公开(公告)号：US20180095610A1

公开(公告)日：2018-04-05

申请号：US15286366

申请日：2016-10-05

Applicant: VMware, Inc.

Inventor： Udi Wieder ,  Dahlia Malkhi ,  Eric Schkufza ,  Mayank Agarwal ,  Nicholas Kushmerick ,  Ramses Morales

IPC: G06F3/0482 ,  G06F3/0485 ,  G06F17/30

CPC classification number: G06F3/0482 ,  G06F3/04855 ,  G06F16/188

Abstract: Methods and systems to sample event messages are described. As event messages are generated by one or more sources, the event messages are stored in a storage queue. An event message policy that represents conditions for storing event messages in a sample log file are input. For each event message output from the storage queue, the event message may be stored in a sample log file when one or more of the conditions of the event message policy are satisfied. The event messages of the sample log file may be displayed in a graphical user interface that enables a user to change the event message policy.

公开(公告)号：US20160277268A1

公开(公告)日：2016-09-22

申请号：US14660461

申请日：2015-03-17

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Nicholas Kushmerick ,  Junyuan Lin ,  Matt Roy McLaughlin ,  Jon Herlocker

IPC: H04L12/26 ,  H04L29/08

CPC classification number: H04L67/10 ,  G06F9/50 ,  G06F11/0778 ,  G06F11/3006 ,  G06F11/3452 ,  G06F11/3476 ,  G06F2201/86 ,  H04L41/142 ,  H04L43/04

Abstract: The current document is directed to systems, and methods incorporated within the systems, that carry out probability-distribution-based analysis of log-file entries. A monitoring subsystem within a distributed computer system uses probability-distribution-based analysis of log-file entries to detect changes in the state of the distributed computer system. A log-file-analysis subsystem within a distributed computer system uses probability-distribution-based analysis of log-file entries to identify subsets of log-file entries that predict anomalies and impending problems in the distributed computer system. In many implementations, a numerical comparison of probability distributions of log-file-entry types is used to detect state changes in the distributed computer system.

Abstract translation: 当前的文档针对系统和整合在系统中的方法，其对日志文件条目进行基于概率分布的分析。 分布式计算机系统中的监控子系统使用基于概率分布的日志文件条目分析来检测分布式计算机系统状态的变化。 分布式计算机系统中的日志文件分析子系统使用基于概率分布的日志文件条目分析来识别分布式计算机系统中预测异常和即将发生的问题的日志文件条目的子集。 在许多实现中，使用日志文件入口类型的概率分布的数值比较来检测分布式计算机系统中的状态变化。

公开(公告)号：US20150372855A1

公开(公告)日：2015-12-24

申请号：US14313802

申请日：2014-06-24

Applicant: VMware, Inc.

Inventor： Nicholas Kushmerick ,  Junyuan Lin

IPC: H04L12/24 ,  H04L29/08

CPC classification number: H04L41/0613 ,  H04L41/069 ,  H04L67/10 ,  H04L67/38

Abstract: The current document is directed to methods and systems for processing, classifying, and efficiently storing large volumes of event messages generated in modern computing systems. In a disclosed implementation, received event messages are normalized to identify non-parameter tokens within the event messages. The non-parameter event tokens are used to compute a metric for each event message. The metrics are used, in turn, to identify a type-associated cluster to which to assign each received event message. The type-associated clusters are created dynamically as streams of event messages are processed. The type-associated clusters may be dynamically split and merged to refine event-message typing.

Abstract translation: 当前的文档涉及用于处理，分类和有效地存储在现代计算系统中生成的大量事件消息的方法和系统。 在公开的实现中，接收的事件消息被归一化以识别事件消息内的非参数令牌。 非参数事件令牌用于计算每个事件消息的度量。 反之，使用度量来标识分配每个接收的事件消息的类型相关联的群集。 随着事件消息流的处理，动态地创建类型关联的集群。 类型关联的集群可以被动态地分割和合并以改进事件消息类型。

公开(公告)号：US20220374702A1

公开(公告)日：2022-11-24

申请号：US17308349

申请日：2021-05-05

Applicant: VMware, Inc.

Inventor： Nicholas Kushmerick ,  Ilia Pantechev ,  Nikhil Khani

IPC: G06N3/08 ,  G06N3/04

Abstract: Computational methods and systems described herein are directed to predicting behavior of a distributed application in response to proposed changes to the distributed application and/or proposed changes to a distributed computing system in which the distributed application is running. A training set of graphs of a distributed computing environment of the distributed application is constructed. Each graph represents a state of the distributed computing environment at a point in time. Machine learning techniques train a neural network (“NN”) model that outputs key performance indicators (“KPIs”) of the distributed application in response to changes to the distributed computing environment. When a user proposes a change, the NN model predicts KPIs that indicate how the distributed application is impacted by the proposed change. Predicted KPIs are compared with KPIs that represent current performance of the distributed application to determine whether the proposed change is expected to improve performance of the distributed application.

公开(公告)号：US11347373B2

公开(公告)日：2022-05-31

申请号：US15286366

申请日：2016-10-05

Applicant: VMware, Inc.

Inventor： Udi Wieder ,  Dahlia Malkhi ,  Eric Schkufza ,  Mayank Agarwal ,  Nicholas Kushmerick ,  Ramses Morales

IPC: G06F3/0482 ,  G06F3/04855 ,  G06F16/188

Abstract: Methods and systems to sample event messages are described. As event messages are generated by one or more sources, the event messages are stored in a storage queue. An event message policy that represents conditions for storing event messages in a sample log file are input. For each event message output from the storage queue, the event message may be stored in a sample log file when one or more of the conditions of the event message policy are satisfied. The event messages of the sample log file may be displayed in a graphical user interface that enables a user to change the event message policy.

公开(公告)号：US20200341877A1

公开(公告)日：2020-10-29

申请号：US16391668

申请日：2019-04-23

Applicant: VMware, Inc.

Inventor： Arnak Poghosyan ,  Ashot Nshan Harutyunyan ,  Naira Movses Grigoryan ,  Nicholas Kushmerick

IPC: G06F11/30 ,  G06F17/18

Abstract: Automated processes and systems for detecting abnormally behaving objects of a distributed computing system are described. Processes and systems obtain metrics that are generated in a historical time window and are associated with an object of the distributed computing system. Processes and system use the metrics to compute a time-dependent system indicator over the historical time window. Each value of the system indicator corresponds to a point in time of the historical time window when the object was in a normal or an abnormal state. Processes and systems use the normal and abnormal states of the system indicator in the historical time window to train a state classifier that is used to detect run-time abnormal behavior of the object. When the state classifier identifies abnormal behavior of the object, an alert is generated, indicating the abnormal behavior of the object.

公开(公告)号：US10776439B2

公开(公告)日：2020-09-15

申请号：US15816434

申请日：2017-11-17

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Nicholas Kushmerick ,  Mayank Agarwal ,  Junyuan Lin

IPC: G06F16/9535 ,  G06F16/27 ,  G06F16/9038 ,  G06F16/188 ,  G06F16/17 ,  G06F16/11 ,  G06F16/23 ,  G06F16/245

Abstract: The current document is directed to systems, and methods incorporated within the systems, that execute queries against log-file entries. A monitoring subsystem within a distributed computer system uses query results during analysis of log-file entries in order to detect changes in the state of the distributed computer system, identify problems or potential problems, and predict and forecast system characteristics. Because of the large numbers of log-file-entry containers that may need to be opened and processed in order to execute a single query, and because opening and reading through the entries in a log-file-entry container is a computationally expensive and time-consuming operation, the currently disclosed systems employ event-type metadata associated with log-file-entry containers to avoid opening and reading through the log-file entries of log-file-entry containers that do not contain log-file entries with event types relevant to the query.

公开(公告)号：US10509712B2

公开(公告)日：2019-12-17

申请号：US15828227

申请日：2017-11-30

Applicant: VMware, Inc.

Inventor： Ashot Nshan Harutyunyan ,  Arnak Poghosyan ,  Nicholas Kushmerick ,  Naira Movses Grigoryan

IPC: G06F21/55 ,  G06F11/30 ,  G06F9/54 ,  H04L12/24 ,  H04L12/26

Abstract: Automated methods and systems to determine a baseline event-type distribution of an event source and use the baseline event type distribution to detect changes in the behavior of the event source are described. In one implementation, blocks of event messages generated by the event source are collected and an event-type distribution is computed for each of block of event messages. Candidate baseline event-type distributions are determined from the event-type distributions. The candidate baseline event-type distribution has the largest entropy of the event-type distributions. A normal discrepancy radius of the event-type distributions is computed from the baseline event-type distribution and the event-type distributions. A block of run-time event messages generated by the event source is collected. A run-time event-type distribution is computed from the block of run-time event messages. When the run-time event-type distribution is outside the normal discrepancy radius, an alert is generated indicating abnormal behavior of the event source.

公开(公告)号：US10205627B2

公开(公告)日：2019-02-12

申请号：US14313802

申请日：2014-06-24

Applicant: VMware, Inc.

Inventor： Nicholas Kushmerick ,  Junyuan Lin

IPC: G06F15/16 ,  H04L12/24 ,  H04L29/08 ,  H04L29/06

Abstract: The current document is directed to methods and systems for processing, classifying, and efficiently storing large volumes of event messages generated in modern computing systems. In a disclosed implementation, received event messages are normalized to identify non-parameter tokens within the event messages. The non-parameter event tokens are used to compute a metric for each event message. The metrics are used, in turn, to identify a type-associated cluster to which to assign each received event message. The type-associated clusters are created dynamically as streams of event messages are processed. The type-associated clusters may be dynamically split and merged to refine event-message typing.

公开(公告)号：US20180365044A1

公开(公告)日：2018-12-20

申请号：US15628369

申请日：2017-06-20

Applicant: VMware, Inc.

Inventor： Vardan Movsisyan ,  Nicholas Kushmerick

IPC: G06F9/455 ,  H04L12/26 ,  H04W72/04 ,  H04L12/24

Abstract: Methods and systems adjust resources and monitoring configuration of a monitoring tool and auxiliary servers of a distributed computing system. Any new virtual object installed in the distributed computing system or change in functionality of an existing virtual object of the distributed computing system is identified. Expected configuration rules and resource allocation rules are determined for the virtual object. The expected configured rules are used to adjust a monitoring configuration of the monitoring tool. The resource allocation rules are used to adjust the infrastructure resources available to the monitoring tool. When the virtual object creates a change in demand for auxiliary services, corresponding auxiliary servers are installed, removed, or changed in the distributed computing system. Resource allocated rules and expected configuration rules are determined for the auxiliary servers and used to adjust the infrastructure resources and monitoring configuration of the monitoring tool. Methods optimize distributions of virtual objects.