PROBABILITY-DISTRIBUTION-BASED LOG-FILE ANALYSIS
First Claim
1. A log-file analysis system comprising:
- one or more processors;
one or more memories; and
computer instructions, stored in one or more of the one or more memories that, when executed by one or more of the one or more processors, control the log-file analysis system to generate a first probability distribution of all or a subset of the event types in a first set of log-file entries,generate a second probability distribution of all or a subset of the event types in a second set of log files,generate a numeric divergence metric from the first and second probability distributions, andwhen the numeric divergence metric is greater than a threshold value, generate one of a displayed indication, alarm, event, or other physical-state transformation to indicate that the first and second sets of log-file entries exhibit more than a threshold level of difference.
2 Assignments
0 Petitions
Accused Products
Abstract
The current document is directed to systems, and methods incorporated within the systems, that carry out probability-distribution-based analysis of log-file entries. A monitoring subsystem within a distributed computer system uses probability-distribution-based analysis of log-file entries to detect changes in the state of the distributed computer system. A log-file-analysis subsystem within a distributed computer system uses probability-distribution-based analysis of log-file entries to identify subsets of log-file entries that predict anomalies and impending problems in the distributed computer system. In many implementations, a numerical comparison of probability distributions of log-file-entry types is used to detect state changes in the distributed computer system.
31 Citations
20 Claims
-
1. A log-file analysis system comprising:
-
one or more processors; one or more memories; and computer instructions, stored in one or more of the one or more memories that, when executed by one or more of the one or more processors, control the log-file analysis system to generate a first probability distribution of all or a subset of the event types in a first set of log-file entries, generate a second probability distribution of all or a subset of the event types in a second set of log files, generate a numeric divergence metric from the first and second probability distributions, and when the numeric divergence metric is greater than a threshold value, generate one of a displayed indication, alarm, event, or other physical-state transformation to indicate that the first and second sets of log-file entries exhibit more than a threshold level of difference. - View Dependent Claims (2, 3)
-
-
4. A log-file analysis subsystem within a computer system having one or more processors, one or more memories, and computer instructions, stored in one or more of the one or more memories that, when executed by one or more of the one or more processors, control the log-file analysis system to monitor a state of the computer system by repeatedly:
-
generating a probability distribution of all or a subset of the event types in one or more log files for a time interval to represent the state of a monitored computer system for the time interval, and storing the generated probability distribution in association with an indication of the time interval. - View Dependent Claims (5, 6, 7, 8, 9, 10, 11)
-
-
12. A method that monitors a state of a distributed computer system that includes multiple, network interconnected discrete computer systems, each having one or more processors, one or more memories, and one or more data-storage devices, one or more of the discrete computer systems including computer instructions, stored in one or more of the one or more memories of the discrete computer system, that, when executed by one or more of the one or more processors, control the discrete computer system to carry out the method comprising:
repeatedly generating a probability distribution of all or a subset of the event types in one or more log files for a time interval to represent the state of a monitored computer system for the time interval, and storing the generated probability distribution in association with an indication of the time interval in one or more of one or more memories and/or data-storage devices. - View Dependent Claims (13, 14, 15, 16, 17, 18, 19)
-
20. A computer-readable device that stores a set of computer instructions that, when executed on one or more processors of a computer system that additionally includes one or more memories, controls the computer system to:
-
generate a first probability distribution of all or a subset of the event types in a first set of log-file entries, generate a second probability distribution of all or a subset of the event types in a second set of log files, generate a numeric divergence metric from the first and second probability distributions, and when the numeric divergence metric is greater than a threshold value, generate one of a displayed indication, alarm, event, or other physical-state transformation to indicate that the first and second sets of log-file entries exhibit more than a threshold level of difference.
-
Specification