-
公开(公告)号:US11567993B1
公开(公告)日:2023-01-31
申请号:US15967574
申请日:2018-04-30
申请人: Splunk Inc.
发明人: Alexandros Batsakis , Ashish Mathew , Christopher Madden Pride , Bharath Kishore Reddy Aleti , Sourav Pal , Arindam Bhattacharjee , James Monschke
IPC分类号: G06F16/901 , G06F16/2458 , G06F16/903
摘要: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system identifies buckets that are to be searched and stores a copy of buckets in memory associated with one or more search nodes. A search node performs a search on buckets residing in its memory.
-
公开(公告)号:US11494380B2
公开(公告)日:2022-11-08
申请号:US16657899
申请日:2019-10-18
申请人: Splunk Inc.
发明人: Balaji Rao , Jindrich Dinga , Kieran Cairney , Manuel Martinez , Nitilaksha Halakatti , Ningxuan He , Arindam Bhattacharjee , Sourav Pal , Alexandros Batsakis
IPC分类号: G06F15/16 , G06F16/2453 , G06F16/2458 , H04L9/08 , H04L41/0806 , H04L67/10 , H04L67/52 , G06F8/61
摘要: Systems and methods are described for establishing and managing components of a distributed computing framework implemented in a data intake and query system. The distributed computing framework may include a master and a plurality of worker nodes. The master may selectively operate on a search head captain that is chosen from the search heads of the data intake and query system. The search head captain may distribute configuration information for the master and the distributed computing framework to the other search heads, which in turn, may distribute that configuration information to indexers of the data intake and query system. Worker nodes may be selectively activated for operation on the indexers based on the configuration information, and the worker nodes may additionally use the configuration information to contact the master and join the distributed computing framework. This approach may provide numerous benefits, including improved security, flexibility in the selection of worker nodes, and redundancy for failures of physical components of the data intake and query system.
-
公开(公告)号:US20220245091A1
公开(公告)日:2022-08-04
申请号:US17163039
申请日:2021-01-29
申请人: SPLUNK INC.
发明人: Alexandros Batsakis , Ankit Jain , Manu Jose , Jonah Pan , Hailun Yan
IPC分类号: G06F16/13 , G06F16/182
摘要: Embodiments described herein facilitate enhancement of data model acceleration, including generating data model summaries and performing searches in an accelerated manner. In one implementation, a set of events are indexed, each of the events having a corresponding index time representing a time at which the event was indexed in an indexer. Index time parameters including an index earliest time indicating a first index time at which to begin generating a data model summary and an index latest time indicating a second index time at which to complete generating the data model summary are obtained. Thereafter, a data model summary is generated. Such a data model summary summarizes events having corresponding index times between the index earliest time and the index latest time. The data model summary is provided to a remote data store that is separate from the indexer at which at least a portion of the events were indexed.
-
4.发明授权公开(公告)号:US11263140B2
公开(公告)日:2022-03-01
申请号:US16888320
申请日:2020-05-29
申请人: Splunk Inc.
IPC分类号: G06F12/00 , G06F12/0875 , G06F16/172 , G06F16/951 , G06F16/957 , G06F3/06 , G06F12/0802 , G06F16/14 , G06F12/0862 , G06F12/0866 , G06F12/0868 , G06F12/0871 , G06F12/0873
摘要: Embodiments are disclosed for performing cache aware searching. In response to a search query, a first bucket and a second bucket in remote storage for processing the search query. A determination is made that a first file in the first bucket is present in a cache when the search query is received. In response to the search query, a search is performed using the first file based on the determination that the first file is present in the cache when the search query is received, and the search is performed using a second file from the second bucket once the second file is stored in the cache.
-
5.发明授权公开(公告)号:US11620336B1
公开(公告)日:2023-04-04
申请号:US15967582
申请日:2018-04-30
申请人: Splunk Inc.
发明人: Alexandros Batsakis , Sourav Pal , Sai Krishna Sajja , Igor Stojanovski , Ledion Bitincka , John Nguyen
IPC分类号: G06F16/901 , G06F3/06 , G06F16/27 , G06F16/903
摘要: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives raw machine data at an indexing system, and stores at least a portion of the raw machine data in buckets. Based on a determination that the size of multiple buckets satisfies a threshold size, the data intake and query system converts the buckets to non-editable buckets and stores the data in a remote shared storage system.
-
公开(公告)号:US11550847B1
公开(公告)日:2023-01-10
申请号:US15967567
申请日:2018-04-30
申请人: Splunk Inc.
发明人: Alexandros Batsakis , Ashish Mathew , Christopher Madden Pride , Bharath Kishore Reddy Aleti , Sourav Pal , Arindam Bhattacharjee , James Monschke
IPC分类号: G06F16/903 , G06F3/06 , G06F9/54 , G06F16/23 , G06F16/901 , G06F16/9032
摘要: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The data intake and query system receives a query identifying a set of data to be processed and a manner of processing the set of data. The data intake and query system identifies buckets that are to be searched. The data intake and query system performs a hash on bucket identifiers of the identified buckets to identify search nodes to search the buckets.
-
公开(公告)号:US20220261385A1
公开(公告)日:2022-08-18
申请号:US17661510
申请日:2022-04-29
申请人: Splunk Inc.
发明人: Tameem Anwar , Tianyi Gou , Alexandros Batsakis , Abhinav Prasad Nekkanti , Sai Krishna Sajja , Jiahan Wang
IPC分类号: G06F16/22
摘要: Systems and methods are disclosed for scalable bucket merging in a data intake and query system. Various components of a bucket manager can be used to monitor recently-created buckets of data in common storage that are associated with a particular tenant and a particular index, apply a comprehensive bucket merge policy to determine groups of buckets that qualify for merging, merge those group of buckets into merged buckets to be stored in the common storage, and update any information associated with the merged buckets and pre-merged buckets. These components may be shared across multiple tenants, and some of these components may be dynamically scalable based on need. This approach may also provide many additional benefits, including improved search performance from merged buckets, efficient resource utilization associated with discriminate merging, and redundancy in case of component failure.
-
公开(公告)号:US11275733B1
公开(公告)日:2022-03-15
申请号:US16513546
申请日:2019-07-16
申请人: Splunk Inc.
发明人: Alexandros Batsakis , Scott Calvert , Alexander Douglas James , Bei Li , Ashish Mathew , James Monschke , Sogol Moshtaghi , Christopher Madden Pride , Xiaowei Wang
IPC分类号: G06F16/00 , G06F16/2453 , G06F16/13 , G06F11/34
摘要: Systems and methods are disclosed for mapping search nodes to a search head in a data intake and query system based on a tenant identifier in order to execute a query received by the data intake and query system. The mapping may allow same or similar search nodes to be used to execute queries that are associated with a particular tenant identifier, in order to take advantage of caching and local data stored with those search nodes. In some cases, search nodes can be mapped based on the tenant identifier using a hashing algorithm, such as a consistent hashing algorithm.
-
9.发明授权公开(公告)号:US11106734B1
公开(公告)日:2021-08-31
申请号:US15967587
申请日:2018-04-30
申请人: Splunk Inc.
发明人: Alexandros Batsakis , Ashish Mathew , Christopher Madden Pride , Bharath Kishore Reddy Aleti , Sourav Pal , Arindam Bhattacharjee , James Monschke
IPC分类号: G06F16/901 , G06F16/903 , G06F16/907 , G06F3/06
摘要: Systems and methods are disclosed for processing and executing queries in a data intake and query system. The query identifies a set of data to be processed and a manner of processing the set of data. The data intake and query system dynamically identifies a plurality of containerized search nodes instantiated on one or more computing devices in a containerized environment to execute the query. The data intake and query system executes the query using the containerized search nodes.
-
10.发明授权公开(公告)号:US10678696B2
公开(公告)日:2020-06-09
申请号:US16049357
申请日:2018-07-30
申请人: Splunk, Inc.
IPC分类号: G06F12/00 , G06F12/0875 , G06F16/172 , G06F16/951 , G06F16/957 , G06F3/06 , G06F12/0802
摘要: Embodiments are disclosed for a prefetching method that may include copying, in response to a search query, a first bucket from a remote storage to a cache. The first bucket may include first data associated with the search query. The method may further include identifying a first file type associated with a first file in the first bucket. The first file may be associated with a usage status. The method may further include accessing, based on the search query, a second bucket from the remote storage. The second bucket may include second data associated with the search query. The method may further include identifying a second file in the second bucket having the first file type, and copying, in response to the usage status indicating that the first file was used in processing the search query, the second file from the remote storage to the cache.
-
-
-
-
-
-
-
-
-
搜索结果
39 条记录 (耗时 0.032 秒)