Indexes having local features are automatically selected from sensor data of a plurality of sensors. Sensor data of the plurality of sensors, each associated with the plurality of indexes, is partitioned into a plurality of blocks. A principal component analysis is applied to the sensor data of each of the partitioned blocks and a plurality of principal components are extracted from each of the blocks. A migration distance evaluation unit extracts, from two different blocks, two principal components that form a principal component pair, and calculates a migration distance between each of the principal components regarding the extracted principal component pair. A migration factor index detection unit detects, as a migration factor index, an index among the plurality of indexes configuring the principal components having a large migration distance among the migration distances between each of the principal components calculated by the migration distance evaluation unit.

A system maintains a knowledge layout to support the analysis of active events and determination of epicenter and aftershock nodes via an event reach stack. At an input layer of the event reach stack, the system may receive active event data. At a semantic layer, the system may parse the active event data to determine event phrases. Based on the event phrases, the system may identify epicenter nodes directly affected by the active event. At an analytic model layer, the system may successively determine aftershock nodes by traversing the knowledge layout outward from the epicenter nodes. The system then directs the response to the active event to the aftershock and epicenter nodes, via action at a focus response layer of the event reach stack.

A computerized method of diagnosing a mislabeling of a source type of a received event. The method comprising operations of receiving an event by a source type analysis logic with a data index and query system, wherein the event includes a portion of raw machine data and is associated with a specific point in time, obtaining an original source type assigned to the event and one or more predicted source types. The one or more predicted source types are determined by analysis of a data representation of the event in view of training data and the training data includes a plurality of data representations corresponding to known source types. Additionally, the computerized method also includes an operation of, determining whether the event has been mislabeled and in response to determining the event has been mislabeled, diagnosing a source of the mislabeling.

A computerized system and method may include, in response to receiving a blockchain via a communications network that includes information associated with an event, parsing, by a blockchain parsing engine being executed by a blockchain node, the information to identify a status state of an item related to the event. The blockchain may be inclusive of the information along with the status state of the item may be stored in a storage unit. An event tracking engine may determine from the parsed information that the status state of the item transitioned from a first state to a second state. Responsive to the event tracking engine determining that a qualifying state is satisfied by the item being in the second state, automatically executing, by the blockchain node, a smart code inclusive of initiating communications between a first party and a second party.

A method and apparatus of monitoring computer devices operating on a network is disclosed. Computer devices are all different and require monitoring settings that are tailored to their specific requirements. One example of the present invention may include a method of monitoring at least one computer device operating on a network. The method may include receiving audit information representing attributes of the computer device and storing the audit information in memory. The method may also include comparing the audit information to a predefined monitor set of objects to be monitored. The method may further include creating a new monitor set based on the comparison of the audit information and the predefined monitor set. The new monitor set is different from the predefined monitor set and is generally used to monitor objects which are included in the audited device. The method may also include monitoring the at least one computer device based on the new monitor set.

Systems and methods for automatically injecting effects in cyber-physical systems and their simulations are provided herein. In one example, the cyber-physical system under test can include one or more watch-point monitors that can analyze messages between components of the system to determine the presence of one or more particular patterns present in the messages being passed between components of the system during operation. In one or more examples, upon detection of one or more conditions matching a watch point, the systems and methods presented herein can activate an effect and inject it into the cyber-physical system under test based on the detected watch point. In one or more examples, the systems and methods can provide a domain-specific “effects language” (EL) that can allow a user to specify a watch point and an effect corresponding to the watch point.

A system includes memory hardware that stores an event logging database including entries corresponding to events processed at local servers. The processor hardware executes instructions including, in response to receiving a first message from a first local server (the first message indicates that a first event occurred), identifying a causal parent event preceding the first event. The causal parent event is a most recent event that occurred at the first local server. The instructions include identifying a temporal parent event preceding the first event. The temporal parent event is a most recent event that occurred across all of the local servers. The instructions include generating a new entry based on data from the first message and a cryptographic hash based on a hash of a first entry recording the causal parent event and a hash of a second entry recording the temporal parent event.

Aspects of the invention include determining an event associated with a computing system, the event occurring at a first time, obtaining system data associated with the computing system, determining a system state of the computing system at the first time based on the system data, determining, based on the system state, two or more system data clusters comprising clustered system data associated with the system state of the computing system, determining, via an interpolation algorithm, an interpolated data value for the first time based on the system data, and adjusting the interpolated data value based on a determination that the interpolate data value is outside the two or more system data clusters.

An aspect of the present disclosure acquires topology information representing a connection configuration between a plurality of apparatuses constituting a communication network and event information representing occurrence statuses of an event by the plurality of apparatuses, estimates, based on the topology information and the event information, a first apparatus corresponding to a failure factor location from among the plurality of apparatuses, estimates, based on an occurrence status of the event by a second apparatus whose connection relationship with the first apparatus estimated is defined by the topology information, whether an occurrence of the event by the second apparatus is caused by the failure factor location or by another anomaly, and estimates, based on a relationship between an occurrence status of the event by the first apparatus and an occurrence status of the event by a third apparatus whose connection relationship with the first apparatus is not defined by the topology information, whether an occurrence of the event by the third apparatus is caused by the failure factor location or by another anomaly.

Disclosed herein are system, method, and computer-readable medium embodiments for providing the ability to automate the process of generating load tests used for benchmarking APIs. Rather than having to manually generate load tests for a web service API, a test developer can interact with a test service through a web browser and provide the service an API specification and testing parameters. The test service can analyze the API specification, automatically identified endpoints of the API, and generate load tests according to the expected input/output structures of the endpoints. The automatic load test generation can proceed by referring to a library of test instructions and extracting the portions of the test instructions that work for the identified endpoints.