Using and Updating Topological Relationships Amongst a Set of Nodes in Event Clustering
First Claim
1. A non-transitory computer readable medium comprising instructions which, when executed by one or more hardware processors, cause performance of operations comprising:
- identifying a plurality of events that occur on a set of nodes in a computing environment;
determining a first cluster of related events, from the plurality of events, based on an existing set of topological relationships associated with the set of nodes;
determining that there is event co-occurrence between (a) one or more events of the first cluster of related events and (b) a first event that is not within the first cluster of related events;
based at least on the event co-occurrence between (a) the one or more events of the first cluster of related events and (b) the first event;
determining an event-based topological relationship between (a) a first node, of the set of nodes, that is associated with at least one event of the first cluster of related events and (b) a second node, of the set of nodes, that is associated with the first event but not associated with any event of the first cluster of related events;
identifying a second event that is associated with the first node;
identifying a third event, not already within the plurality of events, that is associated with the second node; and
based at least on the event-based topological relationship;
clustering the second event and the third event into a second cluster of related events.
1 Assignment
0 Petitions
Accused Products
Abstract
Using and updating topological relationships amongst a set of nodes in event clustering is disclosed. A current event occurs on a current node. A first cluster of related events includes a first event, occurring on a first node, that is time-correlated with the current event. The first cluster does not include any event that is topologically-correlated with the current event based on the existing set of topological relationships. A level of interdependence is determined between (a) occurrence of events on the current node and (b) occurrence of events on the first node. Based on the level of interdependence, the current event is added to the first cluster. Further, an event-based topological relationship between the first node and the second node is added to the set of topological relationships. Subsequently, clustering for new events may be determined based on the event-based topological relationship between the first node and the second node.
-
Citations
20 Claims
-
1. A non-transitory computer readable medium comprising instructions which, when executed by one or more hardware processors, cause performance of operations comprising:
-
identifying a plurality of events that occur on a set of nodes in a computing environment; determining a first cluster of related events, from the plurality of events, based on an existing set of topological relationships associated with the set of nodes; determining that there is event co-occurrence between (a) one or more events of the first cluster of related events and (b) a first event that is not within the first cluster of related events; based at least on the event co-occurrence between (a) the one or more events of the first cluster of related events and (b) the first event; determining an event-based topological relationship between (a) a first node, of the set of nodes, that is associated with at least one event of the first cluster of related events and (b) a second node, of the set of nodes, that is associated with the first event but not associated with any event of the first cluster of related events; identifying a second event that is associated with the first node; identifying a third event, not already within the plurality of events, that is associated with the second node; and based at least on the event-based topological relationship;
clustering the second event and the third event into a second cluster of related events. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method, comprising:
-
identifying a plurality of events that occur on a set of nodes in a computing environment; determining a first cluster of related events, from the plurality of events, based on an existing set of topological relationships associated with the set of nodes; determining that there is event co-occurrence between (a) one or more events of the first cluster of related events and (b) a first event that is not within the first cluster of related events; based at least on the event co-occurrence between (a) the one or more events of the first cluster of related events and (b) the first event; determining an event-based topological relationship between (a) a first node, of the set of nodes, that is associated with at least one event of the first cluster of related events and (b) a second node, of the set of nodes, that is associated with the first event but not associated with any event of the first cluster of related events; identifying a second event that is associated with the first node; identifying a third event, not already within the plurality of events, that is associated with the second node; and based at least on the event-based topological relationship;
clustering the second event and the third event into a second cluster of related events;wherein the method is performed by at least one device including a hardware processor. - View Dependent Claims (16, 17)
-
-
18. A system, comprising:
-
at least one device including a hardware processor; and the system being configured to perform operations comprising; identifying a plurality of events that occur on a set of nodes in a computing environment; determining a first cluster of related events, from the plurality of events, based on an existing set of topological relationships associated with the set of nodes; determining that there is event co-occurrence between (a) one or more events of the first cluster of related events and (b) a first event that is not within the first cluster of related events; based at least on the event co-occurrence between (a) the one or more events of the first cluster of related events and (b) the first event; determining an event-based topological relationship between (a) a first node, of the set of nodes, that is associated with at least one event of the first cluster of related events and (b) a second node, of the set of nodes, that is associated with the first event but not associated with any event of the first cluster of related events; identifying a second event that is associated with the first node; identifying a third event, not already within the plurality of events, that is associated with the second node; and based at least on the event-based topological relationship;
clustering the second event and the third event into a second cluster of related events. - View Dependent Claims (19, 20)
-
Specification