Abstract: Systems and methods for application performance management across one or more networks are disclosed. A system includes a plurality of geographically distributed computing devices executing one or more applications. A plurality of collectors are distributed across the one or more networks, each collector being positioned proximate a respective computing device. The collectors may sample, by each of the plurality of collectors, a plurality of trace events received from the applications executing on the computing devices proximate the collector. The collectors may retain in memory sampled trace events that meet a configurable attribute. The collectors may use probabilistic sets and tail-based sampling to determine root events and policies for identifying relevant traces. Benefits can be achieved in bandwidth savings, network cost and cyber security.

Abstract: Systems and methods for providing for visualization and analysis of geospatial data are described. An example method includes automatically generating a first map comprising a plurality of layers that each comprise part of the input data, providing a graphical user interface for receiving at least one selection from the user of one or more of the plurality of layers of the first map for display and an indication that the user has zoomed in on the first map to a first area featuring a symbol corresponding to an item of interest, and automatically generating, based on bounds of the dataset, a second map showing a second area of a bounding shape selected to fit the data related to the item of interest.

Abstract: Provided are methods and systems for configuring and managing data shipper agents. A method may commence with receiving a list of one or more data shipper agents installed on one or more edge nodes associated with a user. A data shipper agent of the one or more data shipper agents may be installed on one of the one or more edge nodes. The method may continue with providing a graphical user interface that may enable the user to configure the one or more data shipper agents. The method may further include receiving selections of configuration parameters associated with at least one of the one or more data shipper agents. The method may then continue with receiving a configuration of the at least one of the one or more data shipper agents and automatically reconfiguring the configuration of the at least one of the one or more data shipper agents.

Abstract: Systems and methods for processing structured queries over clusters are provided herein. An example system includes a plurality of clusters, wherein a local cluster is configured to receive, from a client, a structured query language (SQL) structured query, determine, based on the SQL structured query, a list of remote clusters of the plurality of clusters, process the SQL structured query to generate a local query executable by a local search engine of the local cluster and remote queries executable by remote search engines of the remote clusters, send the remote queries to the remote clusters to obtain remote results, execute the local query to obtain local results, combine the remote results and the local results to obtain an aggregated result, and return the aggregated result to the client.

Abstract: Systems and methods that are adapted for automatic curation of query responses are disclosed herein. An example method includes obtaining user action metrics corresponding to responses provided in reply to a query for a target resource, the query having a search term, determining a portion of the responses having user action metrics with statistical significance, generating a list of curated responses based on the portion of the responses, and providing the curated responses in reply queries having the search term.

Abstract: Service-to-service role mapping systems and methods are disclosed herein. An example role mapping service is positioned between a directory service and a search engine service, the directory service managing user information and permissions for users, the role mapping service mapping one or more search engine service roles to a user based on the user information and permissions received from the directory service.

Abstract: Methods and systems for a document-level attribute-based access control service are provided. The document-level attribute-based access control service may be positioned between a directory service and a search engine service. The directory service can manage information and permissions for users. The document-level attribute-based access control service can map security attributes to the user based on the information and permissions. Based on the mapping, it can be determined whether to permit the user making a query to the search engine service to access documents based on the query. Information and permissions attributes can be injected into queries dynamically via a template. Attributes may be combined with role query templates to create document-level attribute-based access control on top of role-based access control. The present technology can enable enforcement of security policies requiring all of a combination of attributes to be satisfied before permitting certain access.

Abstract: Provided are methods and systems for searching event sequences. An example method includes receiving a request including a sequence of queries, the sequence of queries including a first query and a second query, the second query succeeding the first query in the sequence; executing the first query over a first dataset to determine a first event; executing the second query over a second dataset to determine a second event, the second event occurring after the first event; and generating, in response to the request, a further sequence including the first event and the second event. The method may include executing the first query over the first dataset to determine a third event and verifying that the third event has occurred after the second event.

Abstract: Methods and systems for starting a node without a default password are provided. Exemplary methods include: creating a node responsive to indicia received from a user; checking for an existing keystore in the node; when no existing keystore is in the node: generating a seed password for a predefined user of the node; non-persistently providing the seed password to the user; creating an encrypted keystore in the node; and storing the seed password in the encrypted keystore; and allowing access to the node using the built-in user and seed password.

Abstract: Anomaly detection in computing environments is disclosed herein. An example method includes receiving an unstructured input stream of data instances from the computing environment, the unstructured input stream being time stamped; categorizing the data instances of the unstructured input stream of data instances, the data instances comprising at least one principle value and a set of categorical attributes determined through machine learning; generating anomaly scores for each of the data instances collected over a period of time; and detecting a change in the categorical attribute that is indicative of an anomaly.

Abstract: Provided are methods and systems for searching event sequences. An example method includes receiving a request including a sequence of queries, the sequence of queries including a first query and a second query, the second query succeeding the first query in the sequence; executing the first query over a first dataset to determine a first event; executing the second query over a second dataset to determine a second event, the second event occurring after the first event; and generating, in response to the request, a further sequence including the first event and the second event. The method may include executing the first query over the first dataset to determine a third event and verifying that the third event has occurred after the second event.

Abstract: Functionality is provided for unwinding program call stacks across native-to-interpreted code and native-to-JIT-compiled code boundaries, as well as across the kernel and user space boundaries, during performance profiling. The system thus enables profiling of code that crosses boundaries from native code to interpreted languages and native code to languages that run on a runtime supporting JIT compilation. Various embodiments provide cross-language profiling with a sufficiently low performance impact so as to enable such profiling to take place in a production environment.

Abstract: The field of the disclosure relates generally to a method and system for analyzing behavior of a computer infrastructure and the displaying the behavior of the computer infrastructure in a graphical manner. The system comprises an analytical engine connected to agents running on devices in the computer infrastructure and analyzing continuous data and asynchronous data.

Abstract: Provided are methods and systems for invalidating user security tokens. An example method may include providing, by one or more nodes in a cluster, a list of revoked security tokens. The method may include receiving, by the one or more nodes, an indication of invalidating a user security token associated with a user device. The indication may include a request from the user to invalidate the user security token. The method may further include, in response to the receiving, adding, by the one or more nodes, the user security token to the list of revoked security tokens. The user security token can be added to the list of revoked security tokens prior to the expiration time of the user security token. The method may further include replicating, by the one or more nodes, the list of revoked security tokens between further nodes of the cluster.

Abstract: Clustering and outlier detection in anomaly and causation detection for computing environments is disclosed. An example method includes receiving an input stream having data instances, each of the data instances having multi-dimensional attribute sets, identifying any of outliers and singularities in the data instances, extracting the outliers and singularities, grouping two or more of the data instances into one or more groups based on correspondence between the multi-dimensional attribute sets and a clustering type, and displaying the grouped data instances that are not extracted in a plurality of clustering maps on an interactive graphical user interface, wherein each of the plurality of clustering maps is based on a unique clustering type.

Abstract: Systems and methods for application performance management across one or more networks are disclosed. A system includes a plurality of geographically distributed computing devices executing one or more applications. A plurality of collectors are distributed across the one or more networks, each collector being positioned proximate a respective computing device. The collectors may sample, by each of the plurality of collectors, a plurality of trace events received from the applications executing on the computing devices proximate the collector. The collectors may retain in memory sampled trace events that meet a configurable attribute. The collectors may use probabilistic sets and tail-based sampling to determine root events and policies for identifying relevant traces. Benefits can be achieved in bandwidth savings, network cost and cyber security.

Abstract: Functionality is provided for profiling code by unwinding stacks in frame-pointer omitted executables using C++ exception stack unwinding information. Information is extracted from executable files, and used to optimize stack unwinding operations. In at least one embodiment, the system uses information that has been included for exception handling. Storage of such information can be optimized by exploiting patterns in stack deltas.

Abstract: Systems and methods for monitoring a process a provided. An example method commences with providing a management platform. The management platform is configured to receive user rules for processing at least one function call within the process. A high-level script can be used based on the user rules to develop and install at least one library to execute synchronously within the process. The at least one library can be configured to monitor the process for at least one function call and capture argument values of the function call before the argument values are passed to a function. The at least one library can filter the function call based at least in part on the argument values. The method can continue with selectively creating an API event for execution by a dedicated worker thread. The execution of the API event is performed asynchronously with regard to the process.

Abstract: Self-replicating management services for distributed computing architectures are provided herein. An example method includes providing one or more nodes providing services; and maintaining a quorum of a plurality of management servers by: providing a distributed coordination service for the one or more nodes on each of the plurality of management servers; managing, via a director, requests for data on the distributed coordination service from the one or more nodes; promoting at least one of the one or more nodes to being one of the plurality of management servers; and maintaining secure tunnels between the plurality of management servers and the one or more nodes.

Abstract: Methods and systems for index lifecycle management are provided. Exemplary methods include: receiving an ILM policy; determining a first condition and a first action for a first phase using the ILM policy; performing the first action for the first phase when the first condition is met; transition from the first phase to a second phase; determining a second condition and a second action for the second phase using the ILM policy; performing the second action for the second phase when the second condition is met; transition from the second phase to a third phase; determining a third condition and a third action for the third phase using the ILM policy; performing the third action for the third phase when the third condition is met; transition from the third phase to a fourth phase; and deleting the index during the third phase.