This disclosure describes automatically collecting, analyzing, and remediating operational issues with respect to systems executing within a network. For example, a service provider network may include a monitoring service may generate notifications related to operational issues upon detection of operational issues within a system executing within the service provider network. The monitoring service may provide one or more notifications related to an aggregation service that may aggregate the one or more notifications into a standardized format. Contextual information related to the operational issues may be automatically gathered by an analytics service, which may analyze the contextual information to determine a potential cause of the operational issues. Based on the potential cause, a remediation service may automatically remediate the operational issues.

A method for exchange of equipment performance data includes the steps of: obtaining performance data of a communicatively-insulated device; converting the performance data into a scannable code; capturing an image of the scannable code; decoding the scannable code using a communicatively-enabled device to extract an address string encoded in the scannable code, the address string comprising an address of a remote server and the performance data; initiating, by the communicatively-enabled device, a communications link with the remote server using the address string thereby to provide the performance data to the remote server; performing, by the remote server, analytics on the performance data; and sending historic device performance data and/or analytical results to a remote computing device and/or sending a link to the historic device performance data and/or analytical results to the remote computing device; wherein the communicatively-insulated device is packaging equipment and wherein obtaining the performance data comprises: running a calibration phantom through the packaging equipment; scanning the calibration phantom with a calibration unit; and using the calibration unit to generate a system status report identifying one or more operational parameters of the packaging equipment.

Event records from multiple computing devices are received at a managing unit. Individual event records include an event identifier field including an event identifier identifying a first event associated with a particular computing device, a parent event identifier field identifying a parent event that initialized the first event, and an entity identifier field including an entity identifier identifying the particular computing device. The managing unit generates log records associated with event identifiers included in the event records. The log records include state fields indicating a state of a particular event associated with a particular event identifier. Based on a correlation of the event and log records, the managing unit determines at least two computing devices associated with events resulting in an error state, and identifies parent events that initialized the events with errors. The managing unit generates a report linking the parent events to the events having an error state.

Disclosed is a system, method, and computer program product for implementing a log analytics method and system that can configure, collect, and analyze log records in an efficient manner. An improved approach is provided for identifying log files that have undergone a change in status that would require retrieve of its log data, by including a module directly into the operating system that allows the log collection component to be reactively notified of any changes to pertinent log files.

An instrumentation analysis system processes data streams by executing instructions specified using a data stream language program. The data stream language allows users to specify a search condition using a find block for identifying the set of data streams processed by the data stream language program. The set of identified data streams may change dynamically. The data stream language allows users to group data streams into sets of data streams based on distinct values of one or more metadata attributes associated with the input data streams. The data stream language allows users to specify a threshold block for determining whether data values of input data streams are outside boundaries specified using low/high thresholds. The elements of the set of data streams input to the threshold block can dynamically change. The low/high threshold values can be specified as data streams and can dynamically change.

A computer-based system and method for real-time monitoring of computer resource usage, including obtaining, by a monitoring application executed by a processor, from a plurality of applications, each application executed by a processor, a report upon the accessing of at least one accessed resource by at least one accessing user; and generating, by the monitoring application based on the report, a map of resources accessed by the plurality of applications. If a notification that a resource has been compromised is obtained, a list of all applications that have accessed the resource may be generated based on the map.

Provided are a method and apparatus for generating a topological graph, an anomaly detection method and apparatus, a device and a storage medium. The method for generating a topological graph includes acquiring a preset event stream, where the preset event stream corresponds to a normal log execution path; determining a dependent event pair in the preset event stream; determining a range of a transfer interval corresponding to the dependent event pair, where a transfer interval represents the time difference between adjacent occurrences of two events in the dependent event pair; and generating an event topological graph according to the range of the transfer interval and the transfer probability corresponding to the dependent event pair, where the transfer probability represents the conditional probability between the two events in the dependent event pair.

An instrumentation analysis system processes data streams by executing instructions specified using a data stream language program. The data stream language allows users to specify a search condition using a find block for identifying the set of data streams processed by the data stream language program. The set of identified data streams may change dynamically. The data stream language allows users to group data streams into sets of data streams based on distinct values of one or more metadata attributes associated with the input data streams. The data stream language allows users to specify a threshold block for determining whether data values of input data streams are outside boundaries specified using low/high thresholds. The elements of the set of data streams input to the threshold block can dynamically change. The low/high threshold values can be specified as data streams and can dynamically change.

Systems and methods for presenting relevant collaboration activity to a collaboration system user. A method embodiment commences upon identifying user events that correspond to interactions between a plurality of users and collaboration objects. The interactions that had been performed and the collaboration objects are both associated with permissions attributes. The interactions are recorded as event records that include aspects of the permissions attributes. When a user opens a user interface, a set of event records is selected based at least in part on the permissions attributes with respect to the user. The selected set of event records are then used to generate a set of user-specific feed entries corresponding to particular individual ones of the set of event records. Characteristics of the individual event records and/or aggregations of event records are used to prepare user-specific feed entries that are presented in a user interface of a user device.

A system for firewall data log processing, comprising a firewall logging system operating on a first processor and configured to cause the first processor to receive firewall log data and to process the firewall log data on a periodic basis to reduce the size of the firewall log data and a firewall reporting system operating on a second processor and configured to process the reduced size firewall log data to generate a report on a user interface that includes one or more analytics from the reduced size firewall data.