公开(公告)号：US10402253B2

公开(公告)日：2019-09-03

申请号：US15607944

申请日：2017-05-30

Applicant: VMware, Inc.

Inventor： Ashot Nshan Harutyunyan ,  Arnak Poghosyan ,  Naira Movses Grigoryan ,  Nicholas Kushmerick ,  Harutyun Beybutyan

IPC: G06F11/07

Abstract: Methods and systems are directed to detecting and classifying changes in a distributed computing system. Divergence value are computed from distributions of different types of event messages generated in time intervals of a sliding time window. Each divergence value is a measure of change in types of events generated in each time interval. When a divergence value, or a rate of change in divergence values, exceeds a threshold, the time interval associated with the threshold violation is used to determine a change point in the operation of the distributed computing system. Based on the change point, a start time of the change is determined. The change is classified based on various previously classified change points in the disturbed computing system. A recommendation may be generated to address the change based on the classification of the change.

公开(公告)号：US10268534B2

公开(公告)日：2019-04-23

申请号：US15366640

申请日：2016-12-01

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Jeremy OlmstedThompson ,  Nicholas Kushmerick

IPC: G06F11/00 ,  G06F11/07 ,  G06F17/30

Abstract: Methods and systems to narrow a search for potential sources of problems in a distributed computing system are described. A volatile event type of event messages recorded in an event-log file is identified. The volatile event type is an event type that may have unexpectedly increased in frequency over an observation time window. An historical period of time may be selected to search for potential sources of the volatile event type. Frequencies of event messages in the event-log file with the same event type as the volatile event type are determined for time intervals of the historical period of time. A time interval of the historical period of time with a largest increase in frequency of event messages is identified. A list of event messages of the event-log file in a selected sub-time interval of the sub-time intervals of the time interval are displayed in a graphical user interface.

公开(公告)号：US20180367434A1

公开(公告)日：2018-12-20

申请号：US15628333

申请日：2017-06-20

Applicant: VMware, Inc.

Inventor： Nicholas Kushmerick ,  Vardan Movsisyan ,  Steven Flanders

IPC: H04L12/26 ,  H04W72/04 ,  H04L12/24

Abstract: Methods and systems automatically adjusting resources and monitoring configurations of objects of a distributed computing system in response to changes to application programs. Methods search event messages for information indicating a change in execution of an object. The information is used to determine resource allocation rules of infrastructure resources by and a monitoring configuration for the object. Expected impacts on the infrastructure resource are determined from the rules. When an expected impact is greater than an associated impact threshold, use of the infrastructure resources may be adjusted to accommodate the changes. The adjustments include scaling up or down the infrastructure resources. When the object is a virtual object, the virtual object may be migrated from one server computer to another server computer within the distributed computer system. The monitoring configuration is used to adjust tools that monitor the objects of the distributed computing system.

公开(公告)号：US20180349221A1

公开(公告)日：2018-12-06

申请号：US15607944

申请日：2017-05-30

Applicant: VMware, Inc.

Inventor： Ashot Nshan Harutyunyan ,  Arnak Poghosyan ,  Naira Movses Grigoryan ,  Nicholas Kushmerick ,  Harutyun Beybutyan

IPC: G06F11/07 ,  G06F11/34

CPC classification number: G06F11/0781 ,  G06F11/0754 ,  G06F11/079

Abstract: Methods and systems are directed to detecting and classifying changes in a distributed computing system. Divergence value are computed from distributions of different types of event messages generated in time intervals of a sliding time window. Each divergence value is a measure of change in types of events generated in each time interval. When a divergence value, or a rate of change in divergence values, exceeds a threshold, the time interval associated with the threshold violation is used to determine a change point in the operation of the distributed computing system. Based on the change point, a start time of the change is determined. The change is classified based on various previously classified change points in the disturbed computing system. A recommendation may be generated to address the change based on the classification of the change.

公开(公告)号：US10061566B2

公开(公告)日：2018-08-28

申请号：US15286291

申请日：2016-10-05

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Nicholas Kushmerick ,  Matt Roy McLaughlin ,  Dhaval Gada ,  Junyuan Lin

IPC: G06F9/44 ,  G06F9/54 ,  G06F8/34

CPC classification number: G06F9/542 ,  G06F9/5077 ,  G06F11/362

Abstract: Methods and systems to identify log write instructions of a source code as potential sources of an event message of interest are described. Methods identify non-parametric tokens, such as text strings and natural language words and phrases, of an event message of interest. Candidate log write instructions and associated line numbers in a source code are identified. Non-parametric tokens of each event message of the one or more candidate log write instructions are determined. A confidence score is calculated for each candidate log write instruction based the number of non-parametric tokens the event message of interest and event message of the candidate log write instruction have in common. The candidate log write instructions are rank ordered based on the corresponding one or more confidence scores and the rank ordered candidate log write instructions and associated line numbers of the source code may be displayed in a graphical user interface.

公开(公告)号：US20230176859A1

公开(公告)日：2023-06-08

申请号：US17543343

申请日：2021-12-06

Applicant: VMware, Inc.

Inventor： Nicholas Kushmerick ,  Illia Pantechev

IPC: G06F8/70 ,  G06N3/04

CPC classification number: G06F8/70 ,  G06N3/0454

Abstract: This disclosure is directed to automated computer-implemented methods that predict behavior of a distributed application in response to a proposal to add a candidate application component to a distributed computing environment in which the distributed application is executed. The automated computer-implemented methods perform machine learning to predict whether the candidate application component will decrease performance of the distributed application. The candidate application component is automatically added to the distributed computing environment if the predicted performance of the distributed application is acceptable.

公开(公告)号：US11061796B2

公开(公告)日：2021-07-13

申请号：US16279043

申请日：2019-02-19

Applicant: VMware, Inc.

Inventor： Ashot Nshan Harutyunyan ,  Naira Movses Grigoryan ,  Arnak Poghosyan ,  Nicholas Kushmerick

IPC: H04L12/24 ,  G06F11/30 ,  G06F11/34 ,  G06N20/00 ,  G06F17/16 ,  H04L12/26

Abstract: Computational processes and systems are directed to detecting abnormally behaving objects of a distributed computing system. An object can be a physical or a virtual object, such as a server computer, application, VM, virtual network device, or container. Processes and systems identify a set of metrics associated with an object and compute an indicator metric from the set of metrics. The indicator metric is used to label time stamps that correspond to outlier metric values of the set of metrics. The metrics and outlier time stamps are used to compute rules by machine learning. Each rule corresponds to a subset or combination of metrics and represents specific threshold conditions for metric values. The rules are applied to run-time metric data of the metrics to detect run-time abnormal behavior of the object.

公开(公告)号：US11048608B2

公开(公告)日：2021-06-29

申请号：US14660461

申请日：2015-03-17

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Nicholas Kushmerick ,  Junyuan Lin ,  Matt Roy McLaughlin ,  Jon Herlocker

IPC: G06F11/34 ,  G06F11/07 ,  G06F11/30 ,  H04L29/08 ,  G06F17/40

Abstract: The current document is directed to systems, and methods incorporated within the systems, that carry out probability-distribution-based analysis of log-file entries. A monitoring subsystem within a distributed computer system uses probability-distribution-based analysis of log-file entries to detect changes in the state of the distributed computer system. A log-file-analysis subsystem within a distributed computer system uses probability-distribution-based analysis of log-file entries to identify subsets of log-file entries that predict anomalies and impending problems in the distributed computer system. In many implementations, a numerical comparison of probability distributions of log-file-entry types is used to detect state changes in the distributed computer system.

公开(公告)号：US10997009B2

公开(公告)日：2021-05-04

申请号：US16214272

申请日：2018-12-10

Applicant: VMware, Inc

Inventor： Arnak Poghosyan ,  Ashot Nshan Harutyunyan ,  Naira Movses Grigoryan ,  Nicholas Kushmerick

IPC: G06F11/00 ,  G06F11/07 ,  G06N20/00

Abstract: The current document is directed to methods and systems for detecting the occurrences of abnormal events and operational behaviors within the distributed computer system. The currently described methods and systems continuously collect metric data from various metric-data sources, generate a sequence of metric-data observations, each metric-data observation comprising a set of temporally aligned metric data, and employ principle-component analysis to transform the metric-data observations to facilitate reduction of the dimensionality of the metric-data observations. The currently described methods and systems then employ clustering methods to identify outlying transformed-metric-data observations, accordingly label the transformed metric-data observations to generate a training dataset, and then apply one or more of various types of machine-learning techniques to the training dataset in order to generate an abnormal-observation detector that can be used to detect, in real time, abnormal metric-data observations as they are generated within the distributed computing system.

公开(公告)号：US10810103B2

公开(公告)日：2020-10-20

申请号：US15379005

申请日：2016-12-14

Applicant: VMware, Inc.

Inventor： Junyuan Lin ,  Nicholas Kushmerick ,  Jon Herlocker

IPC: G06F16/00 ,  G06F11/34 ,  G06F11/30 ,  G06F16/25 ,  G06F16/28

Abstract: The current document is directed to methods and systems that process, classify, efficiently store, and display large volumes of event messages generated in modern computing systems. In a disclosed implementation, event messages are assigned types and transformed into event records with well-defined fields that contain field values. Recurring patterns of event messages, referred to as “transactions,” are identified within streams or sequences of time-associated event messages and streams or sequences of time-associated event records.