In recent years, computer systems have increased their significance as infrastructure in various fields. It has become increasingly desirable that computer systems keep working normally without stopping. For that reason, various technologies are being developed to monitor the operating conditions of a computer system and detect defects in the system at an early stage.
For example, in a business system, analysis of transactions proves useful in monitoring the processing status. One conventional technology described in Japanese Laid-open Patent Publication 2006-11683 collects logs of messages exchanged on a network for transaction processes and estimate transactions based on calling relations between messages in the logs.
FIG. 15 is an explanatory diagram for explaining a system analyzing apparatus that performs system analysis by extracting transactions from a message log. In FIG. 15, an analyzed transaction system includes a WEB server that performs processes in a web layer, an APL server that performs processes in an application (APL) layer, a DB server that performs processes in a database (DB) layer, and switches for connecting the servers. The system analyzing apparatus generates a transaction model using protocol logs collected from the analyzed transaction system, extracts transactions from analyzed protocol logs by referring to the generated transaction model, and analyzes the transaction system.
Herein, a protocol log is a log of messages that are transmitted/received by each server while processing transactions. The messages are communicated using a variety of protocols such as the HyperText Transfer Protocol (HTTP), the Internet Inter-ORB Protocol (IIOP), and the Structured Query Language (SQL) protocol. A transaction model is a model of each transaction generated based on messages transmitted/received by each server for transaction processing. Transaction model is generated for each type of transaction.
In this way, the system analyzing apparatus can extract, without manual assistance, various types of transactions including infrequent transactions that have been processed by the transaction system and analyze the transaction system.
However, in a conventional system analyzing apparatus, the degree of accuracy in extracting transactions decreases when there is high load from a client. FIGS. 16A and 16B are explanatory diagrams for explaining the problems in a conventional system analyzing apparatus.
As illustrated in FIG. 16A, while generating a transaction model and while analyzing messages, a system analyzing apparatus performs a name merge process in which the values of parameters, such as user IDs or session IDs included in messages, are converted into predetermined values according to a name merge rule. In FIG. 16A, according to a name merge rule that the values of parameters “b” and “uid” are to be replaced with “#”, the value of the parameter “b” is converted from “yyy” into “#” and the value of the parameter “uid” is converted from “abc0123” to “#”.
The values of the parameters such as the user IDs or the session IDs are different for each transaction even if the transaction model is identical. Thus, if the name merge process is not performed, the system analyzing apparatus may falsely recognize transactions of the identical transaction model as transactions of different transaction models because of the different values of the parameters, while performing matching of a message log and a transaction model. Such false recognition can be prevented by performing the name merge process. The details of the name merge process are described in Japanese Laid-open Patent Publication No. 2006-236280.
However, as illustrated in FIG. 16B, if there is high load on a transaction system and if two transactions of the same transaction model have an identical portion, that is, if sets of messages corresponding to two transactions are partly identical, the sets of messages corresponding to these two transactions can be undistinguishable after the name merge. Then, the system analyzing apparatus has difficulties in determining which message corresponds to which transaction. For example, in the case of FIG. 16B, it is not possible to determine which of the two HTTP messages corresponds to a transaction 1 and which HTTP message corresponds to a transaction 2.