Abstract: In various embodiments, a computer-implemented method comprises determining that a first property associated with a dashboard is modified at a first device, determining that the dashboard is accessible at a second device, where the first device and the second device are coupled via a trusted tunnel bridge, and in a real-time response to determining that the first property was modified, transmitting, to the second device via the trusted tunnel bridge, an update that causes the second device modify the dashboard based on the modified first property.

Abstract: Examples described herein relate to customization of courses of action for responding to incidents in information technology (IT) environments. An incident management service executes incident response monitoring, identification and remediation across an IT environment for one or more entities that may have their own configuration of computing assets (computing environment) within the IT environment. A course of action outlines remediation actions for responding to specific types of incidents within an IT environment. A course of action is customized for implementation within a particular computing environment associated with an entity. Customization of a course of action comprises generation and implementation of sets of instructions that are usable to tailor remedial actions for execution in computing environments of different entities.

Abstract: Techniques and mechanisms are disclosed for a data intake and query system to generate “meta-notable” events by applying a meta-notable event rule to a collection of notable event data. A meta-notable event rule specifies one or more patterns of notable event instances defined by a set of notable event states and a set of transition rules (also referred to as association rules) indicating conditions for transitioning from one notable event state to another. The set of notable event states includes at least one start state and at least one end state. A meta-notable event is generated when a set of analyzed notable events satisfies a set of transition rules linking a start state to an end state (including transitions through any intermediary states between the start state and the end state).

Abstract: The disclosed embodiments relate to a system that facilitates developing applications in a component-based software development environment. This system provides an execution environment comprising instances of application components and a registry that maps names to instances of application components. Upon receiving a call to register a mapping between a name and an instance of an application component, the system updates the registry to include an entry for the mapping. Moreover, upon receiving a call to be notified about registry changes for a name, the system updates the registry to send a notification to a caller when a registry change occurs for the name.

Abstract: Systems and methods are disclosed for implementing a low-latency data stream monitoring system. The data stream monitoring system may obtain raw data from a data source as soon after the data is generated, and may classify the data according to different topics. The topics may be published in a publish-subscribe messaging model, and data enrichment systems may subscribe to the topics to receive data for enrichment. The data enrichment systems may supplement or replace the raw data with additional information, and may further classify or reclassify the enriched data into different topics. The enriched data may then be published to an alert generation system, which may apply various criteria to the enriched data to determine that alerts should be generated, generate the alerts, and publish or transmit the alerts to client devices. Individual data streams, topics, enrichments, criteria, and alarms may be added, removed, or modified as required.

Abstract: A computer-implemented method is disclosed including operations of receiving a request to store a representation of a machine learning model in a non-transitory computer-readable medium, validating the representation of the machine learning model, storing the representation of the machine learning model, receiving a query from a web-based programming application, the query including a sequence of operators, parsing the query to detect and identify each operator within the sequence of operators, converting the query to directed acyclic graph (DAG) and providing the DAG to a distributed processing engine configured to execute the DAG. The computer-implemented method includes further operations of, prior to converting the query to the DAG, altering the query to improve efficiency of execution of the DAG. Altering the query may include at least one of consolidating at least two operators, applying a filter operation to an operator, or applying a projection to the operator.

Abstract: Systems and methods are disclosed for efficiently storing information identifying journey instances within unstructured event data of a data intake and processing system. Each journey instance is illustratively associated with a series of events within the unstructured event data occurring over a journey duration. Because the unstructured event data may be constantly updated, any given inspection of the event data may yield both complete and incomplete instances. Storage of instance data over time can require updating of prior incomplete journey instances with complete versions of such instance detected at a later point in time. However, a data store of the unstructured event data may be unsuited for such updating, as the store may maintain version information for deleted data to reduce possibility of data loss. To address this issue, a separate structured data store, such as a columnar time series data store, is provided to efficiently store instance information.

Abstract: A method of identifying exemplary spans associated with a real user session comprises aggregating ingested spans associated with user interaction with an application during the user session. The method also comprises segmenting the user session into chunks and storing each chunk with an identifier indicating a location of a respective chunk. Further, responsive to user-specified parameters included in a query, the method comprises accessing a chunk using a respective identifier and applying the user-specified parameters to spans in the chunk. Additionally, the method comprises rendering a waterfall visualization comprising exemplary spans associated with the user session, wherein the exemplary spans surface in response to the applying the user-specified parameters to the plurality of spans in the chunk.

Abstract: Monitoring and troubleshooting tools provide the capability to visualize different levels of a client's application that is deployed as a suite of independent but cooperating services (e.g., as microservices of a microservices-based architecture), collect values of monitored or tracked metrics at those different levels, and visualize values of the metrics at those levels. For example, metrics values can be generated for teams of the microservices.

Abstract: A blockchain consortium network can be implemented in which nodes of one or more blockchains generate data for pipeline-based processing by a consortium pipeline system. The generated data can include private blockchain data, public blockchain data, and machine data, such as logs or operational metrics from the nodes. The data is collected from different network levels and can be transformed via pipeline processes of the consortium pipeline system to securely share data in the blockchain consortium network.

Abstract: Embodiments of the present invention are directed to facilitating performing online data decomposition. In accordance with aspects of the present disclosure, an incoming data point of a time series data set is obtained. Thereafter, an iterative process of estimating trend and seasonality is performed to decompose the incoming data point to a set of data components based on a particular set of previous data points of the time series data set and corresponding data components. Generally, the set of data components for the incoming data point include a trend component, a seasonality component, and a residual component. The set of data components is provided for analysis of the incoming data point, such as, for example, to identify data anomalies.

Abstract: Various implementations of the present application set forth a method comprising receiving, by a remote device from a host device, geometry data representing a physical space that is remote to a location of the remote device, where the geometry data comprises a set of vertices, a set of faces comprising edges between pairs of vertices, and texture data, constructing, based on the geometry data, an adaptable three-dimensional (3D) representation of the physical space for display at the location of the remote device, receiving, by the remote device, an input representing an interaction with at least one portion of the adaptable 3D representation, and transmitting, to the host device, data corresponding to the interaction.

Abstract: A machine data validation system can track and validate the integrity of machine data generated by machines. The system can generate hashes for the items and batch hashes that can be validated using an immutable data store, such as a blockchain. The system can implement a tiered blockchain structure to efficiently store and reference the hashes to validate the machine data at different times or upon request from an end-user.

Abstract: The disclosed embodiments relate to a system that generates an alert based on information extracted from search results generated by a query. During operation, the system executes the query to generate the search results. The system also obtains configuration information for the alert, wherein the configuration information identifies information associated with the search results, and also specifies a trigger condition for the alert. Next, when the trigger condition for the alert is met, the system uses the configuration information to generate a payload containing the identified information associated with the search results. The system then invokes alert-generating functionality and provides the payload as input to the alert-generating functionality. This enables the alert-generating functionality to use the information from the search results while performing one or more alert actions association with the alert.

Abstract: Systems and methods are disclosed for scalable bucket merging in a data intake and query system. Various components of a bucket manager can be used to monitor recently-created buckets of data in common storage that are associated with a particular tenant and a particular index, apply a comprehensive bucket merge policy to determine groups of buckets that qualify for merging, merge those group of buckets into merged buckets to be stored in the common storage, and update any information associated with the merged buckets and pre-merged buckets. These components may be shared across multiple tenants, and some of these components may be dynamically scalable based on need. This approach may also provide many additional benefits, including improved search performance from merged buckets, efficient resource utilization associated with discriminate merging, and redundancy in case of component failure.

Abstract: Techniques are described for providing a machine learning (ML) data analytics application including guided ML workflows that facilitate the end-to-end training and use of various types of ML models, where such guided workflows may also be referred to as ML “experiments.” One such model is an outlier detection model to assist in the monitoring of computer network traffic and computer performance. For example, the ML data analytics application may generate an outlier detection model using user-identified data from a data source and parameter information. The generates outlier detection model can include distribution functions of distribution types selected from a plurality of distribution types by a distribution fitting algorithm.

Abstract: Various aspects of the subject technology relate to systems, methods, and machine-readable media for visualizing performance data of infrastructure components. The method includes receiving a query through an application for a metric for an infrastructure component, the metric comprising metric time series (MTS) data. The method also includes identifying sources for the metric. The method also includes querying the identified sources for the metric. The method also includes selecting from the identified sources best available data for the metric based on a selection algorithm. The method also includes enriching the best available data comprising linking dimensions and properties from the identified sources to the best available data. The method also includes causing display of the enriched best available data through a user interface of the application.

Abstract: A first processing node of a cluster of processing nodes issues a first alert when first event data satisfies a trigger condition, and sends, to an alert data store external to the cluster, a first alert record of the first alert and suppression information based at least in part on the first alert. A second processing node of the cluster determines that second event data satisfies the trigger condition, obtains, from the alert data store, the suppression information indicating that an expiration time for suppressing the first alert is unexpired, and sends, to the alert data store, a second alert record of a second alert without issuing the second alert.

Abstract: A method for improving loading time of network results associated with cache misses at a server. The method can include requesting content associated with a webserver; receiving responses from the server; identifying a particular response that includes a cache miss indicator in a header portion of a network message; determining whether the content of the particular response is dynamically generated content or static content; and/or causing display of the cache miss indicator based on a determination that the content is dynamically generated content.

Abstract: The disclosed embodiments provide a system that facilitates the processing of network data. During operation, the system causes for display a graphical user interface (GUI) for configuring the generation of time-series event data from network packets captured by one or more remote capture agents. Next, the system causes for display, in the GUI, a first set of user-interface elements containing a set of statistics associated with one or more event streams that comprise the time-series event data. The system then causes for display, in the GUI, one or more graphs comprising one or more values from the set of statistics. Finally, the system causes for display, in the GUI, a value of a statistic from the set of statistics based on a position of a cursor over the one or more graphs.