EVENT-PROCESSING OPERATORS

US 20090125916A1
Filed: 11/09/2007
Published: 05/14/2009
Est. Priority Date: 11/09/2007
Status: Active Grant

First Claim

Patent Images

1. A method comprising:

receiving a stream of events;

for each event in the received stream of events, determining whether the event is associated with one of a plurality of event clusters;

for each event determined to not be associated with any of the plurality of event clusters, placing an alert event into an output stream; and

periodically redefining the plurality of event clusters based on a subset of the events in the received stream of events.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Novel event-processing operators are provided. These novel operators can be advantageously utilized in implementing event processors and event-processing systems. The novel event-processing operators include operators for event filtering by clustering, operators for event partitioning by classification, operators for event abstraction by hypothesis testing, and operators for event filtering by point estimation.

116 Citations

21 Claims

1. A method comprising:
- receiving a stream of events;
  
  for each event in the received stream of events, determining whether the event is associated with one of a plurality of event clusters;
  
  for each event determined to not be associated with any of the plurality of event clusters, placing an alert event into an output stream; and
  
  periodically redefining the plurality of event clusters based on a subset of the events in the received stream of events.
- View Dependent Claims (2, 3, 4, 5, 6)
- - 2. The method of claim 1, wherein the redefining step is performed after each time a predetermined interval-number of determining steps has been performed.
  - 3. The method of claim 1, wherein the redefining step comprises:
    - determining a number of clusters in the plurality of event clusters.
  - 4. The method of claim 1, wherein redefining the plurality of clusters comprises:
    - applying a K-means clustering algorithm to the subset of the events in the received stream.
  - 5. Logic encoded in one or more tangible media for execution and, when executed, operable to perform the method of claim 1.
  - 6. An apparatus comprising:
    - a processor;
      
      a memory unit that stores instructions associated with an application executable by the processor; and
      
      an interconnect coupling the processor and the memory unit, enabling the apparatus to execute the application and perform the method of claim 1.

7. A method comprising:
- receiving a first stream of events;
  
  for each event in the received stream of events, determining whether the event has a probability equal to or greater than a predetermined threshold of being associated with one of a plurality of classifications in accordance with a generalized linear model comprising a predetermined distribution function, a linear predictor, and a predetermined link function;
  
  for each event determined to have a probability equal to or greater than the predetermined threshold of being associated with one of the plurality of classifications, placing the event in an output stream along with a mark indicating the associated classification;
  
  for each event determined to not have a probability equal to or greater than the predetermined threshold of being associated with one of the plurality of classifications, placing the event in an output stream along with a mark indicating that the event is not associated with one of the plurality of classifications;
  
  receiving a second stream of events, each event in the second stream being marked as being associated with one of the plurality of classifications; and
  
  based on events in the second stream, estimating unknown parameters in the linear predictor.
- View Dependent Claims (8, 9, 10)
- - 8. The method of claim 7, wherein the estimating step is performed after each time a predetermined interval-number of determining steps is performed.
  - 9. Logic encoded in one or more tangible media for execution and, when executed, operable to perform the method of claim 7.
  - 10. An apparatus comprising:
    - a processor;
      
      a memory unit that stores instructions associated with an application executable by the processor; and
      
      an interconnect coupling the processor and the memory unit, enabling the apparatus to execute the application and perform the method of claim 7.

11. A method comprising:
- receiving a stream of events;
  
  identifying a subset of events in the received stream;
  
  determining whether the subset of events fails a hypothesis about a statistical distribution of events in the received stream;
  
  placing an alert event into an output stream when the subset of events fails the hypothesis.
- View Dependent Claims (12, 13, 14, 15, 16)
- - 12. The method of claim 11, wherein the identifying step and the determining step are performed after each of a predetermined interval-number of events is received.
  - 13. The method of claim 11, wherein determining whether the plurality of events fails a hypothesis comprises:
    - testing the plurality of events against a hypothesis comprising parameter values for a probability function.
  - 14. The method of claim 11, wherein determining whether the plurality of events fails a hypothesis about a statistical distribution comprises:
    - testing the plurality of events against a hypothesis about a Gaussian distribution, wherein the hypothesis comprises a mean value and a standard-deviation value for the Gaussian distribution.
  - 15. Logic encoded in one or more tangible media for execution and, when executed, operable to perform the method of claim 11.
  - 16. An apparatus comprising:
    - a processor;
      
      a memory unit that stores instructions associated with an application executable by the processor; and
      
      an interconnect coupling the processor and the memory unit, enabling the apparatus to execute the application and perform the method of claim 11.

17. A method comprising:
- receiving a stream of events;
  
  for each event in the received stream of events, evaluating a predicate comprising predetermined parameters;
  
  for each event for which the predicate evaluates to true, placing an alert event into an output stream; and
  
  estimating values for the predetermined parameters based on a subset of the events in the received stream.
- View Dependent Claims (18, 19, 20, 21)
- - 18. The method of claim 17, wherein the estimating step is performed after each of a predetermined interval-number of evaluating steps is performed.
  - 19. The method of claim 17, wherein evaluating the predicate determines whether an event is within a predefined statistical distribution.
  - 20. Logic encoded in one or more tangible media for execution and, when executed, operable to perform the method of claim 17.
  - 21. An apparatus comprising:
    - a processor;
      
      a memory unit that stores instructions associated with an application executable by the processor; and
      
      an interconnect coupling the processor and the memory unit, enabling the apparatus to execute the application and perform the method of claim 17.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Original Assignee
Sun Microsystems Incorporated (Oracle Corporation)
Inventors
Waldorf, Jerry, Lu, Yanbing

Granted Patent

US 9,275,353 B2
Time in Patent Office

Days
Field of Search
US Class Current

719/318
CPC Class Codes

G06Q 10/04 Forecasting or optimisation...

EVENT-PROCESSING OPERATORS

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

116 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

EVENT-PROCESSING OPERATORS

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

116 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links