公开(公告)号：US11016870B2

公开(公告)日：2021-05-25

申请号：US16419174

申请日：2019-05-22

Applicant: VMware, Inc.

Inventor： Keshav Mathur ,  Jinyi Lu ,  Paul Pedersen ,  Junyuan Lin ,  Darren Brown ,  Peng Gao ,  Leah Nutman ,  Xing Wang

IPC: G06F9/50 ,  G06F11/34 ,  G06N5/04 ,  G06F11/30

Abstract: Various examples are disclosed for forecasting resource usage and computing capacity utilizing an exponential decay. In some examples, a computing environment can obtain usage measurements from a data stream over a time interval, where the usage measurements describe utilization of computing resource. The computing environment can generate a weight function for individual ones of the usage measurements, where the weight function exponentially decays the usage measurements based on a respective time period at which the usage measurements were obtained. The computing environment can forecast a future capacity of the computing resources based on the usage measurements and the weight function assigned to the individual ones of the usage measurements. The computing environment can further upgrade a forecast engine to use the exponential decay without resetting the forecast engine or its memory.

公开(公告)号：US20190163603A1

公开(公告)日：2019-05-30

申请号：US15824781

申请日：2017-11-28

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Nicholas Kushmerick ,  Junyuan Lin

IPC: G06F11/34 ,  G06F11/30 ,  G06F11/07

Abstract: This disclosure is directed to tagging tokens or sequences of tokens in log messages generated by a logging source. Event types of log messages in a block of log messages are collected. A series of tagging operations are applied to each log message in the block. For each tagging operation, event types that are qualified to receive the corresponding tag are identified. When a log message is received, the event type is determined and compared with the event types of the block in order to identify a matching event type. The series of tagging operations are applied to the log message to generate a tagged log message with the restriction that each tagging operation only applies a tag to token or sequences of tokens when the event type is qualified to receive the tag. The tagged log message is stored in a data-storage device.

公开(公告)号：US20190155953A1

公开(公告)日：2019-05-23

申请号：US15816434

申请日：2017-11-17

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Nicholas Kushmerick ,  Mayank Agarwal ,  Junyuan Lin

IPC: G06F17/30

Abstract: The current document is directed to systems, and methods incorporated within the systems, that execute queries against log-file entries. A monitoring subsystem within a distributed computer system uses query results during analysis of log-file entries in order to detect changes in the state of the distributed computer system, identify problems or potential problems, and predict and forecast system characteristics. Because of the large numbers of log-file-entry containers that may need to be opened and processed in order to execute a single query, and because opening and reading through the entries in a log-file-entry container is a computationally expensive and time-consuming operation, the currently disclosed systems employ event-type metadata associated with log-file-entry containers to avoid opening and reading through the log-file entries of log-file-entry containers that do not contain log-file entries with event types relevant to the query.

公开(公告)号：US10116675B2

公开(公告)日：2018-10-30

申请号：US14963100

申请日：2015-12-08

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Junyuan Lin ,  Nicholas Kushmerick

IPC: G06F21/00 ,  H04L29/06 ,  H04L12/26 ,  G06N7/00

Abstract: Methods and systems that detect computer system anomalies based on log file sampling are described. Computers systems generate log files that record various types of operating system and software run events in event messages. For each computer system, a sample of event messages are collected in a first time interval and a sample of event messages are collected in a recent second time interval. Methods calculate a difference between the event messages collected in the first and second time intervals. When the difference is greater than a threshold, an alert is generated. The process of repeatedly collecting a sample of event messages in a recent time interval, calculating a difference between the event messages collected in the recent and previous time intervals, comparing the difference to the threshold, and generating an alert when the threshold is violated may be executed for each computer system of a cluster of computer systems.

公开(公告)号：US20160379480A1

公开(公告)日：2016-12-29

申请号：US14753727

申请日：2015-06-29

Applicant: VMware, Inc.

Inventor： Jeremy OlmstedThompson ,  Darren Brown

IPC: G08B29/18 ,  G06F17/30 ,  G06F9/455

CPC classification number: G06F11/0766 ,  G06F9/45558 ,  G06F9/54 ,  G06F9/542 ,  G06F9/546 ,  G06F11/00 ,  G06F11/07 ,  G06F11/0784 ,  G06F11/0787 ,  G06F11/0793 ,  G06F2009/45579 ,  G06F2009/45591 ,  G08B29/18

Abstract: The present disclosure is related to systems, methods, and non-transitory machine readable media for alerting with duplicate suppression. An example non-transitory machine readable medium can store instructions executable by a processing resource to cause a computing system to receive an alert at a first virtual computing instance (VCI) from a second VCI, compare the alert with at least one previously received alert to determine if the alert is a duplicate alert, and send the alert to an alert notification queue associated with the first VCI in response to a determination that the alert is not a duplicate alert. In some embodiments, the medium can store instructions to confirm that the alert has been sent in response to the determination that the alert is a duplicate alert.

Abstract translation: 本公开涉及用于以重复抑制进行警报的系统，方法和非暂时机器可读介质。 示例性非暂时机器可读介质可以存储可由处理资源执行的指令，以使得计算系统从第二VCI在第一虚拟计算实例（VCI）处接收警报，将警报与至少一个先前接收到的警报进行比较 确定警报是否是重复警报，并且响应于确定警报不是重复警报，将警报发送到与第一VCI相关联的警报通知队列。 在一些实施例中，所述介质可以存储指令以确认所述警报已经响应于所述警报是重复警报的确定被发送。

公开(公告)号：US20160373293A1

公开(公告)日：2016-12-22

申请号：US15251481

申请日：2016-08-30

Applicant: VMware, Inc.

Inventor： Nicholas Kushmerick ,  Matt Roy McLaughlin ,  Darren Brown ,  Junyuan Lin

IPC: H04L12/24 ,  H04L29/08

CPC classification number: H04L41/0613 ,  H04L41/069 ,  H04L41/22 ,  H04L67/10 ,  H04L67/36 ,  H04L67/38

Abstract: The current document is directed to methods and systems that process, classify, efficiently store, and display large volumes of event messages generated in modern computing systems. In a disclosed implementation, received event messages are assigned to event-message clusters based on non-parameter tokens identified within the event messages. A parsing function is generated for each cluster that is used to extract data from incoming event messages and to prepare event records from event messages that more efficiently and accessible store event information. The parsing functions also provide an alternative basis for assignment of event messages to clusters. Event types associated with the clusters are used for gathering information from various information sources with which to automatically annotate event messages displayed to system administrators, maintenance personnel, and other users of event messages.

Abstract translation: 当前文档针对的是处理，分类，高效地存储和显示在现代计算系统中生成的大量事件消息的方法和系统。 在公开的实现中，基于在事件消息内标识的非参数令牌将接收到的事件消息分配给事件消息群集。 为每个集群生成解析函数，用于从传入事件消息中提取数据，并从事件消息准备更有效和可访问的事件记录存储事件信息。 解析功能还提供了将事件消息分配给集群的替代基础。 与集群相关联的事件类型用于从各种信息源收集信息，从而自动注释向系统管理员，维护人员和事件消息的其他用户显示的事件消息。

公开(公告)号：US11863466B2

公开(公告)日：2024-01-02

申请号：US17540288

申请日：2021-12-02

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Paul Pedersen

IPC: H04L47/80 ,  H04L47/74 ,  H04L41/22 ,  H04L47/70 ,  H04L47/78

CPC classification number: H04L47/808 ,  H04L41/22 ,  H04L47/745 ,  H04L47/781 ,  H04L47/823

Abstract: Examples herein include systems and methods for providing capacity forecasting for high-usage periods of a computing infrastructure. An example method can include segmenting a first portion of a data stream and generating a first core set for a forecasting model that predicts future usage of computing resources. The example method can further include segmenting a second portion of the data stream, generating a second core set, and using both core sets to forecast usage. The first core set can then be phased out after a predetermined time period has elapsed such that forecasting is based only on the second core set. The example method can further include defining at least two clusters of data and performing predictive analysis on that specific cluster. Cluster-specific results can be displayed on a GUI, which can also provide a user with options for increase or decrease computing resources based on the predictions.

公开(公告)号：US20210382770A1

公开(公告)日：2021-12-09

申请号：US16893778

申请日：2020-06-05

Applicant: VMware, Inc.

Inventor： Jinyi Lu ,  Xing Wang ,  Shafi Khan ,  Apolak Borthakur ,  Paul Pedersen ,  Darren Brown ,  Gopal Harikumar

IPC: G06F11/07 ,  G06F11/30 ,  G06K9/62 ,  G06K9/68

Abstract: Automated methods and systems described herein are directed to identifying potential root causes of a problem in a data center. Methods and systems receipt an alert or other notification of a problem occurring in a data center and a time when the problem was noticed. A search window is created based on the time and a stream of log messages generated in the search window is converted into a time dependent metric. An anomaly detection technique is applied to the metric to determine a start time of a problem. Logging events and key phrases in the log messages are identified in the search window and presented as potential root causes of the problem. The potential root cause may then be used by system administrators and/or tenants to diagnose the problem and execute remedial measures to correct the problem.

公开(公告)号：US10853160B2

公开(公告)日：2020-12-01

申请号：US15971762

申请日：2018-05-04

Applicant: VMware, Inc.

Inventor： Darren Brown

IPC: G06F11/07

Abstract: Computational methods and systems described herein manage alerts generated by event sources that run in a distributed computing system. Methods and system provide a graphical user interface that enables a user to define a dominant alert and select subsumed alerts generated by the event sources. Methods and systems may also compute a relative fraction that represents a number of times each alert is triggered with respect to a number of times another alert is triggered for each pair of alerts. The relative fractions may be displayed in the graphical user interface to allow a user to select dominant and subsumed alerts based on the relative fractions. Methods and systems identify log messages that correspond to user-identified subsumed alerts, suppress subsumed alerts and generate the dominant alert. Methods and systems may also execute remedial action to correct the problem represented by the dominant alert.

公开(公告)号：US20200371896A1

公开(公告)日：2020-11-26

申请号：US16419174

申请日：2019-05-22

Applicant: VMware, Inc.

Inventor： Keshav Mathur ,  Jinyi Lu ,  Paul Pedersen ,  Junyuan Lin ,  Darren Brown ,  Peng Gao ,  Leah Nutman ,  Xing Wang

IPC: G06F11/34 ,  G06F9/50 ,  G06F11/30 ,  G06N5/04

Abstract: Various examples are disclosed for forecasting resource usage and computing capacity utilizing an exponential decay. In some examples, a computing environment can obtain usage measurements from a data stream over a time interval, where the usage measurements describe utilization of computing resource. The computing environment can generate a weight function for individual ones of the usage measurements, where the weight function exponentially decays the usage measurements based on a respective time period at which the usage measurements were obtained. The computing environment can forecast a future capacity of the computing resources based on the usage measurements and the weight function assigned to the individual ones of the usage measurements. The computing environment can further upgrade a forecast engine to use the exponential decay without resetting the forecast engine or its memory.