Abstract: An access analysis system obtains data about user requests to access particular applications, such as identifiers of the particular user and application involved, the time of the request, and (optionally) additional contextual data, and uses that data to generate user access distributions that quantify the distribution of a given user's requests to access applications over time. After one or more distributions have been generated for a particular user, when that user submits a new access request for an application, the access analysis system can compare the request to the previously-generated access distributions to determine whether (or to what degree) the request is anomalous. If the request is sufficiently non-anomalous, it can be granted with little or no additional actions required by the user or the user's device; if, however, the request is sufficiently anomalous, it can be denied, or additional information—such as additional user authentication factors—can be required.

Abstract: An access analysis system obtains data about user requests to access particular applications, such as identifiers of the particular user and application involved, the time of the request, and (optionally) additional contextual data, and uses that data to generate user access distributions that quantify the distribution of a given user's requests to access applications over time. After one or more distributions have been generated for a particular user, when that user submits a new access request for an application, the access analysis system can compare the request to the previously-generated access distributions to determine whether (or to what degree) the request is anomalous. If the request is sufficiently non-anomalous, it can be granted with little or no additional actions required by the user or the user's device; if, however, the request is sufficiently anomalous, it can be denied, or additional information—such as additional user authentication factors—can be required.

Abstract: An access analysis system obtains data about user requests to access particular applications, such as identifiers of the particular user and application involved, the time of the request, and (optionally) additional contextual data, and uses that data to generate user access distributions that quantify the distribution of a given user's requests to access applications over time. After one or more distributions have been generated for a particular user, when that user submits a new access request for an application, the access analysis system can compare the request to the previously-generated access distributions to determine whether (or to what degree) the request is anomalous. If the request is sufficiently non-anomalous, it can be granted with little or no additional actions required by the user or the user's device; if, however, the request is sufficiently anomalous, it can be denied, or additional information—such as additional user authentication factors—can be required.

Abstract: An access analysis system obtains data about user requests to access particular applications, such as identifiers of the particular user and application involved, the time of the request, and (optionally) additional contextual data, and uses that data to generate user access distributions that quantify the distribution of a given user's requests to access applications over time. After one or more distributions have been generated for a particular user, when that user submits a new access request for an application, the access analysis system can compare the request to the previously-generated access distributions to determine whether (or to what degree) the request is anomalous. If the request is sufficiently non-anomalous, it can be granted with little or no additional actions required by the user or the user's device; if, however, the request is sufficiently anomalous, it can be denied, or additional information—such as additional user authentication factors—can be required.

Abstract: A time series system is updated using a data-verification system. The aggregation system may include one or more aggregators. When an upgrade is appropriate, a shadow aggregator may be added to the set of active aggregators. Metrics are provided from one or more collectors to an active aggregator. The shadow aggregator may receive the metrics intended for a particular aggregator, process the metric, and then pass the metric to the intended aggregator for processing. After a period of time, the shadow aggregator data is verified against the intended aggregator data. If the shadow aggregator data is verified, the shadow aggregator becomes an active aggregator and processes data as normal.

Abstract: In one aspect, a system for distributed consistent hash backed time rollup of performance metric data is disclosed. The system includes a plurality of collectors configured to receive, time series metrics data for a plurality of performance metrics from one or more agents instrumented into monitored applications; a plurality of aggregators communicatively connected to the collectors and configured to aggregate the received time series metric data for the plurality of performance metrics, wherein each aggregator is assigned to aggregate all received time series metrics data for one or more of the plurality of performance metrics; and a coordinator communicatively connected to the plurality of collectors and plurality of aggregators and configured to provide collectors with information on availability of the plurality of aggregators.

Abstract: In one aspect, a method for metric payloads ingestion and playback is disclosed. The method includes receiving time series of metric payloads for a plurality of performance metrics indicating performance of a node or machine and storing the received time series of metric payloads in a payload tracking table of a database. The storing includes storing the received time series of metric payloads in different layers and partitioned regions of the payload tracking table. The layers represent time ranges corresponding to time points when the time series of metric payloads are received. The partitioned regions are assigned to received certain ones of the received time series of metric payloads. The method includes replaying the stored time series of metric payloads from a select one or more of the partitioned region or layer or both.

Abstract: In one aspect, a system for distributed consistent hash backed time rollup of performance metric data is disclosed. The system includes a plurality of collectors configured to receive, time series metrics data for a plurality of performance metrics from one or more agents instrumented into monitored applications; a plurality of aggregators communicatively connected to the collectors and configured to aggregate the received time series metric data for the plurality of performance metrics, wherein each aggregator is assigned to aggregate all received time series metrics data for one or more of the plurality of performance metrics; and a coordinator communicatively connected to the plurality of collectors and plurality of aggregators and configured to provide collectors with information on availability of the plurality of aggregators.

Abstract: The present system uses quorum based aggregator failure detection in which a failed aggregator is detected and configured. Rather than repair and roll-up of all metrics for a period of time associated with the failed aggregator, only the specific metrics that were to be processed by the failed aggregator are repaired. Once the failed aggregator is identified, the time range for the downed aggregator and keys processed by the aggregator are identified. Keys for replica aggregators associated with the identified time ranges and key values are then pulled, provided to a batch processor, and processed. At cluster roll-up task completion, a time rollup task for cluster rollup is then started.

Abstract: Quorum based anomaly detection utilizes multiple entities to detect and attempt to configure a repair task for an anomaly. Once the repair task is generated, a system is used to assign the task to a worker entity while recording the responsibility of that task with the worker in a persistent storage. If the worker entity crashes, the degraded worker status will eventually be detected, and all tasks associated with that worker will be re-assigned. Once a worker finishes a task, the assignment information for the task is transitioned to a completed state.

Abstract: In one aspect, a method for metric payloads ingestion and playback is disclosed. The method includes receiving time series of metric payloads for a plurality of performance metrics indicating performance of a node or machine and storing the received time series of metric payloads in a payload tracking table of a database. The storing includes storing the received time series of metric payloads in different layers and partitioned regions of the payload tracking table. The layers represent time ranges corresponding to time points when the time series of metric payloads are received. The partitioned regions are assigned to received certain ones of the received time series of metric payloads. The method includes replaying the stored time series of metric payloads from a select one or more of the partitioned region or layer or both.

Abstract: In one aspect, a system for distributed consistent hash backed time rollup of performance metric data is disclosed. The system includes a plurality of collectors configured to receive, time series metrics data for a plurality of performance metrics from one or more agents instrumented into monitored applications; a plurality of aggregators communicatively connected to the collectors and configured to aggregate the received time series metric data for the plurality of performance metrics, wherein each aggregator is assigned to aggregate all received time series metrics data for one or more of the plurality of performance metrics; and a coordinator communicatively connected to the plurality of collectors and plurality of aggregators and configured to provide collectors with information on availability of the plurality of aggregators.

Abstract: The present system uses quorum based aggregator failure detection in which a failed aggregator is detected and configured. Rather than repair and roll-up of all metrics for a period of time associated with the failed aggregator, only the specific metrics that were to be processed by the failed aggregator are repaired. Once the failed aggregator is identified, the time range for the downed aggregator and keys processed by the aggregator are identified. Keys for replica aggregators associated with the identified time ranges and key values are then pulled, provided to a batch processor, and processed. At cluster roll-up task completion, a time rollup task for cluster rollup is then started.

Abstract: Quorum based anomaly detection utilizes multiple entities to detect and attempt to configure a repair task for an anomaly. Once the repair task is generated, a system is used to assign the task to a worker entity while recording the responsibility of that task with the worker in a persistent storage. If the worker entity crashes, the degraded worker status will eventually be detected, and all tasks associated with that worker will be re-assigned. Once a worker finishes a task, the assignment information for the task is transitioned to a completed state.

Abstract: A system processes a large volume of real time hierarchical system metrics using distributed computing by stateless processes. The metrics processing system receives different types of hierarchical metrics coming from different sources and then aggregates the metrics by their hierarchy. The system is on-demand, cloud based, multitenant and highly available. The system makes the aggregated metrics available for reporting and policy triggers in real time. The metrics aggregation and roll up method involves two different classes of stateless java programs that work in tandem to receive, aggregate and roll up the incoming metrics. The method also involves a persistence store to save incoming and aggregated metrics. The method uses a quorum to communicate between these processes.

Abstract: A time series system is updated using a data-verification system. The aggregation system may include one or more aggregators. When an upgrade is appropriate, a shadow aggregator may be added to the set of active aggregators. Metrics are provided from one or more collectors to an active aggregator. The shadow aggregator may receive the metrics intended for a particular aggregator, process the metric, and then pass the metric to the intended aggregator for processing. After a period of time, the shadow aggregator data is verified against the intended aggregator data. If the shadow aggregator data is verified, the shadow aggregator becomes an active aggregator and processes data as normal.

Abstract: The present system provide for more efficient processing, storage and querying of metrics from a distributed system from which large volumes of metrics are collected. The present metrics processing system may store billions of performance metrics in a persistence storage system, such as an HBase storage system, for several days, with minimum space required and at the same time retaining a low level data granularity. The reporting queries may use a unique technique to find required metrics in the HBase persistence store using a portion of the key as a bit array. The present metrics processing system may user a very small number of keys to store minute level metrics data for a metric for several hours. The metric values may be pivoted to multiple time-bucketed keys at different times during their life time in the system.

Abstract: Disclosed herein is a method and system for isolating business logic from system operations by attaching and organizing a set of java interceptor components, using XML configuration and java dynamic proxy functionality, around an existing standard software java business component. The interceptor components are configured by pre-configuring a set of interceptor classes in an XML configuration file. An interceptor framework is provided which configures, initializes and maintains the interceptor classes. A proxy of the business component is created and returned to a calling client program. The interceptor framework parses the XML configuration file for initializing all the interceptor classes. An interceptor chain is created associated with the business component, when the client program invokes the methods on the proxy business component. Each interceptor acts as a proxy to a previous interceptor in the interceptor chain.

Abstract: Disclosed herein is a method and system for isolating business logic from system operations by attaching and organizing a set of java interceptor components, using XML configuration and java dynamic proxy functionality, around an existing standard software java business component. The interceptor components are configured by pre-configuring a set of interceptor classes in an XML configuration file. An interceptor framework is provided which configures, initializes and maintains the interceptor classes. A proxy of the business component is created and returned to a calling client program. The interceptor framework parses the XML configuration file for initializing all the interceptor classes. An interceptor chain is created associated with the business component, when the client program invokes the methods on the proxy business component. Each interceptor acts as a proxy to a previous interceptor in the interceptor chain.