The present invention is related to a method for providing dynamic indexer discovery. The method comprises receiving, from an index manager, a status indication associated with a plurality of indexers, wherein each of the plurality of indexers indexes events of raw machine-generated data received from a plurality of data collectors. The method further comprises determining a weight associated with each of the plurality of indexers and selecting an indexer from the plurality of indexers. Subsequently, the method comprises allocating data to the indexer in accordance with a respective weight assigned to the indexer and transmitting the allocated data to the indexer.

High performance space efficient distributed storage is disclosed. For example, a distributed storage volume (DSV) is deployed on a plurality of hosts, with a first host storing a local cache, and a storage controller executing on a processor of the first host receives a request to store a first file. The first file is stored to the local cache. The DSV is queried to determine whether a second file that is a copy of the first file is stored in the DSV. In response to determining that the DSV lacks the second file, the first file is transferred from the local cache to the DSV and then replicated to a second host of the plurality of hosts. In response to determining that the second file resides in the DSV, a reference to the second file is stored in the DSV and then replicated to the second host.

A process for detecting a threat for a file system is described. Audit events in the file system may be accessed, which may include unique file operations and duplicative file operations. The audit events may be de-duplicated to remove the duplicative file operations. Time series data may be generated that includes the unique file operations but not the duplicative file operations, and the time series data may be analyzed to determine whether a subset of the unique file operations includes file-access instructions. An observed pattern of the file-access instructions may be compared to a normal pattern of file-access instructions to determine whether the observed file-access instructions are abnormal. If the observed file-access instructions are abnormal, an alert may be generated.

An electronic message is read, and a delta is generated based on a comparison of the electronic message to an existing order book. A new order book is generated based on the delta. An event is generated based on the existing order book, the delta, and the new order book. A sequence of events, including the event, is accumulated in a queryable persistent data structure over a time span. The queryable persistent data structure thus efficiently stores representations of order books.

Embodiments of the present disclosure provide a method, device, and computer program product for error evaluation. A method for error evaluation comprises in accordance with a determination that an error occurs in a data protection system, obtaining context information related to an operation of the data protection system; determining, based on the context information and using a trained deep learning model, a type of the error in the data protection system from a plurality of predetermined types, the deep learning model being trained based on training context information and a label on a ground-truth type of an error associated with the training context information; and providing the determined type of the error in the data protection system. In this way, it is possible to achieve automatic classification of errors in the data protection system, thereby improving the efficiency in error classification and saving the operation costs. Therefore, more rapid and more accurate measures can be taken to handle the errors.

A data storage management approach is disclosed that performs backup operations flexibly, based on a dynamic scheme of monitoring block changes occurring in production data. The illustrative system monitors block changes based on certain block-change thresholds and triggers block-level backups of the changed blocks when a threshold is passed. Block changes may be monitored in reference to particular files based on a reverse lookup mechanism. The illustrative system also collects and stores historical information on block changes, which may be used for reporting and predictive analysis.

A system, method, and computer program product are provided for a determining a network situation in a communication network. In use, at least one threshold value of at least one operational parameter of a communication network is obtained, the at least one operational parameter representing at least one operational status of at least one of a computational device or a communication device. Additionally, log data of the communication network is obtained, the log data containing at least one value of the at least one operational parameter reported by at least one network entity of the communication network. The at least one value of the at least one operational parameter of the log data is compared with a corresponding threshold value of the at least one threshold value to form a detection of a network situation. Further, the detection of the network situation is reported if the at least one value of the at least one operational parameter of the log data traverses the corresponding threshold value of the at least one threshold value.

Systems and method are provided for data self-protection. The systems and methods may involve installing a sentry on a computer system, the sentry including a file system filter installed on a kernel of that computer system; providing a central sentry platform in communication with the sentry, operating the central sentry platform to send a data self-protection policy to the sentry, the data self-protection policy being encrypted so that it can only be modified by the central sentry platform; operating the file system filter to control access to encrypted data stored on the computer system, by, for each process making a file access request to the encrypted data, the file system filter receiving and handling that file access request according to the data self-protection policy; and, operating the central sentry platform to monitor the sentry and to receive information from the sentry regarding access to the encrypted data.

System and methods are described for performance analysis of a cloud computing environment. During a capture mode during a production use of a database system, the system captures user requests to access the cloud computing environment, asynchronously writes the user requests in one or more batches to a first database; and moves the user requests in one or more batches to a second database. During a replay mode during a performance analysis use of the cloud computing environment, the system reads the user requests from the second database and replays the user requests against the cloud computing environment in a first run, collects performance measurements for the first run, makes one or more changes to the cloud computing environment, reads the user requests from the second database and replays the user requests against the cloud computing environment in a second run, collects performance measurements for the second run, and compares performance measurements from the first run to performance measurements from the second run.

In a computer-implemented method for performing alert notification on streaming textual data, streaming textual data is received. A plurality of copies of the streaming textual data is generated, wherein a first copy of the streaming textual data is transmitted to an ingestion service for persistent storage at a data plane and a second copy of the streaming textual data is transmitted to an alert evaluation service for performing alert evaluation on the streaming textual data, such that the ingestion service and the alert evaluation service are performed independently. The streaming textual data is evaluated by the alert evaluation service to detect an alert. Responsive to detecting an alert at the alert evaluation service, a notification of the alert is generated.