Abstract: Disclosed is a system, method, and computer program product for implementing a log analytics method and system that can configure, collect, and analyze log records in an efficient manner. In addition, a method and system is provided for implementing collection-wise processing within a log analytics system.

Abstract: The present disclosure relates to querying log messages stored at log endpoints (e.g., log cores) using query strings that reference virtual fields, and generating log field views presenting aggregate information for groups of log messages that are grouped based on criteria defined in the query string.

Abstract: Some embodiments relate to assigning individual log messages to clusters. An initial cluster assignment may be performed by applying a hash function to one or more non-variable components of the message to generate an initial cluster identifier. Subsequently, clustering may be further refined (e.g., by determining whether to merge clusters based on similarity values). An interface can present a representative message of each cluster and indicate which portions of the message correspond to a variable component. Particular inputs detected at the input corresponding to one of these components can cause other values for the component to be presented. For a given cluster, timestamps of assigned messages can be used to generate a time series, which can facilitate grouping of clusters (with similar or complementary shapes) and/or triggering alerts (with a condition corresponding to a temporal aspect).

Abstract: Some embodiments relate to assigning individual log messages to clusters. An initial cluster assignment may be performed by applying a hash function to one or more non-variable components of the message to generate an initial cluster identifier. Subsequently, clustering may be further refined (e.g., by determining whether to merge clusters based on similarity values). An interface can present a representative message of each cluster and indicate which portions of the message correspond to a variable component. Particular inputs detected at the input corresponding to one of these components can cause other values for the component to be presented. For a given cluster, timestamps of assigned messages can be used to generate a time series, which can facilitate grouping of clusters (with similar or complementary shapes) and/or triggering alerts (with a condition corresponding to a temporal aspect).

Abstract: Some embodiments relate to assigning individual log messages to clusters. An initial cluster assignment may be performed by applying a hash function to one or more non-variable components of the message to generate an initial cluster identifier. Subsequently, clustering may be further refined (e.g., by determining whether to merge clusters based on similarity values). An interface can present a representative message of each cluster and indicate which portions of the message correspond to a variable component. Particular inputs detected at the input corresponding to one of these components can cause other values for the component to be presented. For a given cluster, timestamps of assigned messages can be used to generate a time series, which can facilitate grouping of clusters (with similar or complementary shapes) and/or triggering alerts (with a condition corresponding to a temporal aspect).

Abstract: The present disclosure relates to querying log messages stored at log endpoints (e.g., log cores) using query strings that reference virtual fields, and generating log field views presenting aggregate information for groups of log messages that are grouped based on criteria defined in the query string.

Abstract: The present disclosure relates to identifying process flows from log sources (e.g., log files), and generating visual representations (e.g., flow diagrams, Sankey diagrams, etc.) of the identified process flows. In addition, the present disclosure relates to clustering of tree structures based on the shape of the tree structure using one or more hashing algorithms. The present disclosure also relates to a user interface that presents a query builder for efficiently querying a log analytics system for tree structures that satisfy a user-defined range.

Abstract: The present disclosure relates to identifying process flows from log sources (e.g., log files), and generating visual representations (e.g., flow diagrams, Sankey diagrams, etc.) of the identified process flows. In addition, the present disclosure relates to clustering of tree structures based on the shape of the tree structure using one or more hashing algorithms. The present disclosure also relates to a user interface that presents a query builder for efficiently querying a log analytics system for tree structures that satisfy a user-defined range.

Abstract: Some embodiments relate to assigning individual log messages to clusters. An initial cluster assignment may be performed by applying a hash function to one or more non-variable components of the message to generate an initial cluster identifier. Subsequently, clustering may be further refined (e.g., by determining whether to merge clusters based on similarity values). An interface can present a representative message of each cluster and indicate which portions of the message correspond to a variable component. Particular inputs detected at the input corresponding to one of these components can cause other values for the component to be presented. For a given cluster, timestamps of assigned messages can be used to generate a time series, which can facilitate grouping of clusters (with similar or complementary shapes) and/or triggering alerts (with a condition corresponding to a temporal aspect).

Abstract: Some embodiments relate to assigning individual log messages to clusters. An initial cluster assignment may be performed by applying a hash function to one or more non-variable components of the message to generate an initial cluster identifier. Subsequently, clustering may be further refined (e.g., by determining whether to merge clusters based on similarity values). An interface can present a representative message of each cluster and indicate which portions of the message correspond to a variable component. Particular inputs detected at the input corresponding to one of these components can cause other values for the component to be presented. For a given cluster, timestamps of assigned messages can be used to generate a time series, which can facilitate grouping of clusters (with similar or complementary shapes) and/or triggering alerts (with a condition corresponding to a temporal aspect).

Abstract: Some embodiments relate to assigning individual log messages to clusters. An initial cluster assignment may be performed by applying a hash function to one or more non-variable components of the message to generate an initial cluster identifier. Subsequently, clustering may be further refined (e.g., by determining whether to merge clusters based on similarity values). An interface can present a representative message of each cluster and indicate which portions of the message correspond to a variable component. Particular inputs detected at the input corresponding to one of these components can cause other values for the component to be presented. For a given cluster, timestamps of assigned messages can be used to generate a time series, which can facilitate grouping of clusters (with similar or complementary shapes) and/or triggering alerts (with a condition corresponding to a temporal aspect).

Abstract: Disclosed is a system, method, and computer program product for implementing a log analytics method and system that can configure, collect, and analyze log records in an efficient manner. In addition, a method and system is provided for implementing collection-wise processing within a log analytics system.

Abstract: Systems, methods, and other embodiments associated with virtual masked databases are described. One example system includes a masking logic to mask an unmasked column of a database table to produce a masked column. The masked column is then added to the database creating a bi-masked database. A portion of the bi-masked database is then selected by a view logic and provided to a user. The view provided to the user may allow fast, conflict free queries and updates to the database. By providing the user either masked or unmasked data based on information associated with the user, an added layer of data security may be achieved.

Abstract: A method, system, and computer program product provides the capability to compare data object definitions in a database in a less costly and less time-consuming manner than previous techniques. A method of comparing multiple versions of data item definitions in a database comprises generating a first version of comparison information relating to a plurality of data item definitions in the database by comparing information relating to data item definitions obtained from a first source and information relating to data item definitions obtained from a second source and generating a second version of comparison information relating to a plurality of data item definitions in the database by comparing information relating to data item definitions obtained from a first source and information relating to data item definitions obtained from a second source to the first version of comparison information.

Abstract: Systems, methods, and other embodiments associated with maintaining referential integrity while masking database columns are described. One example method includes determining a transitive closure for dependency relationships involving a column to be masked and other columns related to the column to be masked through a dependency relationship. The example method may also include identifying a root column for a column in the transitive closure and creating a mapping table that stores original values and masking values for the root column. The method includes masking the root column and related child columns based on the mapping table in a manner that maintains referential integrity between the root column and the child column. Integrity may be maintained by masking corresponding values in the root column and a child column(s) with identical mask values from the mapping table.

Abstract: Systems, methodologies, media, and other embodiments associated with producing non-repeating random values for use in data masking are described. One example method includes accessing data describing a mask for a value in a database table column to be masked. The example method may also include identifying a number of distinct values in the database table column to be masked and determining a field width for a mask to provide unique random numbers to mask the distinct values. The method may include identifying locations in a mask value to store the unique random value and locations in a mask value to store filler values. The mask value may include different character sets and may comply with user specified formats. The method may include generating a set of statements that when executed produce a mapping table that includes masks for distinct values in the database table column to be masked.

Abstract: Systems, methods, and other embodiments associated with virtual masked databases are described. One example system includes a masking logic to mask an unmasked column of a database table to produce a masked column. The masked column is then added to the database creating a bi-masked database. A portion of the bi-masked database is then selected by a view logic and provided to a user. The view provided to the user may allow fast, conflict free queries and updates to the database. By providing the user either masked or unmasked data based on information associated with the user, an added layer of data security may be achieved.

Abstract: Systems, methods, and other embodiments associated with maintaining referential integrity while masking database columns are described. One example method includes determining a transitive closure for dependency relationships involving a column to be masked and other columns related to the column to be masked through a dependency relationship. The example method may also include identifying a root column for a column in the transitive closure and creating a mapping table that stores original values and masking values for the root column. The method includes masking the root column and related child columns based on the mapping table in a manner that maintains referential integrity between the root column and the child column. Integrity may be maintained by masking corresponding values in the root column and a child column(s) with identical mask values from the mapping table.

Abstract: Systems, methodologies, media, and other embodiments associated with producing non-repeating random values for use in data masking are described. One example method includes accessing data describing a mask for a value in a database table column to be masked. The example method may also include identifying a number of distinct values in the database table column to be masked and determining a field width for a mask to provide unique random numbers to mask the distinct values. The method may include identifying locations in a mask value to store the unique random value and locations in a mask value to store filler values. The mask value may include different character sets and may comply with user specified formats. The method may include generating a set of statements that when executed produce a mapping table that includes masks for distinct values in the database table column to be masked.

Abstract: A method, system, and computer program product provides the capability to compare data object definitions in a database in a less costly and less time-consuming manner than previous techniques. A method of comparing multiple versions of data item definitions in a database comprises generating a first version of comparison information relating to a plurality of data item definitions in the database by comparing information relating to data item definitions obtained from a first source and information relating to data item definitions obtained from a second source and generating a second version of comparison information relating to a plurality of data item definitions in the database by comparing information relating to data item definitions obtained from a first source and information relating to data item definitions obtained from a second source to the first version of comparison information.