Decomposing events from managed infrastructures using graph entropy

US 10,237,119 B2
Filed: 07/19/2016
Issued: 03/19/2019
Est. Priority Date: 04/29/2013
Status: Active Grant

First Claim

Patent Images

1. An event clustering system, comprising:

at least one processer with an extraction engine in communication with a managed infrastructure, the extraction engine configured to receive managed infrastructure data and produces events as well as populates an entropy database with a dictionary of event entropy that can be included in the entropy database;

a signalizer engine that includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine, the signalizer engine inputting a list of devices and a list a connections between components or nodes in the managed infrastructure, the signalizer engine determining one or more common characteristics and produces clusters of events relating to failure or errors in at least one of the devices and connections between components or nodes in the managed infrastructure, where membership in a cluster is indicative of a failure or an actionable problem in at least one of the devices and connections between components or nodes in the managed infrastructure physical hardware, the topology proximity engine uses a source address for each event and a graph topology of the managed infrastructure which represents node to node connectivity of the topology proximity engine and to assign a graph coordinate to the event with an optional subset of attributes being extracted for each event and turned into a vector, the topology engine inputs a list of devices and a list a connections between components or nodes in the managed infrastructure;

one or more interactive user interfaces in a situation room that enable a user to view the failures or actionable problems in at least one of the devices and connections between components or nodes in the managed infrastructure andwherein in response to one or more users taking action in the situation room changes are made in at least one of the devices and connections between components or nodes of the managed infrastructure.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

An event clustering system includes an extraction engine in communication with a managed infrastructure. A sigalizer engine includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine. The sigalizer engine determines one or more common steps from events and produces clusters relating to events. The sigalizer engine determines one or more common characteristics of events and produces clusters of events relating to the failure or errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. In response to production of the clusters one or more physical changes in a managed infrastructure hardware is made, where the hardware supports the flow and processing of information.

2 Citations

43 Claims

1. An event clustering system, comprising:
- at least one processer with an extraction engine in communication with a managed infrastructure, the extraction engine configured to receive managed infrastructure data and produces events as well as populates an entropy database with a dictionary of event entropy that can be included in the entropy database;
  
  a signalizer engine that includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine, the signalizer engine inputting a list of devices and a list a connections between components or nodes in the managed infrastructure, the signalizer engine determining one or more common characteristics and produces clusters of events relating to failure or errors in at least one of the devices and connections between components or nodes in the managed infrastructure, where membership in a cluster is indicative of a failure or an actionable problem in at least one of the devices and connections between components or nodes in the managed infrastructure physical hardware, the topology proximity engine uses a source address for each event and a graph topology of the managed infrastructure which represents node to node connectivity of the topology proximity engine and to assign a graph coordinate to the event with an optional subset of attributes being extracted for each event and turned into a vector, the topology engine inputs a list of devices and a list a connections between components or nodes in the managed infrastructure;
  
  one or more interactive user interfaces in a situation room that enable a user to view the failures or actionable problems in at least one of the devices and connections between components or nodes in the managed infrastructure andwherein in response to one or more users taking action in the situation room changes are made in at least one of the devices and connections between components or nodes of the managed infrastructure.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
- - 2. The system of claim 1, wherein the entropy database has words and subtexts.
  - 3. The system of claim 2, wherein the entropy database normalizes the words and subtexts.
  - 4. The system of claim 1, wherein the entropy database normalizes events across at least one of data and datasets from the managed infrastructure.
  - 5. The system of claim 1, wherein the extraction engine is configured to receive messages from the managed infrastructure and produce events that relate to the managed infrastructure.
  - 6. The system of claim 2, wherein the extraction engine converts the events into words and subsets used to group the events into clusters that relate to failures or errors in the managed infrastructure.
  - 7. The system of claim 1, wherein managed infrastructure hardware includes at least one of:
    - computers, network devices, appliances, mobile devices, applications, connections of any of the preceding, and text or numerical values from which those text or numerical values which indicate a state of any hardware of the managed infrastructure.
  - 8. The system of claim 1, wherein the managed infrastructure generates data that includes attributes.
  - 9. The system of claim 8, wherein As a non-limiting example, the data that includes attributes is selected from at least one of:
    - time, source a description of the event, and textural or numerical values indicating a state of the managed infrastructure.
  - 10. The system of claim 1, wherein physical changes made to the managed infrastructure hardware that create physical and virtual links between the managed infrastructure and a system server.
  - 11. The system of claim 10, wherein physical changes made to the managed infrastructure includes changes to links from the server to a system high speed storage.
  - 12. The system of claim 8, wherein managed infrastructure generated data is selected from at least one of, time, source a description of:
    - an event, textural or numerical values indicating a state of the managed infrastructure.
  - 13. The system of claim 1, wherein the extraction engine communicates with the managed infrastructure across an IP network at a high speed connection and with low latency.
  - 14. The system of claim 13, wherein the high speed connection is in the gigabits and low latency is in the microseconds.
  - 15. The system of claim 13, wherein the high speed connection is at least 1 gigabit, and low latency is at least 10 microseconds.
  - 16. The system of claim 1, wherein the extraction engine includes one or more of:
    - a central processor, a main memory, an input/output controller, an interface, a display, and a storage device.
  - 17. The system of claim 16, wherein the storage device is configured to communicate through a system bus or similar architecture.
  - 18. The system of claim 1, wherein the system includes a software system that can be included in memory.
  - 19. The system of claim 18, wherein the software system includes one or more of an operating system and a shell or interface.
  - 20. The system of claim 16, wherein application software of the system is transferred from the storage device.
  - 21. The system of claim 1, wherein the extraction engine is configured to receive user commands and data through an interface.
  - 22. The system of claim 1, wherein the extraction engine breaks event messages into subsets of messages that relate to failures or errors in managed infrastructure.
  - 23. The system of claim 1, wherein the extraction engine breaks events into subsets of messages relative to failure or errors in a managed infrastructure via a message input mechanism.
  - 24. The system of claim 23, wherein the extraction engine breaks the events into subsets of messages and parses machine elements from the managed infrastructure.
  - 25. The system of claim 24, wherein the machine elements are machine messages.
  - 26. The system of claim 1, wherein the extraction engine receives managed infrastructure data and produces events as well as populates an entropy database.
  - 27. The system of claim 1, wherein the extraction engine populates the entropy database with a dictionary of event entropy that can be included in an entropy database.
  - 28. The system of claim 27, wherein the extraction engine populates the entropy database with the use of a token counter.
  - 29. The system of claim 26, wherein the entropy database is generated with word and subtexts.
  - 30. The system of claim 29, wherein the entropy database is generated using Shannon Entropy.
  - 31. The system of claim 26, wherein the entropy database is configured to normalize events across data and/or datasets from the managed infrastructure.
  - 32. The system of claim 31, wherein normalized entropy for events is mapped from a common, 0.0 and a non-common, 1.0.
  - 33. The system of claim 26, wherein entropy is assigned to alerts.
  - 34. The system of claim 26, wherein entropy for each event is retrieved from an entropy dictionary.
  - 35. The system of claim 34, wherein entropy for each event is retrieved from an entropy dictionary as it enters the system.
  - 36. The system of claim 26, wherein the entropy database is generated with word and/or subtexts.
  - 37. The system of claim 1, wherein a network is created that includes a plurality of nodes in a graph.
  - 38. The system of claim 37, wherein a non-directed graph is used to calculate graph entropy for each node in the graph.
  - 39. The system of claim 37, wherein the graph is a non-directed graph that calculates graph entropy for each node in the graph.
  - 40. The system of claim 39, wherein graph entropy is calculated as follows:
    - (i) source data is used to calculate graph data;
      
      (ii) the non-directed graph is used to calculate the number of links and the clustering coefficient of the node; and
      
      (iii) the number of links and clustering coefficient of the node together with the total number of links in the graph is then used to calculate an entropy value for each node.
  - 41. The system of claim 40, wherein an N event value is attached to every event of the entropy graph of a source node.
  - 42. The system of claim 1, wherein entropy values are used as a cutoff to ignore events from unimportant nodes to classify events.
  - 43. The system of claim 1, wherein embedded agents in hardware components gather attributes to managed infrastructure health to generate data that includes attributes.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Moogsoft Inc. (Dell Technologies Inc.)
Inventors
Tee, Philip
Primary Examiner(s)
Huq, Farzana B

Application Number

US15/213,752
Publication Number

US 20160330065A1
Time in Patent Office

973 Days
Field of Search

709242
US Class Current
CPC Class Codes

H04L 41/046   comprising network manageme...

H04L 41/145   involving simulating, desig...

H04L 51/42   Mailbox-related aspects, e....

H04L 67/51   Discovery or management the...

Decomposing events from managed infrastructures using graph entropy

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

2 Citations

43 Claims

Specification

Solutions

Use Cases

Quick Links

Decomposing events from managed infrastructures using graph entropy

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

2 Citations

43 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links