A system and method for dynamic log management of stream processing in a distributed computing environment, such as, for example, a streaming application or stream analytics system. A streaming application can be deployed or published to a cluster, to execute as a client application. A cluster manager coordinates with worker nodes, to commit tasks associated with the streaming application. If a need arises to generate lower-level log data associated with the streaming application, for example to diagnose an underlying cause of a warning/error message, a configuration job can be committed to the cluster to execute as a separate log-configuration application. The log-configuration application operates with the cluster manager to determine the set of working nodes currently associated with the streaming application, and modify the logger configuration at those nodes, to record or otherwise provide log data according to a modified logging level, for example to provide lower-level log messages.

A computer-implemented method of providing unified event monitoring and log processing is disclosed. The method comprises receiving streaming event data comprising a plurality of event entries from a plurality of domains including a cloud manager for a cloud platform and an application running within a container on the cloud platform; processing the streaming event data into a normalized, domain-independent format; evaluating a plurality of policy rules on the streaming event data, wherein the plurality of policy rules is defined with a unified syntax; and in response to the evaluating satisfying a condition of a first rule of the plurality of policy rules, transmitting to a remote device data related to an action defined in the first rule, wherein the receiving, processing, evaluating, and transmitting for each event entry for the plurality of event entries are performed in real time.

In some examples, a non-transitory computer-readable medium stores machine-readable instructions, which, when executed by a processor, cause the processor to: identify an event of a computing device from operational data of the computing device; evaluate the event to determine if the event is a non-routine event; and store the event to a timeline if the event is a non-routine event, where the timeline includes an incident of the computing device.

An information processing apparatus according to an aspect of the present invention includes an information processing circuit configured to generate a finite state machine based on a predetermined matching condition with respect to sequence data of an event that is input to the information processing apparatus; to process the sequence data so as to substantially remove data that does not match the matching condition from the sequence data; and to output the processed sequence data.

A system and method for sampling telemetry events are provided. The method includes receiving, by a cloud-based server, a plurality of telemetry events, related to an application, from a plurality of client devices; generating, by the cloud-based server, a sampling model for collecting a telemetry event based on the plurality of telemetry events, where the sampling model defines under what conditions the telemetry event is to be reported by a client device; generating, by the cloud-based server, an instruction for determining whether or not to report an incoming same telemetry event by the client device based on the sampling model; and providing, by the cloud-based server, the instruction to the client device, to allow the client device to determine whether or not to report the incoming same telemetry event based on the instruction.

An apparatus comprises at least one processing device that includes a processor coupled to a memory. The processing device is configured to receive, by a trace filter system, a trace chunk from a trace buffer associated with a processor core in a processing device, where the trace buffer is comprised of a plurality of trace chunks, to filter, by the trace filter system, the trace chunk, and to store the filtered trace chunk in the trace buffer.

Devices at different geolocations are configured to determine and share information regarding execution of an application under various conditions. Data determined by a user device includes private information, such as screen capture data, location data, or information about the user. The user device processes the data locally, such as by determining performance metrics or other characteristics of execution of the application, and sends this information to a server. The data sent to the server excludes the private information. The server determines additional data associated with execution of the application by devices other than the user device, which may include screen capture data or location data associated with those other devices. The additional data is used in conjunction with the data received from the user device to generate interfaces indicative of performance metrics of the application.

Systems and methods for detection, characterization, prediction, and next occurrence prediction of approximately periodic chain of events with missing occurrences using pattern recognition obtaining data from monitoring a system, wherein the data includes a plurality of records each includes at least a start time and a unique identifier; analyzing the plurality of records to detect a periodic chain of events, wherein the periodic chain of events includes clear or approximate periodicity that is detected based on a plurality of parameters including some missing occurrences therein; converting the periodic chain of events into a binary sequence with each bit representing a time bin and having a value based on a presence or absence of an event in the time bin; and analyzing the binary sequence to recognize a pattern therein to determine a next occurrence of an event in the periodic chain of events.

In general, embodiments of the invention relate to a method for generating upgrade recommendations. The method comprising obtaining telemetry data for a target entity, determining, using the telemetry data, at least one of a predicted upgrade time and a upgrade readiness factor for the target entity, generating an recommendation based on the at least one of the predicted upgrade time and the upgrade readiness factor for the target entity, and initiating a display of the recommendation on a graphical user interface of client.

An example method of implementing a monitoring interface for an information technology environment comprises: identifying machine data reflecting activity in the information technology environment comprising a plurality of entities providing a service; executing a search query to derive, from the machine data, a value of a key performance indicator (KPI) reflecting performance of the service; and causing display of a monitoring interface including: an identifier of the service, a color coded indication of a state of the KPI, and a visual representation of time series data associated with the service.