公开(公告)号：US20150026167A1

公开(公告)日：2015-01-22

申请号：US14448937

申请日：2014-07-31

Applicant: Splunk Inc.

Inventor： Alice Neels ,  Sundar Vasan ,  Simon Fishel ,  Marc Robichaud

IPC: G06F17/30 ,  G06F3/0482 ,  G06F3/0484

CPC classification number: G06F17/30867 ,  G06F3/0482 ,  G06F3/04842 ,  G06F17/30424 ,  G06F17/3053

Abstract: Fields may be discovered in events that are returned in response to an initial search. The events may comprise portions of raw data. Furthermore, the fields may be defined by extraction rules for extracting values from corresponding portions of raw data. The displaying of a graphical user interface (GUI) may be caused where the GUI enables a user to select or enter criteria for a subset of the discovered fields without entering a search query in a search bar. At least one criterion for at least one field from the subset of the discovered fields may be received through a portion of the GUI that does not include a search bar for entering a search query. The events returned in response to the initial search query may be caused to be filtered based on the received criterion.

Abstract translation: 可以在响应初始搜索返回的事件中发现字段。 事件可以包括原始数据的部分。 此外，这些字段可以由用于从原始数据的相应部分提取值的提取规则来定义。 图形用户界面（GUI）的显示可能是在GUI允许用户选择或输入所发现的字段的子集的标准而不在搜索栏中输入搜索查询的情况下引起的。 可以通过不包括用于输入搜索查询的搜索栏的GUI的一部分来接收来自所发现字段的子集的至少一个字段的至少一个标准。 响应于初始搜索查询而返回的事件可能被导致根据接收到的标准进行过滤。

公开(公告)号：US12282497B1

公开(公告)日：2025-04-22

申请号：US18201042

申请日：2023-05-23

Applicant: Splunk Inc.

Inventor： Anirban Rahut ,  Sundar Vasan

IPC: G06F16/28 ,  G06F16/27 ,  G06F16/951 ,  G06F16/953 ,  G06F16/9532 ,  G06F16/9535 ,  G06F16/9536 ,  G06F16/9538

Abstract: Systems and methods for search result replication in a search head cluster of a data aggregation and analysis system. An example method may include receiving, by a search head leader of a search head cluster including multiple search heads, from a first search head of the plurality of search heads, a search result in response to a search query. The search head leader parses a registry comprising a set of replicas of the search result in the search head cluster to determine a replication count corresponding to a number of replicas of the search result. A determination is made that the replication count is greater than a target replication count. Based on the determination, a selected replica from the set of replicas is identified based at least in part on a recency of use of the selected replica and a deletion of the selected replica is initiated.

公开(公告)号：US11755634B2

公开(公告)日：2023-09-12

申请号：US16849873

申请日：2020-04-15

Applicant: SPLUNK INC.

Inventor： Alice Neels ,  Sundar Vasan ,  Simon Fishel ,  Marc Robichaud ,  Divanny Lamas

IPC: G06F16/33 ,  G06F16/338 ,  G06F16/26 ,  G06F16/248 ,  G06F16/335 ,  G06F16/34 ,  G06F16/2458 ,  G06F16/901 ,  G06F16/9535 ,  G06F16/2457 ,  G06F40/166 ,  G06F3/0482 ,  G06T11/20 ,  G06F3/04842 ,  G06F3/04847

CPC classification number: G06F16/338 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F16/248 ,  G06F16/2477 ,  G06F16/24575 ,  G06F16/26 ,  G06F16/334 ,  G06F16/335 ,  G06F16/345 ,  G06F16/9024 ,  G06F16/9535 ,  G06F40/166 ,  G06T11/206 ,  G06T2200/24

Abstract: The disclosure relates to certain system and method embodiments for generating reports from unstructured data. In one embodiment, a method can include identifying events matching criteria of an initial search query (each of the events including a portion of raw machine data that is associated with a time), identifying a set of fields, each field defined for one or more of the identified events, causing display of an interactive graphical user interface (GUI) that includes one or more interactive elements enabling a user to define a report for providing information relating to the matching events (each interactive element enabling processing or presentation of information in the matching events using one or more fields in the identified set of fields), receiving, via the GUI, a report definition indicating how to report information relating to the matching events, and generating, based on the report definition, a report including information relating to the matching events.

公开(公告)号：US10387448B2

公开(公告)日：2019-08-20

申请号：US14929089

申请日：2015-10-30

Applicant: Splunk Inc.

Inventor： Da Xu ,  Sundar Vasan ,  Dhruva Kumar Bhagi

IPC: G06F3/06 ,  G06F11/20 ,  G06F11/30 ,  G06F11/32 ,  G06F11/34 ,  G06F16/22 ,  G06F16/27 ,  H04L29/08

Abstract: Techniques and mechanisms are disclosed to increase the availability of summary data within a clustered data intake and query system by replicating the summary data within the cluster. In general, summary data may store “pre-computed” results for one or more search queries and can be used by indexers of a cluster to process subsequent instances of the same search queries. At a high level, replication of summary data within a cluster may include ensuring that each instance of summary data created by an indexer of a cluster is replicated to other indexers within the cluster that store copies of the same grouped subset(s) of data to which the summary data relates. In this manner, if one or more indexers of an indexer cluster fail, other indexers of the cluster can make immediate use of replicated copies of the summary data without re-creating it.

公开(公告)号：US10331720B2

公开(公告)日：2019-06-25

申请号：US15421425

申请日：2017-01-31

Applicant: Splunk Inc.

Inventor： Alice Emily Neels ,  Sundar Vasan ,  Simon Fishel ,  Marc Vincent Robichaud ,  Divanny Lamas

IPC: G06F16/338 ,  G06F16/33 ,  G06F16/26 ,  G06F16/248 ,  G06F16/34 ,  G06T11/20 ,  G06F16/335 ,  G06F16/901 ,  G06F3/0482 ,  G06F3/0484 ,  G06F16/2457 ,  G06F16/2458 ,  G06F16/9535 ,  G06F17/24

Abstract: The disclosure relates to certain system and method embodiments for generating reports from unstructured data. In one embodiment, a method can include identifying events matching criteria of an initial search query (each of the events including a portion of raw machine data that is associated with a time), identifying a set of fields, each field defined for one or more of the identified events, causing display of an interactive graphical user interface (GUI) that includes one or more interactive elements enabling a user to define a report for providing information relating to the matching events (each interactive element enabling processing or presentation of information in the matching events using one or more fields in the identified set of fields), receiving, via the GUI, a report definition indicating how to report information relating to the matching events, and generating, based on the report definition, a report including information relating to the matching events.

公开(公告)号：US20170140039A1

公开(公告)日：2017-05-18

申请号：US15421425

申请日：2017-01-31

Applicant: Splunk Inc.

Inventor： Alice Emily Neels ,  Sundar Vasan ,  Simon Fishel ,  Marc Vincent Robichaud ,  Divanny Lamas

IPC: G06F17/30 ,  G06F17/24 ,  G06F3/0482

CPC classification number: G06F16/338 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F16/24575 ,  G06F16/2477 ,  G06F16/248 ,  G06F16/26 ,  G06F16/334 ,  G06F16/335 ,  G06F16/345 ,  G06F16/9024 ,  G06F16/9535 ,  G06F17/24 ,  G06T11/206 ,  G06T2200/24

Abstract: The disclosure relates to certain system and method embodiments for generating reports from unstructured data. In one embodiment, a method can include identifying events matching criteria of an initial search query (each of the events including a portion of raw machine data that is associated with a time), identifying a set of fields, each field defined for one or more of the identified events, causing display of an interactive graphical user interface (GUI) that includes one or more interactive elements enabling a user to define a report for providing information relating to the matching events (each interactive element enabling processing or presentation of information in the matching events using one or more fields in the identified set of fields), receiving, via the GUI, a report definition indicating how to report information relating to the matching events, and generating, based on the report definition, a report including information relating to the matching events.

公开(公告)号：US20160140743A1

公开(公告)日：2016-05-19

申请号：US15007180

申请日：2016-01-26

Applicant: Splunk Inc.

Inventor： Alice Neels ,  Sundar Vasan ,  Simon Fishel ,  Marc Robichaud ,  Divanny Lamas

IPC: G06T11/20 ,  G06F3/0482 ,  G06F17/30

CPC classification number: G06F16/338 ,  G06F3/0482 ,  G06F3/04842 ,  G06F3/04847 ,  G06F16/24575 ,  G06F16/2477 ,  G06F16/248 ,  G06F16/26 ,  G06F16/334 ,  G06F16/335 ,  G06F16/345 ,  G06F16/9024 ,  G06F16/9535 ,  G06F17/24 ,  G06T11/206 ,  G06T2200/24

Abstract: The disclosure relates to certain system and method embodiments for generating reports from unstructured data. In one embodiment, a method can include identifying events matching criteria of an initial search query (each of the events including a portion of raw machine data that is associated with a time), identifying a set of fields, each field defined for one or more of the identified events, causing display of an interactive graphical user interface (GUI) that includes one or more interactive elements enabling a user to define a report for providing information relating to the matching events (each interactive element enabling processing or presentation of information in the matching events using one or more fields in the identified set of fields), receiving, via the GUI, a report definition indicating how to report information relating to the matching events, and generating, based on the report definition, a report including information relating to the matching events.

Abstract translation: 本公开涉及用于从非结构化数据生成报告的某些系统和方法实施例。 在一个实施例中，一种方法可以包括识别匹配初始搜索查询的标准的事件（每个事件包括与时间相关联的原始机器数据的一部分），标识一组字段，每个字段被定义为一个或多个 识别的事件，导致显示包括一个或多个交互元件的交互式图形用户界面（GUI），使得用户能够定义用于提供与匹配事件有关的信息的报告（每个交互元件能够处理或呈现在 通过GUI接收指示如何报告与匹配事件有关的信息的报告定义，以及基于报告定义生成包括与所述事件相关的信息的报告的报告 匹配事件。

公开(公告)号：US12026176B2

公开(公告)日：2024-07-02

申请号：US18313240

申请日：2023-05-05

Applicant: SPLUNK INC.

Inventor： Da Xu ,  Sundar Vasan ,  Dhruva Kumar Bhagi

IPC: G06F16/27 ,  G06F3/06 ,  G06F11/20 ,  G06F11/30 ,  G06F11/32 ,  G06F11/34 ,  G06F16/22 ,  H04L67/1097

CPC classification number: G06F16/27 ,  G06F11/2094 ,  G06F11/3006 ,  G06F11/3072 ,  G06F11/32 ,  G06F11/3409 ,  G06F11/3476 ,  G06F16/2272 ,  H04L67/1097 ,  G06F3/0617 ,  G06F2201/86

Abstract: A method for performing disaster recovery in a clustered environment comprises identifying, at a master device, a first indexer from a set of indexers to serve as a primary indexer for responding to queries pertaining to a subset of data. The method also comprises assigning, at the master device, a generation identifier indicating that the first indexer is the primary indexer for the subset of data. Responsive to an event prompting a change in a primary indexer designation for the subset of data, the method comprises identifying, at the master device, a second indexer from the set of indexers to serve as the primary indexer for responding to queries pertaining to the subset of data. Further, the method comprises assigning, at the master device, a new generation identifier indicating that the second indexer is the primary indexer for the subset of data.

公开(公告)号：US11675810B2

公开(公告)日：2023-06-13

申请号：US17228429

申请日：2021-04-12

Applicant: SPLUNK, INC.

Inventor： Da Xu ,  Sundar Vasan ,  Dhruva Kumar Bhagi

IPC: G06F16/27 ,  G06F16/22 ,  G06F11/30 ,  G06F11/20 ,  G06F11/34 ,  H04L67/1097 ,  G06F11/32 ,  G06F3/06

CPC classification number: G06F16/27 ,  G06F11/2094 ,  G06F11/3006 ,  G06F11/3072 ,  G06F11/32 ,  G06F11/3409 ,  G06F11/3476 ,  G06F16/2272 ,  H04L67/1097 ,  G06F3/0617 ,  G06F2201/86

Abstract: A method for performing disaster recovery in a clustered environment comprises identifying, at a master device, a first indexer from a set of indexers to serve as a primary indexer for responding to queries pertaining to a subset of data. The method also comprises assigning, at the master device, a generation identifier indicating that the first indexer is the primary indexer for the subset of data. Responsive to an event prompting a change in a primary indexer designation for the subset of data, the method comprises identifying, at the master device, a second indexer from the set of indexers to serve as the primary indexer for responding to queries pertaining to the subset of data. Further, the method comprises assigning, at the master device, a new generation identifier indicating that the second indexer is the primary indexer for the subset of data.

公开(公告)号：US11386133B1

公开(公告)日：2022-07-12

申请号：US16430708

申请日：2019-06-04

Applicant: SPLUNK INC.

Inventor： Alice Emily Neels ,  Sundar Vasan ,  Simon Fishel ,  Marc Vincent Robichaud ,  Divanny Lamas

IPC: G06F16/338 ,  G06F3/0482 ,  G06F16/901 ,  G06F16/2458 ,  G06F16/34 ,  G06F16/335 ,  G06F16/33 ,  G06F16/248 ,  G06F16/26 ,  G06F3/04847 ,  G06F3/04842 ,  G06F16/9535 ,  G06T11/20 ,  G06F16/2457

Abstract: The disclosure relates to certain system and method embodiments for generating reports from unstructured data. In one embodiment, a method can include identifying events matching criteria of an initial search query (each of the events including a portion of raw machine data that is associated with a time), identifying a set of fields, each field defined for one or more of the identified events, causing display of an interactive graphical user interface (GUI) that includes one or more interactive elements enabling a user to define a report for providing information relating to the matching events (each interactive element enabling processing or presentation of information in the matching events using one or more fields in the identified set of fields), receiving, via the GUI, a report definition indicating how to report information relating to the matching events, and generating, based on the report definition, a report including information relating to the matching events.