Latency-based policy activation
US-9762610-B1 · Sep 12, 2017 · US
Network aware distributed business transaction anomaly detection
US10212063B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-10212063-B2 |
| Application number | US-201615390416-A |
| Country | US |
| Kind code | B2 |
| Filing date | Dec 23, 2016 |
| Priority date | Oct 30, 2015 |
| Publication date | Feb 19, 2019 |
| Grant date | Feb 19, 2019 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A system monitors applications and network flows used during the business transaction to determine distributed business transaction anomalies caused at least in part by network performance issues. A network flow associated with a business transaction is monitored by a network agent. The network agent may capture packets, analyze the packets and other network data to determine one or more baselines, and dynamically compare subsequent network flow performance to those baselines to determine an anomaly. When an anomaly in a network flow is detected, this information may be provided to a user along with other data regarding a business transaction that is utilizing the network flow. Concurrently with the network agent monitoring, application agents may monitor one or more applications performing the business transaction. The present system reports performance data for a business transaction in terms of application performance and network performance, all in the context of a distributed business transaction.
First claim
Opening claim text (preview).
What is claimed is: 1. A method for monitoring a distributed business transaction over a plurality of machines and at least one network, comprising: monitoring, by an application agent running on a host device in the at least one network, one or more applications running on the plurality of machines that process requests and perform one or more functions that make up the distributed business transaction to generate application data; monitoring, by a network agent running on the host device in the at least one network, one or more sockets that are used to process one or more communications among the plurality of machines as part of the distributed business transaction by intercepting and performing packet capture on one or more packets from the one or more sockets to generate network flow data; detecting, by the application agent, an application anomaly within at least one of the one or more monitored applications based on a performance baseline of the one or more application established by the application agent; based on the detecting of the application anomaly, transmitting, by the application agent, a query to a plurality of network agents including the network agent to determine whether at least one of the plurality of network agents has detected a network flow anomaly, wherein the query includes one or more parameters that specify to the plurality of network agents which of the one or more communications to analyze to identify the network flow anomaly, and wherein the network flow anomaly is determined by the plurality of network agents based on a performance baseline of network flow established by the plurality of network agents; based on the query, receiving, by the application agent, a detected network flow anomaly that is associated with the one or more communications specified by the one or more parameters; transmitting, by the application agent, the detected application anomaly and the detected network flow anomaly to a controller device; receiving, by the application agent and from the controller device, business transaction data associated with the distributed business transaction, wherein the business transaction data is indicative of a correlation between the detected application anomaly and the detected network flow anomaly, and wherein the correlation is based on stitching portions of data received from different agents into a plurality of groups of data associated with the distributed business transaction that identify the detected application anomaly as being affected by the detected network flow anomaly; and receiving, by the application agent and from the controller device, a snapshot that displays the business transaction data on a web-based interface, the snapshot illustrating the plurality of machines associated with the detected application anomaly and performance of a network flow among the plurality of machines for the distributed business transaction, wherein the detected application anomaly is shown as being dependent on the performance of the network flow. 2. The method of claim 1 , wherein the query includes business transaction context Information, and wherein the network flow anomaly is determined by the plurality of network agents based on the business transaction context information. 3. The method of claim 1 , wherein the monitoring, by the application agent, the one or more applications includes collecting metrics associated with performance of the one or more applications on the plurality of machines that process the distributed business transaction. 4. The method of claim 1 , wherein the monitoring, by the network agent, the one or more sockets that are used to process the communications among the plurality of machines as part of the distributed business transaction includes collecting metrics associated with performance of a given network flow between the plurality of machines that process the distributed business transaction. 5. The method of claim 1 , wherein the correlation is further based on a grouping of the application data and the network flow data by matching address locations in the data received from the different agents. 6. The method of claim 1 , including providing a call graph that displays the correlated detected application anomaly and the detected network flow anomaly associated with the distributed business transaction. 7. A non-transitory computer readable storage medium having embodied thereon a program, the program being executable by a processor to cause operations for monitoring a distributed business transaction, including: monitoring, by an application agent running on a host device in at least one network, one or more applications running on a plurality of machines that process requests and perform one or more functions that make up the distributed business transaction to generate application data; monitoring, by a network agent running on the host device in the at least one network, one or more sockets that are used to process one or more communications among the plurality of machines as part of the distributed business transaction by intercepting and performing packet capture on one or more packets from the one or more sockets to generate network flow data; detecting, by the application agent, an application anomaly within at least one of the one or more monitored applications based on a performance baseline of the one or more applications established by the application agent; based on the detecting of the application anomaly, transmitting, by the application agent, a query to a plurality of network agents including the network agent to determine whether at least one of the plurality of network agents has detected a network flow anomaly, wherein the query includes one or more parameters that specify to the plurality of network agents which of the one or more communications to analyze to identify the network flow anomaly, and wherein the network flow anomaly is determined by the plurality of network agents based on a performance baseline of network flow established by the plurality of network agents; based on the query, receiving, by the application agent, a detected network flow anomaly that is associated with the one or more communications specified by the one or more parameters; transmitting, by the application agent, the detected application anomaly and the detected network flow anomaly to a controller device; receiving, by the application agent and from the controller device, business transaction data associated with the distributed business transaction, wherein the business transaction data is indicative of a correlation between the detected application anomaly and the detected network flow anomaly, and wherein the correlation is based on stitching portions of data received from different agents into a plurality of groups of data associated with the distributed business transaction that identify the detected application anomaly as being affected by the detected network flow anomaly; and receiving, by the application agent and from the controller device, a snapshot that displays the business transaction data on a web-based interface, the snapshot illustrating the plurality of machines associated with the detected application anomaly and performance of a network flow among the plurality of machines for the distributed business transaction, wherein the detected application anomaly is shown as being dependent on the performance of the network flow. 8. The non-transitory computer readable storage medium of claim 7 , wherein the query includes business transaction context information, and wherein the network flow anomaly is determined by the of plurality of network agents based on the business transaction context information. 9. The non-transitory computer readable storage
Assignees
Inventors
Classifications
Processing captured monitoring data, e.g. for logfile generation · CPC title
using root cause analysis; using analysis of correlation between notifications, alarms or events based on decision criteria, e.g. hierarchy, tree or time analysis · CPC title
Jitter · CPC title
by monitoring network traffic (monitoring network traffic per se H04L43/00) · CPC title
Throughput · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US10212063B2 cover?
- A system monitors applications and network flows used during the business transaction to determine distributed business transaction anomalies caused at least in part by network performance issues. A network flow associated with a business transaction is monitored by a network agent. The network agent may capture packets, analyze the packets and other network data to determine one or more baseli…
- Who is the assignee on this patent?
- Appdynamics Llc, Cisco Tech Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L43/08. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Feb 19 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 7 related publications on this page (citations in our corpus or others sharing the same primary CPC).