Event log analysis

US 10,423,624 B2
Filed: 09/23/2014
Issued: 09/24/2019
Est. Priority Date: 09/23/2014
Status: Expired due to Fees

First Claim

Patent Images

1. A method for analyzing an event log, comprising:

accessing an event log element from an electronic event log file;

calculating a similarity index between the event log element and a text element;

calculating a threshold of similarity as a linear function of a length of the event log element;

calculating an adjusted threshold by dividing the threshold of similarity by a square root of a product of a length of the text element times the length of the event log element;

comparing the similarity index to the adjusted threshold; and

if the similarity index is greater than the adjusted threshold, adding the event log element to an electronic file of cluster assignments, the cluster assignments representing a grouping of the event log element into a cluster with the text element.

View all claims

8 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Method and systems for analyzing event log elements are provided. In one example, a method includes receiving an event log element in a computer. A similarity index is calculated between the event log element and a text element. A threshold of similarity is calculated. The similarity index is compared to the threshold. If the similarity index is greater than the threshold, the event log element is grouped into a cluster with the text element to create a file of cluster assignments.

Citations

20 Claims

1. A method for analyzing an event log, comprising:
- accessing an event log element from an electronic event log file;
  
  calculating a similarity index between the event log element and a text element;
  
  calculating a threshold of similarity as a linear function of a length of the event log element;
  
  calculating an adjusted threshold by dividing the threshold of similarity by a square root of a product of a length of the text element times the length of the event log element;
  
  comparing the similarity index to the adjusted threshold; and
  
  if the similarity index is greater than the adjusted threshold, adding the event log element to an electronic file of cluster assignments, the cluster assignments representing a grouping of the event log element into a cluster with the text element.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
- - 2. The method of claim 1, comprising diagnosing computer problems by analyzing the file of cluster assignments.
  - 3. The method of claim 1, wherein the text element is a template generated for a cluster of event log elements.
  - 4. The method of claim 1, wherein the similarity index is based, at least in part, on the number of words shared by the event log element and the text element.
  - 5. The method of claim 1, wherein calculating the similarity index comprises comparing parameters extracted from the event log element with the text element.
  - 6. The method of claim 5, comprising limiting the number of parameters to 16.
  - 7. The method of claim 5, comprising identifying dividers in the event log element and extracting parameters based, at least in part, on the dividers.
  - 8. The method of claim 1, comprising dividing the cluster assignments of the generated file based on pre-determined splitting criteria that includes greater than a minimum number of event messages being assigned to a message cluster.

9. A system for analyzing event log elements, comprising:
- a processor; and
  
  a storage, wherein the storage comprises code configured to direct the processor to;
  
  access electronic event logs from a network of systems;
  
  store the electronic event logs in the storage;
  
  calculate a similarity index between an event log element and a text element;
  
  calculate a threshold of similarity as a linear function of a length of the event log element;
  
  calculate an adjusted threshold by dividing the threshold of similarity by a square root of a product of a length of the text element times the length of the event log element;
  
  compare the similarity index to the adjusted threshold and if the similarity index is greater than the adjusted threshold, writing an entry to a cluster assignment file to indicate that the event log element is part of a cluster with the text element; and
  
  diagnose problems in a network by automatically identifying patterns in the cluster assignment file.
- View Dependent Claims (10, 11, 12)
- - 10. The system of claim 9, comprising:
    - a template generator module to direct the processor to create a template representative of an event log element; and
      
      an atom generator to generate atoms for sparse representation of event logs.
  - 11. The system of claim 9, comprising an analytics engine to process the cluster assignment file and processed event logs.
  - 12. The system of claim 9, comprising a network of client computers, database systems, or both.

13. A non-transitory, computer-readable medium, comprising instructions configured to direct a processor to:
- access an event log element from an electronic event log file;
  
  calculate a similarity index between the event log element and a text element;
  
  calculate a threshold of similarity as a linear function of a length of the event log element;
  
  calculate an adjusted threshold of similarity by dividing the threshold of similarity by a square root of a product of a length of the text element times the length of the event log element; and
  
  write an entry into an electronic cluster assignment file indicating that the event log element is part of a cluster represented by the text element if the similarity index is greater than the adjusted threshold of similarity.
- View Dependent Claims (14, 15, 16, 17, 18, 19, 20)
- - 14. The non-transitory, computer-readable medium of claim 13, wherein the text element is a template generated for the cluster.
  - 15. The non-transitory, computer-readable medium of claim 13, comprising instructions configured to direct the processor to:
    - diagnose problems in a network by automatically identifying patterns in the electronic cluster assignment file.
  - 16. The non-transitory, computer-readable medium of claim 13, comprising instructions configured to direct the processor to:
    - divide cluster assignments of the electronic cluster assignment file based on pre-determined splitting criteria that includes greater than a minimum number of event messages being assigned to a message cluster.
  - 17. The non-transitory, computer-readable medium of claim 13, wherein the similarity index is based, at least in part, on the number of words shared by the event log element and the text element.
  - 18. The non-transitory, computer-readable medium of claim 13, comprising instructions configured to direct the processor to:
    - calculate the similarity index based on a comparison of parameters extracted from the event log element with the text element.
  - 19. The non-transitory, computer-readable medium of claim 18, comprising instructions configured to direct the processor to:
    - limit the number of parameters to 16.
  - 20. The non-transitory, computer-readable medium of claim 18, comprising instructions configured to direct the processor to:
    - identify dividers in the event log element; and
      
      extract the parameters based, at least in part, on the dividers.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
entIT Software LLC (Open Text Corporation)
Inventors
Simhon, Yonatan Ben, Cohen, Ira, Samuni, Eran
Primary Examiner(s)
Patel, Kamini B

Application Number

US15/511,940
Publication Number

US 20170300532A1
Time in Patent Office

1,827 Days
Field of Search

714 37
US Class Current
CPC Class Codes

G06F 11/0709   in a distributed system con...

G06F 11/0751   Error or fault detection no...

G06F 11/0778   Dumping, i.e. gathering err...

G06F 11/079   Root cause analysis, i.e. e...

G06F 16/24558   Binary matching operations

G06F 40/205   Parsing

Event log analysis

First Claim

8 Assignments

0 Petitions

Accused Products

Abstract

Citations

20 Claims

Specification

Solutions

Use Cases

Quick Links

Event log analysis

First Claim

8 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

20 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links