Detection, remediation and inference rule development for multi-layer information technology (“IT”) structures

US 10,235,227 B2
Filed: 10/12/2015
Issued: 03/19/2019
Est. Priority Date: 10/12/2015
Status: Active Grant

First Claim

Patent Images

1. An apparatus for detection, remediation and inference rule development for multi-layer information technology (“

IT”

) structures, wherein layers in the multi-layer IT structure consists of a network layer, a virtual layer, an operating system layer, a middle ware (“

MW”

) layer and a data layer, the apparatus comprising;

an event generator that monitors for, retrieves, and pools a plurality of error events and a plurality of performance events from a collection of alerting sources, said alerting sources for providing alerts from the network layer, the virtual layer, the operating system layer, the MW layer and the data layer;

an event parser that provides a system status; and

an analytics engine that detects a plurality of patterns and a plurality of relationships in the retrieved error events, the patterns including an identification of a specific one of the network layer, the virtual layer, the operating system layer, the MW layer and the data layer, within which the error occurred, and an identification of performance events and system status, and an identification of model event hierarchies based on the detected patterns and relationships, wherein said detecting a plurality of patterns comprises indexing the error events into one of the memory-related issues, DSN-related issues, resource-related issues attributed to infrastructure resources and “

String not found”

related issues that were followed by application failure, said indexing further comprising self-constructively cataloguing the error events based on the indexing;

wherein said analytics engine is configured to invoke one or more auto-remediation processes in response to pre-determined indexed error events, said one or more auto-remediation processes based, at least in part, on the detected patterns, relationships and hierarchies, and wherein said analytics engine is for detecting a threshold number of occurrences relating to a sequence of a pre-determined number of memory errors over a pre-determined period of time;

wherein the analytics engine invokes at least one auto-remediation process in response to the detection of the pre-determined number of memory errors over a pre-determined period of time, said auto-remediation process comprising at least one of restart, bounce service, kill present application and exit current routine.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An apparatus for detection, remediation and inference rule development for multi-layer information technology IT structures is provided. Certain embodiments of the apparatus may include an event generator. The event generator may monitor for, retrieve, and pool error events and performance events from alerting sources. The alerting sources may provide event information from one more of multiple layers. The apparatus may also include an event parser that provides a system status. The apparatus may include an analytics engine that detects patterns and relationships in the retrieved error events, performance events and system status, and models event hierarchies based on the detected patterns and relationships. The analytics engine may invoke auto-remediation processes in response to pre-determined error events. In some embodiments, the engine may detect a pre-determined number of resource-related events. Based on the detecting, the analytics engine may attribute the resource-related events to infrastructure resources.

Citations

23 Claims

1. An apparatus for detection, remediation and inference rule development for multi-layer information technology (“
- IT”
  
  ) structures, wherein layers in the multi-layer IT structure consists of a network layer, a virtual layer, an operating system layer, a middle ware (“
  
  MW”
  
  ) layer and a data layer, the apparatus comprising;
  
  an event generator that monitors for, retrieves, and pools a plurality of error events and a plurality of performance events from a collection of alerting sources, said alerting sources for providing alerts from the network layer, the virtual layer, the operating system layer, the MW layer and the data layer;
  
  an event parser that provides a system status; and
  
  an analytics engine that detects a plurality of patterns and a plurality of relationships in the retrieved error events, the patterns including an identification of a specific one of the network layer, the virtual layer, the operating system layer, the MW layer and the data layer, within which the error occurred, and an identification of performance events and system status, and an identification of model event hierarchies based on the detected patterns and relationships, wherein said detecting a plurality of patterns comprises indexing the error events into one of the memory-related issues, DSN-related issues, resource-related issues attributed to infrastructure resources and “
  
  String not found”
  
  related issues that were followed by application failure, said indexing further comprising self-constructively cataloguing the error events based on the indexing;
  
  wherein said analytics engine is configured to invoke one or more auto-remediation processes in response to pre-determined indexed error events, said one or more auto-remediation processes based, at least in part, on the detected patterns, relationships and hierarchies, and wherein said analytics engine is for detecting a threshold number of occurrences relating to a sequence of a pre-determined number of memory errors over a pre-determined period of time;
  
  wherein the analytics engine invokes at least one auto-remediation process in response to the detection of the pre-determined number of memory errors over a pre-determined period of time, said auto-remediation process comprising at least one of restart, bounce service, kill present application and exit current routine.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The apparatus of claim 1 wherein the analytics engine further invokes at least one auto-remediation process in response to the detection of a pre-determined down time associated with data-source-name-related errors.
  - 3. The apparatus of claim 2 wherein said down time is calculated as a percentage of a pre-determined period of time.
  - 4. The apparatus of claim 1 wherein the engine is for detecting a predetermined number of resource-related events over a pre-determined amount of time and, based on the detecting a pre-determined number of resource-related events over a predetermined amount of time, the analytics engine attributes the resource-related events to infrastructure resources.
  - 5. The apparatus of claim 1 wherein the engine detects a pre-determined number of occurrences of “
    - string not found”
      
      over a pre-determined period and also detects an outage following every occurrence of “
      
      string not found”
      
      over the pre-determined time period.
  - 6. The apparatus of claim 5 wherein the analytics engine is configured to infer a rule for the occurrence of the outage following the occurrence of “
    - string not found”
      
      .
  - 7. The apparatus of claim 1 wherein the engine detects a pre-determined number of occurrences of “
    - application round-trip time-out(s)”
      
      event alerts over a predetermined period, and that said pre-determined number of occurrences of “
      
      application round-trip time-out”
      
      event alerts correspond to a greater than threshold level of application slowness.
  - 8. The apparatus of claim 7 wherein the greater than threshold level of application slowness inhibits a communication channel to a pre-determined application.

9. A method for detection, remediation and inference rule development for multi-layer information technology (“
- IT”
  
  ) structures, wherein layers in the multi-layer IT structure consist of a network layer, a virtual layer, an operating system layer, a middle ware (“
  
  MW”
  
  ) layer and a data layer, the method comprising;
  
  monitoring, retrieving, and pooling error events and performance events from a collection of alerting sources, said alerting sources for providing alerts from the network layer, the virtual layer, the operating system layer, the MW layer and the data layer;
  
  parsing the error events and performance events to provide a current system status; and
  
  detecting patterns and relationships in the retrieved error events, performance events and system status, the patterns including an identification of which specific one of the network layer, the virtual layer, the operating system layer, the MW layer and the data layer, the error occurred within;
  
  wherein said detecting comprises indexing the error events into one of the memory-related issues, DSN-related issues, resource-related issues attributed to infrastructure resources and “
  
  String not found”
  
  related issues that were followed by application failure, said indexing further comprising self-constructively cataloguing the error events based on the indexing;
  
  modeling event hierarchies based on the detected patterns and relationships; and
  
  invoking at least one auto-remediation process in response to pre-determined indexed error events, said auto-remediation process based, at least in part, on the detected patterns, relationships and hierarchies, and wherein said auto-remediation process detects a predetermined number of occurrences of “
  
  string not found”
  
  over a pre-determined period and also detects an outage following every occurrence of “
  
  string not found”
  
  over the pre-determined time period;
  
  inferring a rule for the occurrence of the outage following the occurrence of “
  
  string not found”
  
  .
- View Dependent Claims (10, 11, 12, 13, 14, 15)
- - 10. The method of claim 9 wherein the analytics engine further invokes at least one auto-remediation process in response to the detection of a pre-determined down time associated with data-source-name-related errors.
  - 11. The method of claim 10 wherein said down time is calculated as a percentage of a pre-determined period of time.
  - 12. The method of claim 9 wherein the engine is for detecting a predetermined number of resource-related events over a pre-determined amount of time and, based on the detecting a pre-determined number of resource-related events over a predetermined amount of time, the analytics engine attributes the resource-related events to infrastructure resources.
  - 13. The method of claim 9 wherein the engine detects a threshold number of occurrences relating to a sequence of a pre-determined number of memory errors over a predetermined period of time.
  - 14. The method of claim 9 wherein the engine detects a pre-determined number of occurrences of “
    - application round-trip time-out(s)”
      
      event alerts over a predetermined period, and that said pre-determined number of occurrences of “
      
      application round-trip time-out”
      
      event alerts correspond to a greater than threshold level of application slowness.
  - 15. The method of claim 9 wherein the greater than threshold level of application slowness inhibits a communication channel to a pre-determined application.

16. An apparatus for detection, remediation and inference rule development for multi-layer information technology (“
- IT”
  
  ) structures, wherein layers in the multi-layer IT structure comprise a network layer, a virtual layer, an operating system layer, a middle ware (“
  
  MW”
  
  ) layer and a data layer, the apparatus comprising;
  
  an event generator that monitors for, retrieves, and pools error events and performance events from a collection of alerting sources, said alerting sources for providing alerts from the network layer, the virtual layer, the operating system layer, the MW layer and the data layer;
  
  an event parser that provides a system status; and
  
  an analytics engine that detects patterns and relationships in the retrieved error events, performance events and system status, and models event hierarchies based on the detected patterns and relationships, the patterns including an identification of a specific one of the network layer, the virtual layer, the operating system layer, the MW layer and the data layer, within which the error occurred;
  
  wherein said analytics engine is configured to invoke auto-remediation processes in response to pre-determined indexed error events, said auto-remediation processes based, at least in part on the detected patterns, relationships and hierarchies, and wherein said engine is for detecting a pre-determined number of resource related events over a pre-determined amount of time and, based on the detecting a pre-determined number of resource-related events over a pre-determined amount of time, the analytics engine attributes the resource-related events to infrastructure resources.
- View Dependent Claims (17, 18, 19, 20, 21, 22, 23)
- - 17. The apparatus of claim 16 wherein the analytics engine further invokes at least one auto-remediation process in response to the detection of a pre-determined down time associated with data-source-name-related errors.
  - 18. The apparatus of claim 17 wherein said down time is calculated as a percentage of a pre-determined period of time.
  - 19. The apparatus of claim 16 wherein the engine detects a pre-determined number of occurrences of “
    - string not found”
      
      over a pre-determined period and also detects an outage following every occurrence of “
      
      string not found”
      
      over the pre-determined time period.
  - 20. The apparatus of claim 19 wherein the analytics engine is configured to infer a rule for the occurrence of the outage following the occurrence of “
    - string not found”
      
      .
  - 21. The apparatus of claim 16 wherein the engine detects a pre-determined number of occurrences of “
    - application round-trip time-out(s)”
      
      event alerts over a predetermined period, and that said pre-determined number of occurrences of “
      
      application round-trip time-out”
      
      event alerts correspond to a greater than threshold level of application slowness.
  - 22. The apparatus of claim 21 wherein the greater than threshold level of application slowness inhibits a communication channel to a pre-determined application.
  - 23. The apparatus of claim 16 wherein said engine is for detecting a threshold number of occurrences relating to a sequence of a pre-determined number of memory errors over a pre-determined period of time;
    - and wherein the analytics engine invokes at least one auto-remediation process in response to the detection of the pre-determined number of memory errors over a predetermined period of time, said auto-remediation process comprising at least one of restart, bounce service, kill present application and exit current routine.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Bank of America Corp.
Original Assignee
Bank of America Corp.
Inventors
Purushothaman, Sasidhar, Mantena, Hari, Jagadeeshwaran, Arun
Primary Examiner(s)
Amoroso, Anthony J

Application Number

US14/880,421
Publication Number

US 20170102997A1
Time in Patent Office

1,254 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/0706   the processing taking place...

G06F 11/0784   Routing of error reports, e...

G06F 11/079   Root cause analysis, i.e. e...

G06F 11/0793   Remedial or corrective acti...

Detection, remediation and inference rule development for multi-layer information technology (“IT”) structures

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

23 Claims

Specification

Solutions

Use Cases

Quick Links

Detection, remediation and inference rule development for multi-layer information technology (“IT”) structures

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

23 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links