RANKING THE IMPORTANCE OF ALERTS FOR PROBLEM DETERMINATION IN LARGE SYSTEMS
First Claim
Patent Images
1. A method for prioritizing alerts, comprising:
- extracting invariants to determine a stable set of models for determining relationships among monitored system data;
computing equivalent thresholds for a plurality of rules using an invariant network developed by extracting the invariants;
for a given time window, receiving a set of alerts from a system being monitored;
comparing a measurement value of the alerts with a vector of equivalent thresholds; and
ranking the set of alerts.
3 Assignments
0 Petitions
Accused Products
Abstract
A system and method for prioritizing alerts includes extracting invariants to determine a stable set of models for determining relationships among monitored system data. Equivalent thresholds for a plurality of rules are computed using an invariant network developed by extracting the invariants. For a given time window, a set of alerts are received from a system being monitored. A measurement value of the alerts is compared with a vector of equivalent thresholds, and the set of alerts is ranked.
-
Citations
21 Claims
-
1. A method for prioritizing alerts, comprising:
-
extracting invariants to determine a stable set of models for determining relationships among monitored system data; computing equivalent thresholds for a plurality of rules using an invariant network developed by extracting the invariants; for a given time window, receiving a set of alerts from a system being monitored; comparing a measurement value of the alerts with a vector of equivalent thresholds; and ranking the set of alerts. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A method for prioritizing alerts, comprising:
-
collecting historical monitoring data from one or more system components; extracting invariants to determine a stable set of models for determining relationships among the historical monitoring system data; collecting management rules from system components being monitored; computing equivalent thresholds for the management rules using an invariant network developed by extracting the invariants; for a given time window, receiving a set of alerts from the system components being monitored; comparing a measurement value of the alerts with a vector of equivalent thresholds to compute a number of threshold violations (NTVs); and sorting the NTVs to rank the set of alerts. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17)
-
-
18. A system for prioritizing alerts, comprising:
-
a program storage media configured to store an invariants network constructed using measurements as nodes and an edges to represent invariant relationships among monitored system data, the invariant network being configured to compute equivalent thresholds for a plurality of rules; an alert generator configured to generate alerts, for a given time window for a system being monitored; and a peer review mechanism configured to compare a measurement value to a local threshold and to equivalent thresholds mapped from other rules to determine the importance of the alerts. - View Dependent Claims (19, 20, 21)
-
Specification