System for decomposing clustering events from managed infrastructures

US 10,013,476 B2
Filed: 07/08/2014
Issued: 07/03/2018
Est. Priority Date: 04/28/2014
Status: Active Grant

First Claim

Patent Images

1. An event clustering system with a processor that generates reports, comprising:

an extraction engine in communication with an infrastructure, the extraction engine in operation receiving data from the infrastructure and produces events and populates a database with a dictionary of event or graph entropy;

an alert engine that receives the events and creates alerts mapped into a matrix, M;

a signalizer engine that includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine, the signalizer engine determining one or more common steps from events and produces clusters relating to the alerts and or events, where membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware of the infrastructure directed to supporting the flow and processing of information;

the topology proximity engine using a source address for each event and topology of the infrastructure which represents node to node connectivity of the topology proximity engine and to assign a graph coordinate of a graph to the event with an optional subset of attributes being extracted for each event and turned into a vector of the graph, the topology engine inputs a list of devices and a list a connections between components or nodes in the infrastructure where the graph entropy is calculated for each node in the graph;

one or more interaction displays that provide a collaborative interface a coupled to the extraction and the signalizer engine for decomposing events from the infrastructure; and

a reporting engine configured to be coupled to the event clustering system, the reporting engine configured to generate a report from at least one of the clusters and the events that are retrieved from the collaborative interfacea source address for each event to assign a graph coordinate in the graph to the event with an optional subset of attributes being extracted for each event and turning that into a vector of the graph; and

in response to production of the clusters making one or more physical chances in the infrastructure hardware.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An event clustering system is configured to generate reports. An extraction engine is in communication with an infrastructure. The extraction engine in operation receives data from the infrastructure and produces events. An alert engine receives the events and creates alerts mapped into a matrix, M. A sigalizer engine includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine. The sigalizer engine determines one or more common steps from events and produces clusters relating to the alerts and or events. A reporting engine is configured to be coupled to the event clustering system.

50 Citations

23 Claims

1. An event clustering system with a processor that generates reports, comprising:
- an extraction engine in communication with an infrastructure, the extraction engine in operation receiving data from the infrastructure and produces events and populates a database with a dictionary of event or graph entropy;
  
  an alert engine that receives the events and creates alerts mapped into a matrix, M;
  
  a signalizer engine that includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine, the signalizer engine determining one or more common steps from events and produces clusters relating to the alerts and or events, where membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware of the infrastructure directed to supporting the flow and processing of information;
  
  the topology proximity engine using a source address for each event and topology of the infrastructure which represents node to node connectivity of the topology proximity engine and to assign a graph coordinate of a graph to the event with an optional subset of attributes being extracted for each event and turned into a vector of the graph, the topology engine inputs a list of devices and a list a connections between components or nodes in the infrastructure where the graph entropy is calculated for each node in the graph;
  
  one or more interaction displays that provide a collaborative interface a coupled to the extraction and the signalizer engine for decomposing events from the infrastructure; and
  
  a reporting engine configured to be coupled to the event clustering system, the reporting engine configured to generate a report from at least one of the clusters and the events that are retrieved from the collaborative interfacea source address for each event to assign a graph coordinate in the graph to the event with an optional subset of attributes being extracted for each event and turning that into a vector of the graph; and
  
  in response to production of the clusters making one or more physical chances in the infrastructure hardware.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23)
- - 2. The system of claim 1, wherein the reporting engine generates reports from the clustered events and/or messages.
  - 3. The system of claim 1, wherein the report engine is coupled to a situation room of the event clustering system.
  - 4. The system of claim 1, wherein computer-executable instructions implement the reporting engine.
  - 5. The system of claim 4, wherein the instructions include a predefined procedure component, a metadata component, or layer, and an interface component.
  - 6. The system of claim 1, wherein the reporting engine generates a report from the clustered events and/or messages which can be retrieved from a situation room.
  - 7. The system of claim 1, wherein the reporting engine is in communication with one or more dashboards associated with a situation room and retrieves information therefrom in response to a request that is used to generate a report.
  - 8. The system of claim 5, wherein clustered events/messages are in a database.
  - 9. The system of claim 8, wherein the metadata layer is maintained separately or together with the data to be searched in the database.
  - 10. The system of claim 1, wherein queries regarding the clustered events/messages are answered through reports generated from structured query language (SQL) statements.
  - 11. The system of claim 1, wherein the reporting engine includes a metadata layer, an interface and a procedure component.
  - 12. The system of claim 1, wherein the clustered events/messages have several dimensions.
  - 13. The system of claim 12, wherein one of the dimensions is a procedure component.
  - 14. The system of claim 13, wherein the procedure component is a predefined, stored procedure report, with the reporting engine returning a result set that matches a user-specified search.
  - 15. The system of claim 11, wherein metadata in the metadata layer describes clustered events/messages that can be in a database or accessed via a dashboard directly.
  - 16. The system of claim 15, wherein the metadata layer includes entities and SQL views describing at least one of, related dimensions, attributes, measures, and facts relative to the clustered events/messages.
  - 17. The system of claim 15, wherein an attribute is a descriptive characteristic of one or more levels representing logical groupings that enable end users to select information based on like characteristics.
  - 18. The system of claim 15, wherein an attribute is displayed as a column or row in a dimension that characterizes elements of a single level.
  - 19. The system of claim 13, wherein the procedure component accepts inputs from a user according to a query syntax of interface.
  - 20. The system of claim 19, wherein the procedure component takes the inputs and matches them with a metadata layer.
  - 21. The system of claim 20, wherein following the matching a set of SQL statements retrieves information from the clusters.
  - 22. The system of claim 20, wherein in response to the reporting engine receiving a request for information to be retrieved it uses the metadata.
  - 23. The system of claim 22, wherein a procedure component of the reporting engine constructs a query that is run and a report is returned.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Moogsoft Inc. (Dell Technologies Inc.)
Inventors
Tee, Philip
Primary Examiner(s)
Trapanese, William C

Application Number

US14/325,521
Publication Number

US 20150310085A1
Time in Patent Office

1,456 Days
Field of Search

None
US Class Current
CPC Class Codes

G06F 16/285   Clustering or classification

G06F 16/35   Clustering; Classification

G06Q 10/107   Computer-aided management o...

H04L 12/1895   for short real-time informa...

H04L 41/065   involving logical or physic...

H04L 41/12   Discovery or management of ...

H04L 41/22   comprising specially adapte...

H04L 51/216   Handling conversation histo...

H04L 51/224   providing notification on i...

H04L 51/42   Mailbox-related aspects, e....

System for decomposing clustering events from managed infrastructures

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

50 Citations

23 Claims

Specification

Use Cases

Quick Links

Others

System for decomposing clustering events from managed infrastructures

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

50 Citations

23 Claims

Specification

Subscription Required

Use Cases

Quick Links

Others