Network aware distributed business transaction anomaly detection
First Claim
1. A method for monitoring a distributed business transaction over a plurality of machines and at least one network, comprising:
- monitoring, by a plurality of application agents, one or more applications that process requests and perform functions that make up the distributed business transaction to generate application data;
monitoring, by a plurality of network agents, network sockets that are used to process communications between the plurality of machines as part of the distributed business transaction to generate network flow data;
detecting, by one of the application agents, an application anomaly with the one or more monitored applications;
based on the detecting of the application anomaly, querying the plurality of network agents to determine whether one of the network agents has detected a network flow anomaly associated with the monitored network sockets, wherein the querying the plurality of network agents include providing to the network agents, parameters that specify which of the monitored network sockets to analyze to identify the network flow anomaly;
associating the detected network flow anomaly with the distributed business transaction;
correlating the detected application anomaly and the detected network flow anomaly to identify the application anomaly as being affected by the network flow anomaly; and
providing a snapshot displaying the correlated application anomaly and network flow anomaly associated with the distributed business transaction to indicate a relationship between the application anomaly and the network flow anomaly in the distributed business transaction.
3 Assignments
0 Petitions
Accused Products
Abstract
A system monitors applications and network flows used during the business transaction to determine distributed business transaction anomalies caused at least in part by network performance issues. A network flow associated with a business transaction is monitored by a network agent. The network agent may capture packets, analyze the packets and other network data to determine one or more baselines, and dynamically compare subsequent network flow performance to those baselines to determine an anomaly. When an anomaly in a network flow is detected, this information may be provided to a user along with other data regarding a business transaction that is utilizing the network flow. Concurrently with the network agent monitoring, application agents may monitor one or more applications performing the business transaction. The present system reports performance data for a business transaction in terms of application performance and network performance, all in the context of a distributed business transaction.
37 Citations
23 Claims
-
1. A method for monitoring a distributed business transaction over a plurality of machines and at least one network, comprising:
-
monitoring, by a plurality of application agents, one or more applications that process requests and perform functions that make up the distributed business transaction to generate application data; monitoring, by a plurality of network agents, network sockets that are used to process communications between the plurality of machines as part of the distributed business transaction to generate network flow data; detecting, by one of the application agents, an application anomaly with the one or more monitored applications; based on the detecting of the application anomaly, querying the plurality of network agents to determine whether one of the network agents has detected a network flow anomaly associated with the monitored network sockets, wherein the querying the plurality of network agents include providing to the network agents, parameters that specify which of the monitored network sockets to analyze to identify the network flow anomaly; associating the detected network flow anomaly with the distributed business transaction; correlating the detected application anomaly and the detected network flow anomaly to identify the application anomaly as being affected by the network flow anomaly; and providing a snapshot displaying the correlated application anomaly and network flow anomaly associated with the distributed business transaction to indicate a relationship between the application anomaly and the network flow anomaly in the distributed business transaction. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A non-transitory computer readable storage medium having embodied thereon a program, the program being executable by a processor to cause operations for monitoring a business transaction, including:
-
monitoring, by a plurality of application agents, one or more applications that process requests and perform functions that make up the distributed business transaction to generate application data; monitoring, by a plurality of network agents, network sockets that are used to process communications between the plurality of machines as part of the distributed business transaction to generate network flow data; detecting, by one of the application agents, an application anomaly with the one or more monitored applications; based on the detecting of the application anomaly, querying the plurality of network agents to determine whether one of the network agents has detected a network flow anomaly associated with the monitored network sockets, wherein the querying the plurality of network agents include providing to the network agents, parameters that specify which of the monitored network sockets to analyze to identify the network flow anomaly; associating the detected network flow anomaly with the distributed business transaction; correlating the detected application anomaly and the detected network flow anomaly to identify the application anomaly as being affected by the network flow anomaly; and providing a snapshot displaying the correlated application anomaly and network flow anomaly associated with the distributed business transaction to indicate a relationship between the application anomaly and the network flow anomaly in the distributed business transaction. - View Dependent Claims (11, 12, 13, 14, 15)
-
-
16. A system for monitoring a business transaction performed by multiple computers, comprising:
-
a server including a memory and a processor; and one or more modules stored in the memory and executable by the processor to perform operations including; monitoring, by a plurality of application agents, one or more applications that process requests and perform functions that make up the distributed business transaction to generate application data; monitoring, by a plurality of network agents, network sockets that are used to process communications between the plurality of machines as part of the distributed business transaction to generate network flow data; detecting, by one of the application agents, an application anomaly with the one or more monitored applications; based on the detecting of the application anomaly, querying the plurality of network agents to determine whether one of the network agents has detected a network flow anomaly associated with the monitored network sockets, wherein the querying the plurality of network agents include providing to the network agents, parameters that specify which of the monitored network sockets to analyze to identify the network flow anomaly; associating the detected network flow anomaly with the distributed business transaction; correlating the detected application anomaly and the detected network flow anomaly to identify the application anomaly as being affected by the network flow anomaly; and providing a snapshot displaying the correlated application anomaly and network flow anomaly associated with the distributed business transaction to indicate a relationship between the application anomaly and the network flow anomaly in the distributed business transaction. - View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
-
Specification