| CPC G06F 8/61 (2013.01) [G06F 11/3006 (2013.01); G06F 11/3428 (2013.01); G06F 11/3452 (2013.01)] | 23 Claims |
|
1. A method, comprising:
operating multiple separate endpoint information handling systems coupled together by a network within an information technology (IT) environment;
operating one or more hardware components of each given one of the multiple separate endpoint information handling systems while each given one of the multiple separate endpoint information handling systems is coupled together by the network within the information technology (IT) environment, the one or more hardware components of each one of the multiple separate endpoint information handling systems comprising at least a central processing unit (CPU) coupled to system memory and system storage;
changing operation of the one or more hardware components of each given one of the multiple separate endpoint information handling systems to cause each given one of the one or more hardware components to operate under variable operating conditions over time by operating each given one of the one or more hardware components at a first operating condition occurring at a first time and operating each given one of the one or more hardware components at a second operating condition occurring at a second time, the first operating condition being different from the second operating condition and the first time being different than the second time;
monitoring and capturing the variable operating conditions over time for each given one of the multiple separate endpoint information handling systems;
determining a current value of at least one predefined metric and determining a different benchmark value of the at least one predefined metric corresponding to the monitored and captured variable conditions for each given individual one of the multiple separate endpoint information handling systems, the benchmarkvalue of the at least one predefined metric being separately determined for each given individual one of the multiple separate endpoint information handling systems byseparately measuring a monitored value of the at least one predefined metric for given individual one of the multiple separate endpoint information systems during a benchmark time period that is a sliding window time period determined on a rolling basis to be the most recent previous time period for which a previous value of the at least one predefined metric was measured;
determining any change between the current value and the benchmark value of the at least one predefined metric for each given one of the multiple separate endpoint information handling systems;
then associating each determined change between the current value and the benchmark value of the predefined metric for each given one of the multiple separate endpoint information handling systems with at least one common context attribute that is a common process-level event that is associated with each given one of the multiple separate endpoint information handling systems;
then identifying a group of the multiple separate endpoint information handling systems that each has a corresponding determined change between the current value and the benchmark value of the predefined metric that is associated with the at least one common process-level event; and
then reporting information regarding the identified group of the multiple separate endpoint information handling systems to a user of a designated information handling system coupled by the network to each of the multiple separate endpoint information handling systems within the IT environment;
where the method further comprises determining whether a number of endpoint information handling systems in the identified group of the multiple separate endpoint information handling systems that have the corresponding determined change represents a deviation that is greater than a predefined threshold value (TH); and then proceeding as follows only if it is determined that the number of endpoint information handling systems in the identified group of the multiple separate endpoint information handling systems that have the corresponding determined change represents a deviation that is greater than the predefined threshold value (TH):
determining any change between a current value and a benchmark value of one or more additional designated metrics for each given one of the multiple separate endpoint information handling systems coupled together by the network within the IT environment, at least one of the additional designated metrics being different than the predefined metric,
then associating each determined change between the current value and the benchmark value of each of the additional designated metrics for each given one of the multiple separate endpoint information handling systems with at least one common additional designated context attribute that is associated with the given one of the multiple separate endpoint information handling systems,
then identifying a respective group of the multiple separate endpoint information handling systems that each has a corresponding determined change between the current value and the benchmark value of each of the additional designated metrics that is associated with a corresponding respective common additional designated context attribute,
then comparing the size of each respective identified group of multiple separate endpoint information handling systems that each has a corresponding determined change to a reporting threshold value, and
then only reporting to the user of the designated information handling system the identity of each of the common additional designated context attributes that is associated with a corresponding respective additional designated metric that has a corresponding determined change that is greater than or equal to the reporting threshold value.
|