Abstract: Provided are methods and systems for searching event sequences. An example method includes receiving a request including a sequence of queries, the sequence of queries including a first query and a second query, the second query succeeding the first query in the sequence; executing the first query over a first dataset to determine a first event; executing the second query over a second dataset to determine a second event, the second event occurring after the first event; and generating, in response to the request, a further sequence including the first event and the second event. The method may include executing the first query over the first dataset to determine a third event and verifying that the third event has occurred after the second event.

Abstract: Methods and systems for starting a node without a default password are provided. Exemplary methods include: creating a node responsive to indicia received from a user; checking for an existing keystore in the node; when no existing keystore is in the node: generating a seed password for a predefined user of the node; non-persistently providing the seed password to the user; creating an encrypted keystore in the node; and storing the seed password in the encrypted keystore; and allowing access to the node using the built-in user and seed password.

Abstract: Anomaly detection in computing environments is disclosed herein. An example method includes receiving an unstructured input stream of data instances from the computing environment, the unstructured input stream being time stamped; categorizing the data instances of the unstructured input stream of data instances, the data instances comprising at least one principle value and a set of categorical attributes determined through machine learning; generating anomaly scores for each of the data instances collected over a period of time; and detecting a change in the categorical attribute that is indicative of an anomaly.

Abstract: Provided are methods and systems for searching event sequences. An example method includes receiving a request including a sequence of queries, the sequence of queries including a first query and a second query, the second query succeeding the first query in the sequence; executing the first query over a first dataset to determine a first event; executing the second query over a second dataset to determine a second event, the second event occurring after the first event; and generating, in response to the request, a further sequence including the first event and the second event. The method may include executing the first query over the first dataset to determine a third event and verifying that the third event has occurred after the second event.

Abstract: Functionality is provided for unwinding program call stacks across native-to-interpreted code and native-to-JIT-compiled code boundaries, as well as across the kernel and user space boundaries, during performance profiling. The system thus enables profiling of code that crosses boundaries from native code to interpreted languages and native code to languages that run on a runtime supporting JIT compilation. Various embodiments provide cross-language profiling with a sufficiently low performance impact so as to enable such profiling to take place in a production environment.

Abstract: The field of the disclosure relates generally to a method and system for analyzing behavior of a computer infrastructure and the displaying the behavior of the computer infrastructure in a graphical manner. The system comprises an analytical engine connected to agents running on devices in the computer infrastructure and analyzing continuous data and asynchronous data.

Abstract: Provided are methods and systems for invalidating user security tokens. An example method may include providing, by one or more nodes in a cluster, a list of revoked security tokens. The method may include receiving, by the one or more nodes, an indication of invalidating a user security token associated with a user device. The indication may include a request from the user to invalidate the user security token. The method may further include, in response to the receiving, adding, by the one or more nodes, the user security token to the list of revoked security tokens. The user security token can be added to the list of revoked security tokens prior to the expiration time of the user security token. The method may further include replicating, by the one or more nodes, the list of revoked security tokens between further nodes of the cluster.

Abstract: Clustering and outlier detection in anomaly and causation detection for computing environments is disclosed. An example method includes receiving an input stream having data instances, each of the data instances having multi-dimensional attribute sets, identifying any of outliers and singularities in the data instances, extracting the outliers and singularities, grouping two or more of the data instances into one or more groups based on correspondence between the multi-dimensional attribute sets and a clustering type, and displaying the grouped data instances that are not extracted in a plurality of clustering maps on an interactive graphical user interface, wherein each of the plurality of clustering maps is based on a unique clustering type.

Abstract: Systems and methods for application performance management across one or more networks are disclosed. A system includes a plurality of geographically distributed computing devices executing one or more applications. A plurality of collectors are distributed across the one or more networks, each collector being positioned proximate a respective computing device. The collectors may sample, by each of the plurality of collectors, a plurality of trace events received from the applications executing on the computing devices proximate the collector. The collectors may retain in memory sampled trace events that meet a configurable attribute. The collectors may use probabilistic sets and tail-based sampling to determine root events and policies for identifying relevant traces. Benefits can be achieved in bandwidth savings, network cost and cyber security.

Abstract: Systems and methods for monitoring a process a provided. An example method commences with providing a management platform. The management platform is configured to receive user rules for processing at least one function call within the process. A high-level script can be used based on the user rules to develop and install at least one library to execute synchronously within the process. The at least one library can be configured to monitor the process for at least one function call and capture argument values of the function call before the argument values are passed to a function. The at least one library can filter the function call based at least in part on the argument values. The method can continue with selectively creating an API event for execution by a dedicated worker thread. The execution of the API event is performed asynchronously with regard to the process.

Abstract: Functionality is provided for profiling code by unwinding stacks in frame-pointer omitted executables using C++ exception stack unwinding information. Information is extracted from executable files, and used to optimize stack unwinding operations. In at least one embodiment, the system uses information that has been included for exception handling. Storage of such information can be optimized by exploiting patterns in stack deltas.

Abstract: Self-replicating management services for distributed computing architectures are provided herein. An example method includes providing one or more nodes providing services; and maintaining a quorum of a plurality of management servers by: providing a distributed coordination service for the one or more nodes on each of the plurality of management servers; managing, via a director, requests for data on the distributed coordination service from the one or more nodes; promoting at least one of the one or more nodes to being one of the plurality of management servers; and maintaining secure tunnels between the plurality of management servers and the one or more nodes.

Abstract: Systems and methods for iterating between a graphical user interface and an expression for data visualization. Exemplary methods include: receiving an edited expression from a user, the edited expression including changes to the expression and being associated with a component; evaluating the edited expression; displaying the component using the evaluation of the edited expression; determining a user interface block using the edited expression; and presenting the user interface block to the user in a graphical user interface.

Abstract: Methods and systems for index lifecycle management are provided. Exemplary methods include: receiving an ILM policy; determining a first condition and a first action for a first phase using the ILM policy; performing the first action for the first phase when the first condition is met; transition from the first phase to a second phase; determining a second condition and a second action for the second phase using the ILM policy; performing the second action for the second phase when the second condition is met; transition from the second phase to a third phase; determining a third condition and a third action for the third phase using the ILM policy; performing the third action for the third phase when the third condition is met; transition from the third phase to a fourth phase; and deleting the index during the third phase.

Abstract: Provided are systems and methods for automatic search query refinement. An example method commences with identifying a plurality of electronic sources of data content of an entity stored at different network-accessible locations. The content may be dynamically assigned fields based on criteria specified by the entity. Thereupon, a unified search interface may be provided to authorized users to search the content. A search query subsequently received from a user may be parsed. The method continues with determining, upon the parsing and based on predetermined rules, triggers associated with the search query. In some embodiments, the triggers include search triggers to be used for searching content, filter triggers to be applied for filtering search results, and structural triggers to be used for ranking the search results. The method further includes searching the content based on the triggers to retrieve the search results and providing the search results to the user.

Abstract: Methods and systems for cross cluster replication are provided. Exemplary methods include: periodically requesting by a follower cluster history from a leader cluster, the history including at least one operation and sequence number pair, the operation having changed data in a primary shard of the leader cluster; receiving history and a first global checkpoint from the leader cluster; when a difference between the first global checkpoint and a second global checkpoint exceeds a user-defined value, concurrently making multiple additional requests for history from the leader cluster; and when a difference between the first global checkpoint and the second global checkpoint is less than a user-defined value, executing the at least one operation, the at least one operation changing data in a primary shard of the follower cluster, such that an index of the follower cluster replicates an index of the leader cluster.

Abstract: Snapshot lifecycle management systems and methods are disclosed herein. An example method includes establishing a repository for a user, determining indices for the user, generating a snapshot lifecycle policy for the indices of the cluster. The snapshot lifecycle policy comprises snapshot gathering parameters that dictate when and how often snapshots of indices of the cluster are obtained, as well as retention parameters that control how long the snapshots are stored and when the snapshots are to be deleted. The method includes storing the snapshots for the indices of the cluster in the repository according to the snapshot gathering parameters, and managing retention of the snapshots stored in the repository according to the retention parameters.

Abstract: Methods and systems for searching a frozen index are provided. Exemplary methods include: a method may comprise: receiving an initial search and a subsequent search; loading the initial search and the subsequent search into a throttled thread pool, the throttled thread pool including; getting the initial search from the throttled thread pool; storing a first shard from a mass storage in a memory in response to the initial search; performing the initial search on the first shard; providing first top search result scores from the initial search; and removing the first shard from the memory when the initial search is completed.

Abstract: Methods and systems for providing distributed tracing for application performance monitoring utilizing a distributed search engine in a microservices architecture. An example method comprises providing a user interface (UI) including a distributed trace indicating in real time the services invoked to serve an incoming HTTP request including dependent services, the UI further including, in a single view, associated execution times for the services and dependent services shown as a timeline waterfall. The distributed trace automatically propagates a trace ID to link services end-to-end in real time until a response to the request is served. Spans associated with the services and dependent can be compressed using various techniques provided for herein.

Abstract: Provided are systems and methods for generating alerts in a computing environment. An example method may commence with receiving parameters associated with an alert. The parameters may include at least an alert condition and an action to be performed based on the alert condition. The method may further include monitoring at least a portion of a network data according to a predetermined schedule based on the parameters. The method may further include generating the alert upon detection of the alert condition.