transmits a list of event data references associated with the analysis result to the aggregating node. The aggregating node may then generate a global ordered list of data references based on the list of event data references received from each distributed node. Subsequently, in response to a user selection of a range of global event data, the report may dynamically retrieve event data from one or more distributed nodes for display according to the global order.

公开(公告)号：US09817854B2

公开(公告)日：2017-11-14

申请号：US15007185

申请日：2016-01-26

Applicant: Splunk Inc.

Inventor： David Ryan Marquardt ,  Stephen Phillip Sorkin ,  Steve Yu Zhang

IPC: G06F7/00 ,  G06F17/30

CPC classification number: G06F17/30321 ,  G06F17/30 ,  G06F17/30457 ,  G06F17/30477 ,  G06F17/30554 ,  G06F17/30595 ,  G06F17/30864

Abstract: Embodiments are directed are towards the transparent summarization of events. Queries directed towards summarizing and reporting on event records may be received at a search head. Search heads may be associated with one more indexers containing event records. The search head may forward the query to the indexers the can resolve the query for concurrent execution. If a query is a collection query, indexers may generate summarization information based on event records located on the indexers. Event record fields included in the summarization information may be determined based on terms included in the collection query. If a query is a stats query, each indexer may generate a partial result set from previously generated summarization information, returning the partial result sets to the search head. Collection queries may be saved and scheduled to run and periodically update the summarization information.