AUTOMATED DETECTION OF A SYSTEM ANOMALY

US 20140229768A1
Filed: 09/21/2011
Published: 08/14/2014
Est. Priority Date: 09/21/2011
Status: Active Grant

First Claim

Patent Images

1. A method for automated detection of a real IT system problem, the method comprising:

obtaining monitor measurements of metrics associated with activities of a plurality of configuration items of the IT system;

detecting anomalies in the monitor measurements;

grouping concurrent anomalies of the detected anomalies corresponding to configuration items of the plurality of configuration items which are topologically linked to be regarded as a system anomaly;

calculating a significance score for the system anomaly; and

determining that the system anomaly relates to a real system problem based on the calculated significance score.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method for automated detection of a real IT system problem may include obtaining monitor measurements of metrics associated with activities of a plurality of configuration items of the IT system. The method may also include detecting anomalies in the monitor measurements. The method may further include grouping concurrent anomalies of the detected anomalies corresponding to configuration items of the plurality of configuration items which are topologically linked to be regarded as a system anomaly. The method may further include calculating a significance score for the system anomaly, and determining that the system anomaly relates to a real system problem based on the calculated significance score.

25 Citations

View as Search Results

15 Claims

1. A method for automated detection of a real IT system problem, the method comprising:
- obtaining monitor measurements of metrics associated with activities of a plurality of configuration items of the IT system;
  
  detecting anomalies in the monitor measurements;
  
  grouping concurrent anomalies of the detected anomalies corresponding to configuration items of the plurality of configuration items which are topologically linked to be regarded as a system anomaly;
  
  calculating a significance score for the system anomaly; and
  
  determining that the system anomaly relates to a real system problem based on the calculated significance score.
- View Dependent Claims (2, 3, 4, 6)
- - 2. The method of claim 1, wherein the detection of anomalies in the monitor measurements is based on an established baseline for each of the metrics.
  - 3. The method of claim 1, further comprising saving information on real system anomalies in an anomaly knowledgebase for future reference.
  - 4. The method of claim 3, further comprising searching the anomaly knowledgebase to find past similar significant anomalies.
  - 6. The method of claim 1, further comprising referring to a threshold in the calculation of the significance score of the grouped anomalies.

5. The method of claim further comprising alerting a user of the determining of the real system problem.

7. A non-transitory computer readable medium having stored thereon instructions that when executed by a processor will cause the processor to perform the method of:
- obtaining monitor measurements of metrics associated with activities of a plurality of configuration items of the IT system and establishing a baseline for each of the metrics;
  
  detecting anomalies in the monitor measurements by referring to the baseline for each of the metrics;
  
  grouping concurrent anomalies of the detected anomalies corresponding to configuration items of the plurality of configuration items which are topologically linked to be regarded as a system anomaly;
  
  calculating a significance score for the system anomaly; and
  
  determining that the system anomaly relates to a real system problem based on the calculated significance score.
- View Dependent Claims (8, 9, 10)
- - 8. The non-transitory computer readable medium of claim 7, wherein the baseline is determined over time.
  - 9. The non-transitory computer readable medium of claim 7, wherein the calculation of the significance score includes using one or more of the parameters selected from the group consisting of a minimal number of configuration items of the plurality of configuration items expected in a significant system anomaly, a minimal number of metrics expected in a significant system anomaly, abnormality measure, and weight of an anomaly in relation to normal metric events.
  - 10. The on-transitory computer readable medium of claim 7, wherein instructions further comprise saving information on real system anomalies in an anomaly knowledgebase for future reference.

11. An apparatus for automated detection of a real IT system problem, the system comprising:
- a plurality of monitors to obtain monitor measurements of metrics associated with activities of a plurality of configuration items of the IT system;
  
  a processor for detecting anomalies in the monitor measurements, grouping concurrent anomalies of the detected anomalies corresponding to configuration items of the plurality of configuration items which are topologically linked to be regarded as a system anomaly, calculating a significance score for the system anomaly; and
  
  determining that the system anomaly relates to a real system problem based on the calculated significance score
- View Dependent Claims (12, 13, 14, 15)
- - 12. The system of claim 11, wherein the detection of anomalies in the monitor measurements is based on an established baseline for each of the metrics.
  - 13. The system of claim 11, wherein the processor is designed to save information on real system anomalies in an anomaly knowledgebase for future reference.
  - 14. The system of claim 13, wherein the processor is designed to search the anomaly knowledgebase to find past similar significant anomalies.
  - 15. The system of claim 11, further comprising alerting a user of the detection of the system anomaly.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Micro Focus LLC (Open Text Corporation)
Original Assignee
Hewlett Packard Enterprise Development LP (Hewlett-Packard Enterprise Company)
Inventors
Bernstein, Ruth, Cohen, Ira, Samuni, Eran

Granted Patent

US 9,292,408 B2
Time in Patent Office

Days
Field of Search
US Class Current

714/39
CPC Class Codes

G06F 11/0709   in a distributed system con...

G06F 11/079   Root cause analysis, i.e. e...

G06F 11/3419   by assessing time

G06F 11/3495   for systems

H04L 41/065   involving logical or physic...

H04L 43/08   Monitoring or testing based...

H04L 43/16   Threshold monitoring

AUTOMATED DETECTION OF A SYSTEM ANOMALY

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

25 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

AUTOMATED DETECTION OF A SYSTEM ANOMALY

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

25 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links