WO2000010279A2 - Transaction recognition and prediction using regular expressions - Google Patents

Transaction recognition and prediction using regular expressions Download PDF

Info

Publication number
WO2000010279A2
WO2000010279A2 PCT/US1999/018068 US9918068W WO0010279A2 WO 2000010279 A2 WO2000010279 A2 WO 2000010279A2 US 9918068 W US9918068 W US 9918068W WO 0010279 A2 WO0010279 A2 WO 0010279A2
Authority
WO
WIPO (PCT)
Prior art keywords
service request
representations
transaction
service
string
Prior art date
Application number
PCT/US1999/018068
Other languages
French (fr)
Other versions
WO2000010279A3 (en
Inventor
Perry R. Ross
Original Assignee
Computer Associates Think, Inc.
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Computer Associates Think, Inc. filed Critical Computer Associates Think, Inc.
Priority to IL14111399A priority Critical patent/IL141113A/en
Priority to EP99940998A priority patent/EP1110143B1/en
Priority to AU54734/99A priority patent/AU770611B2/en
Priority to KR1020017001692A priority patent/KR20010072353A/en
Priority to BR9912804-7A priority patent/BR9912804A/en
Priority to AT99940998T priority patent/ATE491180T1/en
Priority to JP2000565628A priority patent/JP2002523814A/en
Priority to CA002339848A priority patent/CA2339848A1/en
Priority to DE69943024T priority patent/DE69943024D1/en
Publication of WO2000010279A2 publication Critical patent/WO2000010279A2/en
Publication of WO2000010279A3 publication Critical patent/WO2000010279A3/en

Links

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F15/00Digital computers in general; Data processing equipment in general
    • G06F15/16Combinations of two or more digital computers each having at least an arithmetic unit, a program unit and a register, e.g. for a simultaneous processing of several programs
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L41/00Arrangements for maintenance, administration or management of data switching networks, e.g. of packet switching networks
    • H04L41/50Network service management, e.g. ensuring proper service fulfilment according to agreements
    • H04L41/5041Network service management, e.g. ensuring proper service fulfilment according to agreements characterised by the time relationship between creation and deployment of a service
    • H04L41/5054Automatic deployment of services triggered by the service manager, e.g. service implementation by automatic configuration of network components
    • HELECTRICITY
    • H04ELECTRIC COMMUNICATION TECHNIQUE
    • H04LTRANSMISSION OF DIGITAL INFORMATION, e.g. TELEGRAPHIC COMMUNICATION
    • H04L67/00Network arrangements or protocols for supporting network services or applications
    • H04L67/50Network services
    • H04L67/51Discovery or management thereof, e.g. service location protocol [SLP] or web services
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S707/00Data processing: database and file management or data structures
    • Y10S707/99931Database or file accessing
    • Y10S707/99933Query processing, i.e. searching
    • YGENERAL TAGGING OF NEW TECHNOLOGICAL DEVELOPMENTS; GENERAL TAGGING OF CROSS-SECTIONAL TECHNOLOGIES SPANNING OVER SEVERAL SECTIONS OF THE IPC; TECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10TECHNICAL SUBJECTS COVERED BY FORMER USPC
    • Y10STECHNICAL SUBJECTS COVERED BY FORMER USPC CROSS-REFERENCE ART COLLECTIONS [XRACs] AND DIGESTS
    • Y10S707/00Data processing: database and file management or data structures
    • Y10S707/99931Database or file accessing
    • Y10S707/99933Query processing, i.e. searching
    • Y10S707/99936Pattern matching access

Definitions

  • the present invention is directed generally to a method and apparatus for recognizing and predicting transactions and particularly to a method and apparatus for recognizing and predicting transactions using regular expressions from formal language theory.
  • information packets are transmitted between network nodes, wherein an informational packet refers to, e.g., a service request packet from a client node to a server node, a responsive service results packet from the server node to the client node, or a service completion packet indicating termination of a series of related packets.
  • Server nodes perform client-requested operations and forward the results to the requesting client nodes as one or more service results packet(s) containing the requested information followed by a service completion packet.
  • a “service request instance,” or merely “service request” refers to a collection of such informational packets (more particularly, service request packets) that are transmitted between two computational components to perform a specified activity or service.
  • a transaction occurrence may be characterized as a collection of service requests wherein either each service request is satisfied, or none of the service requests are satisfied.
  • transaction is herein used to describe a template or schema for a particular collection of related transaction occurrences.
  • a service request (or group of service requests) may be omitted from a transaction occurrence; (b) a service request (or group of service requests) may be repeated in a transaction occurrence; and (c) a transaction occurrence may include a service request (or group of service requests) selected from among several possible service requests (or groups of service requests). For example, a transaction occurrence that queries a network server node for retrieving all employees hired last year is likely to be very similar to a transaction occurrence that retrieves all employees that were hired two years ago and participate in the company's retirement plan.
  • These variations are often difficult to account for because, though the number of distinct transactions is typically small, the number of transaction occurrence variations can be virtually unlimited. Accordingly, it is often impractical to manually correlate each variation back to its corresponding transaction.
  • An objective of the present invention is to provide a software architecture that is able, based on a sequence of service requests, not only to recognize the occurrences of each of a variety of transactions but also to correlate the occurrences of variations of a given transaction with the transaction itself.
  • a related objective is to provide an architecture that is able to identify occurrences of a transaction, wherein for each such occurrence, a service request (or group of service requests) that is part of the occurrence may have the following variations in a second occurrence of the transaction: (a) a service request (or a group of service requests) may be omitted from a sequence of service request for the second occurrence; (b) a service request (or a group of service requests) may be repeated one or more times in the sequence of service request for the second occurrence; and/or (c) a service request (or a group of service requests) for the second occurrence may be selected from among several possible service requests (or groups of service requests).
  • a computational system for recognizing occurrences of a transaction, wherein each such occurrence is defined by a sequence of one or more service requests.
  • the method performed in this computational system includes the steps of: (a) reading a service request that is transmitted between computational components; (b) combining a representation of the service request with a plurality of other service request representations to form a string of service requests representations; and
  • This methodology not only expresses transactions in a simple and precise format but also, and more importantly, predicts additional transaction occurrences that have not yet been seen. Accordingly, once a transaction is characterized as a regular expression, the characterization can be used to recognize transaction occurrences having various service request sequences, without additional manual intervention.
  • a regular expression is a representation of a formal language in which operators describe the occurrence and/or nonoccurrence strings of symbols of the language.
  • Common regular expression operators are as follows:
  • a formal language corresponding to a regular expression can be used to define a transaction as a language using service request representations as the symbols of the language. That is, service request representations become the "alphabet" of such a regular language, and occurrences of the transaction become string expressions represented in this alphabet.
  • the transaction, T defined by the regular expression A* B+ C? D [E F G] specifies that service request A can be present 0 or more times; service request B must be present 1 or more times; service request C may be absent or present only once; service request D must be present only once; and only one of service requests E, F, and G must be present. Only if all of these conditions are met, in the specified order, will an occurrence of transaction T be recognized.
  • the characterization of a transaction as a regular language can be done either manually, or automatically by a computer.
  • a suitable computational technique can be devised to recognize strings of service request representations denoting the same transaction by: (a) collecting, over a particular time period, service request instance data transmitted to and from an identified process or computational session;
  • this step can include a substep of selecting a category or "bin" to which an individual service request (or group thereof) can be assigned.
  • a categorization of a service request many be determined based on at least one of source and a destination process of the service request. For example, in a client-server network, service requests generated by users at client nodes may be assigned to a number of bins, such that each bin includes only those service requests generated by a single user.
  • each bin includes service requests identified by a collection of related processes, denoted a "thread” in the art, wherein the related processes transmit service requests from, e.g., a single user to a particular server. That is, a "thread” may be considered as a specific identifiable connection or session between a client node and a server or service provider node of a network.
  • a thread is preferably identified such that it accommodates only one service request on it at a given point in time.
  • each thread may be identified by a combination of client (source) and server (destination) nodes.
  • a single network node address (of the source and/or destination) is not an adequate identifier of a thread because there can be multiple sessions or processes executing on a given network node, thereby generating multiple threads.
  • connection or session identification information for communicating with a server node can be used in identifying the thread to which the service packet corresponds.
  • a thread can be either a client (user) thread, which is a thread that is identifiable using with a specific client computer or user identification, or a shared thread, which is a thread shared among multiple client computers (users).
  • the service request that is nearest in time to the read service request (e.g., the last service request in a sequence of service requests) and; (b) the read service request is compared against a predetermined time interval. If the time interval is less than the predetermined time interval, the read service request is considered to be a part of a common occurrence of a transaction with the nearest service request. If the time interval is more than the predetermined time interval, the read service request is not considered to be a part of a common transaction occurrence with the nearest service request.
  • a unique identifier can be provided for identifying each service request. Note that such an identifier can be a symbol, such as an alphabetical or numerical symbol or sequence thereof.
  • request identifier of a service request is different from the bin in which it is included in that the service request identifiers become the symbols or alphabet of the transaction regular expression according to the present invention.
  • Another embodiment of the present invention is directed to a system for identifying occurrences of transactions from sequences of service requests using regular expressions.
  • the system includes the following components.
  • the reading means, combining means, and comparing means are typically performed on the same processor, or in a number of interlinked processors.
  • Fig. 1 depicts hardware embodiment of the present invention connected to a computer network
  • Fig. 2 depicts another hardware embodiment of the present invention connected to a multi-tiered computer network
  • Fig. 3 depicts an informational packet
  • Fig. 4 is a high level block diagram of the data processing components of the present invention.
  • Figs. 5 and 6 depict an embodiment of a method according to the present invention.
  • FIG. 1 An apparatus configuration according to the present invention is depicted in Figs.
  • Fig. 1 depicts a simple single network segment wherein the term "segment" denotes a portion of a network having at least two network nodes and the network connections therebetween.
  • a recording device or probe 20 is connected to a communication line or busline 24 between a client (or user) computer 28, and a server computer 32 (i.e., a server).
  • the recording device 20 selects one or more informational packets in each service request that is transmitted along the communication line 24 and provides the informational packets and the time at which the packets were received by the recording device 20 to the monitoring computer 36 for analysis.
  • Fig. 2 depicts a more complex multi-tiered architecture with multiple network segments.
  • Recording devices 20a and 20b are connected via a communications devices 22, such as modems, to the communication lines 24a and 24b between the network segments 26a and 26b.
  • network segment 26a includes client computer 28, server computers 32a, 32c, and the communication lines 24a and 24c
  • network segment 26b includes client computer 28, server computers 32b, 32c and communication lines 24b and 24c.
  • the number and locations of the recording device(s) 20 in a multi-tiered computer network depend upon the application.
  • a recording device 20 will be connected to a portion of a communication line 24 that is between the interfaces of a client or server computer using the communication line 24 of the segment being monitored.
  • all of the informational packets communicated on such a communications line 24 will be read by a recording device 20 and an accurate determination of the response time for an occurrence of a transaction or application involving multiple client and/or server computers can be made using the present invention.
  • a representation of a typical informational packet communicated between computers in a multi-tiered computer network is depicted in Fig. 3. As can be seen from Fig.
  • an informational packet 38 typically includes a node address portion 40, which identifies the source and destination of the informational packet, a port number portion 44 which identifies the source and destination ports, and an additional information portion 48.
  • the additional information 48 can be, e.g. , a database request, a file system request or an object broker request, as one skilled in the art will understand.
  • Fig. 4 is a block diagram of an embodiment of the computational modules for the analysis of service requests according to the present invention.
  • these modules may be executed on the monitoring computer 36.
  • informational packets 38 detected on a communications line 24 by a recording device 20 is provided to a service request analyzer 50 for identifying individual service requests by determining the informational packets corresponding to each such service request.
  • the service request analyzer 50 generates, for each service request determined, a service request string that identifies the sequence of informational packets therein.
  • the service request string representations can be extremely long (e.g. up to approximately 8000 characters).
  • the service request string representations are passed to a transaction analyzer 54 which first matches each service request to a service request identifier in a service request table 58 that is used to store identifications of all service requests encountered thus far during transaction occurrence identifications. That is, the service request table 58 associates with each representation of a service request string a "request identifier", such as an alphanumeric string of one or more characters, wherein this alphanumeric string is substantially shorter than the service request string mentioned hereinabove.
  • each service request is represented by its request identifier obtained from the service request table 58, thereby providing a more compact and simpler service request representation.
  • the transaction analyzer 54 decomposes the resulting sequence of service request identifiers into collections that are expected to be occurrences of transactions. Subsequently, the collections of service request identifiers assumed to correspond to transaction occurrences are passed to a regular expression matcher 62 for matching with one of a plurality of representations of regular expressions (stored in the regular expression library 66) that have been previously determined to uniquely correspond to transactions.
  • the Computational Process for Identifying Transactions is performed using a hashed lookup, binary search, or other well-known in- memory search algorithm.
  • FIGs. 5 and 6 depict the steps of one embodiment of a methodology, according to the present invention, for identifying occurrences of transactions from service request sequences using regular expressions.
  • a main control processing program is illustrated, wherein a service request (denoted the "current service request” ) is read in step 100 from the service request analyzer 50 by the transaction analyzer 54.
  • step 104 the transaction analyzer 54 first replaces each normalized service request string with the more compact representation provided by dete ⁇ nining a service request identifier (also denoted the "current request identifier") for the current (normalized) service request from the service request table 58, wherein this identifier is uniquely associated with the service request. Subsequently, in step 104 the candidate "bin" for the current service request identifier is determined, wherein "bin,” in the present context, identifies a group of service request identifiers whose service requests are assumed to belong to the same transaction occurrence, by virtue of originating from the same client process.
  • each service request (or request identifier) is sorted by thread identification (e.g., an identification of the data transmission session for transmitting the service request between a client network node and a server network node).
  • thread identification e.g., an identification of the data transmission session for transmitting the service request between a client network node and a server network node.
  • each bin corresponds to a unique thread, and the service request representations therein are ordered by the time their corresponding service requests are detected.
  • a "normalization" of the current service request is performed, wherein service request instance specific information is masked or removed from the current service request. That is, information is masked or removed that would otherwise hinder further processing for identifying a transaction containing the service request.
  • other irrelevant variations in service requests may also be transformed into a uniform character string. For example, a string of irrelevant blank characters may be replaced with a single blank character.
  • step 108 of Fig. 5 the time interval between:(a) the termination of the immediately previous service request (in the candidate bin) to the current service request, and (b) the start time of the current service request is determined. Subsequently, this interval is compared to a predetermined time interval length.
  • the methodology for determining this predetermined time interval length is set forth in the above noted copending U.S. Application Serial No. 08/513,435 filed on August 10, 1995. However, a brief discussion is provided here. That is, each service request is assigned a time based on, for example, the start time and the stop time of the service request as compared to other such times for preceding and/or succeeding service requests.
  • the monitoring computer 36 identifies a sequence of related service requests by comparing the time interval between the stop time of a first service request and the start time of a succeeding service request against a predetermined length for the time interval. If the time interval is less than or equal to the predetermined length, the service requests are deemed to be part of the same transaction occurrence. Alternatively, if the time interval is more than the predetermined length, the service requests are deemed to be part of different transaction occurrences. Accordingly, the predetermined time interval is selected based on the maximum projected time interval expected between adjacent service requests for two consecutive service requests that are part of the same transaction occurrence.
  • the determination of the predetermined time interval length is typically an iterative process in which a first time interval length is increased or decreased by a selected time increment and for each modified time interval length, the number of identifiable transaction occurrences is determined. As will be appreciated, a smaller time interval length yields a smaller number of possible transaction patterns than a larger time length.
  • the time interval lengths are plotted against the number of identifiable transaction occurrences for each time interval length and the predetermined time interval length, or "sweet spot", is selected at the midpoint of the region where the curve defined by the plotted points flattens out.
  • the current service request identifier is added to the candidate bin (in step 112) of a previously determined service request representation provided in the candidate bin. Subsequently, the analyzer 54 returns to step 100.
  • the transaction analyzer 54 sends the contents of this bin (e.g., as a time ordered sequence of request identifiers, which is also denoted herein as a "request identifier sequence") to the regular expression matcher 62, and subsequently (in step 140) removes the requests from the candidate bin and adds the current request identifier to the bin.
  • this bin e.g., as a time ordered sequence of request identifiers, which is also denoted herein as a "request identifier sequence”
  • Fig. 6 depicts the operation of the regular expression matcher 62 invoked in step 116 hereinabove.
  • the service request identifiers from the bin are concatenated together in time of occurrence order, thereby obtaining, e.g., a text string.
  • This operation forms a compact, yet unique, representation of all of the service requests that comprise a transaction occurrence.
  • the bin contains representations of the following service requests (in the following time of occurrence order):
  • LOGIN i.e., login to a particular database at a server network node
  • the service request string table 58 includes: Request Identifier Service request
  • the regular expression matcher 62 finds the first regular expression that matches the text string output from step 120. This is performed by comparing the text string against every regular expression in the regular expression library 66.
  • each regular expression is represented as a text string that includes request identifiers and regular expression operators, as described in the summary section hereinabove. Additionally, each regular expression is associated with a corresponding transaction name, such as "ADD USER” or "CHECKOUT BOOK,” that denotes the particular transaction associated with the regular expression.
  • the text string "2 3 1" matches the following regular expression: 2* 3+ 1?.
  • the regular expression matcher 62 determines whether the text string of service request identifiers matches a regular expression in the regular expression library 66. If a regular expression in the library 66 matches the text string, then in step 132 a match is reported for the transaction name associated with the matched regular expression. Alternatively, if no regular expression in the library 66 matches the text string, then in step 136 a special transaction denoted "UNMATCHED" is reported for the text string. Note that unmatched text strings are logged into an error file to allow regular expressions to be written for them in the future.

Landscapes

  • Engineering & Computer Science (AREA)
  • Computer Networks & Wireless Communication (AREA)
  • Signal Processing (AREA)
  • Theoretical Computer Science (AREA)
  • Computer Hardware Design (AREA)
  • Software Systems (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Physics & Mathematics (AREA)
  • Computer And Data Communications (AREA)
  • Debugging And Monitoring (AREA)
  • Credit Cards Or The Like (AREA)
  • Control Of Vending Devices And Auxiliary Devices For Vending Devices (AREA)
  • Financial Or Insurance-Related Operations Such As Payment And Settlement (AREA)
  • Information Retrieval, Db Structures And Fs Structures Therefor (AREA)
  • Management, Administration, Business Operations System, And Electronic Commerce (AREA)
  • Mobile Radio Communication Systems (AREA)
  • Emergency Alarm Devices (AREA)
  • Detection And Prevention Of Errors In Transmission (AREA)

Abstract

The present invention is directed to a method and apparatus for identifying occurrences of transactions, especially in computer networks (24). A unique identifier, denoted 'request identifier', is associated with each service request. Accordingly, for a sequence of service requests detected, a corresponding sequence of request identifiers is generated. The request identifier sequence is compared to regular expressions that correspond to different transactions. If the request identifier sequence matches a regular expression, this sequence is deemed to represent an occurrence of that transaction.

Description

TRANS ACTION RECOGNITION AND PREDICTION USING REGULAR EXPRESSIONS
FIELD OF THE INVENTION The present invention is directed generally to a method and apparatus for recognizing and predicting transactions and particularly to a method and apparatus for recognizing and predicting transactions using regular expressions from formal language theory.
BACKGROUND OF THE INVENTION
In computer networks, "information packets" are transmitted between network nodes, wherein an informational packet refers to, e.g., a service request packet from a client node to a server node, a responsive service results packet from the server node to the client node, or a service completion packet indicating termination of a series of related packets. Server nodes perform client-requested operations and forward the results to the requesting client nodes as one or more service results packet(s) containing the requested information followed by a service completion packet. A "service request instance," or merely "service request" refers to a collection of such informational packets (more particularly, service request packets) that are transmitted between two computational components to perform a specified activity or service. Additionally, a group of such service requests issued sequentially by one or more users that collectively result in the performance of a logical unit of work by one or more servers defines a "transaction occurrence" . In particular, a transaction occurrence may be characterized as a collection of service requests wherein either each service request is satisfied, or none of the service requests are satisfied. Moreover, the term "transaction" is herein used to describe a template or schema for a particular collection of related transaction occurrences.
It would be desirable to have a computational system to recognize occurrences of transactions and analyze the performance of the transaction occurrences. Accordingly, it is important that such a system be capable not only of recognizing the occurrences of a variety of transactions, but also of associating each such transaction occurrence with its corresponding transaction.
In practice, there are several common variations in the occurrences of a given transaction. These variations are: (a) a service request (or group of service requests) may be omitted from a transaction occurrence; (b) a service request (or group of service requests) may be repeated in a transaction occurrence; and (c) a transaction occurrence may include a service request (or group of service requests) selected from among several possible service requests (or groups of service requests). For example, a transaction occurrence that queries a network server node for retrieving all employees hired last year is likely to be very similar to a transaction occurrence that retrieves all employees that were hired two years ago and participate in the company's retirement plan. These variations are often difficult to account for because, though the number of distinct transactions is typically small, the number of transaction occurrence variations can be virtually unlimited. Accordingly, it is often impractical to manually correlate each variation back to its corresponding transaction.
SUMMARY OF THE INVENTION
An objective of the present invention is to provide a software architecture that is able, based on a sequence of service requests, not only to recognize the occurrences of each of a variety of transactions but also to correlate the occurrences of variations of a given transaction with the transaction itself. A related objective is to provide an architecture that is able to identify occurrences of a transaction, wherein for each such occurrence, a service request (or group of service requests) that is part of the occurrence may have the following variations in a second occurrence of the transaction: (a) a service request (or a group of service requests) may be omitted from a sequence of service request for the second occurrence; (b) a service request (or a group of service requests) may be repeated one or more times in the sequence of service request for the second occurrence; and/or (c) a service request (or a group of service requests) for the second occurrence may be selected from among several possible service requests (or groups of service requests).
In one embodiment of the present invention, a computational system is provided for recognizing occurrences of a transaction, wherein each such occurrence is defined by a sequence of one or more service requests. The method performed in this computational system includes the steps of: (a) reading a service request that is transmitted between computational components; (b) combining a representation of the service request with a plurality of other service request representations to form a string of service requests representations; and
(c) comparing the string of service request representations with a formal language regular expression characterizing the transaction to determine if the string corresponds to the transaction.
This methodology not only expresses transactions in a simple and precise format but also, and more importantly, predicts additional transaction occurrences that have not yet been seen. Accordingly, once a transaction is characterized as a regular expression, the characterization can be used to recognize transaction occurrences having various service request sequences, without additional manual intervention.
As will be appreciated, a regular expression is a representation of a formal language in which operators describe the occurrence and/or nonoccurrence strings of symbols of the language. Common regular expression operators, for example, are as follows: Operator Description
* Event occurs 0 or more times
+ Event occurs 1 or more times
? Event is optional
[] Only one of the bracketed symbols occur.
A formal language corresponding to a regular expression can be used to define a transaction as a language using service request representations as the symbols of the language. That is, service request representations become the "alphabet" of such a regular language, and occurrences of the transaction become string expressions represented in this alphabet. By way of example, the transaction, T, defined by the regular expression A* B+ C? D [E F G] specifies that service request A can be present 0 or more times; service request B must be present 1 or more times; service request C may be absent or present only once; service request D must be present only once; and only one of service requests E, F, and G must be present. Only if all of these conditions are met, in the specified order, will an occurrence of transaction T be recognized. The characterization of a transaction as a regular language can be done either manually, or automatically by a computer. For example, a suitable computational technique can be devised to recognize strings of service request representations denoting the same transaction by: (a) collecting, over a particular time period, service request instance data transmitted to and from an identified process or computational session;
(b) normalizing the data for each service request instance so that known variations in the service request instances (e.g., different database query values for the same data record field) not pertinent to identifying transaction instances are removed or masked for thereby providing "normalized request instances" that are similar to templates of service request instances.
(c) partitioning the service request instance data into one or more subsets, wherein each subset is expected to be a representation of an instance of a transaction;
(d) determining a regular expression characterization for each partition based on an examination and generalization of repeated service request instance data collections, human understanding of the transactions being performed, the source of the service request instances, and/or the data fields within the service request instances.
Regarding the reading step, mentioned hereinabove, and performed by the computational system of the present invention, this step can include a substep of selecting a category or "bin" to which an individual service request (or group thereof) can be assigned. In particular, such a categorization of a service request many be determined based on at least one of source and a destination process of the service request. For example, in a client-server network, service requests generated by users at client nodes may be assigned to a number of bins, such that each bin includes only those service requests generated by a single user. In particular, each bin includes service requests identified by a collection of related processes, denoted a "thread" in the art, wherein the related processes transmit service requests from, e.g., a single user to a particular server. That is, a "thread" may be considered as a specific identifiable connection or session between a client node and a server or service provider node of a network. Moreover, a thread is preferably identified such that it accommodates only one service request on it at a given point in time. Typically, each thread may be identified by a combination of client (source) and server (destination) nodes. As will be appreciated, in some applications a single network node address (of the source and/or destination) is not an adequate identifier of a thread because there can be multiple sessions or processes executing on a given network node, thereby generating multiple threads. In such cases, connection or session identification information for communicating with a server node can be used in identifying the thread to which the service packet corresponds. Moreover, a thread can be either a client (user) thread, which is a thread that is identifiable using with a specific client computer or user identification, or a shared thread, which is a thread shared among multiple client computers (users). Still referring to the reading step, to determine whether the read service request is part of a string of service requests corresponding to an occurrence of a transaction, the time interval between:
(a) the service request that is nearest in time to the read service request (e.g., the last service request in a sequence of service requests) and; (b) the read service request is compared against a predetermined time interval. If the time interval is less than the predetermined time interval, the read service request is considered to be a part of a common occurrence of a transaction with the nearest service request. If the time interval is more than the predetermined time interval, the read service request is not considered to be a part of a common transaction occurrence with the nearest service request.
Because a service request may be represented as an extremely long text string and can therefore be inefficient to work with and clumsy to use in matching to a regular expression for a transaction, a unique identifier can be provided for identifying each service request. Note that such an identifier can be a symbol, such as an alphabetical or numerical symbol or sequence thereof.
Further note that the request identifier of a service request is different from the bin in which it is included in that the service request identifiers become the symbols or alphabet of the transaction regular expression according to the present invention.
Another embodiment of the present invention is directed to a system for identifying occurrences of transactions from sequences of service requests using regular expressions.
The system includes the following components. (a) a means for reading a service request that is transmitted between computational components (e.g., on a communications line between a client and a server node of a network, or between two servers);
(b) a means for combining a representation of a service request with a plurality of other service request representations to form a string of service request representations wherein the string may be representative of a transaction; and
(c) a means for comparing the string of service request representations with a regular expression characterizing a transaction to determine if the string corresponds to an occurrence of the transaction. As will be appreciated, the reading means, combining means, and comparing means are typically performed on the same processor, or in a number of interlinked processors.
Other features and benefits of the present invention will become evident from the accompanying detailed description and drawings.
BRIEF DESCRIPTION OF THE DRAWINGS
Fig. 1 depicts hardware embodiment of the present invention connected to a computer network;
Fig. 2 depicts another hardware embodiment of the present invention connected to a multi-tiered computer network; Fig. 3 depicts an informational packet; and
Fig. 4 is a high level block diagram of the data processing components of the present invention;
Figs. 5 and 6 depict an embodiment of a method according to the present invention.
DETAILED DESCRIPTION The Apparatus Configuration
An apparatus configuration according to the present invention is depicted in Figs.
1 and 2 for analyzing the performance of a computer network such as by measuring the response time required for a transaction to be performed. Fig. 1 depicts a simple single network segment wherein the term "segment" denotes a portion of a network having at least two network nodes and the network connections therebetween. In the network of Fig. 1, a recording device or probe 20 is connected to a communication line or busline 24 between a client (or user) computer 28, and a server computer 32 (i.e., a server). The recording device 20 selects one or more informational packets in each service request that is transmitted along the communication line 24 and provides the informational packets and the time at which the packets were received by the recording device 20 to the monitoring computer 36 for analysis. In particular, the informational packets selected provide the received time of the first service request packet (the start time of a service request) and the received time of the final service results or service completion packet (the stop time of a service request). Fig. 2 depicts a more complex multi-tiered architecture with multiple network segments. Recording devices 20a and 20b are connected via a communications devices 22, such as modems, to the communication lines 24a and 24b between the network segments 26a and 26b. In particular, network segment 26a includes client computer 28, server computers 32a, 32c, and the communication lines 24a and 24c, while network segment 26b includes client computer 28, server computers 32b, 32c and communication lines 24b and 24c.
The number and locations of the recording device(s) 20 in a multi-tiered computer network depend upon the application. Typically, a recording device 20 will be connected to a portion of a communication line 24 that is between the interfaces of a client or server computer using the communication line 24 of the segment being monitored. In one embodiment, all of the informational packets communicated on such a communications line 24 will be read by a recording device 20 and an accurate determination of the response time for an occurrence of a transaction or application involving multiple client and/or server computers can be made using the present invention. A representation of a typical informational packet communicated between computers in a multi-tiered computer network is depicted in Fig. 3. As can be seen from Fig. 3, an informational packet 38 typically includes a node address portion 40, which identifies the source and destination of the informational packet, a port number portion 44 which identifies the source and destination ports, and an additional information portion 48. Depending upon the application, the additional information 48 can be, e.g. , a database request, a file system request or an object broker request, as one skilled in the art will understand.
Fig. 4 is a block diagram of an embodiment of the computational modules for the analysis of service requests according to the present invention. In particular, these modules may be executed on the monitoring computer 36. Accordingly, informational packets 38 detected on a communications line 24 by a recording device 20 is provided to a service request analyzer 50 for identifying individual service requests by determining the informational packets corresponding to each such service request. Note that the service request analyzer 50 generates, for each service request determined, a service request string that identifies the sequence of informational packets therein. Further note that the service request string representations can be extremely long (e.g. up to approximately 8000 characters).
Subsequently, the service request string representations are passed to a transaction analyzer 54 which first matches each service request to a service request identifier in a service request table 58 that is used to store identifications of all service requests encountered thus far during transaction occurrence identifications. That is, the service request table 58 associates with each representation of a service request string a "request identifier", such as an alphanumeric string of one or more characters, wherein this alphanumeric string is substantially shorter than the service request string mentioned hereinabove. In particular, each service request is represented by its request identifier obtained from the service request table 58, thereby providing a more compact and simpler service request representation. Note that matching a service request to its service request identifier is performed using a hashed lookup, binary search, or other well-known in- memory search algorithm. Following the service request identifier assignments, the transaction analyzer 54 also decomposes the resulting sequence of service request identifiers into collections that are expected to be occurrences of transactions. Subsequently, the collections of service request identifiers assumed to correspond to transaction occurrences are passed to a regular expression matcher 62 for matching with one of a plurality of representations of regular expressions (stored in the regular expression library 66) that have been previously determined to uniquely correspond to transactions. The Computational Process for Identifying Transactions.
The methodology for reading service requests using the recording device 20, filtering the service requests to form a "communications data set", and subsequently identifying the service requests within the collection of service requests in the communications data set are described in detail in co-pending U. S . Application S erial No .
08/513,435 filed on August 10, 1995, entitled "METHOD AND APPARATUS FOR IDENTIFYING TRANSACTIONS, " which is fully incorporated herein by this reference. Figs. 5 and 6 depict the steps of one embodiment of a methodology, according to the present invention, for identifying occurrences of transactions from service request sequences using regular expressions.
Referring to Fig. 5, a main control processing program is illustrated, wherein a service request (denoted the "current service request" ) is read in step 100 from the service request analyzer 50 by the transaction analyzer 54.
In step 104, the transaction analyzer 54 first replaces each normalized service request string with the more compact representation provided by deteπnining a service request identifier (also denoted the "current request identifier") for the current (normalized) service request from the service request table 58, wherein this identifier is uniquely associated with the service request. Subsequently, in step 104 the candidate "bin" for the current service request identifier is determined, wherein "bin," in the present context, identifies a group of service request identifiers whose service requests are assumed to belong to the same transaction occurrence, by virtue of originating from the same client process. As will be appreciated, the service requests for a plurality of users may be intermixed in the collection of service requests received from the service request analyzer 50. Thus, in step 104, each service request (or request identifier) is sorted by thread identification (e.g., an identification of the data transmission session for transmitting the service request between a client network node and a server network node). Thus, each bin corresponds to a unique thread, and the service request representations therein are ordered by the time their corresponding service requests are detected. In step 102, a "normalization" of the current service request is performed, wherein service request instance specific information is masked or removed from the current service request. That is, information is masked or removed that would otherwise hinder further processing for identifying a transaction containing the service request. Accordingly, specific values of data fields unnecessary for identifying the service request may be removed. Thus, a data base query having a date specification such as "DATE=01/01/2000" may be replaced with simply "DATE=*." Furthermore, other irrelevant variations in service requests may also be transformed into a uniform character string. For example, a string of irrelevant blank characters may be replaced with a single blank character. By performing such a normalization, the processing performed by the transaction analyzer 54 in determining a service request identifier (step 104) may be simplified to, for example, substantially a character string pattern matcher.
In step 108 of Fig. 5, the time interval between:(a) the termination of the immediately previous service request (in the candidate bin) to the current service request, and (b) the start time of the current service request is determined. Subsequently, this interval is compared to a predetermined time interval length. The methodology for determining this predetermined time interval length is set forth in the above noted copending U.S. Application Serial No. 08/513,435 filed on August 10, 1995. However, a brief discussion is provided here. That is, each service request is assigned a time based on, for example, the start time and the stop time of the service request as compared to other such times for preceding and/or succeeding service requests. Generally, the monitoring computer 36 identifies a sequence of related service requests by comparing the time interval between the stop time of a first service request and the start time of a succeeding service request against a predetermined length for the time interval. If the time interval is less than or equal to the predetermined length, the service requests are deemed to be part of the same transaction occurrence. Alternatively, if the time interval is more than the predetermined length, the service requests are deemed to be part of different transaction occurrences. Accordingly, the predetermined time interval is selected based on the maximum projected time interval expected between adjacent service requests for two consecutive service requests that are part of the same transaction occurrence.
The determination of the predetermined time interval length is typically an iterative process in which a first time interval length is increased or decreased by a selected time increment and for each modified time interval length, the number of identifiable transaction occurrences is determined. As will be appreciated, a smaller time interval length yields a smaller number of possible transaction patterns than a larger time length. The time interval lengths are plotted against the number of identifiable transaction occurrences for each time interval length and the predetermined time interval length, or "sweet spot", is selected at the midpoint of the region where the curve defined by the plotted points flattens out.
Thus, referring again to the processing of the current service request in step 108 of Fig. 5, if the time interval length between the current service request and an adjacent service request is less than or equal to the predetermined time interval length, the current service request identifier is added to the candidate bin (in step 112) of a previously determined service request representation provided in the candidate bin. Subsequently, the analyzer 54 returns to step 100.
Alternatively, if the time interval is more than the predetermined time interval length, then the service request representation is not added to the service request representations in the candidate bin because the collection of such representations in the bin is deemed to be complete (i.e., is deemed to be representative of a complete transaction occurrence). Instead, in step 116, the transaction analyzer 54 sends the contents of this bin (e.g., as a time ordered sequence of request identifiers, which is also denoted herein as a "request identifier sequence") to the regular expression matcher 62, and subsequently (in step 140) removes the requests from the candidate bin and adds the current request identifier to the bin.
Fig. 6 depicts the operation of the regular expression matcher 62 invoked in step 116 hereinabove. In step 120, the service request identifiers from the bin are concatenated together in time of occurrence order, thereby obtaining, e.g., a text string. This operation forms a compact, yet unique, representation of all of the service requests that comprise a transaction occurrence. By way of example, assume the bin contains representations of the following service requests (in the following time of occurrence order):
(1) LOGIN (i.e., login to a particular database at a server network node)
(2) SELECT (i.e., select one or more data items from the particular database) (3) INSERT (i.e., insert one or more data items into the particular database) and the service request string table 58 includes: Request Identifier Service request
1 INSERT
2 LOGIN
3 SELECT. Based on the above assumptions, the text string of service requests output in step 120 is:
2 3 1.
Next, in step 124, the regular expression matcher 62 finds the first regular expression that matches the text string output from step 120. This is performed by comparing the text string against every regular expression in the regular expression library 66. In the library 66, each regular expression is represented as a text string that includes request identifiers and regular expression operators, as described in the summary section hereinabove. Additionally, each regular expression is associated with a corresponding transaction name, such as "ADD USER" or "CHECKOUT BOOK," that denotes the particular transaction associated with the regular expression. In the above example, the text string "2 3 1" matches the following regular expression: 2* 3+ 1?.
In step 128, the regular expression matcher 62 determines whether the text string of service request identifiers matches a regular expression in the regular expression library 66. If a regular expression in the library 66 matches the text string, then in step 132 a match is reported for the transaction name associated with the matched regular expression. Alternatively, if no regular expression in the library 66 matches the text string, then in step 136 a special transaction denoted "UNMATCHED" is reported for the text string. Note that unmatched text strings are logged into an error file to allow regular expressions to be written for them in the future.
While various embodiments of the present invention have been described in detail, it is apparent that modifications and adaptations of those embodiments will occur to those skilled in the art. It is to be expressly understood, however, that such modifications and adaptations are within the scope of the present invention, as set forth in the appended claims.

Claims

What is claimed is:
1. A method for recognizing an occurrence of a transaction that is defined by a sequence of one or more service requests, comprising: reading a service request that is transmitted between two computational components; combining a representation of the service request with a plurality of other service request representations to form a string of service request representations; and comparing the string of service request representations with a regular expression characterizing the transaction to determine if the string of service request representations corresponds to an occurrence of the transaction.
2. The method of Claim 1, wherein the reading step comprises: selecting a set of service requests from among a plurality of sets of service requests; categorizing the selected set of service requests based upon at least one of a source and a destination of the service requests in the selected set.
3. The method of Claim 1, wherein the service request includes a service request packet.
4. The method of Claim 1, wherein each of the service requests in the string of service request representations is ordered by time and further comprising: comparing a time interval between a second service request and the last service request, for corresponding representations in the string of service request representations, with a predetermined time interval to determine if the representation of the second service request is a part of the string of service request representations.
5. The method of Claim 1, further comprising: assigning to the service request a unique identifier characterizing the service request, wherein said identifier is included in the representation for the service request.
6. The method of Claim 1 , wherein each of the service request representations in the string has a unique identifier.
7. The method of Claim 1, wherein the regular expression includes one or more of the following operators:
(a) an operator indicating that a service request occurs zero or more times; (b) an operator indicating that a service request occurs one or more times;
(c) an operator indicating that a service request is optional;
(d) an operator indicating that only one of a collection of one or more service requests can occur.
8. A system for recognizing an occurrence of a transaction that is defined by a sequence of one or more service requests, comprising: means for reading a service request that is transmitted between two computational components; means for combining a representation of the service request with a plurality of other service request representations to form a string of service request representations; and means for comparing the string of service request representations with a regular expression characterizing a transaction to determine if the string of service request representations corresponds to an occurrence of the transaction.
9. A method for determining if a set of at least one service request representation corresponds to an occurrence of a transaction that is defined by a sequence of one or more service request representations, comprising: comparing the set with a regular expression characterizing the transaction.
10. The method of Claim 9, further comprising: sorting the service request representations based upon at least one of the source and destination of a corresponding service request represented by the service request representation.
11. The method of Claim 9, wherein each of the service request representations in the set is ordered by time and further comprising: comparing a time interval between a second service request and a previous service request, wherein both have representations in the set, with a predetermined time interval to determine if the representation for the second service request is a part of the set of service request representations.
12. The method of Claim 9, further comprising: assigning to a service request a unique identifier characterizing the service request, wherein said identifier is included in a corresponding service request representation for the service request.
13. The method of Claim 9, wherein a plurality of the service request representations in the set each have a unique identifier.
14. The method of Claim 12, wherein the regular expression comprises one or more service request identifiers.
15. In a system for determining if a set of one or more service request representations corresponds to an occurrence of a transaction that is defined by a sequence of one or more service request representations, comprising: means for comparing the set with a regular expression characterizing the transaction.
16. A method for predicting occurrences of transactions, comprising: collecting a sequence of service request representations; partitioning the service request representations of the sequence into subsets, wherein each subset of service request representations is expected to be indicative of one or more occurrences of a single transaction type; constructing a regular expression from the one or more occurrences, wherein each of the occurrences satisfy the regular expression; predicting whether an additional set of service requests is an instance of the transaction type by determining if the additional set of service request representations satisfy the regular expression.
PCT/US1999/018068 1998-08-11 1999-08-10 Transaction recognition and prediction using regular expressions WO2000010279A2 (en)

Priority Applications (9)

Application Number Priority Date Filing Date Title
IL14111399A IL141113A (en) 1998-08-11 1999-08-10 Transaction recognition and prediction using regular expressions
EP99940998A EP1110143B1 (en) 1998-08-11 1999-08-10 Transaction recognition and prediction using regular expressions
AU54734/99A AU770611B2 (en) 1998-08-11 1999-08-10 Transaction recognition and prediction using regular expressions
KR1020017001692A KR20010072353A (en) 1998-08-11 1999-08-10 Transaction recognition and prediction using regular expressions
BR9912804-7A BR9912804A (en) 1998-08-11 1999-08-10 Recognition and prediction of transactions using regular expressions
AT99940998T ATE491180T1 (en) 1998-08-11 1999-08-10 TRANSACTION DETECTION AND PREDICTION USING NORMAL EXPRESSIONS
JP2000565628A JP2002523814A (en) 1998-08-11 1999-08-10 Recognize and predict transactions using regular expressions
CA002339848A CA2339848A1 (en) 1998-08-11 1999-08-10 Transaction recognition and prediction using regular expressions
DE69943024T DE69943024D1 (en) 1998-08-11 1999-08-10 TRANSACTION DETECTION AND FORECAST USING NORMAL TERMS

Applications Claiming Priority (2)

Application Number Priority Date Filing Date Title
US09/132,362 US6477571B1 (en) 1998-08-11 1998-08-11 Transaction recognition and prediction using regular expressions
US09/132,362 1998-08-11

Publications (2)

Publication Number Publication Date
WO2000010279A2 true WO2000010279A2 (en) 2000-02-24
WO2000010279A3 WO2000010279A3 (en) 2000-06-02

Family

ID=22453669

Family Applications (1)

Application Number Title Priority Date Filing Date
PCT/US1999/018068 WO2000010279A2 (en) 1998-08-11 1999-08-10 Transaction recognition and prediction using regular expressions

Country Status (13)

Country Link
US (3) US6477571B1 (en)
EP (1) EP1110143B1 (en)
JP (1) JP2002523814A (en)
KR (1) KR20010072353A (en)
CN (1) CN1342279A (en)
AT (1) ATE491180T1 (en)
AU (1) AU770611B2 (en)
BR (1) BR9912804A (en)
CA (1) CA2339848A1 (en)
DE (1) DE69943024D1 (en)
IL (1) IL141113A (en)
WO (1) WO2000010279A2 (en)
ZA (1) ZA200100687B (en)

Families Citing this family (70)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5781449A (en) 1995-08-10 1998-07-14 Advanced System Technologies, Inc. Response time measurement apparatus and method
US6477571B1 (en) * 1998-08-11 2002-11-05 Computer Associates Think, Inc. Transaction recognition and prediction using regular expressions
US6963912B1 (en) * 1999-06-28 2005-11-08 Xacct Technologies, Ltd. Method and apparatus for session reconstruction
US7249192B1 (en) * 2000-03-09 2007-07-24 Hewlett-Packard Development Company, L.P. Protocol for insuring exactly once semantics of transactions across an unordered, unreliable network
US20030083936A1 (en) * 2000-11-14 2003-05-01 Mueller Raymond J. Method and apparatus for dynamic rule and/or offer generation
US20060271441A1 (en) * 2000-11-14 2006-11-30 Mueller Raymond J Method and apparatus for dynamic rule and/or offer generation
US7139824B2 (en) * 2001-11-28 2006-11-21 International Business Machines Corporation Method and system for isolating and simulating dropped packets in a computer network
US7433947B1 (en) * 2002-01-04 2008-10-07 Network General Technology System and method for determining real-time application verb response times
US7401141B2 (en) * 2003-01-07 2008-07-15 International Business Machines Corporation Method and system for monitoring performance of distributed applications
US7249178B2 (en) * 2003-03-28 2007-07-24 International Business Machines Corporation Non-intrusive recursive dispatching of nested service collections for aggregating web services
US8640234B2 (en) * 2003-05-07 2014-01-28 Trustwave Holdings, Inc. Method and apparatus for predictive and actual intrusion detection on a network
US7345961B2 (en) * 2003-10-23 2008-03-18 Matsushita Electric Industrial Co., Ltd. Information medium apparatus and information medium starting method
GB0329499D0 (en) * 2003-12-19 2004-01-28 Nokia Corp Communication network
US7613766B2 (en) * 2003-12-31 2009-11-03 Vericept Corporation Apparatus and method for linguistic scoring
US20070239786A1 (en) * 2004-02-24 2007-10-11 First Data Corporation System for maintaining regulatory compliance of communication point data
US20050187870A1 (en) * 2004-02-24 2005-08-25 First Data Corporation System for maintaining balance data
US20060167952A1 (en) * 2004-02-24 2006-07-27 First Data Corporation Communication point bulk mail
US20060184586A1 (en) * 2004-02-24 2006-08-17 First Data Corporation Communication point relationship scheduling
US20050187938A1 (en) * 2004-02-24 2005-08-25 First Data Corporation System for maintaining party data
US20060184585A1 (en) * 2004-02-24 2006-08-17 First Data Corporation Communication point delivery instructions
US20070237315A1 (en) * 2004-02-24 2007-10-11 First Data Corporation System for maintaining type and/or status information for a party - communication point relationship
US20050273450A1 (en) * 2004-05-21 2005-12-08 Mcmillen Robert J Regular expression acceleration engine and processing model
US20060074897A1 (en) * 2004-10-04 2006-04-06 Fergusson Iain W System and method for dynamic data masking
US7779049B1 (en) 2004-12-20 2010-08-17 Tw Vericept Corporation Source level optimization of regular expressions
US20060167873A1 (en) * 2005-01-21 2006-07-27 Degenaro Louis R Editor for deriving regular expressions by example
US8793354B2 (en) * 2006-04-20 2014-07-29 Cisco Technology, Inc. System and method for optimizing maintenance of geographically distributed processing units
US7512634B2 (en) * 2006-06-05 2009-03-31 Tarari, Inc. Systems and methods for processing regular expressions
US20080043289A1 (en) * 2006-08-16 2008-02-21 Epip Pty Ltd. Regular Expressions for Electronic Submission of Documents
US8300556B2 (en) 2007-04-27 2012-10-30 Cisco Technology, Inc. Optimizing bandwidth in a multipoint video conference
US8300789B2 (en) * 2007-04-30 2012-10-30 Cisco Technology, Inc. Method and system for identifying a multipoint control unit for hosting a conference
US7899904B2 (en) * 2007-04-30 2011-03-01 Lsi Corporation Hardware processing of regular expressions
US8566439B2 (en) * 2007-10-01 2013-10-22 Ebay Inc Method and system for intelligent request refusal in response to a network deficiency detection
CN101459908B (en) * 2007-12-13 2012-04-25 华为技术有限公司 Service subscribing method, system, server
US8589436B2 (en) * 2008-08-29 2013-11-19 Oracle International Corporation Techniques for performing regular expression-based pattern matching in data streams
US8145859B2 (en) * 2009-03-02 2012-03-27 Oracle International Corporation Method and system for spilling from a queue to a persistent store
US8935293B2 (en) * 2009-03-02 2015-01-13 Oracle International Corporation Framework for dynamically generating tuple and page classes
US8387076B2 (en) * 2009-07-21 2013-02-26 Oracle International Corporation Standardized database connectivity support for an event processing server
US8321450B2 (en) * 2009-07-21 2012-11-27 Oracle International Corporation Standardized database connectivity support for an event processing server in an embedded context
US8386466B2 (en) * 2009-08-03 2013-02-26 Oracle International Corporation Log visualization tool for a data stream processing server
US8527458B2 (en) * 2009-08-03 2013-09-03 Oracle International Corporation Logging framework for a data stream processing server
US9167028B1 (en) * 2009-09-10 2015-10-20 AppDynamics, Inc. Monitoring distributed web application transactions
US10230611B2 (en) * 2009-09-10 2019-03-12 Cisco Technology, Inc. Dynamic baseline determination for distributed business transaction
US8938533B1 (en) 2009-09-10 2015-01-20 AppDynamics Inc. Automatic capture of diagnostic data based on transaction behavior learning
US9305057B2 (en) * 2009-12-28 2016-04-05 Oracle International Corporation Extensible indexing framework using data cartridges
US9430494B2 (en) * 2009-12-28 2016-08-30 Oracle International Corporation Spatial data cartridge for event processing systems
US8959106B2 (en) 2009-12-28 2015-02-17 Oracle International Corporation Class loading using java data cartridges
US8713049B2 (en) 2010-09-17 2014-04-29 Oracle International Corporation Support for a parameterized query/view in complex event processing
US9189280B2 (en) 2010-11-18 2015-11-17 Oracle International Corporation Tracking large numbers of moving objects in an event processing system
US8990416B2 (en) 2011-05-06 2015-03-24 Oracle International Corporation Support for a new insert stream (ISTREAM) operation in complex event processing (CEP)
CN102346460B (en) * 2011-05-27 2013-11-13 运软网络科技(上海)有限公司 Transaction-based service control system and method
US9329975B2 (en) 2011-07-07 2016-05-03 Oracle International Corporation Continuous query language (CQL) debugger in complex event processing (CEP)
US9311598B1 (en) 2012-02-02 2016-04-12 AppDynamics, Inc. Automatic capture of detailed analysis information for web application outliers with very low overhead
US9262479B2 (en) 2012-09-28 2016-02-16 Oracle International Corporation Join operations for continuous queries over archived views
US9563663B2 (en) 2012-09-28 2017-02-07 Oracle International Corporation Fast path evaluation of Boolean predicates
US10956422B2 (en) 2012-12-05 2021-03-23 Oracle International Corporation Integrating event processing with map-reduce
US10298444B2 (en) 2013-01-15 2019-05-21 Oracle International Corporation Variable duration windows on continuous data streams
US9098587B2 (en) 2013-01-15 2015-08-04 Oracle International Corporation Variable duration non-event pattern matching
US9390135B2 (en) 2013-02-19 2016-07-12 Oracle International Corporation Executing continuous event processing (CEP) queries in parallel
US9047249B2 (en) 2013-02-19 2015-06-02 Oracle International Corporation Handling faults in a continuous event processing (CEP) system
US9418113B2 (en) 2013-05-30 2016-08-16 Oracle International Corporation Value based windows on relations in continuous data streams
US20150095216A1 (en) * 2013-09-30 2015-04-02 The Toronto-Dominion Bank Methods and systems for determining and providing negative event notifications
US9934279B2 (en) 2013-12-05 2018-04-03 Oracle International Corporation Pattern matching across multiple input data streams
US9244978B2 (en) 2014-06-11 2016-01-26 Oracle International Corporation Custom partitioning of a data stream
US9712645B2 (en) 2014-06-26 2017-07-18 Oracle International Corporation Embedded event processing
US9886486B2 (en) 2014-09-24 2018-02-06 Oracle International Corporation Enriching events with dynamically typed big data for event processing
US10120907B2 (en) 2014-09-24 2018-11-06 Oracle International Corporation Scaling event processing using distributed flows and map-reduce operations
WO2017018901A1 (en) 2015-07-24 2017-02-02 Oracle International Corporation Visually exploring and analyzing event streams
WO2017135838A1 (en) 2016-02-01 2017-08-10 Oracle International Corporation Level of detail control for geostreaming
WO2017135837A1 (en) 2016-02-01 2017-08-10 Oracle International Corporation Pattern based automated test data generation
US10896290B2 (en) * 2018-09-06 2021-01-19 Infocredit Services Private Limited Automated pattern template generation system using bulk text messages

Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5351243A (en) * 1991-12-27 1994-09-27 Digital Equipment Corporation Monitor for packets on a communications network
US5430709A (en) * 1992-06-17 1995-07-04 Hewlett-Packard Company Network monitoring method and apparatus
US5911048A (en) * 1994-05-05 1999-06-08 Graf; Lars Oliver System for managing group of computers by displaying relevant non-redundant messages by expressing database operations and expert systems rules to high level language interpreter
US5933602A (en) * 1996-07-31 1999-08-03 Novell, Inc. System for selecting command packet and corresponding response packet from communication stream of packets by monitoring packets sent between nodes on network

Family Cites Families (50)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US4369493A (en) 1979-05-14 1983-01-18 Metropolitan Life Insurance Company Response time monitor
JPH07120299B2 (en) 1986-01-10 1995-12-20 株式会社日立製作所 Testing method for multiprocessor system
US4894823A (en) 1986-02-28 1990-01-16 American Telephone And Telegraph Company Time stamping for packet system nodes
US4835766A (en) 1986-05-20 1989-05-30 Nec Corporation Monitoring system capable of monitoring a sequence of digital signals flowing through a subscriber line
US5045994A (en) 1986-09-23 1991-09-03 Bell Communications Research, Inc. Emulation process having several displayed input formats and output formats and windows for creating and testing computer systems
US4905171A (en) 1987-11-09 1990-02-27 International Business Machines Corporation Workstation controller performance monitor
US5101402A (en) 1988-05-24 1992-03-31 Digital Equipment Corporation Apparatus and method for realtime monitoring of network sessions in a local area network
US4894846A (en) 1988-06-30 1990-01-16 Digital Equipment Corporation Method for maintaining a correct time in a distributed processing system
US4930093A (en) 1988-08-01 1990-05-29 Ncr Corporation Method of measuring message response time performance of a data processing system including data terminals
US5067107A (en) 1988-08-05 1991-11-19 Hewlett-Packard Company Continuous computer performance measurement tool that reduces operating system produced performance data for logging into global, process, and workload files
US5247517A (en) 1989-10-20 1993-09-21 Novell, Inc. Method and apparatus for analyzing networks
DE69019917T2 (en) 1989-11-06 1995-10-12 Fujitsu Ltd Switch information device.
US5095444A (en) 1989-12-21 1992-03-10 Legent Corporation System and method for measuring inter-nodal transmission delays in a communications network
EP0444364B1 (en) * 1990-02-26 1997-07-09 Oracle Corporation Physical database design system
EP0477448B1 (en) 1990-09-28 1995-07-12 Hewlett-Packard Company Network monitoring device and system
JPH04148242A (en) 1990-10-08 1992-05-21 Fujitsu Ltd Trace processing method for load module execution
US5245638A (en) 1990-10-29 1993-09-14 Iowa State University Research Foundation, Inc. Method and system for benchmarking computers
US5331574A (en) 1991-08-06 1994-07-19 International Business Machines Corporation System and method for collecting response times for exception response applications
US5303166A (en) 1992-04-14 1994-04-12 International Business Machines Corporation Method and system for automated network benchmark performance analysis
US5553235A (en) 1992-10-23 1996-09-03 International Business Machines Corporation System and method for maintaining performance data in a data processing system
AU5953394A (en) 1992-12-17 1994-07-04 Legent Corporation System and method for generating local area network operating statistics
JPH06214798A (en) 1993-01-13 1994-08-05 Toyo Commun Equip Co Ltd Programing language compiler
GB9303527D0 (en) 1993-02-22 1993-04-07 Hewlett Packard Ltd Network analysis method
US5862335A (en) 1993-04-01 1999-01-19 Intel Corp. Method and apparatus for monitoring file transfers and logical connections in a computer network
SE515419C2 (en) 1993-06-15 2001-07-30 Ericsson Telefon Ab L M Method and apparatus for travel sequencing
US5491750A (en) 1993-12-30 1996-02-13 International Business Machines Corporation Method and apparatus for three-party entity authentication and key distribution using message authentication codes
US5706429A (en) 1994-03-21 1998-01-06 International Business Machines Corporation Transaction processing system and method
EP0696119B1 (en) 1994-07-28 2003-09-24 Alcatel Method for determining a number of discriminated digital data units and for estimation of response time
US5598535A (en) 1994-08-01 1997-01-28 International Business Machines Corporation System for selectively and cumulatively grouping packets from different sessions upon the absence of exception condition and sending the packets after preselected time conditions
US5627886A (en) 1994-09-22 1997-05-06 Electronic Data Systems Corporation System and method for detecting fraudulent network usage patterns using real-time network monitoring
US5491792A (en) 1994-09-23 1996-02-13 Forney International, Inc. Sequence of events system using a redundant analog I/O board system
US5708780A (en) 1995-06-07 1998-01-13 Open Market, Inc. Internet server access control and monitoring systems
US5675510A (en) 1995-06-07 1997-10-07 Pc Meter L.P. Computer use meter and analyzer
US5802302A (en) 1995-06-29 1998-09-01 International Business Machines Corporation System and method for response time measurement in high speed data transmission networks
US5563875A (en) 1995-07-10 1996-10-08 International Business Machines Corporation Wrap-around route testing in packet communications networks
US5881051A (en) 1995-07-10 1999-03-09 International Business Machines Management of route testing in packet communications networks
US5781449A (en) 1995-08-10 1998-07-14 Advanced System Technologies, Inc. Response time measurement apparatus and method
US6144961A (en) 1995-08-31 2000-11-07 Compuware Corporation Method and system for non-intrusive measurement of transaction response times on a network
JP3426428B2 (en) * 1995-10-27 2003-07-14 富士通株式会社 Transaction tracing device
US5826270A (en) 1995-12-28 1998-10-20 Csg Systems, Inc. Methods and systems for client or customer-site transaction processing in a distributed database system
US6006242A (en) * 1996-04-05 1999-12-21 Bankers Systems, Inc. Apparatus and method for dynamically creating a document
US6018619A (en) * 1996-05-24 2000-01-25 Microsoft Corporation Method, system and apparatus for client-side usage tracking of information server systems
US5787253A (en) 1996-05-28 1998-07-28 The Ag Group Apparatus and method of analyzing internet activity
US6321234B1 (en) * 1996-09-18 2001-11-20 Sybase, Inc. Database server system with improved methods for logging transactions
JP3231673B2 (en) * 1996-11-21 2001-11-26 シャープ株式会社 Character and character string search method and recording medium used in the method
US6278996B1 (en) * 1997-03-31 2001-08-21 Brightware, Inc. System and method for message process and response
US5872976A (en) 1997-04-01 1999-02-16 Landmark Systems Corporation Client-based system for monitoring the performance of application programs
US6081774A (en) * 1997-08-22 2000-06-27 Novell, Inc. Natural language information retrieval system and method
US6070190A (en) * 1998-05-11 2000-05-30 International Business Machines Corporation Client-based application availability and response monitoring and reporting for distributed computing environments
US6477571B1 (en) * 1998-08-11 2002-11-05 Computer Associates Think, Inc. Transaction recognition and prediction using regular expressions

Patent Citations (4)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
US5351243A (en) * 1991-12-27 1994-09-27 Digital Equipment Corporation Monitor for packets on a communications network
US5430709A (en) * 1992-06-17 1995-07-04 Hewlett-Packard Company Network monitoring method and apparatus
US5911048A (en) * 1994-05-05 1999-06-08 Graf; Lars Oliver System for managing group of computers by displaying relevant non-redundant messages by expressing database operations and expert systems rules to high level language interpreter
US5933602A (en) * 1996-07-31 1999-08-03 Novell, Inc. System for selecting command packet and corresponding response packet from communication stream of packets by monitoring packets sent between nodes on network

Non-Patent Citations (1)

* Cited by examiner, † Cited by third party
Title
See also references of EP1110143A2 *

Also Published As

Publication number Publication date
CA2339848A1 (en) 2000-02-24
JP2002523814A (en) 2002-07-30
EP1110143B1 (en) 2010-12-08
WO2000010279A3 (en) 2000-06-02
CN1342279A (en) 2002-03-27
DE69943024D1 (en) 2011-01-20
US7483976B2 (en) 2009-01-27
US20060064487A1 (en) 2006-03-23
KR20010072353A (en) 2001-07-31
EP1110143A2 (en) 2001-06-27
US20060031458A1 (en) 2006-02-09
AU770611B2 (en) 2004-02-26
AU5473499A (en) 2000-03-06
BR9912804A (en) 2002-06-11
US6477571B1 (en) 2002-11-05
US6990521B1 (en) 2006-01-24
IL141113A (en) 2005-12-18
EP1110143A4 (en) 2005-03-02
IL141113A0 (en) 2002-02-10
ATE491180T1 (en) 2010-12-15
ZA200100687B (en) 2003-07-24

Similar Documents

Publication Publication Date Title
US6477571B1 (en) Transaction recognition and prediction using regular expressions
US11403333B2 (en) User interface search tool for identifying and summarizing data
US7562067B2 (en) Systems and methods for estimating functional relationships in a database
US6308211B1 (en) Method and apparatus for identifying informational packets
US6078918A (en) Online predictive memory
US5542089A (en) Method and apparatus for estimating the number of occurrences of frequent values in a data set
CN110807085B (en) Fault information query method and device, storage medium and electronic device
US20020188618A1 (en) Systems and methods for ordering categorical attributes to better visualize multidimensional data
CN112364014B (en) Data query method, device, server and storage medium
US20170316337A1 (en) Dynamic Search Guidance For Machine Data Indexing And Search System
CN113409016A (en) Information processing method, server and medium applied to big data cloud office
CN114116811B (en) Log processing method, device, equipment and storage medium
CN112232290B (en) Data clustering method, server, system and computer readable storage medium
CN116483831B (en) Recommendation index generation method for distributed database
CN113138906A (en) Call chain data acquisition method, device, equipment and storage medium
CN115147020B (en) Decoration data processing method, device, equipment and storage medium
EP4242848B1 (en) Method and computer system for capture and analysis of repetitive actions generated by the employee-computer interaction
KR100906449B1 (en) Database tool identifying apparatus and method thereof
CN114706743B (en) Comprehensive evaluation method supporting real-time evaluation
CN117372210B (en) Legal service consultation system
CN117786182A (en) Business data storage system and method based on ERP system
CN117077809A (en) Abnormal data analysis method and system based on wind control decision and visualization
CN115687355A (en) Index obtaining method, device, medium and equipment for data query statement
CN118193581A (en) Mass data retrieval task processing method, system and storage medium
CN112990323A (en) User portrait mining method based on big data online mode and machine learning system

Legal Events

Date Code Title Description
WWE Wipo information: entry into national phase

Ref document number: 99809513.3

Country of ref document: CN

AK Designated states

Kind code of ref document: A2

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A2

Designated state(s): GH GM KE LS MW SD SL SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

121 Ep: the epo has been informed by wipo that ep was designated in this application
AK Designated states

Kind code of ref document: A3

Designated state(s): AE AL AM AT AU AZ BA BB BG BR BY CA CH CN CU CZ DE DK EE ES FI GB GD GE GH GM HR HU ID IL IN IS JP KE KG KP KR KZ LC LK LR LS LT LU LV MD MG MK MN MW MX NO NZ PL PT RO RU SD SE SG SI SK SL TJ TM TR TT UA UG UZ VN YU ZA ZW

AL Designated countries for regional patents

Kind code of ref document: A3

Designated state(s): GH GM KE LS MW SD SL SZ UG ZW AM AZ BY KG KZ MD RU TJ TM AT BE CH CY DE DK ES FI FR GB GR IE IT LU MC NL PT SE BF BJ CF CG CI CM GA GN GW ML MR NE SN TD TG

DFPE Request for preliminary examination filed prior to expiration of 19th month from priority date (pct application filed before 20040101)
WWE Wipo information: entry into national phase

Ref document number: 2001/00687

Country of ref document: ZA

Ref document number: 200100687

Country of ref document: ZA

WWE Wipo information: entry into national phase

Ref document number: 141113

Country of ref document: IL

ENP Entry into the national phase

Ref document number: 2339848

Country of ref document: CA

Ref document number: 2339848

Country of ref document: CA

Kind code of ref document: A

WWE Wipo information: entry into national phase

Ref document number: 1020017001692

Country of ref document: KR

WWE Wipo information: entry into national phase

Ref document number: 54734/99

Country of ref document: AU

WWE Wipo information: entry into national phase

Ref document number: 1999940998

Country of ref document: EP

WWE Wipo information: entry into national phase

Ref document number: IN/PCT/2001/00182/DE

Country of ref document: IN

REG Reference to national code

Ref country code: DE

Ref legal event code: 8642

WWP Wipo information: published in national office

Ref document number: 1999940998

Country of ref document: EP

WWP Wipo information: published in national office

Ref document number: 1020017001692

Country of ref document: KR

WWG Wipo information: grant in national office

Ref document number: 54734/99

Country of ref document: AU

WWG Wipo information: grant in national office

Ref document number: 1020017001692

Country of ref document: KR