In one embodiment, a service that monitors a network detects a plurality of anomalies in the network. The service uses data regarding the detected anomalies as input to one or more machine learning models. The service maps, using a conceptual space, outputs of the one or more machine learning models to symbols. The service applies a symbolic reasoning engine to the symbols, to rank the anomalies. The service sends an alert for a particular one of the detected anomalies to a user interface, based on its corresponding rank.

In one embodiment, a device maintains a buffer of historical telemetry data of a particular type of telemetry. The device obtains new telemetry data of the particular type of telemetry. The device makes a state evaluation by comparing the new telemetry data to the buffer, to determine whether the new telemetry data is an outlier. The device sends a message indicative of the new telemetry data to a message bus for delivery to a recipient that is not subscribed to receive telemetry data of the particular type of telemetry, when the device determines that the new telemetry data is an outlier.

In one embodiment, a device maintains a buffer of historical telemetry data of a particular type of telemetry. The device obtains new telemetry data of the particular type of telemetry. The device makes a state evaluation by comparing the new telemetry data to the buffer, to determine whether the new telemetry data is an outlier. The device sends a message indicative of the new telemetry data to a message bus for delivery to a recipient that is not subscribed to receive telemetry data of the particular type of telemetry, when the device determines that the new telemetry data is an outlier.

Methods and apparatus to determine main pages from network traffic are disclosed. A disclosed example non-transitory computer readable medium includes instructions which, when executed, cause at least one processor to determine patterns of uniform resource identifiers (URIs) with corresponding main pages, parse data from network traffic, identify at least one of the main pages from the data based on the patterns, and provide the identified at least one of the main pages for crediting thereof.

Methods and apparatus to determine main pages from network traffic are disclosed. A disclosed example non-transitory computer readable medium includes instructions which, when executed, cause at least one processor to determine patterns of uniform resource identifiers (URIs) with corresponding main pages, parse data from network traffic, identify at least one of the main pages from the data based on the patterns, and provide the identified at least one of the main pages for crediting thereof.

Methods and systems for autonomous computing comprising processing historical data to analyze a past performance, collecting data from a plurality of connected devices over a network, synchronizing the collected data from the plurality of connected devices with the processed historical data. Based on the synchronized data, methods and systems disclosed include detecting an alert (error/fault) condition in one or more of the plurality of connected devices, based on the detected alert condition, triggering the delivery of the detected alert condition to an automated network operations center (NOC), and matching the determined alert condition to a historical alert condition by the network operations center. Based on the matching, methods and systems include determining a corrective action, and based on the determined corrective action, assigning a virtual self-healing module from a plurality of virtual self-healing modules. Finally, a trigger to performance of the determined corrective action by the assigned virtual self-healing module is initiated.

The disclosed embodiments provide a method and system for processing network data. During operation, the system obtains, at a remote capture agent, configuration information for the remote capture agent from a configuration server over a network. Next, the system uses the configuration information to configure the generation of event data from network data obtained from network packets at the remote capture agent. The system then uses the configuration information to configure transformation of the event data or the network data into transformed event data at the remote capture agent.

Examples relate to identifying heartbeat messages. In one example, a computing device may: obtain a plurality of messages that includes incoming messages and outgoing messages, each incoming message being sent from a server device to a client device, and each outgoing message being sent from the client device to the server device; identify candidate message pairs, each candidate message pair including one incoming message and one outgoing message; and identify a heartbeat message pair from the candidate message pairs based on at least one of: plurality of timestamps that includes i) incoming message timestamps that each correspond to one of the incoming messages, and ii) outgoing message timestamps that each correspond to one of the outgoing messages; a number of occurrences of each candidate message pair included a message log; or characteristics of data included in the incoming message and outgoing message of each candidate message pair.

Disclosed is a system, method, and computer program product for implementing a log analytics method and system that can configure, collect, and analyze log records in an efficient manner. An improved approach is provided for identifying log files that have undergone a change in status that would require retrieve of its log data, by including a module directly into the operating system that allows the log collection component to be reactively notified of any changes to pertinent log files.

A method and apparatus of a device that determines a cause and effect of congestion in this device is described. In an exemplary embodiment, the device measures a queue group occupancy of a queue group for a port in the device, where the queue group stores a plurality of packets to be communicated through that port. In addition, the device determines if the measurement indicates a potential congestion of the queue group, where the congestion prevents a packet from being communicated within a time period. If potential congestion exists on that queue group, the device further gathers information regarding packets to be transmitted through that port. For example, the device can gather statistics packets that are stored in the queue group and/or new enqueue packets.