公开(公告)号：US11640465B2

公开(公告)日：2023-05-02

申请号：US16682549

申请日：2019-11-13

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Paul Pedersen ,  Keshav Mathur ,  Junyuan Lin ,  Nicholas Kushmerick ,  Jinyi Lu ,  Xing Wang ,  Peng Gao

IPC: G06F21/00 ,  G06F21/56

Abstract: Computational methods and systems for detecting and troubleshooting anomalous behavior in distributed applications executing in a distributed computing system are described herein. Methods and systems discover nodes comprising the application. Anomaly detection monitors the metrics associated with the nodes for anomalous behavior in order to identify an approximate point in time when anomalous behavior begins to adversely impact performance of the application. Anomaly detection also monitors logs messages associated with the nodes to detect anomalous behavior recorded in the log messages. When anomalous behavior is detected in either the metrics and/or the log messages an alert identifying the anomalous behavior is generated. Troubleshooting guides an administrator and/or application owner to investigate the root cause of the anomalous behavior. Appropriate remedial measures may be determined based on the root cause and automatically or manually executed to correct the problem.

公开(公告)号：US20210160307A1

公开(公告)日：2021-05-27

申请号：US17165809

申请日：2021-02-02

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Nicholas Kushmerick ,  Junyuan Lin ,  Matt Roy McLaughlin ,  Jon Herlocker

IPC: H04L29/08 ,  G06F11/07 ,  H04L12/26 ,  H04L12/24 ,  G06F17/40

Abstract: The current document is directed to systems, and methods incorporated within the systems, that carry out probability-distribution-based analysis of log-file entries. A monitoring subsystem within a distributed computer system uses probability-distribution-based analysis of log-file entries to detect changes in the state of the distributed computer system. A log-file-analysis subsystem within a distributed computer system uses probability-distribution-based analysis of log-file entries to identify subsets of log-file entries that predict anomalies and impending problems in the distributed computer system. In many implementations, a numerical comparison of probability distributions of log-file-entry types is used to detect state changes in the distributed computer system.

公开(公告)号：US20160277268A1

公开(公告)日：2016-09-22

申请号：US14660461

申请日：2015-03-17

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Nicholas Kushmerick ,  Junyuan Lin ,  Matt Roy McLaughlin ,  Jon Herlocker

IPC: H04L12/26 ,  H04L29/08

CPC classification number: H04L67/10 ,  G06F9/50 ,  G06F11/0778 ,  G06F11/3006 ,  G06F11/3452 ,  G06F11/3476 ,  G06F2201/86 ,  H04L41/142 ,  H04L43/04

Abstract: The current document is directed to systems, and methods incorporated within the systems, that carry out probability-distribution-based analysis of log-file entries. A monitoring subsystem within a distributed computer system uses probability-distribution-based analysis of log-file entries to detect changes in the state of the distributed computer system. A log-file-analysis subsystem within a distributed computer system uses probability-distribution-based analysis of log-file entries to identify subsets of log-file entries that predict anomalies and impending problems in the distributed computer system. In many implementations, a numerical comparison of probability distributions of log-file-entry types is used to detect state changes in the distributed computer system.

Abstract translation: 当前的文档针对系统和整合在系统中的方法，其对日志文件条目进行基于概率分布的分析。 分布式计算机系统中的监控子系统使用基于概率分布的日志文件条目分析来检测分布式计算机系统状态的变化。 分布式计算机系统中的日志文件分析子系统使用基于概率分布的日志文件条目分析来识别分布式计算机系统中预测异常和即将发生的问题的日志文件条目的子集。 在许多实现中，使用日志文件入口类型的概率分布的数值比较来检测分布式计算机系统中的状态变化。

公开(公告)号：US20150372855A1

公开(公告)日：2015-12-24

申请号：US14313802

申请日：2014-06-24

Applicant: VMware, Inc.

Inventor： Nicholas Kushmerick ,  Junyuan Lin

IPC: H04L12/24 ,  H04L29/08

CPC classification number: H04L41/0613 ,  H04L41/069 ,  H04L67/10 ,  H04L67/38

Abstract: The current document is directed to methods and systems for processing, classifying, and efficiently storing large volumes of event messages generated in modern computing systems. In a disclosed implementation, received event messages are normalized to identify non-parameter tokens within the event messages. The non-parameter event tokens are used to compute a metric for each event message. The metrics are used, in turn, to identify a type-associated cluster to which to assign each received event message. The type-associated clusters are created dynamically as streams of event messages are processed. The type-associated clusters may be dynamically split and merged to refine event-message typing.

Abstract translation: 当前的文档涉及用于处理，分类和有效地存储在现代计算系统中生成的大量事件消息的方法和系统。 在公开的实现中，接收的事件消息被归一化以识别事件消息内的非参数令牌。 非参数事件令牌用于计算每个事件消息的度量。 反之，使用度量来标识分配每个接收的事件消息的类型相关联的群集。 随着事件消息流的处理，动态地创建类型关联的集群。 类型关联的集群可以被动态地分割和合并以改进事件消息类型。

公开(公告)号：US20200371896A1

公开(公告)日：2020-11-26

申请号：US16419174

申请日：2019-05-22

Applicant: VMware, Inc.

Inventor： Keshav Mathur ,  Jinyi Lu ,  Paul Pedersen ,  Junyuan Lin ,  Darren Brown ,  Peng Gao ,  Leah Nutman ,  Xing Wang

IPC: G06F11/34 ,  G06F9/50 ,  G06F11/30 ,  G06N5/04

Abstract: Various examples are disclosed for forecasting resource usage and computing capacity utilizing an exponential decay. In some examples, a computing environment can obtain usage measurements from a data stream over a time interval, where the usage measurements describe utilization of computing resource. The computing environment can generate a weight function for individual ones of the usage measurements, where the weight function exponentially decays the usage measurements based on a respective time period at which the usage measurements were obtained. The computing environment can forecast a future capacity of the computing resources based on the usage measurements and the weight function assigned to the individual ones of the usage measurements. The computing environment can further upgrade a forecast engine to use the exponential decay without resetting the forecast engine or its memory.

公开(公告)号：US10776439B2

公开(公告)日：2020-09-15

申请号：US15816434

申请日：2017-11-17

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Nicholas Kushmerick ,  Mayank Agarwal ,  Junyuan Lin

IPC: G06F16/9535 ,  G06F16/27 ,  G06F16/9038 ,  G06F16/188 ,  G06F16/17 ,  G06F16/11 ,  G06F16/23 ,  G06F16/245

Abstract: The current document is directed to systems, and methods incorporated within the systems, that execute queries against log-file entries. A monitoring subsystem within a distributed computer system uses query results during analysis of log-file entries in order to detect changes in the state of the distributed computer system, identify problems or potential problems, and predict and forecast system characteristics. Because of the large numbers of log-file-entry containers that may need to be opened and processed in order to execute a single query, and because opening and reading through the entries in a log-file-entry container is a computationally expensive and time-consuming operation, the currently disclosed systems employ event-type metadata associated with log-file-entry containers to avoid opening and reading through the log-file entries of log-file-entry containers that do not contain log-file entries with event types relevant to the query.

公开(公告)号：US10205627B2

公开(公告)日：2019-02-12

申请号：US14313802

申请日：2014-06-24

Applicant: VMware, Inc.

Inventor： Nicholas Kushmerick ,  Junyuan Lin

IPC: G06F15/16 ,  H04L12/24 ,  H04L29/08 ,  H04L29/06

Abstract: The current document is directed to methods and systems for processing, classifying, and efficiently storing large volumes of event messages generated in modern computing systems. In a disclosed implementation, received event messages are normalized to identify non-parameter tokens within the event messages. The non-parameter event tokens are used to compute a metric for each event message. The metrics are used, in turn, to identify a type-associated cluster to which to assign each received event message. The type-associated clusters are created dynamically as streams of event messages are processed. The type-associated clusters may be dynamically split and merged to refine event-message typing.

公开(公告)号：US20180095731A1

公开(公告)日：2018-04-05

申请号：US15286291

申请日：2016-10-05

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Nicholas Kushmerick ,  Matt Roy Mclaughlin ,  Dhaval Gada ,  Junyuan Lin

IPC: G06F9/44 ,  G06F9/54

CPC classification number: G06F8/34 ,  G06F9/5077 ,  G06F9/542

Abstract: Methods and systems to identify log write instructions of a source code as potential sources of an event message of interest are described. Methods identify non-parametric tokens, such as text strings and natural language words and phrases, of an event message of interest. Candidate log write instructions and associated line numbers in a source code are identified. Non-parametric tokens of each event message of the one or more candidate log write instructions are determined. A confidence score is calculated for each candidate log write instruction based the number of non-parametric tokens the event message of interest and event message of the candidate log write instruction have in common. The candidate log write instructions are rank ordered based on the corresponding one or more confidence scores and the rank ordered candidate log write instructions and associated line numbers of the source code may be displayed in a graphical user interface.

公开(公告)号：US20150370799A1

公开(公告)日：2015-12-24

申请号：US14319057

申请日：2014-06-30

Applicant: VMware, Inc.

Inventor： Nicholas Kushmerick ,  Junyuan Lin

IPC: G06F17/30 ,  H04L12/26

CPC classification number: G06F16/285 ,  H04L41/046 ,  H04L41/069 ,  H04L43/16

Abstract: The current document is directed to methods and systems for processing, classifying, and efficiently storing large volumes of event messages generated in modern computing systems. In a disclosed implementation, received event messages are assigned to clusters based on metrics computed for the event messages. In addition, a significance value is determined for each received event message. When the significance value exceeds a threshold value, one or more actions are taken, including marking an event record corresponding to the event message, storing an event record corresponding to the event message in a significant-event log, and generating a notice or alarm.

Abstract translation: 当前的文档涉及用于处理，分类和有效地存储在现代计算系统中生成的大量事件消息的方法和系统。 在公开的实现中，基于针对事件消息计算的度量，将所接收的事件消息分配给集群。 另外，对于每个接收的事件消息确定显着性值。 当显着性值超过阈值时，采取一个或多个动作，包括标记对应于事件消息的事件记录，将与事件消息相对应的事件记录存储在重要事件日志中，并且生成通知或报警。

公开(公告)号：US11048608B2

公开(公告)日：2021-06-29

申请号：US14660461

申请日：2015-03-17

Applicant: VMware, Inc.

Inventor： Darren Brown ,  Nicholas Kushmerick ,  Junyuan Lin ,  Matt Roy McLaughlin ,  Jon Herlocker

IPC: G06F11/34 ,  G06F11/07 ,  G06F11/30 ,  H04L29/08 ,  G06F17/40

Abstract: The current document is directed to systems, and methods incorporated within the systems, that carry out probability-distribution-based analysis of log-file entries. A monitoring subsystem within a distributed computer system uses probability-distribution-based analysis of log-file entries to detect changes in the state of the distributed computer system. A log-file-analysis subsystem within a distributed computer system uses probability-distribution-based analysis of log-file entries to identify subsets of log-file entries that predict anomalies and impending problems in the distributed computer system. In many implementations, a numerical comparison of probability distributions of log-file-entry types is used to detect state changes in the distributed computer system.