The multi-source data generated by distributed systems, provide a holistic description of the system. Harnessing the joint distribution of the different modalities by a learning model can be beneficial for critical applications for maintenance of the distributed systems. One such important task is the task of anomaly detection where we are interested in detecting the deviation of the current behaviour of the system from the theoretically expected. In this work, we utilize the joint representation from the distributed traces and system log data for the task of anomaly detection in distributed systems. We demonstrate that the joint utilization of traces and logs produced better results compared to the single modality anomaly detection methods. Furthermore, we formalize a learning task - next template prediction NTP, that is used as a generalization for anomaly detection for both logs and distributed trace. Finally, we demonstrate that this formalization allows for the learning of template embedding for both the traces and logs. The joint embeddings can be reused in other applications as good initialization for spans and logs.

中文翻译：

---

分布式IT系统中的多源异常检测

分布式系统生成的多源数据提供了系统的整体描述。通过学习模型利用不同模式的联合分布，对于维护分布式系统的关键应用程序可能是有益的。这样的重要任务之一就是异常检测的任务，我们有兴趣检测系统当前行为与理论上预期的偏差。在这项工作中，我们将来自分布式跟踪和系统日志数据的联合表示用于分布式系统中异常检测的任务。我们证明，与单模态异常检测方法相比，跟踪和日志的联合利用产生了更好的结果。此外，我们确定了学习任务的形式-下一个模板预测NTP，用作日志和分布式跟踪的异常检测的一般化。最后，我们证明了这种形式化允许学习跟踪和日志的模板嵌入。联合嵌入可以作为跨度和日志的良好初始化在其他应用程序中重复使用。