DETECTING AND ANALYZING PERFORMANCE ANOMALIES OF CLIENT-SERVER BASED APPLICATIONS
First Claim
1. A method of detecting and analyzing an anomaly in a performance of an application in a connection between client and server computers, the method comprising the steps of:
- a first computer determining a time of a request from the client computer executing the application and an Internet Protocol (IP) address of the client computer, the request being sent by the client computer to the server computer via a communications network;
based on the time of the request from the client computer and the IP address of the client computer, the first computer selecting one or more log entries from a plurality of log entries so that the selected one or more log entries are relevant to the request;
the first computer determining a status code of a response from the server computer, a round trip latency time (RTT) of the response, and an indication of whether the connection timed out, the response being sent by the server computer to the client computer via the network and responsive to the request;
based on the status code, the RTT, the indication of whether connection timed out, or a combination of the status code, the RTT, and the indication of whether the connection timed out, the first computer detecting the anomaly in the performance of the application; and
based on a temporal analysis and textual analysis of log entries associated with the anomaly, and based on an environment analysis that determines activity of the client computer, the server computer, and the network, the first computer determining candidate root causes of a failure that resulted in the anomaly, the failure being in the client computer, the server computer, the network, or a combination of the client computer, the server computer, and the network.
2 Assignments
0 Petitions
Accused Products
Abstract
An approach is provided for detecting and analyzing an anomaly in application performance in a client-server connection via a network. A request time and an Internet Protocol (IP) address of the client are determined. Based on the request time and the IP address, log entries relevant to the request are selected. A response code, a round trip latency time (RTT) of the response, and an indication of whether the connection timed out are determined. Based on the status code, the RTT, and the indication of whether connection timed out, the anomaly is detected. Based on temporal and textual analyses of log entries associated with the anomaly and an environment analysis that determines activity of the client, server, and network, candidate root causes of a failure that resulted in the anomaly are determined.
-
Citations
19 Claims
-
1. A method of detecting and analyzing an anomaly in a performance of an application in a connection between client and server computers, the method comprising the steps of:
-
a first computer determining a time of a request from the client computer executing the application and an Internet Protocol (IP) address of the client computer, the request being sent by the client computer to the server computer via a communications network; based on the time of the request from the client computer and the IP address of the client computer, the first computer selecting one or more log entries from a plurality of log entries so that the selected one or more log entries are relevant to the request; the first computer determining a status code of a response from the server computer, a round trip latency time (RTT) of the response, and an indication of whether the connection timed out, the response being sent by the server computer to the client computer via the network and responsive to the request; based on the status code, the RTT, the indication of whether connection timed out, or a combination of the status code, the RTT, and the indication of whether the connection timed out, the first computer detecting the anomaly in the performance of the application; and based on a temporal analysis and textual analysis of log entries associated with the anomaly, and based on an environment analysis that determines activity of the client computer, the server computer, and the network, the first computer determining candidate root causes of a failure that resulted in the anomaly, the failure being in the client computer, the server computer, the network, or a combination of the client computer, the server computer, and the network. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. A computer program product, comprising:
-
a computer-readable, storage device; and a computer-readable program code stored in the computer-readable, storage device, the computer-readable program code containing instructions that are executed by a central processing unit (CPU) of a computer system to implement a method of detecting and analyzing an anomaly in a performance of an application in a connection between client and server computers, the method comprising the steps of; the computer system determining a time of a request from the client computer executing the application and an Internet Protocol (IP) address of the client computer, the request being sent by the client computer to the server computer via a communications network; based on the time of the request from the client computer and the IP address of the client computer, the computer system selecting one or more log entries from a plurality of log entries so that the selected one or more log entries are relevant to the request; the computer system determining a status code of a response from the server computer, a round trip latency time (RTT) of the response, and an indication of whether the connection timed out, the response being sent by the server computer to the client computer via the network and responsive to the request; based on the status code, the RTT, the indication of whether connection timed out, or a combination of the status code, the RTT, and the indication of whether the connection timed out, the computer system detecting the anomaly in the performance of the application; and based on a temporal analysis and textual analysis of log entries associated with the anomaly, and based on an environment analysis that determines activity of the client computer, the server computer, and the network, the computer system determining candidate root causes of a failure that resulted in the anomaly, the failure being in the client computer, the server computer, the network, or a combination of the client computer, the server computer, and the network. - View Dependent Claims (9, 10, 11, 12, 13)
-
-
14. A computer system comprising:
-
a central processing unit (CPU); a memory coupled to the CPU; and a computer readable storage device coupled to the CPU, the storage device containing instructions that are executed by the CPU via the memory to implement a method of detecting and analyzing an anomaly in a performance of an application in a connection between client and server computers, the method comprising the steps of; the computer system determining a time of a request from the client computer executing the application and an Internet Protocol (IP) address of the client computer, the request being sent by the client computer to the server computer via a communications network; based on the time of the request from the client computer and the IP address of the client computer, the computer system selecting one or more log entries from a plurality of log entries so that the selected one or more log entries are relevant to the request; the computer system determining a status code of a response from the server computer, a round trip latency time (RTT) of the response, and an indication of whether the connection timed out, the response being sent by the server computer to the client computer via the network and responsive to the request; based on the status code, the RTT, the indication of whether connection timed out, or a combination of the status code, the RTT, and the indication of whether the connection timed out, the computer system detecting the anomaly in the performance of the application; and based on a temporal analysis and textual analysis of log entries associated with the anomaly, and based on an environment analysis that determines activity of the client computer, the server computer, and the network, the computer system determining candidate root causes of a failure that resulted in the anomaly, the failure being in the client computer, the server computer, the network, or a combination of the client computer, the server computer, and the network. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification