understanding software system behavior with ml and time
play

Understanding Software System Behavior With ML and Time Series Data - PowerPoint PPT Presentation

Oct 26, 2022 •218 likes •1.21k views

Understanding Software System Behavior With ML and Time Series Data QCon.ai SF April 11, 2018 David Andrzejewski - @davidandrzej Engineering, Sumo Logic Sumo Logic Confidential Intro / context Currently: Sumo Logic since 2011

  1. Understanding Software System Behavior With ML and Time Series Data QCon.ai SF – April 11, 2018 David Andrzejewski - @davidandrzej Engineering, Sumo Logic Sumo Logic Confidential

  2. Intro / context • Currently: – Sumo Logic since 2011 – Co-organizer: SF ML Meetup – @davidandrzej on Twitter • Previously: – Postdoc at LLNL – U Wisconsin • BS Comp E / CS / Math • PhD CS (ML) Sumo Logic Confidential

  3. Continuous intelligence for machine data Sumo Logic Confidential

  4. Overview 1. Mega-trends: “Softwarification” of Everything + ML 2. Machine data: practicalities and basic analytics 3. Machine learning, data mining, and pitfalls Sumo Logic Confidential

  5. Sumo Logic Confidential

  6. Sumo Logic Confidential

  7. Trouble in software paradise! Sumo Logic Confidential Sumo Logic Confidential

  8. Microservices “death star” Sumo Logic Confidential

  9. Sumo Logic Confidential

  10. Big Data to the rescue? DEBUG-level visibility, in production • Logs (TBs / day) • Metrics (M DPs / min) • Source code (GBs) • Traces • Events Sumo Logic Confidential

  11. Not so fast! “Could a Neuroscientist Understand a Microprocessor?” Jonas & Kording (PLoS Comp Bio 2017) • (cool NES plotter art - Michael Fogleman) Sumo Logic Confidential

  12. Using data to understand complex, dynamic, multi-scale systems ”Grand challenge” problem new measurements → new science Data: necessary but not sufficient? • Today’s systems: • Software – – Biological – Social / economic Sumo Logic Confidential

  13. Machine data time series Sumo Logic Confidential

  14. Operational time series telemetry: the basics What: • – “Four Golden Signals” (Google SRE book) Latency, Traffic, Error, Saturation • • (also: USE, RED, …) – Basic resources: CPU, memory, … – More granular timings Event counts, cache miss rates, other internals… – • How: – “push” agents/daemons (eg, StatsD) “pull” metrics endpoints (eg, Prometheus) – Where: • – TSDB (time series database) – OSS / Commercial systems Sumo Logic Confidential

  15. Operational time series telemetry: why Q: WTF is my system actually doing? Monitoring & troubleshooting • data visualization • alerting* • summarize behavior • comparisons Sumo Logic Confidential

  16. Operational time series telemetry: example “Metrics 2.0”–style deployment=production key-value identifier cluster=indexer host=foobuzz-39 Actual data: sequence metric=write_latency of (timestamp, value) units=ms 8:01 8:02 8:03 8:04 8:05 … 64 128 72 144 96 … Sumo Logic Confidential

  17. Quantization: rollup / time-based aggregation Raw event/observation data à coarser, more regular !: # ℝ → ℝ 1-minute aggregations à 1-hour aggregations, etc Aggregation: map from 8: 8:00 00 8: 8:01 01 … 8: 8:58 58 8: 8:59 59 multiset of floats to some 60.1 43.2 33.3 45.1 42.5 single-valued summary Min • Max • Avg • 6: 6:00 00 7: 7:00 00 8: 8:00 00 9:00 9: 00 10:00 10: 00 Sum • … … 33.3 … … Count • Sumo Logic Confidential

  18. Quantization: rollup / time-based aggregation Raw event/observation data à coarser, more regular !: # ℝ → ℝ 1-minute aggregations à 1-hour aggregations, etc Aggregation: map from 8: 8:00 00 8: 8:01 01 … 8: 8:58 58 8: 8:59 59 multiset of floats to some 60.1 43.2 33.3 45.1 42.5 single-valued summary Min • Max • Avg • 6: 6:00 00 7:00 7: 00 8: 8:00 00 9:00 9: 00 10:00 10: 00 Sum • … … 33.3 … … Count • Percentiles? • Sumo Logic Confidential

  19. SRE percentiles Percentile as guarantee p99 < 2000 ms translates into unambiguous language: avg = 1485 ms • “No more than 1% of p95 = 4894 ms • customer requests take longer than 2 seconds to execute” Sumo Logic Confidential

  20. Percentiles via CDF -1 p60 = -1.8 etc... https://en.wikipedia.org/wiki/Normal_distribution Sumo Logic Confidential

  21. Algebraic structure for fun and profit Example: item counts f ( s 1 + s 2 ) = f ( s 1 ) ⊕ f ( s 2 ) data data data Sumo Logic Confidential

  22. Algebraic structure for fun and profit Example: word counts f ( s 1 + s 2 ) = f ( s 1 ) ⊕ f ( s 2 ) Aggregate of combined data Combination of aggregates Monoid data homomorphism! data data Sumo Logic Confidential

  23. Percentile original sin: ! " # + " % ≠ ! " # ⊕ !(" % ) Not a monoid homomorphism In general, cannot combine: • – p95 of dataset X – p95 of dataset Y • ...to say anything meaningful at all about dataset X ∪ Y Impress your SRE/DevOps friends at parties! • Sumo Logic Confidential

  24. Basic aggregation: across series What is max write_latency of entire foobuzz cluster? 8: 8:01 01 8: 8:02 02 8: 8:03 03 8: 8:04 04 8: 8:05 05 … 64 128 72 144 96 … host=foobuzz-1 23 33 49 57 37 … host=foobuzz-2 46 101 78 58 39 … host=foobuzz-3 … … … … … … f = MAX( ) 8: 8:01 01 8: 8:02 02 8: 8:03 03 8: 8:04 04 8: 8:05 05 … 55.3 47.1 76.8 52.3 41.7 Sumo Logic Confidential

  25. Basic aggregation: across time (aka “fold”) What is average queue depth of each foobuzz host over this time period? f = AVG( ) 8: 8:01 01 8: 8:02 02 8:03 8: 03 … 64 128 72 … 103.4 host=foobuzz-1 23 33 49 … 48.6 host=foobuzz-2 46 101 78 … 62.1 host=foobuzz-3 … … … … Sumo Logic Confidential

  26. Comparison Time-shifted comparisons 160 140 How does write_latency for this foobuzz 120 instance compare versus yesterday ? 100 80 60 deployment=production 40 cluster=indexer 20 host=foobuzz-21 0 metric=write_latency 8:01 8:02 8:03 8:04 8:05 units=ms Now Timeshift 8: 8:01 01 8: 8:02 02 8: 8:03 03 8: 8:04 04 8:05 8: 05 … 64 128 72 144 96 … 8: 8:01 01 8: 8:02 02 8:03 8: 03 8:04 8: 04 8:05 8: 05 … (-24h 24h) (-24h 24h) (-24h 24h) (-24h 24h) (-24h 24h) 23 12 18 37 24 … Sumo Logic Confidential

  27. Comparison Time-shifted comparisons 160 140 How does write_latency for this foobuzz 120 instance compare versus yesterday ? 100 80 60 deployment=production 40 cluster=indexer 20 host=foobuzz-21 0 metric=write_latency 8:01 8:02 8:03 8:04 8:05 units=ms Now Timeshift 8: 8:01 01 8: 8:02 02 8: 8:03 03 8: 8:04 04 8:05 8: 05 … 64 128 72 144 96 … 8: 8:01 01 8: 8:02 02 8:03 8: 03 8:04 8: 04 8:05 8: 05 … (-24h 24h) (-24h 24h) (-24h 24h) (-24h 24h) (-24h 24h) 23 12 18 37 24 … Sumo Logic Confidential

  28. Windowing data Aka “grouping over time” Tiled / Fixed • Sliding / Rolling • … See Tyler Akidau (Apache Beam) • – QCon SF 2016 slides – ”Beyond Batch” blog posts Part 1, Part 2 Sumo Logic Confidential

  29. Handling ”missing” data Reality: often messy! pandas fillna() – some very sane basics • Fancier model / ML based approaches • – try to “predict” missing data – “imputation” (statistics / econometrics) inference / sampling (probabilistic models) – Sumo Logic Confidential

  30. Original data Fixed value (mean) (notebook code on Github) Forward fill Back fill Interpolation Sumo Logic Confidential

  31. Fixed-threshold alerting ”Wake somebody up if the site is down” Sumo Logic Confidential

  32. MACHINE SCALE = overwhelming complexity! N ≈ one million series Can’t analyze them all • • Can’t even look at them ! " pairs to compare • • Historical comparisons over different timescales • PROBLEM: how to “scale” expert human time and attention? Sumo Logic Confidential

  33. “Machine learning studies computer algorithms for learning to do stuff.” -Prof. Rob Schapire (COS 511 scribe notes) Sumo Logic Confidential

  34. ML cheat sheet Uh oh NO Is machine learning Do you know what right for you? you’re trying to accomplish? YES Do that YES Can you do it with simple / deterministic analysis? NO Let’s try ML…? Sumo Logic Confidential

  35. Predictive models and outliers Surprise: Your prediction is wrong! Sumo Logic Confidential

  36. Outlier detection via predictive modeling “It ’s tough to make predictions, especially about the future” KEY ASSUMPTIONS 1. In “steady-state”, data exhibit some regularity / predictability 2. Learn a model of this behavior 3. Major deviations from our expectation represent new underlying behavior or totally novel “exogenous shock” 4. These surprises are valuable to discover Sumo Logic Confidential

  37. Outlier detection via predictive modeling “It ’s tough to make predictions, especially about the future” KEY ASSUMPTIONS 1. In “steady -state”, data exhibit some regularity / predictability 2. Learn a model of this behavior 3. Major deviations from our expectation represent new underlying behavior or KEY Qs totally novel “exogenous shock” 1. Is behavior actually regular? 4. These surprises are valuable to discover 2. How to model behavior? 3. How major is “major”? 4. Are surprises actually valuable? Sumo Logic Confidential

Download Presentation
Download Policy: The content available on the website is offered to you 'AS IS' for your personal information and use only. It cannot be commercialized, licensed, or distributed on other websites without prior consent from the author. To download a presentation, simply click this link. If you encounter any difficulties during the download process, it's possible that the publisher has removed the file from their server.

Recommend

Time for Break: Understanding Information Workers Sedentary Behavior Through a Break Prompting

Time for Break: Understanding Information Workers Sedentary Behavior Through a Break Prompting

Time for Break: Understanding Information Workers Sedentary Behavior Through a Break Prompting System Yuhan Luo ! Bongshin Lee &quot; Donghee Yvette Wohn # Amanda L. Rebar $ David E. Conroy % Eun Kyoung Choe ! ! University of Maryland, &quot;

559 views • 38 slides
State-based Behavior I SWEN-261 Introduction to Software Engineering Department of Software

State-based Behavior I SWEN-261 Introduction to Software Engineering Department of Software

State-based Behavior I SWEN-261 Introduction to Software Engineering Department of Software Engineering Rochester Institute of Technology A large part of software behavior is dependent on the state of the system, i.e. state-based. A

115 views • 9 slides
SAQL : A Stream-based Query System for Real-Time SA Abnormal System Behavior Detection Peng Gao 1

SAQL : A Stream-based Query System for Real-Time SA Abnormal System Behavior Detection Peng Gao 1

SAQL : A Stream-based Query System for Real-Time SA Abnormal System Behavior Detection Peng Gao 1 , Xusheng Xiao 2 , Ding Li 3 , Zhichun Li 3 , Kangkook Jee 3 , Zhenyu Wu 3 , Chung Hwan Kim 3 , Sanjeev R. Kulkarni 1 , Prateek Mittal 1 1 Princeton

453 views • 24 slides
CS445/ECE 451/CS645 Software Requirements Specifications &amp; Analysis Behavioural Modelling U

CS445/ECE 451/CS645 Software Requirements Specifications &amp; Analysis Behavioural Modelling U

CS445/ECE 451/CS645 Software Requirements Specifications &amp; Analysis Behavioural Modelling U Waterloo CS445/ECE451/CS645 Fall 2019 1 Glossary System behavior: is how a system acts and reacts. Behavior model: a view of a system that

785 views • 42 slides
Understanding User Cognition: from Everyday Behavior and Spatial Ability to Code Writing and

Understanding User Cognition: from Everyday Behavior and Spatial Ability to Code Writing and

Understanding User Cognition: from Everyday Behavior and Spatial Ability to Code Writing and Review Yu Huang University of Michigan Dec 11, 2019 Break Down the Title A standard workday of a software developer Problem Introduction and

1.64k views • 114 slides
Understanding User Cognition: from Everyday Behavior and Spatial Ability to Code Writing and

Understanding User Cognition: from Everyday Behavior and Spatial Ability to Code Writing and

Understanding User Cognition: from Everyday Behavior and Spatial Ability to Code Writing and Review Yu Huang University of Michigan Dec 11, 2019 Break Down the Title A standard workday of a software developer Problem Introduction and

1.5k views • 121 slides
@ .To increase understanding of the The difference between &quot;conscious/explicit behavior&quot;

@ .To increase understanding of the The difference between &quot;conscious/explicit behavior&quot;

4/s/2OtB nderstanding Human Behavior U GOALS @ .To increase understanding of the The difference between &quot;conscious/explicit behavior&quot; vs. nature and sources of implicit bias &quot;unconscious/implicit behavior&quot; . To understand

286 views • 17 slides
Behavior through Data: Behavior Incident Report System Myrna Veguilla Lise Fox University of

Behavior through Data: Behavior Incident Report System Myrna Veguilla Lise Fox University of

Addressing Challenging Behavior through Data: Behavior Incident Report System Myrna Veguilla Lise Fox University of South Florida Agenda Introduction to the Behavior Incident Report System BIRS Excel Spreadsheet Questions Our goal is

863 views • 31 slides
Understanding the propagation of hard errors to software and implications for resilient system

Understanding the propagation of hard errors to software and implications for resilient system

Faculty of Computer Science Institute of Systems Architecture, Operating Systems Group Understanding the propagation of hard errors to software and implications for resilient system design M. Li, P. Ramachandran, S. Sahoo, S. Adve, V. Adve, Y.

414 views • 10 slides
Software Reliability and System reliability Steven J Zeil Old Dominion Univ. Spring 2012 1

Software Reliability and System reliability Steven J Zeil Old Dominion Univ. Spring 2012 1

Introduction Dependability Failure Behavior of an X-ware System Software Reliability and System reliability Steven J Zeil Old Dominion Univ. Spring 2012 1 Introduction Dependability Failure Behavior of an X-ware System Software

1.07k views • 41 slides
Software Reliability and System Reliability Introduction 1 Software Reliability and System

Software Reliability and System Reliability Introduction 1 Software Reliability and System

Introduction Dependability Failure Behavior of an X-ware System Introduction Dependability Failure Behavior of an X-ware System Software Reliability and System Reliability Introduction 1 Software Reliability and System reliability

359 views • 8 slides
Understanding the Structure of Programs is Difficult Software Clustering Developers create

Understanding the Structure of Programs is Difficult Software Clustering Developers create

Understanding the Structure of Programs is Difficult Software Clustering Developers create sophisticated applications that Decomposing a large software system into meaningful subsystems are complex and involve a large number of

301 views • 5 slides
Method Dispatch in Java Principles of Software System Construction Principles of Software System

Method Dispatch in Java Principles of Software System Construction Principles of Software System

Method Dispatch in Java Principles of Software System Construction Principles of Software System Construction Prof. Jonathan Aldrich Fall 2011 How does a Method Call Execute? Example call: x.foo(5); Step 1 (compile time): determine what

165 views • 4 slides
Roadmap for Section 9.2 Windows NT/2000/XP/2003 real-time behavior Windows NT/2000/XP/2003 I/O

Roadmap for Section 9.2 Windows NT/2000/XP/2003 real-time behavior Windows NT/2000/XP/2003 I/O

Unit OS9: Real-Time and Embedded Systems 9.2. Real-Time Systems with Windows Windows Operating System Internals - by David A. Solomon and Mark E. Russinovich with Andreas Polze Roadmap for Section 9.2 Windows NT/2000/XP/2003 real-time behavior

606 views • 24 slides
State-based Behavior II SWEN-261 Introduction to Software Engineering Department of Software

State-based Behavior II SWEN-261 Introduction to Software Engineering Department of Software

State-based Behavior II SWEN-261 Introduction to Software Engineering Department of Software Engineering Rochester Institute of Technology There are a number of benefits for explicitly modeling state-based behavior. Explicitly defining

141 views • 13 slides
Visualizing Structure, Behavior and Evolution of Software Lecture Notes: Software Visualization,

Visualizing Structure, Behavior and Evolution of Software Lecture Notes: Software Visualization,

Visualizing Structure, Behavior and Evolution of Software Lecture Notes: Software Visualization, Winter Term 2002/2003, Saarland University Stephan Diehl January 30, 2003 2 Contents 1 Introduction 5 1.1 What is it all about? . . . . . .

673 views • 44 slides
Obstacles in Numerical Calculations Erik Schnetter Paris, November 2006 Obstacles in Numerical

Obstacles in Numerical Calculations Erik Schnetter Paris, November 2006 Obstacles in Numerical

Obstacles in Numerical Calculations Erik Schnetter Paris, November 2006 Obstacles in Numerical Calculations General Numerical Relativity Analysis Numerical Relativity Layout Hawking Energy Ricci tensor and higher derivatives

494 views • 13 slides
October 7th, 1997 6:00pm Arrive hotel in New York City. Phone system does not support

October 7th, 1997 6:00pm Arrive hotel in New York City. Phone system does not support

October 7th, 1997 6:00pm Arrive hotel in New York City. Phone system does not support my modem. Cell phone reception is terrible. 8:45pm Phone call from Eric Bates. I think that we have a visitor. Wed October

836 views • 37 slides
Evaluating Technologies UNC COMP 523 Wed Sep 2, 2020 Prof. Jeff Terrell 1 / 30 Announcements

Evaluating Technologies UNC COMP 523 Wed Sep 2, 2020 Prof. Jeff Terrell 1 / 30 Announcements

Evaluating Technologies UNC COMP 523 Wed Sep 2, 2020 Prof. Jeff Terrell 1 / 30 Announcements intro music: Any Colour You Like by Pink Floyd, because (a) you get to pick colors (colours) in your designs and (b) most of you get some say in what

621 views • 30 slides
DQM Status DQM Status Status as used (or not used) during 04/2016 test beam GUI CSS Gui

DQM Status DQM Status Status as used (or not used) during 04/2016 test beam GUI CSS Gui

DQM Status DQM Status Status as used (or not used) during 04/2016 test beam GUI CSS Gui prepared for 40 ladders (precompiled) Available from belle2 software repository but rolled-out only scaled down version for used sensors to avoid confusion

363 views • 9 slides
on Smartphones &amp; Tablets with Trusted Computing Stefan Saroiu Microsoft Research (Redmond)

on Smartphones &amp; Tablets with Trusted Computing Stefan Saroiu Microsoft Research (Redmond)

Protecting Data on Smartphones &amp; Tablets with Trusted Computing Stefan Saroiu Microsoft Research (Redmond) Smartphones have displaced PCs as the primary computing device Smartphones Store Sensitive Data Sensor Readings Have Value

1.34k views • 83 slides
Functional Programming June 2, 2019 Functional Programming June 2, 2019 1 / 24 Mayer Goldberg \

Functional Programming June 2, 2019 Functional Programming June 2, 2019 1 / 24 Mayer Goldberg \

Functional Programming June 2, 2019 Functional Programming June 2, 2019 1 / 24 Mayer Goldberg \ Ben-Gurion University Mayer Goldberg \ Ben-Gurion University Road Map Functional Programming June 2, 2019 2 / 24 Introduction to Functional

411 views • 24 slides
rs t rs

rs t rs

rs t rs t rt Ptr r r

619 views • 18 slides
2 nd semester Topic 35: Messages on the phone In our daily life we are trying to save our

2 nd semester Topic 35: Messages on the phone In our daily life we are trying to save our

2 nd semester Topic 35: Messages on the phone In our daily life we are trying to save our time by sending short, but understandable messages to our friends This movement is on trend now Since we have connection to the internet

317 views • 6 slides

More recommend