Systems, methods, architectures, mechanisms and/or apparatus to manage the plurality of network elements within a network by ranking some or all of the network elements according to respective measurements of network element health and performing a visualization function configured to provide image representative data including network element representative objects arranged in accordance with said network element ranking.

The Fault Management (FM) in the Network Function Virtualization (NFV) environment may benefit from various methods. For example methods for fault escalation or de-escalation may be beneficial. A method can include requesting a change in a severity of a virtualized resource alarm. The method can also include deciding to change a severity of a virtualized resource alarm. The requesting the change in the severity can be based on the identified reason.

An alert management system for a configuration management database (CMDB) platform includes a client instance configured to: apply a first filter of an alert rule to CMDB alerts to select a first alert based on context of the first alert and apply a second filter of the alert rule to the CMDB alerts to select a second alert based on context of the second alert, wherein the context of the first and second alerts includes details regarding the first and second alerts and associated configuration items (CIs). The client instance is also configured to: evaluate at least one condition of the alert rule using the context of the first and/or second alert; and in response to evaluating the at least one condition of the alert rule to be true, performing at least one action of the alert rule using the context of the first and/or second alert.

A computer-implemented method of determining a priority of an incident in a utility supply involves receiving an indication of the incident in the utility supply network, receiving subjective data relating to user perception of performance of the utility supply network and determining a priority of the incident based on the subjective data. Determining the priority may also involve using objective data about the performance of the utility supply network and information about known or planned outages.

Example techniques for adaptive time window-based log message deduplication are described. In an example, message values are obtained from received log messages. Further, the number of log messages received in a time window having a message value is counted. A log message from which the message value is obtained and the counted number are transmitted upon expiry of the time window. A length of a time window in which a subsequent counting of log messages is to be performed is determined based on various parameters.

Disclosed is a method for managing multiple remote radio heads (RRHs) in a communication network, the method including, in response to an alarm indicating that a value of an operation parameter of an RRH among the multiple RRHs is beyond a predetermined range, predicting whether the RRH is faulty, based on one or more pieces of operation information of the RRH which respectively correspond to one or more timestamps and issuing a notification indicating that the RRH is faulty when it is predicted that the RRH is faulty, wherein the one or more pieces of operation information of the RRH comprise at least one of information related to an uptime of the information related to a type of the alarm, information related to a state of the RRH, and information related to an environment of the RRH.

A system for troubleshooting network problems is disclosed. A model can use demographic information, network usage information, and network membership information to determine an importance of a problem. The importance of the problem for the user who reported the problem, a number of other users affected by the problem, and the importance of the problem to the other users can be used to determine a priority for resolving the problem. Before and after a work order is executed to resolve the problem, network metrics can be gathered, including aggregate network metrics, and automatically presented in various user interfaces. The analysis of the metrics can be used to update a database of which work orders are assigned in response to which problems.

Some embodiments provide a method for detecting that a domain name service (DNS) cache on a data compute node (DCN) has been attacked. The method, during a first operational phase of an agent executing on the DCN, builds a DNS cache that stores entries that include (i) network address to domain name mappings and (ii) policies for the entries received from a centralized service. During a second operational phase of the agent, the method detects that an entry of the DNS cache has been modified by a DNS response such that the modified entry violates the policy for the entry. Based on the detection, the method sends an alert to the centralized service. The centralized service performs additional analysis on the modification to determine whether to allow the DCN to use the modified DNS cache entry.

Examples described herein generally relate to identifying a set of service events corresponding to an incident report, querying a multiple-layer relational graph to determine one or more other service events related to the set of service events, detecting a pattern in the set of service events and a subset of the one or more other service events, and indicating, via a user interface and based on the incident report, the subset of the one or more other service events as related to the incident report.

A building device for a building management system (BMS) includes a processing circuit configured to receive one or more health messages from one or more other building devices. The processing circuit is configured to update an existing health message stored in a memory of the building device based on the one or more health messages by updating a message list of the existing health message with message list data of the one or more health messages, updating a sick node list of the existing health message based on the updated message list, and updating a sick node matrix of the existing health message based on the updated sick node list and the received one or more health messages. The processing circuit is configured to communicate the updated health message to at least one of the one or more other building devices.