Decomposing events from managed infrastructures using graph entropy
First Claim
1. An event clustering system, comprising:
- at least one processer with an extraction engine in communication with a managed infrastructure, the extraction engine configured to receive managed infrastructure data and produces events as well as populates an entropy database with a dictionary of event entropy that can be included in the entropy database;
a signalizer engine that includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine, the signalizer engine inputting a list of devices and a list a connections between components or nodes in the managed infrastructure, the signalizer engine determining one or more common characteristics and produces clusters of events relating to failure or errors in at least one of the devices and connections between components or nodes in the managed infrastructure, where membership in a cluster is indicative of a failure or an actionable problem in at least one of the devices and connections between components or nodes in the managed infrastructure physical hardware, the topology proximity engine uses a source address for each event and a graph topology of the managed infrastructure which represents node to node connectivity of the topology proximity engine and to assign a graph coordinate to the event with an optional subset of attributes being extracted for each event and turned into a vector, the topology engine inputs a list of devices and a list a connections between components or nodes in the managed infrastructure;
one or more interactive user interfaces in a situation room that enable a user to view the failures or actionable problems in at least one of the devices and connections between components or nodes in the managed infrastructure andwherein in response to one or more users taking action in the situation room changes are made in at least one of the devices and connections between components or nodes of the managed infrastructure.
5 Assignments
0 Petitions
Accused Products
Abstract
An event clustering system includes an extraction engine in communication with a managed infrastructure. A sigalizer engine includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine. The sigalizer engine determines one or more common steps from events and produces clusters relating to events. The sigalizer engine determines one or more common characteristics of events and produces clusters of events relating to the failure or errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. In response to production of the clusters one or more physical changes in a managed infrastructure hardware is made, where the hardware supports the flow and processing of information.
2 Citations
43 Claims
-
1. An event clustering system, comprising:
-
at least one processer with an extraction engine in communication with a managed infrastructure, the extraction engine configured to receive managed infrastructure data and produces events as well as populates an entropy database with a dictionary of event entropy that can be included in the entropy database; a signalizer engine that includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine, the signalizer engine inputting a list of devices and a list a connections between components or nodes in the managed infrastructure, the signalizer engine determining one or more common characteristics and produces clusters of events relating to failure or errors in at least one of the devices and connections between components or nodes in the managed infrastructure, where membership in a cluster is indicative of a failure or an actionable problem in at least one of the devices and connections between components or nodes in the managed infrastructure physical hardware, the topology proximity engine uses a source address for each event and a graph topology of the managed infrastructure which represents node to node connectivity of the topology proximity engine and to assign a graph coordinate to the event with an optional subset of attributes being extracted for each event and turned into a vector, the topology engine inputs a list of devices and a list a connections between components or nodes in the managed infrastructure; one or more interactive user interfaces in a situation room that enable a user to view the failures or actionable problems in at least one of the devices and connections between components or nodes in the managed infrastructure and wherein in response to one or more users taking action in the situation room changes are made in at least one of the devices and connections between components or nodes of the managed infrastructure. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40, 41, 42, 43)
-
Specification