公开(公告)号：US10810103B2

公开(公告)日：2020-10-20

申请号：US15379005

申请日：2016-12-14

Applicant: VMware, Inc.

Inventor： Junyuan Lin ,  Nicholas Kushmerick ,  Jon Herlocker

IPC: G06F16/00 ,  G06F11/34 ,  G06F11/30 ,  G06F16/25 ,  G06F16/28

Abstract: The current document is directed to methods and systems that process, classify, efficiently store, and display large volumes of event messages generated in modern computing systems. In a disclosed implementation, event messages are assigned types and transformed into event records with well-defined fields that contain field values. Recurring patterns of event messages, referred to as “transactions,” are identified within streams or sequences of time-associated event messages and streams or sequences of time-associated event records.

公开(公告)号：US10810052B2

公开(公告)日：2020-10-20

申请号：US16046706

申请日：2018-07-26

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Junyuan Lin ,  Paul Pedersen ,  Keshav Mathur ,  Peng Gao ,  Xing Wang ,  Leah Nutman

IPC: G06F17/18 ,  G06F9/50 ,  G06F9/48 ,  G06F11/34 ,  G06N7/08

Abstract: Computational methods and systems that proactively manage usage of computational resources of a distributed computing system are described. A sequence of metric data representing usage of a resource is detrended to obtain a sequence of non-trendy metric data. Stochastic process models, a pulse wave model and a seasonal model of the sequence of non-trendy metric data are computed. When a forecast request is received, a sequence of forecasted metric data is computed over a forecast interval based on the estimated trend and one of the pulse wave or seasonal model that matches the periodicity of the sequence of non-trendy metric data. Alternatively, the sequence of forecasted metric data is computed based on the estimated trend and the stochastic process model with a smallest accumulated residual error. Usage of the resource by virtual objects of the distributed computing system may be adjusted based on the sequence of forecasted metric data.

公开(公告)号：US20200228392A1

公开(公告)日：2020-07-16

申请号：US16827457

申请日：2020-03-23

Applicant: VMware, Inc.

Inventor： Nicholas Kushmerick ,  Matt Roy McLaughlin ,  Darren Brown ,  Junyuan Lin

IPC: H04L12/24 ,  H04L29/08 ,  H04L29/06

Abstract: The current document is directed to methods and systems that process, classify, efficiently store, and display large volumes of event messages generated in modern computing systems. In a disclosed implementation, received event messages are assigned to event-message clusters based on non-parameter tokens identified within the event messages. A parsing function is generated for each cluster that is used to extract data from incoming event messages and to prepare event records from event messages that more efficiently and accessible store event information. The parsing functions also provide an alternative basis for assignment of event messages to clusters. Event types associated with the clusters are used for gathering information from various information sources with which to automatically annotate event messages displayed to system administrators, maintenance personnel, and other users of event messages.

公开(公告)号：US20190317829A1

公开(公告)日：2019-10-17

申请号：US16046706

申请日：2018-07-26

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Junyuan Lin ,  Paul Pedersen ,  Keshav Mathur ,  Peng Gao ,  Xing Wang ,  Leah Nutman

IPC: G06F9/50 ,  G06F9/48 ,  G06F11/34 ,  G06F17/18 ,  G06N7/08

Abstract: Computational methods and systems that proactively manage usage of computational resources of a distributed computing system are described. A sequence of metric data representing usage of a resource is detrended to obtain a sequence of non-trendy metric data. Stochastic process models, a pulse wave model and a seasonal model of the sequence of non-trendy metric data are computed. When a forecast request is received, a sequence of forecasted metric data is computed over a forecast interval based on the estimated trend and one of the pulse wave or seasonal model that matches the periodicity of the sequence of non-trendy metric data. Alternatively, the sequence of forecasted metric data is computed based on the estimated trend and the stochastic process model with a smallest accumulated residual error. Usage of the resource by virtual objects of the distributed computing system may be adjusted based on the sequence of forecasted metric data.

公开(公告)号：US20170163669A1

公开(公告)日：2017-06-08

申请号：US14963100

申请日：2015-12-08

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Junyuan Lin ,  Nicholas Kushmerick

IPC: H04L29/06 ,  G06N7/00 ,  H04L12/26

CPC classification number: H04L63/1425 ,  G06F21/552 ,  G06F21/57 ,  G06N7/005 ,  H04L41/0604 ,  H04L41/069 ,  H04L43/04 ,  H04L43/067 ,  H04L43/16

Abstract: Methods and systems that detect computer system anomalies based on log file sampling are described. Computers systems generate log files that record various types of operating system and software run events in event messages. For each computer system, a sample of event messages are collected in a first time interval and a sample of event messages are collected in a recent second time interval. Methods calculate a difference between the event messages collected in the first and second time intervals. When the difference is greater than a threshold, an alert is generated. The process of repeatedly collecting a sample of event messages in a recent time interval, calculating a difference between the event messages collected in the recent and previous time intervals, comparing the difference to the threshold, and generating an alert when the threshold is violated may be executed for each computer system of a cluster of computer systems.

公开(公告)号：US09244755B2

公开(公告)日：2016-01-26

申请号：US13897994

申请日：2013-05-20

Applicant: VMware, Inc.

Inventor： Mark Huang ,  Junyuan Lin

IPC: G06F11/00 ,  G06F11/07

CPC classification number: G06F11/0775 ,  G06F11/0709 ,  G06F11/0769 ,  G06F11/079

Abstract: Large amounts of unstructured log data generated by software and infrastructure components of a computing system are processed and analyzed in real time to identify anomalies and potential problems within the computing system. A log analytics module reduces both the volume and level of detail of log data by first classifying log messages into message types based on their content similarity. The log analytics module may then further reduce data by grouping bursts of log messages into log events. Patterns within these log events, such as the collection and number of different message types that comprise the event, can be used to identify anomalous events.

Abstract translation: 对计算系统的软件和基础设施组件生成的大量非结构化日志数据进行实时处理和分析，以识别计算系统内的异常和潜在问题。 日志分析模块通过根据内容相似性首先将日志消息分类为消息类型来减少日志数据的数量和详细程度。 然后，日志分析模块可以通过将日志消息的分组分组成日志事件来进一步减少数据。 这些日志事件中的模式，例如组成事件的不同消息类型的集合和数量，可用于识别异常事件。

公开(公告)号：US20150370885A1

公开(公告)日：2015-12-24

申请号：US14318968

申请日：2014-06-30

Applicant: VMware, Inc.

Inventor： Nicholas Kushmerick ,  Junyuan Lin

IPC: G06F17/30 ,  H04L12/26

CPC classification number: G06F17/30598 ,  G06F17/30424 ,  G06F17/30707 ,  H04L41/0604

Abstract: The current document is directed to methods and systems for processing, classifying, and efficiently storing large volumes of event messages generated in modern computing systems. In a disclosed implementation, received event messages are assigned to event-message clusters based on non-parameter tokens identified within the event messages. A parsing function is generated for each cluster that is used to extract data from incoming event messages and to prepare event records from event messages that more efficiently and accessible store event information. The parsing functions also provide an alternative basis for assignment of event massages to clusters.

Abstract translation: 当前的文档涉及用于处理，分类和有效地存储在现代计算系统中生成的大量事件消息的方法和系统。 在公开的实现中，基于在事件消息内标识的非参数令牌将接收到的事件消息分配给事件消息群集。 为每个集群生成解析函数，用于从传入事件消息中提取数据，并从事件消息准备更有效和可访问的事件记录存储事件信息。 解析功能还提供了将事件按摩分配给集群的替代基础。

公开(公告)号：US11016870B2

公开(公告)日：2021-05-25

申请号：US16419174

申请日：2019-05-22

Applicant: VMware, Inc.

Inventor： Keshav Mathur ,  Jinyi Lu ,  Paul Pedersen ,  Junyuan Lin ,  Darren Brown ,  Peng Gao ,  Leah Nutman ,  Xing Wang

IPC: G06F9/50 ,  G06F11/34 ,  G06N5/04 ,  G06F11/30

Abstract: Various examples are disclosed for forecasting resource usage and computing capacity utilizing an exponential decay. In some examples, a computing environment can obtain usage measurements from a data stream over a time interval, where the usage measurements describe utilization of computing resource. The computing environment can generate a weight function for individual ones of the usage measurements, where the weight function exponentially decays the usage measurements based on a respective time period at which the usage measurements were obtained. The computing environment can forecast a future capacity of the computing resources based on the usage measurements and the weight function assigned to the individual ones of the usage measurements. The computing environment can further upgrade a forecast engine to use the exponential decay without resetting the forecast engine or its memory.

公开(公告)号：US20190163603A1

公开(公告)日：2019-05-30

申请号：US15824781

申请日：2017-11-28

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Nicholas Kushmerick ,  Junyuan Lin

IPC: G06F11/34 ,  G06F11/30 ,  G06F11/07

Abstract: This disclosure is directed to tagging tokens or sequences of tokens in log messages generated by a logging source. Event types of log messages in a block of log messages are collected. A series of tagging operations are applied to each log message in the block. For each tagging operation, event types that are qualified to receive the corresponding tag are identified. When a log message is received, the event type is determined and compared with the event types of the block in order to identify a matching event type. The series of tagging operations are applied to the log message to generate a tagged log message with the restriction that each tagging operation only applies a tag to token or sequences of tokens when the event type is qualified to receive the tag. The tagged log message is stored in a data-storage device.

公开(公告)号：US20190155953A1

公开(公告)日：2019-05-23

申请号：US15816434

申请日：2017-11-17

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Nicholas Kushmerick ,  Mayank Agarwal ,  Junyuan Lin

IPC: G06F17/30

Abstract: The current document is directed to systems, and methods incorporated within the systems, that execute queries against log-file entries. A monitoring subsystem within a distributed computer system uses query results during analysis of log-file entries in order to detect changes in the state of the distributed computer system, identify problems or potential problems, and predict and forecast system characteristics. Because of the large numbers of log-file-entry containers that may need to be opened and processed in order to execute a single query, and because opening and reading through the entries in a log-file-entry container is a computationally expensive and time-consuming operation, the currently disclosed systems employ event-type metadata associated with log-file-entry containers to avoid opening and reading through the log-file entries of log-file-entry containers that do not contain log-file entries with event types relevant to the query.