Systems, apparatuses, and methods related log compression are described. In an example, a system log that identifies targeted data may be compiled in a memory resource during an execution of an operation using that memory resource. The system log may be analyzed utilizing a portion of the memory resource that would otherwise be available to be utilized in the execution of the operation. The system log may be compressed during the execution of the operation, the level or timing of such compression may be based on the analysis that occurs contemporaneous to or as a result of executing the operation. In some examples, compressing the system log may include discarding a portion of the system log. Compressing the system log may also include extracting the targeted data from the system log as the system log is being compiled and converting the extracted targeted data to structured data.

In general, embodiments of the present invention provide methods, apparatus, systems, computing devices, computing entities, and/or the like for software process failure prevention are provided herein. Such embodiments may include steps of: generating error logs at one or more phases of a software process lifecycle; preprocessing each error log to standardize error log data; grouping the preprocessed error logs based on similar characteristics of the preprocessed error logs; associating each group of preprocessed error logs with one or more discrete events of the software process lifecycle; converting each preprocessed error log into a sequence of associated discrete events of the software process lifecycle; merging redundant sequences of associated discrete events of the software process lifecycle; and identifying one or more error causing patterns for software process failure prediction from the sequences of associated discrete events of the software process lifecycle.

Methods and systems for managing notifications relating to execution of microservices are described herein. A format of notifications relating to execution of a plurality of microservices may be defined. The format may provide that all notifications generated based on the format comprise code. The code may indicate, for example, an identity of one of a plurality of microservices, a version of the code, an occurrence of an issue in execution of the one of the plurality of microservices, and/or one or more scripts which may be executed to address an issue of the notification. Two or more notifications may be received, and the one or more notifications may be formatted based on the defined format. A third notification may be generated based on a comparison of the two or more notifications. The third notification may be transmitted to a computing device.

Computing systems methods, and non-transitory storage media are provided for obtaining information regarding an incident, generating a representation of the information, augmenting the representation with additional contextual information, determining a response to address the incident, and implementing the response or transmitting the determined response to a separate computing system that implements the response.

Methods, systems, and apparatus, including computer programs encoded on computer storage media, for processing event log data. An example event log processing method includes receiving an event log comprising a plurality of event records describing events that have occurred on each of one or more computer systems over a period of time; converting the event log into a graph, comprising: normalizing the plurality of event records, including anonymizing a unique identifier value in each event record and replacing a variable value in each event record with a predetermined value; representing each normalized event record as one or more nodes in the graph; and generating a plurality of event clusters, wherein each event cluster includes an aggregated group of nodes and is generated based on common attributes of and hierarchical relationships between the normalized event records represented by the nodes in the aggregated group.

Provided is a service graph generation apparatus 10 for generating a service graph expressing a dependency relationship between components constituting a monitoring target service 50. The service graph generation apparatus 10 includes an acquisition unit 11 that acquires trace data including spans recording a parent-child relationship and time data of processing of components in a series of processing in a service, an analysis unit 13 that compares, for every piece of the trace data, time data between spans of the components having the same parent to estimate an order relationship or an exclusive relationship between the components, and a creation unit 14 that creates a service graph expressing all components formed of the monitoring target service 50, and the parent-child relationship, the order relationship, and the exclusive relationship between the components.

Systems and methods are provided for detecting anomalies on multiple layers of a computer system, such as a compute server. For example, the system can detect anomalies from the lower firmware layer up to the upper application layer of the compute server. The system collects train data from the computer system that is under testing. The train data includes features that affect performance metrics, as defined by a selected benchmark. This train data is used in training machine learning (ML) models. The ML models create a train snapshot corresponding to the selected benchmark. Additionally with every new release, a test snapshot can be created corresponding to the selected benchmark or workload. The system can detect an anomaly based on the train snapshot and the test snapshot. Also, the system can recommend tunings for a best set of features based upon data collected over generations of compute server.

Provided is a method for facilitating for facilitating monitoring of development of software products. The actions/activities executed during the stages of a product development for a software product are tracked. Further, each activity log associated with a corresponding activity is tagged to indicate an association of a corresponding activity log with one of the stages. The activities are further classified into one of a value-added activity or a non-value added activity, based on each activity log. The development of the software product is thus monitored by way of a value stream map that is generated based on the classification of each activity. The value stream map is indicative of an efficiency score for each of the stages.

A system and method for the analysis of log data is presented. The system uses SuperMinHash based locality sensitive hash signatures to describe the similarity between log lines. Signatures are created for incoming log lines and stored in signature indexes. Later similarity queries use those indexes to improve the query performance. The SuperMinHash algorithm uses a two staged approach to determine signature values, one stage uses a first random number to calculate the index of the signature value that is to update. The two staged approach improves the accuracy of the produced similarity estimation data for small sized signatures. The two staged approach may further be used to produce random numbers that are related, e.g. each created random number may be larger than its predecessors. This relation is used to optimize the algorithm by determining and terminating when further created random numbers have no influence on the created signature.

A system and method for the analysis of log data is presented. The system uses SuperMinHash based locality sensitive hash signatures to describe the similarity between log lines. Signatures are created for incoming log lines and stored in signature indexes. Later similarity queries use those indexes to improve the query performance. The SuperMinHash algorithm uses a two staged approach to determine signature values, one stage uses a first random number to calculate the index of the signature value that is to update. The two staged approach improves the accuracy of the produced similarity estimation data for small sized signatures. The two staged approach may further be used to produce random numbers that are related, e.g. each created random number may be larger than its predecessors. This relation is used to optimize the algorithm by determining and terminating when further created random numbers have no influence on the created signature.