Method and system for reducing false alarms in network fault management systems
First Claim
1. A method for correlating a number of indicators in a rules-based correlation system, wherein a plurality of indicators expected to relate to a problem are correlated over a window of time, the method comprising:
- detecting transitions in each indicator between a first state and a second state, which transitions occur during all or part of the window of time;
counting the number of transitions detected for each indicator;
comparing the number of transitions for each indicator to the number of transitions counted for the other indicators; and
correlating transitions of indicators based on the comparison so that indicators which are not changing together are less likely to be correlated by a rule employed in the rules-based correlation system.
2 Assignments
0 Petitions
Accused Products
Abstract
Methods and systems are described for reducing the number of false alarms in fault correlation software used to detect and diagnose faults in computer networks and similar systems. The fault correlation software includes rules that monitor a number of indicators that, if occurring together over a window of time, are known to cause or reflect the occurrence of a fault. The method involves monitoring the transition of these indicators from one state to another over the time window and determining the extent of the correlation of the transitions of the indicators. The determination that indicators monitored by a rule do not correlate closely in their transitions is used to reduce the likelihood of the rule finding correlation of the indicators as a whole. This in turn reduces the number of false alarms which the rule-based system might otherwise have transmitted.
-
Citations
2 Claims
-
1. A method for correlating a number of indicators in a rules-based correlation system, wherein a plurality of indicators expected to relate to a problem are correlated over a window of time, the method comprising:
-
detecting transitions in each indicator between a first state and a second state, which transitions occur during all or part of the window of time;
counting the number of transitions detected for each indicator;
comparing the number of transitions for each indicator to the number of transitions counted for the other indicators; and
correlating transitions of indicators based on the comparison so that indicators which are not changing together are less likely to be correlated by a rule employed in the rules-based correlation system. - View Dependent Claims (2)
-
Specification
-
- Resources
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsDeuel, John, Wetstone, Evan R., Steinberg, Louis A., Belousov, Arkadiy
-
Granted Patent
-
Time in Patent OfficeDays
-
Field of Search
-
US Class Current714/25
-
CPC Class CodesH04L 41/0609 based on severity or priorityH04L 41/064 involving time analysis
