Time series search in primary and secondary memory
원문보기
IPC분류정보
국가/구분
United States(US) Patent
등록
국제특허분류(IPC7판)
G06F-007/00
G06F-017/30
출원번호
US-0611170
(2015-01-30)
등록번호
US-9594789
(2017-03-14)
발명자
/ 주소
Baum, Michael Joseph
Carasso, R. David
Das, Robin Kumar
Greene, Rory
Hall, Bradley
Mealy, Nicholas Christian
Murphy, Brian Philip
Sorkin, Stephen Phillip
Stechert, Andre David
Swan, Erik M.
출원인 / 주소
Splunk Inc.
대리인 / 주소
Wong & Rees LLP
인용정보
피인용 횟수 :
11인용 특허 :
49
초록▼
Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one e
Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time series data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.
대표청구항▼
1. A method for building a searchable data store, comprising: electronically receiving machine data produced by devices in an information processing environment;segmenting the machine data into a plurality of events by determining a beginning and ending of each event in the plurality of events in th
1. A method for building a searchable data store, comprising: electronically receiving machine data produced by devices in an information processing environment;segmenting the machine data into a plurality of events by determining a beginning and ending of each event in the plurality of events in the machine data;associating a time stamp with each event in the plurality of events by applying an extraction rule to the machine data segmented for each event in order to extract time information to use as the time stamp for that event;repeatedly generating buckets in volatile, random access memory;designating a time span for each bucket of the generated buckets;inserting a time stamped event in the plurality of events into a particular bucket in the generated buckets based at least in part on the associated time stamp and the time span of the particular bucket;advancing a full bucket to full bucket status that does not accept further events;transferring the full bucket into non-volatile storage, the full bucket is available for searching;determining that a full bucket in non-volatile storage has expired; andbased on determining that the full bucket has expired, moving the full bucket out of active status. 2. The method of claim 1, further comprising indexing events in the particular bucket. 3. The method of claim 1, further comprising creating a speculative index for the events in at least one of the generated buckets based on the full bucket. 4. The method of claim 1, further comprising indexing keywords in the events in the particular bucket. 5. The method of claim 1, further comprising indexing keywords in the events in the full bucket. 6. A system that builds a searchable data store, comprising: a processor and memory coupled to the processor, the memory storing program instructions that when executed cause: electronically receiving machine data produced by devices in an information processing environment;segmenting the machine data into a plurality of events by determining a beginning and ending of each event in the plurality of events in the machine data;associating a time stamp with each event in the plurality of events by applying an extraction rule to the machine data segmented for each event in order to extract time information to use as the time stamp for that event;repeatedly generating buckets in volatile, random access memory;designating a time span for each bucket of the generated buckets;inserting a time stamped event in the plurality of events into a particular bucket in the generated buckets based at least in part on the associated time stamp and the time span of the particular bucket;advancing a full bucket to full bucket status that does not accept further events;transferring the full bucket into non-volatile storage, the full bucket is available for searching;determining that a full bucket in non-volatile storage has expired; andbased on determining that the full bucket has expired, moving the full bucket out of active status. 7. The system of claim 6, further configured to index events in the particular bucket. 8. The system of claim 6, further configured to create a speculative index for the events in at least one of the generated buckets based on the full bucket. 9. The system of claim 6, further configured to index keywords in the events in the particular bucket. 10. The system of claim 6, further configured to index keywords in the events in the full bucket. 11. A computer program product including memory that stores program instructions that, when executed on a computer, cause: electronically receiving machine data produced by devices in an information processing environment;segmenting the machine data into a plurality of events by determining a beginning and ending of each event in the plurality of events in the machine data;associating a time stamp with each event in the plurality of events by applying an extraction rule to the machine data segmented for each event in order to extract time information to use as the time stamp for that event;repeatedly generating buckets in volatile, random access memory;designating a time span for each bucket of the generated buckets;inserting a time stamped event in the plurality of events into a particular bucket in the generated buckets based at least in part on the associated time stamp and the time span of the particular bucket;advancing a full bucket to full bucket status that does not accept further events;transferring the full bucket into non-volatile storage, the full bucket is available for searching;determining that a full bucket in non-volatile storage has expired; andbased on determining that the full bucket has expired, moving the full bucket out of active status. 12. The computer program product of claim 11, further configured to index events in the particular bucket. 13. The computer program product of claim 11, further configured to create a speculative index for the events in at least one of the generated buckets based on the full bucket. 14. The computer program product of claim 11, further configured to index keywords in the events in the particular bucket. 15. The computer program product of claim 11, further configured to index keywords in the events in the full bucket.
연구과제 타임라인
LOADING...
LOADING...
LOADING...
LOADING...
LOADING...
이 특허에 인용된 특허 (49)
Owen, James G.; Singh, Rajiv; Chen, Rong; Gahinet, Pascal, Analysis of a sequence of data in object-oriented environments.
Simpson Carl J. ; Kesten Randy J. ; Javier Manuel A. ; Pearce Steve ; Payne Sam G. ; Gertner Kevin, Channel forming device with a secured distal extremity.
Reed Drummond Shattuck ; Heymann Peter Earnshaw ; Mushero Steven Mark ; Jones Kevin Benard ; Oberlander Jeffrey Todd, Computer-based communication system and method using metadata defining a control-structure.
Kan, Masaki; Kajiki, Yoshihiro; Yamakawa, Satoshi; Torii, Takashi; Kaneko, Yuji, Information document search system, method and program for partitioned indexes on a time series in association with a backup document storage.
Ransil, Patrick W.; Martynov, Aleksey V.; Larson, James S.; Collette, James R.; Chu, Robert Wai-Chi; Saha, Partha, Method and apparatus for data partitioning and replication in a searchable data service.
Kolton Anthony D. (Chicago IL) Gamboa Ruben A. (Austin TX) Chimenti Danette S. (Austin TX), System for extracting historical market information with condition and attributed windows.
Baum, Michael J.; Carasso, David; Das, Robin K.; Greene, Rory; Hall, Brad; Mealy, Nick; Murphy, Brian; Sorkin, Stephen; Stechert, Andre; Swan, Erik M., Time series search engine.
Baum, Michael Joseph; Carasso, R. David; Das, Robin Kumar; Greene, Rory; Hall, Bradley; Mealy, Nicholas Christian; Murphy, Brian Philip; Sorkin, Stephen Phillip; Stechert, Andre David; Swan, Erik M., Time series search engine.
Baum, Michael J.; Carasso, David; Das, Robin K.; Greene, Rory; Hall, Brad; Mealy, Nick; Murphy, Brian; Sorkin, Stephen; Stechert, Andre; Swan, Erik M., Time series search with interpolated time stamp.
Swan, Erik M.; Carasso, R. David; Das, Robin Kumar; Greene, Rory; Hall, Bradley; Mealy, Nicholas Christian; Murphy, Brian Philip; Sorkin, Stephen Phillip; Stechert, Andre David; Baum, Michael Joseph, Aggregation and display of search results from multi-criteria search queries on event data.
Swan, Erik M.; Carasso, R. David; Das, Robin Kumar; Greene, Rory; Hall, Bradley; Mealy, Nicholas Christian; Murphy, Brian Philip; Sorkin, Stephen Phillip; Stechert, Andre David; Baum, Michael Joseph, Application of search policies to searches on event data stored in persistent data structures.
Swan, Erik M.; Carasso, R. David; Das, Robin Kumar; Greene, Rory; Hall, Bradley; Mealy, Nicholas Christian; Murphy, Brian Philip; Sorkin, Stephen Phillip; Stechert, Andre David; Baum, Michael Joseph, Determining timestamps to be associated with events in machine data.
Swan, Erik M.; Carasso, R. David; Das, Robin Kumar; Greene, Rory; Hall, Bradley; Mealy, Nicholas Christian; Murphy, Brian Philip; Sorkin, Stephen Phillip; Stechert, Andre David; Baum, Michael Joseph, Expiration of persistent data structures that satisfy search queries.
Baum, Michael Joseph; Carasso, R. David; Das, Robin Kumar; Greene, Rory; Hall, Bradley; Mealy, Nicholas Christian; Murphy, Brian Philip; Sorkin, Stephen Phillip; Stechert, Andre David; Swan, Erik M., Log data time stamp extraction and search on log data real-time monitoring environment.
Bingham, Brian; Fletcher, Tristan; Bhide, Alok Anant, Processing of log data and performance data obtained via an application programming interface (API).
Bingham, Brian; Fletcher, Tristan; Bhide, Alok Anant, Processing of performance data and log data from an information technology environment by using diverse data stores.
Baum, Michael Joseph; Carasso, R. David; Das, Robin Kumar; Greene, Rory; Hall, Bradley; Mealy, Nicholas Christian; Murphy, Brian Philip; Sorkin, Stephen Phillip; Stechert, Andre David; Swan, Erik M., Search based on a relationship between log data and data from a real-time monitoring environment.
Baum, Michael Joseph; Carasso, R. David; Das, Robin Kumar; Greene, Rory; Hall, Bradley; Mealy, Nicholas Christian; Murphy, Brian Philip; Sorkin, Stephen Phillip; Stechert, Andre David; Swan, Erik M., Source differentiation of machine data.
Baum, Michael Joseph; Carasso, R. David; Das, Robin Kumar; Greene, Rory; Hall, Bradley; Mealy, Nicholas Christian; Murphy, Brian Philip; Sorkin, Stephen Phillip; Stechert, Andre David; Swan, Erik M., Storing log data as events and performing a search on the log data and data obtained from a real-time monitoring environment.
Swan, Erik M.; Carasso, R. David; Das, Robin Kumar; Greene, Rory; Hall, Bradley; Mealy, Nicholas Christian; Murphy, Brian Philip; Sorkin, Stephen Phillip; Stechert, Andre David; Baum, Michael Joseph, Time stamp creation for event data.
※ AI-Helper는 부적절한 답변을 할 수 있습니다.