EVENT LOG ANALYZER
First Claim
1. An event log analyzer comprising:
- one or more computers; and
a computer-readable medium coupled to the one or more computers having instructions stored thereon which, when executed by the one or more computers, cause the one or more computers to perform operations comprising;
identifying log data associated with a set of log messages included in one or more logs, each log message associated with a timestamp;
identifying one or more occurrences of a first critical event and a time of each of the one or more occurrences;
identifying one or more candidate subsets of log messages, each log message in each candidate subset associated with a timestamp that is within a predefined time window prior to the time of a particular occurrence of the first critical event;
selecting a candidate subset of log messages as correlated to the first critical event; and
defining a rule using the selected candidate subset of log messages, the rule defining a second critical event corresponding to the selected candidate subset of log messages that correlates to the first critical event, wherein the rule is associated with one or more actions to perform when the second critical event occurs.
1 Assignment
0 Petitions
Accused Products
Abstract
The present disclosure involves systems, software, and computer implemented methods for correlating critical events to identified log data. An example event log analyzer can identify a set of log messages. One or more occurrences of a first critical event and a time of each of the occurrences are identified. One or more candidate subsets of log messages are identified. Each log message in each candidate subset is associated with a timestamp that is within a predefined time window prior to the time of an occurrence of the first critical event. A candidate subset of log messages is selected as a correlator of the first critical event. A rule is defined using the selected candidate subset of log messages. The rule defines a second critical event that correlates to the first critical event. The rule is associated with one or more actions to perform when the second critical event occurs.
39 Citations
20 Claims
-
1. An event log analyzer comprising:
-
one or more computers; and a computer-readable medium coupled to the one or more computers having instructions stored thereon which, when executed by the one or more computers, cause the one or more computers to perform operations comprising; identifying log data associated with a set of log messages included in one or more logs, each log message associated with a timestamp; identifying one or more occurrences of a first critical event and a time of each of the one or more occurrences; identifying one or more candidate subsets of log messages, each log message in each candidate subset associated with a timestamp that is within a predefined time window prior to the time of a particular occurrence of the first critical event; selecting a candidate subset of log messages as correlated to the first critical event; and defining a rule using the selected candidate subset of log messages, the rule defining a second critical event corresponding to the selected candidate subset of log messages that correlates to the first critical event, wherein the rule is associated with one or more actions to perform when the second critical event occurs. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. A method of correlating log data to critical events, comprising:
-
identifying log data associated with a set of log messages included in one or more logs, each log message associated with a timestamp; identifying one or more occurrences of a first critical event and a time of each of the one or more occurrences; identifying one or more candidate subsets of log messages, each log message in each candidate subset associated with a timestamp that is within a predefined time window prior to the time of a particular occurrence of the first critical event; selecting a candidate subset of log messages as correlated to the first critical event; and defining a rule using the selected candidate subset of log messages, the rule defining a second critical event corresponding to the selected candidate subset of log messages correlated to the first critical event, wherein the rule is associated with one or more actions to perform when the second critical event occurs.
-
-
20. A computer program product encoded on a non-transitory storage medium, the product comprising non-transitory, computer readable instructions for causing one or more processors to perform operations comprising:
identifying log data associated with a set of log messages included in one or more logs, each log message associated with a timestamp; identifying one or more occurrences of a first critical event and a time of each of the one or more occurrences; identifying one or more candidate subsets of log messages, each log message in each candidate subset associated with a timestamp that is within a predefined time window prior to the time of a particular occurrence of the first critical event; selecting a candidate subset of log messages as correlated to the first critical event; and defining a rule using the selected candidate subset of log messages, the rule defining a second critical event corresponding to the selected candidate subset of log messages correlates to the first critical event, wherein the rule is associated with one or more actions to perform when the second critical event occurs.
Specification