Machine data of an operating environment is conveyed by a network to a data intake and query system (DIQS) which reflects the machine data as timestamped entries of a field-searchable datastore. Monitoring functionality may search the machine data to identify notable event instances. A notable event processing system correlates the notable event instance to one or more triaging models which are executed against the notable event to produce a modeled result. Information of the received notable event and the modeled results are combined into an enhanced representation of a notable event instance. The enhanced representation conditions downstream processing to automatically perform or assist triaging of notable event instances to optimize application of computing resources to highest priority conditions in the operating environment.

Machine data of an operating environment is conveyed by a network to a data intake and query system (DIQS) which reflects the machine data as timestamped entries of a field-searchable datastore. Monitoring functionality may search the machine data to identify notable event instances. A notable event processing system correlates the notable event instance to one or more triaging models which are executed against the notable event to produce a modeled result. Information of the received notable event and the modeled results are combined into an enhanced representation of a notable event instance. The enhanced representation conditions downstream processing to automatically perform or assist triaging of notable event instances to optimize application of computing resources to highest priority conditions in the operating environment.

The present disclosure relates to computer-implemented methods, software, and systems for detecting outages in a cloud environment. Internal web agents installed at corresponding network segments of a first cloud platform and external web agents installed at an external second cloud platform are configured to perform network calls between themselves and the other web agents. Data from the internal web agents is automatically collected to generate structured data defining network connectivity status corresponding to the network segments of the first cloud platform based on the performed network calls between the internal and external web agents. In response to evaluating the structured data, a health status of network connectivity of the first cloud platform is determined. The health status can be provided to platform services provided by the first cloud platform and/or applications running on the first cloud platform to support managing of lifecycles of entities running on the first cloud platform.

In one embodiment, a service that monitors a network detects a plurality of anomalies in the network. The service uses data regarding the detected anomalies as input to one or more machine learning models. The service maps, using a conceptual space, outputs of the one or more machine learning models to symbols. The service applies a symbolic reasoning engine to the symbols, to rank the anomalies. The service sends an alert for a particular one of the detected anomalies to a user interface, based on its corresponding rank.

Example techniques for adaptive time window-based log message deduplication are described. In an example, message values are obtained from received log messages. Further, the number of log messages received in a time window having a message value is counted. A log message from which the message value is obtained and the counted number are transmitted upon expiry of the time window. A length of a time window in which a subsequent counting of log messages is to be performed is determined based on various parameters.

A cloud network is a complex environment in which hundreds and thousands of users or entities can each host, create, modify, and develop multiple virtual machines. Each virtual machine can have complex behavior unknown to the provider or maintainer of the cloud. Technologies disclosed include methods, systems, and apparatuses to monitor the complex environment to detect network anomalies using machine learning techniques. In addition, techniques to modify and adapt to user feedback are provided allowing the developed models to be tuned for specific use cases, virtual machine types, and users.

Systems, apparatuses, methods, and computer program products are disclosed for automating incident severity classification. An example method includes receiving, by communications circuitry, a historical incident dataset, the historical incident dataset including information regarding a set of historical incidents and an assigned severity classification for each historical incident in the set of historical incidents. The example method further includes training, by a model generator and using the historical incident dataset, a machine learning model to classify incident severity. The example method further includes receiving, by the communications circuitry, a new incident dataset, generating, by a prediction engine and using the trained machine learning model and the new incident dataset, a set of predicted severity classifications for the set of new incidents, and outputting, by the communications circuitry, the predicted set of severity classifications for the set of new incidents.

A method and apparatus for use in a mobile device telemetry system is disclosed. The method and apparatus relate to aspects in a mobile device protocol health monitoring system. The method and apparatus provide a system to monitor and assess protocol health, log protocol health data and communicate the logs of protocol health data to a remote system. The system may also take corrective actions based upon specific indications of protocol health. The method and apparatus also provides protocol health indications and corrective actions based upon monitoring the message transmission rate. The method and apparatus also provides protocol health indications and corrective actions based upon monitoring for a line disconnect.

A method and apparatus for use in a mobile device telemetry system is disclosed. The method and apparatus relate to aspects in a mobile device protocol health monitoring system. The method and apparatus provide a system to monitor and assess protocol health, log protocol health data and communicate the logs of protocol health data to a remote system. The system may also take corrective actions based upon specific indications of protocol health. The method and apparatus also provides protocol health indications and corrective actions based upon monitoring the message transmission rate. The method and apparatus also provides protocol health indications and corrective actions based upon monitoring for a line disconnect.

The disclosure provides methods, apparatus and computer-readable media for subscribing to, and receiving event notification messages from a CAPIF core function. In one method performed by a subscribing network entity, the subscribing network entity sends an event subscription request message to the CAPIF core function. The event subscription request message comprises an indication of an event filter to be utilized by the CAPIF core function for filtering event notifications to be sent to the subscribing network entity. The event filter comprises an identity of one or more network entities associated with events to be notified to the subscribing network entity.