(3.1) Background not Limiting
The approaches described herein could be pursued, but are not necessarily approaches that have been previously conceived. Therefore, unless otherwise specifically indicated herein, the approaches described herein are not prior art, and are not admitted to be prior art by inclusion herein.
(3.2) Possible Solutions for Network Monitoring
One problem that has arisen, particularly in the field of network monitoring, is maladjustment of the network, particularly with respect to contention for resources available in the network. For example, resources available in the network might be maladjusted or otherwise improperly assigned to elements in (such as users of) those resources. This might result in excess, or otherwise improper, contention for those resources by elements in the network, with the possible effect that the network does not provide an efficient use of its resources to those users.
These resources might include processor availability, memory or storage availability, network bandwidth availability, network monitoring views, and other resources possibly available to users of the network, whether real or virtual. Maladjustment of any of these aspects of the network can lead to large numbers of alerts (sometimes referred to herein as “storms”), sometimes with respect to issues that have little to do with the resource actually being contended for.
Storms can be caused by a number of different factors. The inventors have identified at least the following as being of particular concern:                Resource contention storms;        Performance activity storms;        Degradation storms; and        other storms for contention for a resource, that are not originally caused by contention for that particular resource.        
(3.2.1) Resource Contention Storms
Resource contention storms can be caused by elements in (such as users of) a DNME (distributed network monitoring environment) attempting to use too much of a shared resource, with the effect that substantially none of those elements are able to use any significant amount of the resource. However, these storms can present to an operator as a large number of alerts that are seemingly irrelevant to the nature of the problem. Examples might include alerts with respect to (a) processor time, (b) memory utilization, (c) storage utilization, (d) network bandwidth utilization, (e) application delivery utilization, and (f) other resources for which the network has only limited capacity.
(3.2.2) Performance Activity Storms
Performance activity storms can be caused by unusual activity in a DNME, such as unusual use of services or applications, and can sometimes be the result of spamming or botnet activity. Examples might include alerts with respect to (a) unusual email activity, (b) unusual upload activity, (c) unusual download activity, (d) unusual file-sharing activity, (e) unusual application server activity, (f) unusual application client activity, (g) unusual desktop delivery or application delivery, and other unusual activity with respect to available network resources.
(3.2.3) Degradation Storms
Degradation storms can cause noticeable degradation in resource performance, in a distributed network monitoring environment, and might include alerts with respect to (a) virtual machine degradation, (b) application user degradation, (c) desktop user degradation, and other degradation with respect to available network resources.
(3.2.4) In General
In general, alert storms might represent activity by any elements in a DNME; their sources can sometimes be determined by careful analysis of the problem. While this can generally achieve mitigation of the alert storm, the underlying problem can remain unsolved, only to reappear (at, most likely of course, the most inopportune possible time).
Accordingly, early analysis of alert storms, and if possible, automated remediation, can be desirable.
(3.3) Some Drawbacks of the Known Art
Each of these issues, either alone or in combination with others, at some times, or in some conditions, can difficulty in aspects of effective and efficient use of distributed network resources, particularly when applied to one or more devices in a distributed network monitoring environment.