Method and apparatus for system management using codebook correlation with symptom exclusion

US 6,965,845 B2
Filed: 03/31/2004
Issued: 11/15/2005
Est. Priority Date: 03/31/2003
Status: Expired due to Term

First Claim

Patent Images

1. A method for detecting events in a system, the method comprising the steps of:

(a) providing a mapping between each of a plurality of groups of possible observable events and one of a plurality of likely corresponding events in said system;

(b) monitoring said observable events and detecting one or more known observable events generated by said system;

(c) determining a mismatch measure between each of the plurality of groups of possible observable events in said mapping and said one or more known observable events using a computer, while disregarding observable events in the groups of possible observable events not determined to be known; and

(d) selecting one or more of said plurality of likely events corresponding to one of said plurality of groups having the smallest mismatch measure.

View all claims

13 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A method and apparatus are provided for correlating events in a system. Problems and other events can, e.g., be detected in a system that generates symptoms or observable events. A computer-accessible codebook is provided that includes a mapping between each of a plurality of groups of possible symptoms and one of a plurality of likely exceptional events (e.g., problems) in the system. The system is monitored and one or more known symptoms generated by the system are detected. A mismatch measure is determined between each of the plurality of groups of possible symptoms in the mapping and the one or more known symptoms using a computer, while disregarding symptoms in the groups of possible symptoms not determined to be known. One or more of the plurality of likely problems is selected corresponding to one of the plurality of groups having the smallest mismatch measure.

16 Citations

View as Search Results

21 Claims

1. A method for detecting events in a system, the method comprising the steps of:
- (a) providing a mapping between each of a plurality of groups of possible observable events and one of a plurality of likely corresponding events in said system;
  
  (b) monitoring said observable events and detecting one or more known observable events generated by said system;
  
  (c) determining a mismatch measure between each of the plurality of groups of possible observable events in said mapping and said one or more known observable events using a computer, while disregarding observable events in the groups of possible observable events not determined to be known; and
  
  (d) selecting one or more of said plurality of likely events corresponding to one of said plurality of groups having the smallest mismatch measure.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein said likely corresponding events comprise problems.
  - 3. The method of claim 1 wherein said computer-accessible mapping comprises a codebook.
  - 4. The method of claim 1 wherein said mapping is deterministic.
  - 5. The method of claim 1 wherein said mapping is probabilistic.
  - 6. The method of claim 1 wherein said mismatch measure comprises a Hamming distance.
  - 7. The method of claim 1 wherein said mapping is computer accessible.

8. A method for detecting events in a system, the method comprising the steps of:
- (a) providing a mapping between each of a plurality of groups of possible symptoms and one of a plurality of likely events in said system;
  
  (b) assigning a value of unknown to all of said possible symptoms in said mapping;
  
  (c) monitoring said symptoms and detecting one or more known symptoms generated by said system;
  
  (d) assigning a value of known to said possible symptoms in said mapping corresponding to said one or more known symptoms;
  
  (e) determining a mismatch measure between each of the plurality of groups of possible symptoms having a value of known in said mapping and said one or more known symptoms using a computer, while disregarding symptoms in the groups of possible symptoms having a value of unknown; and
  
  (f) selecting one or more of said plurality of likely events corresponding to one of said plurality of groups having the smallest mismatch measure.
- View Dependent Claims (9, 10, 11, 12, 13, 14, 15, 16, 17, 18)
- - 9. The method of claim 8 further comprising repeating steps (c)-(f) periodically.
  - 10. The method of claim 8 further comprising repeating steps (b)-(f) periodically.
  - 11. The method of claim 8 wherein step (b) comprises assigning a high loss probability value to said symptoms.
  - 12. The method of claim 8 wherein step (d) comprises assigning a low loss probability value to said symptoms.
  - 13. The method of claim 8 wherein said likely events comprise problems.
  - 14. The method of claim 8 wherein said computer-accessible mapping comprises a codebook.
  - 15. The method of claim 8 wherein said mapping is deterministic.
  - 16. The method of claim 8 wherein said mapping is probabilistic.
  - 17. The method of claim 8 wherein said mismatch measure comprises a Hamming distance.
  - 18. The method of claim 8 wherein said mapping is computer accessible.

19. A method for detecting problems in a system that generates a plurality of symptoms, the method comprising the steps of:
- (a) providing a computer-accessible codebook comprising a matrix of values each corresponding to a mapping between one of a plurality of said possible known and unknown symptoms and one of a plurality of likely events in said system;
  
  (b) associating a loss probability of about 100% with all unknown symptoms in the codebook;
  
  (c) monitoring a plurality of symptom data values representing a plurality of known symptoms generated by said system over time;
  
  (d) decreasing the loss probability for symptoms in the codebook that have been received;
  
  (e) determining a mismatch measure between each of a plurality of groups of said values in said codebook and said plurality of known symptom data values through the use of a computer, said mismatch measure taking into account the loss probability of symptoms; and
  
  (f) selecting one of said plurality of likely events corresponding to one of said plurality of groups having the smallest mismatch measure.

20. A apparatus for detecting events in a system, the apparatus comprising:
- a storage device for storing a computer-accessible mapping between each of a plurality of groups of possible observable events and one of a plurality of likely corresponding events in said system;
  
  means for monitoring said observable events and detecting one or more known observable events generated by said system;
  
  means for determining a mismatch measure between each of the plurality of groups of possible observable events in said mapping and said one or more known observable events using a computer, while disregarding observable events in the groups of possible observable events not determined to be known; and
  
  means for selecting one or more of said plurality of likely events corresponding to one of said plurality of groups having the smallest mismatch measure.

21. A computer program product in computer-readable media for detecting events in a system using a computer-accessible mapping between each of a plurality of groups of possible observable events and one of a plurality of likely corresponding events in said system, the computer program product comprising instructions for causing a computer to:
- monitor said observable events and detect one or more known observable events generated by said system;
  
  determine a mismatch measure between each of the plurality of groups of possible observable events in said mapping and said one or more known observable events using a computer, while disregarding observable events in the groups of possible observable events not determined to be known; and
  
  select one or more of said plurality of likely events corresponding to one of said plurality of groups having the smallest mismatch measure.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Vmware LLC (Broadcom, Inc.)
Original Assignee
EMC Corporation (Dell Technologies Inc.)
Inventors
Ohsie, David, Yardeni, Eyal, DeSimone, Salvatore, Ferreira, Nelson
Primary Examiner(s)
Hoff, Marc S.
Assistant Examiner(s)
Raymond, Edward

Application Number

US10/814,964
Publication Number

US 20040249610A1
Time in Patent Office

594 Days
Field of Search

702/181, 702/57, 702/59, 702/79, 702/118, 702/182, 702/184, 702/185, 324/500, 324/528, 714/100, 714/1, 714/2, 714/25, 714/47, 714/48
US Class Current

702/181
CPC Class Codes

G06F 11/0709   in a distributed system con...

G06F 11/079   Root cause analysis, i.e. e...

G06F 11/34   Recording or statistical ev...

H04L 41/0631   using root cause analysis; ...

Y04S 40/00   Systems for electrical powe...

Method and apparatus for system management using codebook correlation with symptom exclusion

First Claim

13 Assignments

0 Petitions

Accused Products

Abstract

16 Citations

21 Claims

Specification

Solutions

Use Cases

Quick Links

Method and apparatus for system management using codebook correlation with symptom exclusion

First Claim

13 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

16 Citations

21 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links