狠狠撸

Anomaly detection and root cause analysis in distributed application transactions

Oct 16, 20154 likes1,520 views

This document discusses anomaly detection and root cause analysis in distributed application transactions. It introduces challenges in monitoring complex enterprise applications with massive and heterogeneous data. The solution presented uses machine learning and engineering to collect business transaction data, identify relevant fields that are abnormal, and determine the root cause. An example is given of how the system would detect and analyze unexpected slow transactions from one airline using a travel booking site.

Anomaly Detection and Root Cause Analysis
in Distributed Application Transactions
Yuchen Zhao @

Software is Eating the World

Anomaly detection and root cause analysis in distributed application transactions

Anomaly detection and root cause analysis in distributed application transactions

it’s critical to make sure
the software
is running properly

How?
Through monitoring!

Monitoring shouldn’t be very hard… right?

Well, it can become a bit more complex...

Or… really complex...

Anomaly detection and root cause analysis in distributed application transactions

Anomaly detection and root cause analysis in distributed application transactions

Keep applications running
is hard.

Anomaly detection and root cause analysis in distributed application transactions

Challenge 1:
Enterprise applications are complex

Challenge 2:
Data is heterogeneous.
Its volume is massive and growing

Challenge 3:
Too many signals.
Finding anomalies & root causes
are non-trival.

Our solution: Relevant Fields
Machine Learning + Engineering

Q1: How to get & organize data?

Collect data in the form of
Business Transactions

Anomaly detection and root cause analysis in distributed application transactions

Q2: Can you give a real use case?

A hypothetical travel booking site with data in BT

An unexpected incident:

Anomaly detection and root cause analysis in distributed application transactions

Step 1: filtering

Step 2: find relevant fields

the relevancy score
“airline:AA” related transactions:
● 2% occurrence normally among all
travel bookings
● 82% of the current slow transactions
are from “AA”.
● 41 times more significant than normal.

What’s the root cause?

Step 3: take actions!

Q3: What’s the design of the system?

Architecture Overview

Data Collection

Smart Code Instrumentation
watch every line of code, self-learning, automatic

Stream Processing & Storage

Relevant Fields Processing

all transactions
(baseline)
error/slow
transactions
(query)
Baseline & Query Sets

Q4: How to score the field?

all transactions
(baseline)
error/slow
transactions
(query)

Optimization: Dynamics Baseline

Infer baseline context from query automatically
query
transactions
transactions
of Entity 1
query
transactions
transactions
of Entity 2
transactions
of Entity n

Baseline entity is auto learned from two dimensions:
● physical (applications, tiers, nodes, etc)
● temporal

Score Normalization
Normalize the score using a function derived from
sigmoid:

Score Example

Fore more details, please check out our demo paper in ICDM 2015:
Discovering Anomalies and Root Causes in Applications via Relevant Fields Analysis,
in Proceedings of the 15th IEEE International Conference on Data Mining

Ongoing work...
Support rich data types
● time series
● text
● graphs
● ...

We’re selling!

We’re hiring too!
Contact Mara
or
me yuchen.zhao@appdynamics.com

Thank you!

Ad

Recommended

PDF

Next Generation Intelligent APM: Pain Points, Trends and SolutionsYuchen Zhao

?

PDF

大数据场景下应用性能排查的智能根源分析Yuchen Zhao

?

PPTX

Best Effort Security Testing for Mobile Applications - 2015 #ISC2CONGRESSLostar

?

PDF

Doing DevOps for Big Data? What You Need to Know About AIOpsDevOps.com

?

PPTX

Data Science Powered Apps for Internet of ThingsVMware Tanzu

?

PPTX

Bio-T -Guy Vinograd ?

?

PDF

Breached! App Attacks, Application Protection and Incident ResponseResilient Systems

?

PPTX

Salesforce Monitoring Best PracticesAngelique Medina

?

PPTX

TouploadBond Seidel

?

PPTX

Improve the Impact of DevOpsSplunk

?

PDF

Security in a Continuous Delivery WorldDinis Cruz

?

PPTX

SplunkLive! Customer Presentation – NissanSplunk

?

PDF

2016_Brochure_BookDiana Damouni

?

PPTX

ThousandEyes EMEA - Salesforce Monitoring Best PracticesThousandEyes

?

PDF

IRJET - Online Credit Card Fraud Detection and Prevention SystemIRJET Journal

?

PDF

Machine Learning-Based Approaches for Fraud Detection in Credit Card Transact...IRJET Journal

?

PDF

A Comparative Study for Credit Card Fraud Detection System using Machine Lear...IRJET Journal

?

PDF

A Review of deep learning techniques in detection of anomaly incredit card tr...IRJET Journal

?

PDF

Tackling the ticking time bomb – Data Migration and the hidden risksHarley Capewell

?

PDF

TWO-LAYER SECURE PREVENTION MECHANISM FOR REDUCING E-COMMERCE SECURITY RISKSijcsit

?

PDF

IRJET - Fraud Detection in Credit Card using Machine Learning TechniquesIRJET Journal

?

PDF

8 BIGGEST MISTAKES IT PRACTITIONERS MAKE AND HOW TO AVOID THEMAbuSyeedRaihan

?

PDF

A Cohesive and Semantic Consistency of for Bot Attack on IoT and IIoTPlatformsIRJET Journal

?

PDF

An Identification and Detection of Fraudulence in Credit Card Fraud Transacti...IRJET Journal

?

PDF

Unsupervised Learning for Credit Card Fraud DetectionIRJET Journal

?

PDF

A Comparative Study on Credit Card Fraud DetectionIRJET Journal

?

PDF

The tops for collecting network based evidenceyou think that your.pdfnoelbuddy

?

PDF

Data Encryption Is Hard To Do FiberlinkProduct Marketing Services

?

PDF

IRJET- Survey on Credit Card Fraud DetectionIRJET Journal

?

DOCX

INTERNAL Assign no 207( JAIPUR NATIONAL UNI)Partha_bappa

?

More Related Content

What's hot (6)

PPTX

TouploadBond Seidel

?

PPTX

Improve the Impact of DevOpsSplunk

?

PDF

Security in a Continuous Delivery WorldDinis Cruz

?

PPTX

SplunkLive! Customer Presentation – NissanSplunk

?

PDF

2016_Brochure_BookDiana Damouni

?

PPTX

ThousandEyes EMEA - Salesforce Monitoring Best PracticesThousandEyes

?

TouploadBond Seidel

?

Improve the Impact of DevOpsSplunk

?

Security in a Continuous Delivery WorldDinis Cruz

?

SplunkLive! Customer Presentation – NissanSplunk

?

2016_Brochure_BookDiana Damouni

?

ThousandEyes EMEA - Salesforce Monitoring Best PracticesThousandEyes

?

Similar to Anomaly detection and root cause analysis in distributed application transactions (20)

PDF

IRJET - Online Credit Card Fraud Detection and Prevention SystemIRJET Journal

?

PDF

Machine Learning-Based Approaches for Fraud Detection in Credit Card Transact...IRJET Journal

?

PDF

A Comparative Study for Credit Card Fraud Detection System using Machine Lear...IRJET Journal

?

PDF

A Review of deep learning techniques in detection of anomaly incredit card tr...IRJET Journal

?

PDF

Tackling the ticking time bomb – Data Migration and the hidden risksHarley Capewell

?

PDF

TWO-LAYER SECURE PREVENTION MECHANISM FOR REDUCING E-COMMERCE SECURITY RISKSijcsit

?

PDF

IRJET - Fraud Detection in Credit Card using Machine Learning TechniquesIRJET Journal

?

PDF

8 BIGGEST MISTAKES IT PRACTITIONERS MAKE AND HOW TO AVOID THEMAbuSyeedRaihan

?

PDF

A Cohesive and Semantic Consistency of for Bot Attack on IoT and IIoTPlatformsIRJET Journal

?

PDF

An Identification and Detection of Fraudulence in Credit Card Fraud Transacti...IRJET Journal

?

PDF

Unsupervised Learning for Credit Card Fraud DetectionIRJET Journal

?

PDF

A Comparative Study on Credit Card Fraud DetectionIRJET Journal

?

PDF

The tops for collecting network based evidenceyou think that your.pdfnoelbuddy

?

PDF

Data Encryption Is Hard To Do FiberlinkProduct Marketing Services

?

PDF

IRJET- Survey on Credit Card Fraud DetectionIRJET Journal

?

DOCX

INTERNAL Assign no 207( JAIPUR NATIONAL UNI)Partha_bappa

?

PPT

The Insider Threatillustro

?

PDF

Data Observability- The Next Frontier of Data Engineering Pdf.pdfData Science Council of America

?

PDF

Fraudulent Activities Detection in E-commerce WebsitesIRJET Journal

?

PDF

Operationalize deep learning models for fraud detection with Azure Machine Le...Francesca Lazzeri, PhD

?

IRJET - Online Credit Card Fraud Detection and Prevention SystemIRJET Journal

?

Machine Learning-Based Approaches for Fraud Detection in Credit Card Transact...IRJET Journal

?

A Comparative Study for Credit Card Fraud Detection System using Machine Lear...IRJET Journal

?

A Review of deep learning techniques in detection of anomaly incredit card tr...IRJET Journal

?

Tackling the ticking time bomb – Data Migration and the hidden risksHarley Capewell

?

TWO-LAYER SECURE PREVENTION MECHANISM FOR REDUCING E-COMMERCE SECURITY RISKSijcsit

?

IRJET - Fraud Detection in Credit Card using Machine Learning TechniquesIRJET Journal

?

8 BIGGEST MISTAKES IT PRACTITIONERS MAKE AND HOW TO AVOID THEMAbuSyeedRaihan

?

A Cohesive and Semantic Consistency of for Bot Attack on IoT and IIoTPlatformsIRJET Journal

?

An Identification and Detection of Fraudulence in Credit Card Fraud Transacti...IRJET Journal

?

Unsupervised Learning for Credit Card Fraud DetectionIRJET Journal

?

A Comparative Study on Credit Card Fraud DetectionIRJET Journal

?

The tops for collecting network based evidenceyou think that your.pdfnoelbuddy

?

Data Encryption Is Hard To Do FiberlinkProduct Marketing Services

?

IRJET- Survey on Credit Card Fraud DetectionIRJET Journal

?

INTERNAL Assign no 207( JAIPUR NATIONAL UNI)Partha_bappa

?

The Insider Threatillustro

?

Data Observability- The Next Frontier of Data Engineering Pdf.pdfData Science Council of America

?

Fraudulent Activities Detection in E-commerce WebsitesIRJET Journal

?

Operationalize deep learning models for fraud detection with Azure Machine Le...Francesca Lazzeri, PhD

?

Ad

Recently uploaded (20)

PDF

Rapid Prototyping for XR: Lecture 1 Introduction to PrototypingMark Billinghurst

?

PPTX

Computer network Computer network Computer network Computer networkShrikant317689

?

PPTX

Bharatiya Antariksh Hackathon 2025 Idea Submission PPT.pptxAsadShad4

?

PPTX

Mobile database systems 20254545645.pptxherosh1968

?

PDF

How to Buy Verified CashApp Accounts IN 2025Buy Verified CashApp Accounts

?

PDF

Python Mini Project: Command-Line Quiz Game for School/College StudentsMPREETHI7

?

PPTX

Precooling and Refrigerated storage.pptxThongamSunita

?

PPTX

Stability of IBR Dominated Grids - IEEE PEDG 2025 - short.pptxssuser307730

?

PPTX

WHO And BIS std- for water quality .pptxdhanashree78

?

PPT

SF 9_Unit 1.ppt software engineering pptAmarrKannthh

?

PDF

NFPA 10 - Estandar para extintores de incendios portatiles (ed.22 ENG).pdfOscar Orozco

?

PPTX

FSE_LLM4SE1_A Tool for In-depth Analysis of Code Execution Reasoning of Large...cl144

?

PPTX

Work at Height training for workers .pptxcecos12

?

PDF

Rapid Prototyping for XR: Lecture 2 - Low Fidelity Prototyping.Mark Billinghurst

?

PPTX

CST413 KTU S7 CSE Machine Learning Introduction Parameter Estimation MLE MAP ...resming1

?

PPTX

CST413 KTU S7 CSE Machine Learning Neural Networks and Support Vector Machine...resming1

?

PPTX

LECTURE 7 COMPUTATIONS OF LEVELING DATA APRIL 2025.pptxrr22001247

?

PDF

13th International Conference of Security, Privacy and Trust Management (SPTM...ijcisjournal

?

PDF

Rapid Prototyping for XR: Lecture 4 - High Level Prototyping.Mark Billinghurst

?

PPTX

CST413 KTU S7 CSE Machine Learning Clustering K Means Hierarchical Agglomerat...resming1

?

Rapid Prototyping for XR: Lecture 1 Introduction to PrototypingMark Billinghurst

?

Computer network Computer network Computer network Computer networkShrikant317689

?

Bharatiya Antariksh Hackathon 2025 Idea Submission PPT.pptxAsadShad4

?

Mobile database systems 20254545645.pptxherosh1968

?

How to Buy Verified CashApp Accounts IN 2025Buy Verified CashApp Accounts

?

Python Mini Project: Command-Line Quiz Game for School/College StudentsMPREETHI7

?

Precooling and Refrigerated storage.pptxThongamSunita

?

Stability of IBR Dominated Grids - IEEE PEDG 2025 - short.pptxssuser307730

?

WHO And BIS std- for water quality .pptxdhanashree78

?

SF 9_Unit 1.ppt software engineering pptAmarrKannthh

?

NFPA 10 - Estandar para extintores de incendios portatiles (ed.22 ENG).pdfOscar Orozco

?

FSE_LLM4SE1_A Tool for In-depth Analysis of Code Execution Reasoning of Large...cl144

?

Work at Height training for workers .pptxcecos12

?

Rapid Prototyping for XR: Lecture 2 - Low Fidelity Prototyping.Mark Billinghurst

?

CST413 KTU S7 CSE Machine Learning Introduction Parameter Estimation MLE MAP ...resming1

?

CST413 KTU S7 CSE Machine Learning Neural Networks and Support Vector Machine...resming1

?

LECTURE 7 COMPUTATIONS OF LEVELING DATA APRIL 2025.pptxrr22001247

?

13th International Conference of Security, Privacy and Trust Management (SPTM...ijcisjournal

?

Rapid Prototyping for XR: Lecture 4 - High Level Prototyping.Mark Billinghurst

?

CST413 KTU S7 CSE Machine Learning Clustering K Means Hierarchical Agglomerat...resming1

?

Ad

Anomaly detection and root cause analysis in distributed application transactions

1. Anomaly Detection and Root Cause Analysis in Distributed Application Transactions Yuchen Zhao @

2. Software is Eating the World

5. it’s critical to make sure the software is running properly

6. How? Through monitoring!

7. Monitoring shouldn’t be very hard… right?

8. Well, it can become a bit more complex...

9. Or… really complex...

12. Keep applications running is hard.

14. Challenge 1: Enterprise applications are complex

15. Challenge 2: Data is heterogeneous. Its volume is massive and growing

16. Challenge 3: Too many signals. Finding anomalies & root causes are non-trival.

17. Our solution: Relevant Fields Machine Learning + Engineering

18. Q1: How to get & organize data?

19. Collect data in the form of Business Transactions

21. Q2: Can you give a real use case?

22. A hypothetical travel booking site with data in BT

23. An unexpected incident:

25. Step 1: filtering

26. Step 2: find relevant fields

27. the relevancy score “airline:AA” related transactions: ● 2% occurrence normally among all travel bookings ● 82% of the current slow transactions are from “AA”. ● 41 times more significant than normal.

28. What’s the root cause?

29. Step 3: take actions!

30. Q3: What’s the design of the system?

31. Architecture Overview

32. Data Collection

33. Smart Code Instrumentation watch every line of code, self-learning, automatic

34. Stream Processing & Storage

35. Relevant Fields Processing

36. all transactions (baseline) error/slow transactions (query) Baseline & Query Sets

37. Q4: How to score the field?

38. all transactions (baseline) error/slow transactions (query)

39. Optimization: Dynamics Baseline

40. Infer baseline context from query automatically query transactions transactions of Entity 1 query transactions transactions of Entity 2 transactions of Entity n

41. Baseline entity is auto learned from two dimensions: ● physical (applications, tiers, nodes, etc) ● temporal

42. Score Normalization Normalize the score using a function derived from sigmoid:

43. Score Example

44. Fore more details, please check out our demo paper in ICDM 2015: Discovering Anomalies and Root Causes in Applications via Relevant Fields Analysis, in Proceedings of the 15th IEEE International Conference on Data Mining

45. Ongoing work... Support rich data types ● time series ● text ● graphs ● ...

46. We’re selling!

47. We’re hiring too! Contact Mara or me yuchen.zhao@appdynamics.com