公开(公告)号：US20200264965A1

公开(公告)日：2020-08-20

申请号：US16279043

申请日：2019-02-19

Applicant: VMware, Inc.

Inventor： Ashot Nshan Harutyunyan ,  Naira Movses Grigoryan ,  Arnak Poghosyan ,  Nicholas Kushmerick

IPC: G06F11/34 ,  H04L12/24 ,  H04L12/26 ,  G06N20/00 ,  G06F17/16

Abstract: Computational processes and systems are directed to detecting abnormally behaving objects of a distributed computing system. An object can be a physical or a virtual object, such as a server computer, application, VM, virtual network device, or container. Processes and systems identify a set of metrics associated with an object and compute an indicator metric from the set of metrics. The indicator metric is used to label time stamps that correspond to outlier metric values of the set of metrics. The metrics and outlier time stamps are used to compute rules by machine learning. Each rule corresponds to a subset or combination of metrics and represents specific threshold conditions for metric values. The rules are applied to run-time metric data of the metrics to detect run-time abnormal behavior of the object.

公开(公告)号：US20200228392A1

公开(公告)日：2020-07-16

申请号：US16827457

申请日：2020-03-23

Applicant: VMware, Inc.

Inventor： Nicholas Kushmerick ,  Matt Roy McLaughlin ,  Darren Brown ,  Junyuan Lin

IPC: H04L12/24 ,  H04L29/08 ,  H04L29/06

Abstract: The current document is directed to methods and systems that process, classify, efficiently store, and display large volumes of event messages generated in modern computing systems. In a disclosed implementation, received event messages are assigned to event-message clusters based on non-parameter tokens identified within the event messages. A parsing function is generated for each cluster that is used to extract data from incoming event messages and to prepare event records from event messages that more efficiently and accessible store event information. The parsing functions also provide an alternative basis for assignment of event messages to clusters. Event types associated with the clusters are used for gathering information from various information sources with which to automatically annotate event messages displayed to system administrators, maintenance personnel, and other users of event messages.

公开(公告)号：US20180165142A1

公开(公告)日：2018-06-14

申请号：US15375386

申请日：2016-12-12

Applicant: VMware, Inc.

Inventor： Ashot Nshan Harutyunyan ,  Nicholas Kushmerick ,  Arnak Poghosyan ,  Naira Movses Grigoryan ,  Vardan Movsisyan

IPC: G06F11/07

Abstract: Methods and system described herein are directed to identifying anomalous behaving components of a distributed computing system. Methods and system collect log messages generated by a set of event log source running in the distributed computing system within an observation time window. Frequencies of various types of event messages generated within the observation time window are determined for each of the log sources. A similarity value is calculated for each pair of event sources. The similarity values are used to identify similar clusters of event sources of the distributed computing system for various management purposes. Components of the distributed computing system that are used to host the event source outliers may be identified as potentially having problems or may be an indication of future problems.

公开(公告)号：US20170163669A1

公开(公告)日：2017-06-08

申请号：US14963100

申请日：2015-12-08

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Junyuan Lin ,  Nicholas Kushmerick

IPC: H04L29/06 ,  G06N7/00 ,  H04L12/26

CPC classification number: H04L63/1425 ,  G06F21/552 ,  G06F21/57 ,  G06N7/005 ,  H04L41/0604 ,  H04L41/069 ,  H04L43/04 ,  H04L43/067 ,  H04L43/16

Abstract: Methods and systems that detect computer system anomalies based on log file sampling are described. Computers systems generate log files that record various types of operating system and software run events in event messages. For each computer system, a sample of event messages are collected in a first time interval and a sample of event messages are collected in a recent second time interval. Methods calculate a difference between the event messages collected in the first and second time intervals. When the difference is greater than a threshold, an alert is generated. The process of repeatedly collecting a sample of event messages in a recent time interval, calculating a difference between the event messages collected in the recent and previous time intervals, comparing the difference to the threshold, and generating an alert when the threshold is violated may be executed for each computer system of a cluster of computer systems.

公开(公告)号：US20150370885A1

公开(公告)日：2015-12-24

申请号：US14318968

申请日：2014-06-30

Applicant: VMware, Inc.

Inventor： Nicholas Kushmerick ,  Junyuan Lin

IPC: G06F17/30 ,  H04L12/26

CPC classification number: G06F17/30598 ,  G06F17/30424 ,  G06F17/30707 ,  H04L41/0604

Abstract: The current document is directed to methods and systems for processing, classifying, and efficiently storing large volumes of event messages generated in modern computing systems. In a disclosed implementation, received event messages are assigned to event-message clusters based on non-parameter tokens identified within the event messages. A parsing function is generated for each cluster that is used to extract data from incoming event messages and to prepare event records from event messages that more efficiently and accessible store event information. The parsing functions also provide an alternative basis for assignment of event massages to clusters.

Abstract translation: 当前的文档涉及用于处理，分类和有效地存储在现代计算系统中生成的大量事件消息的方法和系统。 在公开的实现中，基于在事件消息内标识的非参数令牌将接收到的事件消息分配给事件消息群集。 为每个集群生成解析函数，用于从传入事件消息中提取数据，并从事件消息准备更有效和可访问的事件记录存储事件信息。 解析功能还提供了将事件按摩分配给集群的替代基础。