A plurality of metrics records, including some records indicating metrics for which anomaly analysis has been performed, is obtained. Using a training data set which includes the metrics records, a machine learning model is trained to predict an anomaly analysis relevance score for an input record which indicates a metric name. Collection of a particular metric of an application is initiated based at least in part on an anomaly analysis relevance score obtained for the particular metric using a trained version of the model.

Technologies for collecting metrics associated with a processing resource (e.g., central processing unit (CPU) resources, accelerator device resources, and the like) over a time window are disclosed. According to an embodiment presented herein, a network device receives, in an edge network, a request to provide one or more metrics associated with a processing resource, the request specifying a window indicative of a time period to capture the one or more metrics. The network device obtains the one or more metrics from the processing resource for the specified window and provides the obtained one or more metrics in response to the request.

Some embodiments of the invention provide a method for gathering data for logical network traffic analysis by sampling flows of packets forwarded through a logical network. Some embodiments are implemented by a set of network virtualization controllers that, on a shared physical infrastructure, can implement two or more sets of logical forwarding elements that define two or more logical networks. In some embodiments, the method (1) defines an identifier for a logical network probe, (2) associates this identifier with one or more logical observation points in the logical network, and (3) distributes logical probe configuration data, including sample-action flow entry data, to one or more managed forwarding elements that implement the logical processing pipeline at the logical observation points associated with the logical network probe identifier. In some embodiments, the sample-action flow entry data specify the packet flows that the forwarding elements should sample and the percentage of packets within these flows that the forwarding elements should sample.

A gateway apparatus, a detecting method of malicious domain and hacked host thereof, and a non-transitory computer readable medium are provided. The detecting method includes the following steps: capturing network traffics, and parsing traces and channels from the network traffics. Each channel is related to a link between a domain and an Internet Protocol (IP) address, and each trace is related to an http request requested from the IP address for asking the domain. Then, a trace-channel behavior graph is established. The malicious degree model is trained based on the trace-channel behavior graph and threat intelligence. Accordingly, a malicious degree of an unknown channel can be determined, thereby providing a detecting method with high precision.

A device for generating and searching sensor tag data in real time is provided. The device can include a rollup executor that is configured to generate statistics data per time from raw data; and a rollup memory storing per-second statistics data in units of seconds for new input data and per-minute statistics data in units of minutes for the per-second statistics data, where the statistics data can be automatically calculated and provided by the system by using statistics for time series sensor tag data based on tag names/times.

An apparatus includes a processor, an operating system executed by the processor, and a memory storing code executed by the processor to receive performance data from the operating system and from other compute devices. The apparatus includes a machine learning model trained with the performance data. The apparatus uses the machine learning model to predict workload values of the apparatus and other compute devices. The workload values are predicted for a future time window. The apparatus commands an execution of a data transformation task of a first dataset, based on the predicted workload values and criteria to reduce time consumed in the execution of the data transformation task. Thereafter, the apparatus receives a notification signal indicative of a completion of the data transformation task, and an indicator associated with a second dataset different from the first dataset, produced from the execution of the data transformation task.

Systems and methods for enabling additional metrics in a monitoring system to diagnose problems are disclosed. An example method may include collecting first metric data at a first collection frequency, determining whether the first metric data exceeds a first boundary defined by a first metric rule, responsive to determining that the first metric data exceeds the first boundary, collecting second metric data at a second collection frequency and collecting the first metric data at a third collection frequency, the second metric data and the third collection frequency defined by the first metric rule, determining whether the first metric data no longer exceeds the first boundary, and responsive to determining the first metric data no longer exceeds the first boundary, terminating collection of the second metric data while continuing to collect the first metric data at the first collection frequency.

Operations, Administration, and Maintenance (OAM) scaling systems and methods are implemented by a network function performed by one of a physical network element and a virtual network element executed on one or more processors. The OAM scaling method includes providing N packet services, N is an integer; and, responsive to determined OAM session scaling limits, providing OAM sessions for the N packet services in an oversubscribed manner, wherein the determined OAM session scaling limits include M OAM sessions supported by the network function, M is an integer and less than N.

Systems and methods for regulating data traffic using active learning techniques. In one embodiment, a global monitor communicates with a plurality of sensors over a wide area network. The global monitor builds a global model for a data analytics service that maps elements to values based on data reported by the sensors. The global monitor generates a query for the data from the sensors, selects one or more candidate elements from the elements in the global model, generates a global policy specifying that the data requested from the sensors is limited to the data targeted to the candidate element(s), and sends the query indicating the global policy to the sensors. The global monitor receives the data targeted to the candidate element(s) from the sensors according to the global policy, and adjusts the global model based on the data targeted to the candidate element(s).

A Computer Network Service Providing System including Self Adjusting Volume enforcement functionality and methods for diminishing or minimizing volume leakage.