公开(公告)号：US11663244B2

公开(公告)日：2023-05-30

申请号：US17448196

申请日：2021-09-20

申请人： Splunk Inc.

发明人： Michael Joseph Baum ,  R. David Carasso ,  Robin Kumar Das ,  Bradley Hall ,  Brian Philip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Erik M. Swan ,  Rory Greene ,  Nicholas Christian Mealy ,  Christina Frances Regina Noren

IPC分类号： G06F9/54 ,  G06F16/28

CPC分类号： G06F16/285 ,  G06F9/54 ,  G06F9/541 ,  G06F9/542

摘要： Methods and apparatus consistent with the invention provide the ability to organize and build understandings of machine data generated by a variety of information-processing environments. Machine data is a product of information-processing systems (e.g., activity logs, configuration files, messages, database records) and represents the evidence of particular events that have taken place and been recorded in raw data format. In one embodiment, machine data is turned into a machine data web by organizing machine data into events and then linking events together.

公开(公告)号：US11561952B2

公开(公告)日：2023-01-24

申请号：US17125807

申请日：2020-12-17

申请人： Splunk Inc.

发明人： Michael Joseph Baum ,  R. David Carasso ,  Robin Kumar Das ,  Rory Greene ,  Bradley Hall ,  Nicholas Christian Mealy ,  Brian Philip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Erik M. Swan

IPC分类号： G06F16/00 ,  G06F16/22 ,  G06F16/248 ,  G06F16/951 ,  G06F16/23 ,  G06F16/2458 ,  G06F16/2455 ,  G06F16/2457

摘要： Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is stored as discrete events time stamps. A search is received and relevant event information is retrieved based in whole or in part on the time stamp, a keyword indexing mechanism, or statistical indices calculated at the time of the search.

公开(公告)号：US11537585B2

公开(公告)日：2022-12-27

申请号：US17243966

申请日：2021-04-29

申请人： Splunk Inc.

发明人： Michael Joseph Baum ,  R. David Carasso ,  Robin Kumar Das ,  Rory Greene ,  Bradley Hall ,  Nicholas Christian Mealy ,  Brian Philip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Erik M. Swan

IPC分类号： G06F16/00 ,  G06F16/22 ,  G06F16/248 ,  G06F16/951 ,  G06F16/23 ,  G06F16/2458 ,  G06F16/2455 ,  G06F16/2457

摘要： Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is stored as discrete events time stamps. A search is received and relevant event information is retrieved based in whole or in part on the time stamp, a keyword indexing mechanism, or statistical indices calculated at the time of the search.

公开(公告)号：US11176146B2

公开(公告)日：2021-11-16

申请号：US16396569

申请日：2019-04-26

申请人： SPLUNK INC.

发明人： Steve Yu Zhang ,  Stephen Phillip Sorkin

IPC分类号： G06F16/00 ,  G06F16/2457 ,  G06F16/22 ,  G06F16/24 ,  G06F16/182 ,  G06F16/248 ,  G06F16/33 ,  G06F16/951 ,  G06F16/23 ,  G06F16/2455 ,  G06F16/2458 ,  G06F16/9038 ,  G06F16/9535 ,  G06F16/9032 ,  H04L12/24 ,  H04L29/08

摘要： A method, system, and processor-readable storage medium are directed towards generating a report derived from data, such as event data, stored on a plurality of distributed nodes. In one embodiment the analysis is generated using a “divide and conquer” algorithm, such that each distributed node analyzes locally stored event data while an aggregating node combines these analysis results to generate the report. In one embodiment, each distributed node also transmits a list of event data references associated with the analysis result to the aggregating node. The aggregating node may then generate a global ordered list of data references based on the list of event data references received from each distributed node. Subsequently, in response to a user selection of a range of global event data, the report may dynamically retrieve event data from one or more distributed nodes for display according to the global order.

公开(公告)号：US20210248123A1

公开(公告)日：2021-08-12

申请号：US17243967

申请日：2021-04-29

申请人： Splunk Inc.

发明人： Michael Joseph Baum ,  R. David Carasso ,  Robin Kumar Das ,  Rory Greene ,  Bradley Hall ,  Nicholas Christian Mealy ,  Brian Philip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Erik M. Swan

IPC分类号： G06F16/22 ,  G06F16/23 ,  G06F16/2457 ,  G06F16/951 ,  G06F16/2458 ,  G06F16/2455 ,  G06F16/248

摘要： Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is stored as discrete events time stamps. A search is received and relevant event information is retrieved based in whole or in part on the time stamp, a keyword indexing mechanism, or statistical indices calculated at the time of the search.

公开(公告)号：US11010214B2

公开(公告)日：2021-05-18

申请号：US16264638

申请日：2019-01-31

申请人： Splunk Inc.

发明人： Michael Joseph Baum ,  R. David Carasso ,  Robin Kumar Das ,  Bradley Hall ,  Brian Philip Murphy ,  Stephen Phillip Sorkin ,  Andre David Stechert ,  Erik M. Swan ,  Rory Greene ,  Nicholas Christian Mealy ,  Christina Frances Regina Noren

IPC分类号： G06F9/54

摘要： Methods and apparatus consistent with the invention provide the ability to organize and build understandings of machine data generated by a variety of information-processing environments. Machine data is a product of information-processing systems (e.g., activity logs, configuration files, messages, database records) and represents the evidence of particular events that have taken place and been recorded in raw data format. In one embodiment, machine data is turned into a machine data web by organizing machine data into events and then linking events together.

公开(公告)号：US11003644B2

公开(公告)日：2021-05-11

申请号：US16424311

申请日：2019-05-28

申请人： SPLUNK INC.

发明人： David Ryan Marquardt ,  Mitchell Neuman Blank, Jr. ,  Stephen Phillip Sorkin

IPC分类号： G06F16/00 ,  G06F16/22 ,  G06F16/2453 ,  G06F16/33 ,  G06F16/242 ,  G06F16/248 ,  G06F16/28 ,  G06F16/31 ,  G06F16/338 ,  G06F16/23 ,  G06F16/2458 ,  G06F16/2455

摘要： Embodiments are directed towards a method for searching data. The method comprises generating an inverted index that comprises at least one record, wherein the at least one record comprises at least one field name and a corresponding at least one field value. The at least one field name and corresponding value are extracted from time-stamped searchable events that are stored in a field searchable datastore and comprise portions of raw data. The at least one record further comprises a posting value that identifies a location in the field searchable datastore where an event associated with the at least one record is stored. The method further comprises receiving an incoming search query that references a field name. Furthermore, the method comprises generating results to the incoming search query based on the field searchable datastore, wherein the field searchable datastore is directly searchable by the field name.

公开(公告)号：US10860537B2

公开(公告)日：2020-12-08

申请号：US15663652

申请日：2017-07-28

申请人： Splunk Inc.

发明人： Amritpal Singh Bath ,  Mitchell Neuman Blank, Jr. ,  Vishal Patel ,  Stephen Phillip Sorkin

IPC分类号： G06F17/30 ,  G06F16/17 ,  G06F16/20 ,  G06F16/174

摘要： Embodiments are directed towards managing and tracking item identification of a plurality of items to determine if an item is a new or existing item, where an existing item has been previously processed. In some embodiments, two or more item identifiers may be generated. In one embodiment, generating the two or more item identifiers may include analyzing the item using a small item size characteristic, a compressed item, or for an identifier collision. The two or more item identifiers may be employed to determine if the item is a new or existing item. In one embodiment, the two or more item identifiers may be compared to a record about an existing item to determine if the item is a new or existing item. If the item is an existing item, then the item may be further processed to determine if the existing item has actually changed.

公开(公告)号：US20190317943A1

公开(公告)日：2019-10-17

申请号：US16455193

申请日：2019-06-27

申请人： SPLUNK INC.

发明人： Steve Yu Zhang ,  Stephen Phillip Sorkin

IPC分类号： G06F16/2457 ,  G06F16/9032 ,  H04L12/24 ,  G06F16/2455 ,  G06F16/9535 ,  G06F16/9038 ,  G06F16/2458 ,  G06F16/23 ,  G06F16/951 ,  G06F16/33 ,  G06F16/248 ,  G06F16/182 ,  G06F16/24 ,  G06F16/22 ,  H04L29/08

摘要： A method, system, and processor-readable storage medium are directed towards generating a report derived from data, such as event data, stored on a plurality of distributed nodes. In one embodiment the analysis is generated using a “divide and conquer” algorithm, such that each distributed node analyzes locally stored event data while an aggregating node combines these analysis results to generate the report. In one embodiment, each distributed node also transmits a list of event data references associated with the analysis result to the aggregating node. The aggregating node may then generate a global ordered list of data references based on the list of event data references received from each distributed node. Subsequently, in response to a user selection of a range of global event data, the report may dynamically retrieve event data from one or more distributed nodes for display according to the global order.

公开(公告)号：US10402384B2

公开(公告)日：2019-09-03

申请号：US15421127

申请日：2017-01-31

申请人： SPLUNK INC.

发明人： David Ryan Marquardt ,  Mitchell Neuman Blank, Jr. ,  Stephen Phillip Sorkin

IPC分类号： G06F16/00 ,  G06F16/22 ,  G06F16/2453 ,  G06F16/33 ,  G06F16/242 ,  G06F16/248 ,  G06F16/28 ,  G06F16/31 ,  G06F16/338 ,  G06F16/23 ,  G06F16/2458 ,  G06F16/2455

摘要： Embodiments are directed towards a method for searching data. The method comprises providing an inverted index that comprises at least one record, wherein the at least one record comprises at least one field name and a corresponding at least one field value. The at least one field name and corresponding value are extracted from time-stamped searchable events that are stored in a field searchable datastore and comprise portions of raw data. The at least one record further comprises a posting value that identifies a location in the field searchable datastore where an event associated with the at least one record is stored. The method further comprises receiving an incoming search query that references a field name and evaluating the incoming search query. Furthermore, responsive to the evaluating, the method comprises determining results for the incoming search query using the field searchable datastore or the inverted index.