Abstract: A computer-implemented method is presented for storing log data generated in a distributed computing environment.

Abstract: A computer-implemented method is presented for visualizing log data captured in a computer system. The method includes: receiving a plurality of log records, where each log record includes a severity indicator; grouping log records in the plurality of log records into groups of log records, such that log records in a given group of records are chronological; for each group of log records, extracting one or more templates from a given group of log records, where each template is comprised of a text string representing log records in the given group of log records; for each group of log records, computing a similarity measure between a given group of log records and the remaining groups of log records; and visualizing the groups of log records by projecting each group of log records onto a multi-dimensional plane based on the similarity measures for the groups of log records and connecting projections for the groups of log records in chronological order using a line.

Abstract: The present disclosure relates to the detection of cross-site scripting vulnerabilities in a web application. The objective of the disclosure is to find a computer-implemented method for detecting cross-site scripting vulnerabilities in a web application. The detection of XSS vulnerabilities shall be performed automatically and the number of false positives shall be reduced compared to the prior art.

Abstract: A computer-implemented method is presented for determining primary keys in a table of a database system. The method includes: determining a number of rows in the table; for a given column of the table, generating a probabilistic data structure for the given column, where the probabilistic data structure is partitioned into a plurality of registers and configuration parameters for the probabilistic data structure includes a first recording parameter, base, that controls recording of data into the probabilistic data structure; computing a cardinality estimate for the given column using the probabilistic data structure; computing a ratio between the cardinality estimate for the given column and the number of rows in the table; comparing the ratio to a threshold; and designating the given column as a primary key for the table in response to the ratio being greater than the threshold.

Abstract: A system and method for real-time discovery and monitoring of multidimensional topology models describing structural aspects of applications and of computing infrastructure used to execute those applications is disclosed. Different types of agents are deployed to the monitored application execution infrastructure dedicated to capture specific topological aspects of the monitored system. Virtualization agents detect and monitor the virtualization structure of virtualized hardware used in the execution infrastructure, operating system agents deployed to individual operating systems monitor resource utilization, performance and communication of processes executed by the operating system and transaction agents deployed to processes participating in the execution of transactions, providing end-to-end transaction trace and monitoring data describing individual transaction executions.

Abstract: A prioritized method is presented for updating software in a distributed computing environment. The objective of the disclosure is to find a computer-implemented method for updating software on pods in the distributed computing environment. This is solved by calculating a risk rating for each pod in the manifest, taking into account a vulnerability score of the pod, the minimum number of inbound hops for reaching the pod, and the communication relationship between the given pod and other pods. Pods in the manifest are updated in accordance with the calculated risk ratings.

Abstract: The disclosure concerns the time-based correlation of time series for the root cause analysis of application monitoring data, observability data, and data observability data in the field of application monitoring and observability. The object of the disclosure is to find at least one candidate time series that has a high chance/probability for causing an event in a reference time series. The method shall be time-based and not frequency based. The method includes: constructing a simplified reference time series retaining changes in the reference time series and setting other points to zero; constructing a simplified candidate time series retaining changes in the candidate time series and setting other points to zero; calculating a similarity metric between the simplified candidate time series and the simplified reference time series; and reporting an occurrence of a computing event in response to the similarity metric exceeding a threshold value.

Abstract: A technology is disclosed for estimating the impact that heap memory allocations have on the behavior of garbage collection activities. Allocation monitoring data, including type and size of the allocated object and data describing the code location on which the allocation was performed are gathered. Further, when the allocated object is later reclaimed by garbage collection is recorded. Gathered object allocation and reclaim data are used to estimate for individual allocation sites or types of allocated objects, the number of bytes that are allocated, and the number of bytes that survived a garbage collection run. Allocation activity causing frequently garbage collection runs is identified using allocation size data and the survived byte counts are used to identify allocation activity causing long garbage collection runs. Further allocation monitoring data is correlated with transaction trace data to identify the impact of transactions or transaction classes on garbage collection behavior.

Abstract: Methods and technologies are disclosed for the sketch efficient estimation of large-scale multi-sets in distributed, stream-oriented environments. Sketch updates are idempotent and commutative, to support duplicate set elements and varying element sequences. They are also mergeable to support distributed sketch recording. The recording process uses stepwise approximated geometric distributions, efficiently generated from NLZ values of received sketch updates, by using only multiplications with powers of two and integer additions. Sketch registers are subdivided into a portion storing an observed max update value for the register, and a portion storing set of flag bits indicating observed next smaller update values for the register. A Max Likelihood base sketch data evaluation, based on the assumption of statistically independent sketch registers is proposed.

Abstract: A computer-implemented method is presented for determining primary keys in a table of a database system. The method includes: determining a number of rows in the table; for a given column of the table, generating a probabilistic data structure for the given column, where the probabilistic data structure is partitioned into a plurality of registers and configuration parameters for the probabilistic data structure includes a first recording parameter, base, that controls recording of data into the probabilistic data structure; computing a cardinality estimate for the given column using the probabilistic data structure; computing a ratio between the cardinality estimate for the given column and the number of rows in the table; comparing the ratio to a threshold; and designating the given column as a primary key for the table in response to the ratio being greater than the threshold.

Abstract: The disclosure concerns the time-based correlation of time series for the root cause analysis of application monitoring data, observability data, and data observability data in the field of application monitoring and observability. The object of the disclosure is to find at least one candidate time series that has a high chance/probability for causing an event in a reference time series. The method shall be time-based and not frequency based. The method includes: constructing a simplified reference time series retaining changes in the reference time series and setting other points to zero; constructing a simplified candidate time series retaining changes in the candidate time series and setting other points to zero; calculating a similarity metric between the simplified candidate time series and the simplified reference time series; and reporting an occurrence of a computing event in response to the similarity metric exceeding a threshold value.

Abstract: A serialization data format for the transfer, analysis, and modification of schemaless mass data is proposed. The data format supports stream oriented, pipeline-based processing, and it enables read access of contained data without deserialization, and modification access that only requires the deserialization of portions of structure and meta data. Incoming, semi-structured data records may be transformed into records of the proposed serialization data format, compressed and stored in processing buffers containing multiple of those records. During processing, only individual records are decompressed, and processed records are then compressed and stored in output processing buffers for efficient memory usage.

Abstract: A computer-implemented method is presented for storing and querying records from a data segment. The objective of the disclosure is to find computer-implemented methods for storing and querying records from a data segment that are fast and space efficient storing and querying of APM data stored in a segmented database.

Abstract: A computer-implemented method is presented for storing log data generated in a distributed computing environment.

Abstract: The disclosure relates to a computer-implemented method for simulating performance of a web application. The technical problem solved by the disclosure is to identify aspects of a web application that greatly affect user retention and to quantify user retention by modifying the identified aspects of the web application. This is solved by a collecting monitoring data associated with interactions between users and the web application; training a machine learning model with training data; generating virtual performance metrics for the web application; simulating a rate of users leaving the web application based on the virtual performance metrics; identifying at least one modified performance metric causing a change in user retention; and outputting a recommendation specific to the web application.

Abstract: A technology is disclosed for estimating the impact that heap memory allocations have on the behavior of garbage collection activities. A sampling mechanism randomly and unbiased selects a subset of allocations for detailed analysis. A detailed analysis is performed for the selected allocation activities. Allocation monitoring data, including type and size of the allocated object and data describing the code location on which the allocation was performed are gathered. Further, the point in time, when the allocated object is later reclaimed by garbage collection is recorded. Gathered object allocation and reclaim data are used to estimate for individual allocation sites or types of allocated objects, the number of bytes that are allocated, and the number of bytes that survived a garbage collection run. Allocation activity causing frequently garbage collection runs is identified using allocation size data and the survived byte counts are used to identify allocation activity causing long garbage collection runs.

Abstract: A computer-implemented technique is presented for analyzing log messages. The method includes: receiving a plurality of log message from a list of log messages; for each log message in the log messages, generating a fingerprint for the log message and appending the fingerprint to the log message, where the fingerprint is comprised of punctuation characters in the log message; sorting the log messages in the list of log messages according to the punctuation characters comprising a fingerprint for a given log message; and clustering log messages in the sorted list of log messages into a final set of clusters, where each cluster in the final set of clusters includes one or more log messages and the log messages in each cluster have fingerprints similar to other log messages in the cluster.

Abstract: An automated identification of vulnerable software components is presented. The objective to find a method for the automatic identification of CVE affected software components through source-code parsing and text analysis. The method shall reduce manual work to a minimum and ensure a high level of data quality. The objective is solved by the computer-implemented method for identifying vulnerable software, comprising: receiving a software package; unpacking source code files for multiple versions of the software package; retrieving an entry for the software package from a vulnerability database; retrieving a patch for the software package; determining changes made by the patch to source code files of the software package; and determining whether the changes were made to a given version of software and reporting the given version of software as vulnerable in response to a determination the changes were absent from the given version of software.

Abstract: A system and method for real-time discovery and monitoring of multidimensional topology models describing structural aspects of applications and of computing infrastructure used to execute those applications is disclosed. Different types of agents are deployed to the monitored application execution infrastructure dedicated to capture specific topological aspects of the monitored system. Virtualization agents detect and monitor the virtualization structure of virtualized hardware used in the execution infrastructure, operating system agents deployed to individual operating systems monitor resource utilization, performance and communication of processes executed by the operating system and transaction agents deployed to processes participating in the execution of transactions, providing end-to-end transaction trace and monitoring data describing individual transaction executions.

Abstract: A system and method is disclosed for the combined analysis of transaction execution monitoring data and a topology model created from infrastructure monitoring data of computing systems involved in the execution of the monitored transactions. Monitored communication activities of transactions are analyzed to identify intermediate processing nodes between sender and receiver side and to enrich transaction monitoring data with data describing those intermediate processing nodes. The topology model may also be improved by the combined analysis, as functionality and services provided by elements of the topology model may be derived by the involvement of those elements in the execution of monitored transactions. The result of the combined analysis is used by an automated anomaly detection and causality estimation system. The combined analysis may also reveal entities of a monitored environment that are used by transaction executions but which are not monitored.