Businesses often need to monitor the real-time behaviour and performance of applications that are distributed across multiple network-connected nodes, physical or virtual, with respect to meaningful data messages passed between the nodes. Application data messages between the nodes may be monitored at various possible locations including within the application, within the nodes, or at some intermediate network device. In some cases, it is only possible to monitor such messages by monitoring the network itself. This can be the case when there is no way to access application data directly on the host computer or application server. To obtain a higher level understanding of the application performance, the data messages being passed between nodes require correlation into transactions.
While several methods and system have been proposed for application data message monitoring, these methods and systems have disadvantages. For example, U.S. Pat. No. 7,805,510 to Bansal et al. discloses a hierarchy for characterizing interactions with an application and teaches a network monitoring system and an application monitoring system working in conjunction. The two sources of data are combined to formulate transactions within a hierarchy that ranges from components up to business processes within a domain. Bansel et al. also discloses implementations of either network or application monitoring within the same hierarchy. Types of transactions are defined at each level of the hierarchy. The composition of higher level transactions relies on associating a plurality of lower level transactions (or “components” at the lowest level) all from the same network link. However, Bansal et al. does not disclose a method for following transactions across multiple links of a complex network topology.
As another example, U.S. Pat. No. 6,701,459 to Ramanathan et al. discloses a root-cause approach to problem diagnosis in data networks and teaches generating a network topology representation, subsequently generating a logical network topology, mapping the components of the topology into layers of hierarchy based on the protocol stack, and mapping specific measurements to the layers. As such, Ramanathan et al. uses a network topology, both physical and logical, to interpret data derived from the system. It recognizes a specific hierarchy that enables the data to be interpreted effectively and translates the interpreted data into performance measures that are specific to the level within the hierarchy that the data applies to. However, the hierarchy of Ramanathan et al. is specific to the protocol stack in use within the system. The levels correspond approximately to each layer within the OSI Layer model such that events or data are specific to a given protocol within the stack. As such, Ramanathan does not address higher level transactions across multiple links in a network.
As a further example, United States Patent Application Publication No. 2011/0035493 by Shacham et al. discloses an apparatus and method for tracking requests in a multi-threaded, multi-tier computerized environment and teaches detecting messages being passed between components of a multi-tier system, correlating the messages between neighbouring tiers, and thereby associating them together across the tiers. However, while Shacham et al. provides for a simplified form of correlation across adjacent links, it does not teach how these are subsequently correlated across multiple tiers of a complex network topology to form higher-level transactions or how correlation can be optimized for real-time processing.
A need therefore exists for an improved method and system for monitoring performance of an application system which is distributed across network connected nodes. Accordingly, a solution that addresses, at least in part, the above and other shortcomings is desired.