Described are systems, methods, and techniques for collecting, analyzing, processing, and storing time series data and for evaluating and determining whether and how to include late or delayed data points when publishing or storing the time series data. Maximum delay values can identify a duration for waiting for late or delayed data, such as prior to publication. In some examples, maximum delay values can be dynamically adjustable based on a statistical evaluation process. For late or delayed data points that are received after the maximum delay elapses, some data points can be included in the stored time series data, such as if they are received in the same order that they are generated.
Described are systems, methods, and techniques for collecting, analyzing, processing, and storing time series data and for evaluating and dynamically estimating a resolution of one or more streams of data points and updating an output resolution. Responsive to receiving a stream of data points, a data resolution can be derived and an output resolution can be set to a first value. When a change to the data resolution is detected, the output resolution can be changed, modifying a frequency at which output data points are generated and/or transmitted. In some instances, a detector can be implemented to trigger an alert responsive to ingested data points corresponding with triggering parameters. An output resolution for the detector can be dynamically modified based on dynamically detecting a change to the data resolution of the stream of data.
A blockchain consortium network can be implemented in which nodes of one or more blockchains generate data for pipeline-based processing by a consortium pipeline system. The generated data can include private blockchain data, public blockchain data, and machine data, such as logs or operational metrics from the nodes. The data is collected from different network levels and can be transformed via pipeline processes of the consortium pipeline system to securely share data in the blockchain consortium network.
G06F 21/52 - Monitoring users, programs or devices to maintain the integrity of platforms, e.g. of processors, firmware or operating systems during program execution, e.g. stack integrity, buffer overflow or preventing unwanted data erasure
H04L 9/00 - Arrangements for secret or secure communications; Network security protocols
4.
DISTRIBUTED TASK ASSIGNMENT, DISTRIBUTED ALERTS AND SUPRESSION MANAGEMENT, AND ARTIFACT LIFE TRACKING STORAGE IN A CLUSTER COMPUTING SYSTEM
A processing node selects a first task from a task list and sends, to a task assignment repository, a first write operation with a first task identifier of the first task to assign the first task to the processing node. The processing node detects failure of the first write operation based on the first task already being assigned and selects a second task from the task list. The processing node sends, to the task assignment repository, a second write operation with a second task identifier of the second task to assign the second task to the processing node. The processing node detects success of the second write operation and executes the second task.
Techniques are described for providing on-premises action execution agents used to execute orchestration, automation, and response (OAR) actions in users' IT environments. An on-premises action execution agent can be used to execute actions involving computing resources located in users' on-premises IT environments, where such resources may be located behind a firewall and thus not directly accessible to an IT and security operations application running in a cloud-based environment or elsewhere. An intermediary secure tunnel service is used to establish secure connections between an IT and security operations application and on-premises action execution agents, thereby enabling the encrypted transfer of credentials, API tokens, and other sensitive information used by an on-premises action execution agent to execute actions. The executed actions can include on-demand actions initiated by a user and automated actions included, e.g., as part of a playbook that is executed responsive to the identification of certain types of incidents.
Extended reality (XR) software application programs establish remote collaboration sessions in which a host device and one or more remote devices can interact. When initiating a remote collaboration session, an XR application in a host device determines a collaboration area. The collaboration area corresponds to a portion of a real-world environment that is shared by the host device with the one or more remote devices. In some embodiments, the collaboration area can be determined automatically and/or based on user input. The XR application causes sensors associated with the host device to scan the collaboration area. Then, the XR application transmits, to the one or more remote devices, a three-dimensional representation of the collaboration area for rendering in one or more remote XR environments.
Various implementations set forth a computer-implemented method for scanning a three-dimensional (3D) environment. The method includes generating, in a first time interval, a first extended reality (XR) stream based on a first set of meshes representing a 3D environment, transmitting, to a remote device, the first XR stream for rendering a 3D representation of a first portion of the 3D environment in a remote XR environment, determining that the 3D environment has changed based on a second set of meshes representing the 3D environment and generated subsequent to the first time interval, generating a second XR stream based on the second set of meshes, and transmitting, to the remote device, the second XR stream for rendering a 3D representation of at least a portion of the changed 3D environment in the remote XR environment.
Various implementations set forth a computer-implemented method for scanning a three-dimensional (3D) environment. The method includes generating, in a first time interval, a first extended reality (XR) stream based on a first set of meshes representing a 3D environment, transmitting, to a remote device, the first XR stream for rendering a 3D representation of a first portion of the 3D environment in a remote XR environment, determining that the 3D environment has changed based on a second set of meshes representing the 3D environment and generated subsequent to the first time interval, generating a second XR stream based on the second set of meshes, and transmitting, to the remote device, the second XR stream for rendering a 3D representation of at least a portion of the changed 3D environment in the remote XR environment.
Techniques are described for providing an extension framework for an IT and security operations application. The described extension framework allows various types of users to extend the user interfaces, data content, and functionality of an IT and security operations application to enhance and enrich users' workflow and investigative experiences. Example types of extensions enabled by the extension framework include modifying or supplementing GUI elements and other components, where users can implement these extensions at pre-defined extension points of the IT and security operations application. The extension framework further includes a data integration system that provides users with mechanisms to integrate data from external applications, services, or other data sources into their plugins.
H04L 41/22 - Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks comprising specially adapted graphical user interfaces [GUI]
Systems and methods are described for customizable data streams in a streaming data processing system. Routing criteria for the customizable data streams are defined by a user, an automated process, or any other process. The routing criteria can be defined using graphical controls. The streaming data processing system uses the routing criteria to determine data that should be used to populate a particular data stream. Further, processing pipelines are customized such that a particular processing pipeline can obtain data from a particular user defined data stream and write data to a particular user defined data stream. Data is routed through the user defined data streams and customized processing pipelines based on a data route. A data route for a set of data may include multiple user defined data streams and multiple processing pipelines. The data route can include a loop of processing pipelines and data streams.
Disclosed are embodiments of a system for receiving, from a product management system, a model trained to select one state from a set of predefined states based on a state of an installation of a software program on a computing device. Each of the predefined states are associated with a configuration of the software program and each configuration of the software program are associated with operational parameter values of the software program. The system further determines a state of the installation of the software program, inputs the determined state into the model, obtains, from the model, and based on the determined state, the selection of the one state from the set of predefined states. Finally, the system adjusts a parameter of the software program according to the selected one predefined state.
A graphical user interface (GUI) for presentation of network security risk and threat information is disclosed. A listing is generated of incidents identified by use of event data obtained from a networked computing environment. A particular incident is determined to be associated with a risk object, wherein a risk object is a component of the networked computing environment. The listing is populated with a name associated with the risk object. Risk events associated with the incident are determined, wherein each risk event contributes to a risk score for the incident. The risk score indicates a potential security issue associated with the risk object. The listing is populated with the risk score and a summary of the events. An action is associated with the listing, for triggering display of additional information associated with the risk object. The listing can be displayed in a first display screen of the GUI.
A method of rendering a graphical visualization that provides end-to-end visibility into a user session comprises aggregating spans associated with the user session. The method also comprises rendering a graphical visualization representing events and aggregated metrics over the entirety of the user session. Additionally, the method comprises rendering a waterfall visualization that comprises spans associated with events in the user session, where the water visualization can be constrained to a select period within the user session. The method also comprises displaying the graphical visualization and the waterfall visualization in a graphical user interface.
Systems and methods are described herein for synthesizing traces from logs of a distributed computing system. A trace represents a single transaction, such as handling of a user request, on the distributed computing system. The transaction can include multiple underlying operations on the distributed computing system, which are represented as spans within the trace and may be hierarchically arranged within the trace. In instances where a distributed computing system does not provide for tracing natively, a trace can be synthesized from log entries of the distributed computing system. A streaming data processing system can ingest a data stream including log entries, and identify within the data stream those log entries relating to a given transaction. The streaming data processing system can further identify log entries that demark the beginnings and endings of operations for that transaction, and can utilize the identified log entries to build a trace for the transaction.
Systems and methods for rule-based data stream processing by data collection, indexing, and visualization systems. An example method includes: receiving, by the computer system, an input data stream comprising raw machine data; processing the raw machine data by a data processing pipeline that produces transformed machine data, wherein the data processing pipeline comprises an ordered plurality of pipeline stages, wherein a pipeline stage of the ordered plurality of pipeline stages applies a rule of a set of rules to an input of the pipeline stage, wherein the rule specifies an action to be performed on the input of the pipeline stage responsive to evaluating a conditional expression applied to the input of the pipeline stage, wherein the action generates an output of the pipeline stage, and wherein the rule is selected based on a source type associated with the input data stream; and supplying the transformed machine data to a data collection, indexing, and visualization system.
Various implementations of the present application set forth a method comprising generating a host extended reality (XR) environment representing a physical space that includes a real-world asset, generating, based on sensor data captured by a depth sensor on a mobile device, three-dimensional data representing the physical space, generating, based on sensor data captured by an image sensor on the mobile device, two-dimensional data representing the physical space, generating, based on the three-dimensional data and the two-dimensional data, an adaptable three-dimensional (3D) representation of the physical space, transforming the adaptable 3D representation into geometry data comprising a set of vertices, a set of faces comprising edges between pairs of vertices, and texture data, transmitting the geometry data to a set of one or more remote devices for at least a partial reconstruction of the adaptable 3D representation of the physical space in a set of one or more remote environments.
Various implementations of the present application set forth a method comprising generating, based on first sensor data captured by a depth sensor on a mobile device, three-dimensional data representing a physical space that includes a real-world asset, generating, based on second sensor data captured by an image sensor on the mobile device, two-dimensional data representing the physical space, combining, based on a correlation the three-dimensional data and the two-dimensional data, the two-dimensional data and the three-dimensional data into an extended reality (XR) stream, where the XR stream includes a digital representation of the real-world asset, and transmitting, to a remote device, the XR stream for rendering at least a portion of the digital representation of the real-world asset in a remote XR environment.
Various implementations or examples set forth a method for scanning a three-dimensional (3D) environment. The method includes generating a 3D representation of the 3D environment that includes one or more 3D meshes. The method also includes determining at least a portion of the 3D environment that falls within a current frame captured by the image sensor. The method further includes generating one or more additional 3D meshes representing the at least a portion of the 3D environment and combining the one or more additional 3D meshes with the one or more 3D meshes into an update to the 3D representation of the 3D environment.
Embodiments of the present invention are directed to facilitating performing online data decomposition. In accordance with aspects of the present disclosure, an incoming data point of a time series data set is obtained. Thereafter, an iterative process of estimating trend and seasonality is performed to decompose the incoming data point to a set of data components based on a particular set of previous data points of the time series data set and corresponding data components. Generally, the set of data components for the incoming data point include a trend component, a seasonality component, and a residual component. The set of data components is provided for analysis of the incoming data point, such as, for example, to identify data anomalies.
Systems and methods are described for training an artificial intelligence model to extract one or more data fields from a log. For example, the artificial intelligence model may be a neural network. The neural network may be trained using training data obtained by iterating through a plurality of logs using active learning, and selecting a subset of the logs in the plurality to be labeled by a user. For example, the selected subset of logs may be logs that are not similar to other logs already labeled by a user. The user may be prompted to label the selected subset of logs to identify one or more data fields to extract. Once the selected subset of logs are labeled, these labeled logs can be used as the training data to train the neural network.
A method of computing a workload performed by a group of related spans within a microservices-based application executing in a distributed computing environment comprises aggregating a plurality of ingested spans associated with one or more applications executing in the distributed computing environment into a plurality of traces. The method also comprises retrieving a set of traces from the plurality of traces in response to a query and tracking an execution time of each respective group of related spans in the set of traces, wherein the tracking an execution time is performed for a plurality of groups. Further, the method comprises tracking a cumulative execution time for the plurality of groups and computing a workload ratio associated with each respective group of related spans using an execution time associated with a respective group and the cumulative execution time for the plurality of groups.
Systems and methods are disclosed for implementing dual textual/graphical programming interfaces for programming streaming data processing pipelines. A user interface is provided that enables a user to author a processing pipeline as a query in a query language, and to request conversion of that query language into a graph data structure representation of the pipeline, which can be visualized in the interface. The interface further enables modification of the graph via interaction with the visualization. On request, the modified graph can be converted back into the query language, with the querying being modified to reflect the modifications to the graph. In some embodiments, the graph data structure representation and/or the query language representation of the pipeline can be converted into a third representation, such as an Abstract Syntax Tree, that is deployed to an intake system to implement the pipeline.
G06F 3/0481 - Interaction techniques based on graphical user interfaces [GUI] based on specific properties of the displayed interaction object or a metaphor-based environment, e.g. interaction with desktop elements like windows or icons, or assisted by a cursor's changing behaviour or appearance
23.
ANALYZING TAGS ASSOCIATED WITH HIGH-LATENCY AND ERROR SPANS FOR INSTRUMENTED SOFTWARE
A computer-implemented method for analyzing spans and traces associated with a microservices-based application executing in a distributed computing environment comprises aggregating a plurality of ingested spans associated with one or more applications executing in the distributed computing environment into a plurality of traces, wherein each of the plurality of ingested spans is associated with a plurality of tags. The method further comprises comparing durations of a set of related traces of the plurality of traces to determine patterns for the plurality of tags and generating a histogram that represents a distribution of the durations of the set of related traces. The method also comprises providing alerts for one or more tags from the plurality of tags associated with traces having a duration above a threshold based on the distribution of the durations.
In various embodiments, a computer-implemented method comprises acquiring, using an edge sensor device, first sensor data associated with a physical device operating within a physical environment, where the edge sensor device includes a first set of sensors of a first sensor type for obtaining the first sensor data, and the edge sensor device is located proximal to the physical device, inputting, by the edge sensor device, the first sensor data into an onboard message bus to publish the first sensor data, wherein a processing device of the edge sensor device maintains the onboard message bus, and upon receipt of the first sensor data, transmitting, by the onboard message bus, the first sensor data onto a network, where the first sensor data is addressed to a first set of one or more subscribers of the onboard message bus, and the one or more subscribers includes a remote server computing system.
A method of analyzing a performance of a microservices-based application comprises generating a plurality of traces from a plurality of spans associated with the microservices-based application. The method also comprises generating a plurality of data sets each associated with a respective analysis mode of a plurality of analysis modes using the plurality of traces, wherein each analysis mode extracts a different level of detail for analyzing the performance of the services in the application from the plurality of spans. Further, the method comprises selecting, based on a first user query, a first analysis mode from the plurality of analysis modes for generating a response to the first user query. The method also comprises accessing a data set of the plurality of data sets that is associated with the first analysis mode and generating the response to the first user query using the data set associated with the first analysis mode.
Systems and methods are described for processing ingested data using an online machine learning algorithm as the data is being ingested. For example, the online machine learning algorithm can be an adaptive thresholding algorithm used to identify outliers in a moving window of data. As another example, the online machine learning algorithm can be a sequential outlier detector that detects anomalous sequences of logs or events. As another example, the online machine learning algorithm can be a sentiment analyzer that determines whether text has a positive, negative, or neutral sentiment. As another example, the online machine learning algorithm can be a drift detector that detects whether ingested data marks the start of a change in the distribution of a time-series.
Techniques are described for providing an IT and security operations mobile application for managing IT and security operations instances of an IT and security operations application via a mobile device. The IT and security operations mobile application can be linked to the IT and security operations application to enable the IT and security operations application to send messages (e.g., notifications, alerts, action requests, etc.) related the occurrences of incidents/events in an IT environment, such as security-related incident, that can impact the operation of the IT environment. The IT and security operations mobile application enables a user to respond to the messages by initiating actions that are sent to the IT and security operations application for executing within the IT environment.
G06F 21/55 - Detecting local intrusion or implementing counter-measures
G06F 21/57 - Certifying or maintaining trusted computer platforms, e.g. secure boots or power-downs, version controls, system software checks, secure updates or assessing vulnerabilities
G06F 21/62 - Protecting access to data via a platform, e.g. using keys or access control rules
H04L 29/06 - Communication control; Communication processing characterised by a protocol
28.
SEARCH TIME ESTIMATE IN DATA INTAKE AND QUERY SYSTEM
Systems and methods are described for determining a query execution time in a data intake and query system. The system parses a query to identify different portions of the query that are executed by different components of the data intake and query system. The system determines a query execution time for the different portions of the query based on the corresponding components. Based on the query execution time of the different portions for the query, the system determines a query execution time for the query.
Computing devices, computer-readable storage media, and computer-implemented methods are disclosed for prediction of capacity. In a central tier, central-tier benchmark values are generated from benchmark testing performed on different test configurations in a reference execution environment. In a deployment tier, deployment-tier benchmark values are generated from benchmark testing performed on a baseline deployed configuration in many execution environments. A sizing model is learned from the central-tier benchmark values to predict execution platform requirements given a set of workload input parameters. A performance model is learned from the deployment-tier and the central-tier benchmark values to predict a performance delta value reflecting relative performance between a particular execution environment and the reference execution environment. The performance delta value is used to adjust predicted execution platform requirements to tailor the prediction to a particular execution environment. The predicted execution platform requirements can be deployed and tested to validate or tune the performance model.
Embodiments of the present disclosure provide for trace and span sampling and analysis for instrumented software. Each span may be annotated with one or more tags that provide context about an executed task, such as a user instrumenting the software, a document involved in a request, an infrastructure element used in servicing a request, etc. A sampler may perform tail-based sampling of traces comprising spans. The sampler may select a portion of the traces having selected features and send them to an analyzer. The analyzer may receive the selected traces and determine whether the selected traces are indicative of configuration problems for the instrumented software. An alert may be generated based on identified configuration problems.
Systems and methods are disclosed for receiving, at a first data intake and query system, a query that includes an indication to process data managed by another data intake and query system. The first data intake and query system identifies a second data intake and query system that manages the data to be processed and generates a subquery for execution by the second data intake and query system, generates instructions for one or more worker nodes to receive and process results of the subquery from the second data intake and query system, and instructs the worker nodes to provide results of the processing to the first data intake and query system.
Systems and methods for testing a subject system with a software testing process are described. The system receives boolean states responsive to repeatedly applying a first test case to a subject system. Each boolean state signifies an outcome of an application of the first test case to a version of a first software feature over a span of time. The system identifies test case outcomes for the first test case that are adjacent in time and different and generates an intermittency value for the first test case. The system determines that the intermittency value for the first test case exceeds an intermittency threshold and alerts an engineering resource. Finally, the system repeats the above steps until the intermittency value for the first test case does not exceed the intermittency threshold.
Techniques and mechanisms are disclosed that enable collection of various types of data from cloud computing services and the generation of various dashboards and visualizations to view information about collections of cloud computing resources. A user can configure collection of data from one or more cloud computing services and view visualizations using an application platform referred to herein as a cloud computing management application. A cloud computing management application further may be configured to generate and cause display of interactive topology map representations of cloud computing resources based on the collected data, where an interactive topology map enables users to view an intuitive visualization of a collection of computing resources, efficiently cause performance of actions with respect to various resources displayed in the topology map, and analyze the collection of resources in ways that are not possible using conventional cloud computing service management consoles.
The disclosed embodiments provide a system that processes data received from a remote system. During operation, the system sends, from a computer system to a remote system, a request for a local time at the remote system and records a time of transmission of the request. Next, the system obtains, from the remote system, a response to the request, wherein the response includes the local time of the remote system. The system then computes a difference between the time of transmission and the local time of the remote system to determine a time offset that accounts for a time difference between the computer system and the remote system. Finally, the system uses the time offset to standardize timestamps in time-series data received from the remote system, wherein standardizing the timestamps associated with the time-series data comprises adjusting the timestamps to conform to a time standard.
Systems and methods for managing datasets produced by alert-triggering search queries in data aggregation and analysis systems. An example method may comprise: executing, by one or more processing devices, a search query on a portion of searchable data associated with a time window to produce a dataset comprising one or more results; responsive to determining that at least a portion of the dataset satisfies a triggering condition defining an alert associated with the search query, generating an instance of the alert; associating, by a memory data structure, the instance of the alert with an identifier of the search query and a time parameter specifying the time window; receiving, from a client computing device, a request for the portion of the dataset; and responsive to determining that the portion of the dataset is not stored in the memory in a manner associating it with the instance of the alert, reproducing the portion of the dataset by re- executing the search query in view of the time parameter.
A processing device receives input representing a selection of one or more areas of an image and creates a blurred area for the one or more selected areas. The blurred area corresponds to a portion of the image that contains the one or more selected areas. The portion of the image has a size that is greater than an aggregate size of the one or more selected areas. The processing device replaces the one or more selected areas with the corresponding portion of the blurred area.
Systems and methods for presenting and sorting summaries of alerts triggered by search queries in data aggregation and analysis systems. An example method may comprise: causing; by one or more processing devices, one or more alert summaries to be displayed, each alert summary corresponding to an alert and representing one or more instances of the alert, the alert defined by a search query and a triggering condition; wherein an instance of the alert corresponds to a particular dataset that (i) is generated by executing the search query over time- series data falling within a particular time range in a set of time ranges over which the search query has been instructed to search, and (ii) satisfies the triggering condition for the alert; wherein an alert summary includes an indication of at least one of: a total count of alert instances generated by the alert, or a count of alert instances generated by the alert that have not been viewed by a user.
An anomaly detection system is able to detect spatial and temporal environment anomalies and spatial and temporal behavior anomalies, and monitor servers for anomalous characteristics of the environment and behavior. If metrics and/or characteristics associated with a given server are beyond a certain threshold, an alert is generated. Among other options, the alert can take the form of a heat map or a cluster cohesiveness report.
Embodiments are directed towards a system and method for a cloud-based front end that may abstract and enable access to the underlying cloud-hosted elements and objects that may be part of a multi-tenant application, such as a search application. Search objects may be employed to access indexed objects. An amount of indexed data accessible to a user may be based on an index storage limit selected by the user, such that data that exceeds the index storage limit may continue to be indexed. Also, one or more projects can be elastically scaled for a user to provide resources that may meet the specific needs of each project.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
Embodiments are directed towards a system and method for a cloud-based front end that may abstract and enable access to the underlying cloud-hosted elements and objects that may be part of a multi-tenant application, such as a search application. Search objects may be employed to access indexed objects. An amount of indexed data accessible to a user may be based on an index storage limit selected by the user, such that data that exceeds the index storage limit may continue to be indexed. Also, one or more projects can be elastically scaled for a user to provide resources that may meet the specific needs of each project.
G06F 17/30 - Information retrieval; Database structures therefor
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
41.
SYSTEM AND METHOD FOR FAST FILE TRACKING AND CHANGE MONITORING
Embodiments are directed towards a dynamic change evaluation mechanism, whereby items having a detected possible change are scheduled for re-evaluation for possible changes at a higher frequency than items detected to not have previously changed, while those items detected as not to have changed are dynamically scheduled for re-evaluation based on an evaluation backlog that may be in turn based, in part, on a time from when an item is assigned an expiration time to when the item is evaluated. In one embodiment, a possibly changed item may be assigned a new expiration time independent of the evaluation backlog. In another embodiment, if no change is detected, then the item may be assigned a new expiration time as a function of a previous expiration time and on the evaluation backlog.
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
Embodiments are directed towards managing and tracking item identification of a plurality of items to determine if an item is a new or existing item, where an existing item has been previously processed. In some embodiments, two or more item identifiers may be generated. In one embodiment, generating the two or more item identifiers may include analyzing the item using a small item size characteristic, a compressed item, or for an identifier collision. The two or more item identifiers may be employed to determine if the item is a new or existing item. In one embodiment, the two or more item identifiers may be compared to a record about an existing item to determine if the item is a new or existing item. If the item is an existing item, then the item may be further processed to determine if the existing item has actually changed.
A method, system, and processor-readable storage medium are directed towards generating a report derived from data, such as event data, stored on a plurality of distributed nodes. In one embodiment the analysis is generated using a "divide and conquer" algorithm, such that each distributed node analyzes locally stored event data while an aggregating node combines these analysis results to generate the report. In one embodiment, each distributed node also transmits a list of event data references associated with the analysis result to the aggregating node. The aggregating node may then generate a global ordered list of data references based on the list of event data references received from each distributed node. Subsequently, in response to a user selection of a range of global event data, the report may dynamically retrieve event data from one or more distributed nodes for display according to the global order.
G06F 17/30 - Information retrieval; Database structures therefor
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
44.
DISTRIBUTED LICENSE MANAGEMENT FOR A DATA LIMITED APPLICATION
The invention is directed towards enabling data volume and data type based licensing of software in a distributed system of a plurality of remote and/or local nodes. The invention enables measuring and optionally restricting the use of software based on one or more provided licenses that restrict the amount and type of data that may be processed by the software. New and older licenses may be added together for a single, bulk entitlement for a given volume of data processing for one or all types of data. Different users in the same enterprise may combine license entitlements too. Also, a new license can be acquired repeatedly, without requiring the issuance of combined licenses by the issuing authority and/or the revocation of prior licenses.
Embodiments are directed towards employing compressed journaling for event tracking files for metadata recovery and replication. Event data and related metadata are received from one or more client devices. When a feature within the received metadata is detected that is previously unwritten to a journal, then the previously unwritten feature is written to the journal. Further, any feature is detected for the received event data that is determined to be different from a feature associated with an immediately preceding event data that is written in the journal, then the detected different feature is identified in the journal. In one embodiment, the identification employs writing to the journal an effective feature record that may employ indices identifying the different feature. The received event data is also written to the journal and may further employ string arguments to minimize recording of redundant information into the journal.
G06F 17/30 - Information retrieval; Database structures therefor
G06F 15/16 - Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
46.
APPROXIMATE ORDER STATISTICS OF REAL NUMBERS IN GENERIC DATA
A method, system, and processor-readable storage medium are directed towards calculating approximate order statistics on a collection of real numbers. In one embodiment, the collection of real numbers is processed to create a digest comprising hierarchy of buckets. Each bucket is assigned a real number N having P digits of precision and ordinality O. The hierarchy is defined by grouping buckets into levels, where each level contains all buckets of a given ordinality. Each individual bucket in the hierarchy defines a range of numbers - all numbers that, after being truncated to that bucket's P digits of precision, are equal to that bucket's N. Each bucket additionally maintains a count of how many numbers have fallen within that bucket's range. Approximate order statistics may then be calculated by traversing the hierarchy and performing an operation on some or all of the ranges and counts associated with each bucket.
G06F 7/00 - Methods or arrangements for processing data by operating upon the order or content of the data handled
G06F 9/06 - Arrangements for program control, e.g. control units using stored programs, i.e. using an internal store of processing equipment to receive or retain programs
A system arranged to search machine data to generate reports in real time, A search query is provided that includes a plurality of search commands. The search query is parsed to form a main search query and a remote search query. Machine data is collected from remote data sources and evaluated against one of the main and remote search queries to generate a set of search results. The main search query is then evaluated against at least a partial set of the search result to generate at least one report regarding the collected machine data. Initially a search window is pre-populated with historical machine data related to the search query. Over time the historical machine data is replaced with the collected machine data.
Methods and apparatus consistent with the invention provide the ability to organize, index, search, and present time series data based on searches. Time scries data are sequences of time stamped records occurring in one or more usually continuous streams, representing some type of activity. In one embodiment, time series data is organized into discrete events with normalized time stamps and the events are indexed by time and keyword. A search is received and relevant event information is retrieved based in whole or in part on the time indexing mechanism, keyword indexing mechanism, or statistical indices calculated at the time of the search.
Methods and apparatus consistent with the invention provide the ability to organize and build understandings of machine data generated by a variety of information-processing environments. Machine data is a product of information-processing systems (e.g., activity logs, configuration files, messages, database records) and represents the evidence of particular events that have taken place and been recorded in raw data format. In one embodiment, machine data is turned into a machine data web by organizing machine data into events and then linking events together.