公开(公告)号：US20170163669A1

公开(公告)日：2017-06-08

申请号：US14963100

申请日：2015-12-08

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Junyuan Lin ,  Nicholas Kushmerick

IPC: H04L29/06 ,  G06N7/00 ,  H04L12/26

CPC classification number: H04L63/1425 ,  G06F21/552 ,  G06F21/57 ,  G06N7/005 ,  H04L41/0604 ,  H04L41/069 ,  H04L43/04 ,  H04L43/067 ,  H04L43/16

Abstract: Methods and systems that detect computer system anomalies based on log file sampling are described. Computers systems generate log files that record various types of operating system and software run events in event messages. For each computer system, a sample of event messages are collected in a first time interval and a sample of event messages are collected in a recent second time interval. Methods calculate a difference between the event messages collected in the first and second time intervals. When the difference is greater than a threshold, an alert is generated. The process of repeatedly collecting a sample of event messages in a recent time interval, calculating a difference between the event messages collected in the recent and previous time intervals, comparing the difference to the threshold, and generating an alert when the threshold is violated may be executed for each computer system of a cluster of computer systems.

公开(公告)号：US20230394076A1

公开(公告)日：2023-12-07

申请号：US17834152

申请日：2022-06-07

Applicant: VMware, Inc.

Inventor： Anil Sharma ,  Darren Brown ,  Pedro Algarvio ,  Caleb Beard

IPC: G06F16/35 ,  G06F16/901 ,  G06F16/31 ,  G06F16/33

CPC classification number: G06F16/355 ,  G06F16/9024 ,  G06F16/313 ,  G06F16/3347

Abstract: Computer-implemented processes and systems described herein are directed to reducing volumes of data sent from edge devices to a data center. Each edge device runs an agent that collects event information generated by event sources of the edge device in a runtime interval. Each agent reduces the event information to relevant event information at the edge device in accordance with instructions received from a controller server of the data center. The relevant event information contains less information than the event information. Each agent forwards the relevant event information over the internet to external services executed at the data center, where the relevant event information is stored in a data storage device of the data center.

公开(公告)号：US11748230B2

公开(公告)日：2023-09-05

申请号：US17325602

申请日：2021-05-20

Applicant: VMware, Inc.

Inventor： Keshav Mathur ,  Jinyi Lu ,  Paul Pedersen ,  Junyuan Lin ,  Darren Brown ,  Peng Gao ,  Leah Nutman ,  Xing Wang

IPC: G06F9/50 ,  G06F11/34 ,  G06N5/048 ,  G06F11/30

CPC classification number: G06F11/3442 ,  G06F9/5027 ,  G06F11/3006 ,  G06F11/3447 ,  G06N5/048

Abstract: Various examples are disclosed for transitioning usage forecasting in a computing environment. Usage of computing resources of a computing environment are forecasted using a first forecasting data model and usage measurements obtained from the computing resources. A use of the first forecasting data model in forecasting the usage is transitioned to a second forecasting data model without incurring downtime in the computing environment. After the transition, the usage of the computing resources of the computing environment is forecasted using the second forecasting data model and the usage measurements obtained from the computing resources. The second forecasting data model exponentially decays the usage measurements based on a respective time period at which the usage measurements were obtained.

公开(公告)号：US11316727B2

公开(公告)日：2022-04-26

申请号：US16827457

申请日：2020-03-23

Applicant: VMware, Inc.

Inventor： Nicholas Kushmerick ,  Matt Roy McLaughlin ,  Darren Brown ,  Junyuan Lin

IPC: G06F15/16 ,  H04L41/0604 ,  H04L67/10 ,  H04L41/069 ,  H04L67/131 ,  H04L41/22 ,  H04L67/75

Abstract: The current document is directed to methods and systems that process, classify, efficiently store, and display large volumes of event messages generated in modern computing systems. In a disclosed implementation, received event messages are assigned to event-message clusters based on non-parameter tokens identified within the event messages. A parsing function is generated for each cluster that is used to extract data from incoming event messages and to prepare event records from event messages that more efficiently and accessible store event information. The parsing functions also provide an alternative basis for assignment of event messages to clusters. Event types associated with the clusters are used for gathering information from various information sources with which to automatically annotate event messages displayed to system administrators, maintenance personnel, and other users of event messages.

公开(公告)号：US20210271581A1

公开(公告)日：2021-09-02

申请号：US17325602

申请日：2021-05-20

Applicant: VMware, Inc.

Inventor： Keshav Mathur ,  Jinyi Lu ,  Paul Pedersen ,  Junyuan Lin ,  Darren Brown ,  Peng Gao ,  Leah Nutman ,  Xing Wang

IPC: G06F11/34 ,  G06F9/50 ,  G06N5/04 ,  G06F11/30

Abstract: Various examples are disclosed for transitioning usage forecasting in a computing environment. Usage of computing resources of a computing environment are forecasted using a first forecasting data model and usage measurements obtained from the computing resources. A use of the first forecasting data model in forecasting the usage is transitioned to a second forecasting data model without incurring downtime in the computing environment. After the transition, the usage of the computing resources of the computing environment is forecasted using the second forecasting data model and the usage measurements obtained from the computing resources. The second forecasting data model exponentially decays the usage measurements based on a respective time period at which the usage measurements were obtained.

公开(公告)号：US20210144164A1

公开(公告)日：2021-05-13

申请号：US16682255

申请日：2019-11-13

Applicant: VMware, Inc.

Inventor： Keshav Mathur ,  Jinyi Lu ,  Xing Wang ,  Darren Brown ,  Peng Gao ,  Junyuan Lin ,  Paul Pedersen

IPC: H04L29/06 ,  H04L12/26 ,  H04L12/24 ,  H04L29/08

Abstract: Computational methods and systems to detect anomalous behaving resources and objects of a distributed computing system are described. Multiple streams of metric data representing usage of various resources of the distributed computing system are sent to a management system of the distributed computing system. The management system updates a performance model based on newly received metric values of the streams of metric data. The updated performance model is used to detect changes in one or more of the streams of metric data. The changes may be an indication of anomalous behavior at resources and objects associated with the streams of metric data. An anomaly listener is notified of anomalous behavior by the resource or object when a change in one or more of the streams of metric data is detected.

公开(公告)号：US20210141900A1

公开(公告)日：2021-05-13

申请号：US16682549

申请日：2019-11-13

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Paul Pedersen ,  Keshav Mathur ,  Junyuan Lin ,  Nicholas Kushmerick ,  Jinyi Lu ,  Xing Wang ,  Peng Gao

IPC: G06F21/56

Abstract: Computational methods and systems for detecting and troubleshooting anomalous behavior in distributed applications executing in a distributed computing system are described herein. Methods and systems discover nodes comprising the application. Anomaly detection monitors the metrics associated with the nodes for anomalous behavior in order to identify an approximate point in time when anomalous behavior begins to adversely impact performance of the application. Anomaly detection also monitors logs messages associated with the nodes to detect anomalous behavior recorded in the log messages. When anomalous behavior is detected in either the metrics and/or the log messages an alert identifying the anomalous behavior is generated. Troubleshooting guides an administrator and/or application owner to investigate the root cause of the anomalous behavior. Appropriate remedial measures may be determined based on the root cause and automatically or manually executed to correct the problem.

公开(公告)号：US10776166B2

公开(公告)日：2020-09-15

申请号：US15951523

申请日：2018-04-12

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Junyuan Lin ,  Paul Pedersen ,  Keshav Mathur ,  Leah Nutman ,  Peng Gao ,  Xing Wang

IPC: G06F9/46 ,  G06F9/50 ,  G06N7/00

Abstract: Computational methods and systems that proactively manage usage of computational resources of a distributed computing system are described. A sequence of metric data representing usage of a resource is detrended to obtain a sequence of non-trendy metric data. Stochastic process models, a pulse wave model and a seasonal model of the sequence of non-trendy metric data are computed. When a forecast request is received, a sequence of forecasted metric data is computed over a forecast interval based on the estimated trend and one of the pulse wave or seasonal model that matches the periodicity of the sequence of non-trendy metric data. Alternatively, the sequence of forecasted metric data is computed based on the estimated trend and the stochastic process model with a smallest accumulated residual error. Usage of the resource by virtual objects of the distributed computing system may be adjusted based on the sequence of forecasted metric data.

公开(公告)号：US10740211B2

公开(公告)日：2020-08-11

申请号：US15824781

申请日：2017-11-28

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Nicholas Kushmerick ,  Junyuan Lin

IPC: G06F11/34 ,  G06F11/30 ,  G06F11/07

Abstract: This disclosure is directed to tagging tokens or sequences of tokens in log messages generated by a logging source. Event types of log messages in a block of log messages are collected. A series of tagging operations are applied to each log message in the block. For each tagging operation, event types that are qualified to receive the corresponding tag are identified. When a log message is received, the event type is determined and compared with the event types of the block in order to identify a matching event type. The series of tagging operations are applied to the log message to generate a tagged log message with the restriction that each tagging operation only applies a tag to token or sequences of tokens when the event type is qualified to receive the tag. The tagged log message is stored in a data-storage device.

公开(公告)号：US20190340057A1

公开(公告)日：2019-11-07

申请号：US15971644

申请日：2018-05-04

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Ron Oded Gery

IPC: G06F11/07

Abstract: Computational methods and systems described herein are directed to compounding alerts generated in a distributed computing system. A user or system administrator may define a set of multistage process rules that can be used by a log management server application to examine log messages generated by event sources of a multistage process for alerts. A log-message database is searched to identify a log-message file used to record log messages generated by the event sources. A single compound alert indicating that the multistage process rules are satisfied is generated, when log messages of the log-message file that satisfy the rules of the multistage process rules have been identified. Methods may also execute remedial action to correct the multistate process when log messages of the log-message file fail to satisfy at least one rule of the multistage process rules.