System and method for enhancing event correlation with exploitation of external data
First Claim
1. A computer-implemented method comprising:
- receiving a first event from a computing device over a computer network, wherein the first event is selected from the group consisting of a computer system event and a business event, the computer system event corresponding to a resource problem within a computer system and the business event corresponding to a business transaction;
comparing the first event with a plurality of correlation rules in order to identify one of the plurality of correlation rules that corresponds to the first event;
selecting one of the correlation rules in response to the comparing;
in response to selecting the correlation rule, retrieving an external data filtering predicate from the selected correlation rule, wherein the external data filtering predicate identifies external data in which to retrieve;
retrieving the external data based upon the external data filtering predicate;
determining whether the external data meets the external data filtering predicate;
in response to determining that the external data meets the external data filtering predicate, retrieving a trigger condition from the selected correlation rule, wherein the trigger condition includes a correlation pattern that corresponds to the first event and a second event;
detecting that the second event occurred;
in response to detecting that the second event occurred, retrieving a correlation conclusion from the selected correlation rule; and
performing the correlation conclusion action, wherein the correlation conclusion action includes modifying the external data.
1 Assignment
0 Petitions
Accused Products
Abstract
A system and method for enhancing event correlation with exploitation of external data is presented. A correlation engine receives events and selects a correlation rule that corresponds to the events. The correlation rule includes an event selection, a trigger condition, and a correlation conclusion. The correlation engine uses the event selection to access external data and select events based upon the external data. In turn, the correlation engine monitors the selected events and checks whether they meet the correlation rule'"'"'s trigger condition. When the events meet the correlation rule'"'"'s trigger condition, the correlation engine performs an action based upon the correlation rule'"'"'s correlation condition.
-
Citations
3 Claims
-
1. A computer-implemented method comprising:
-
receiving a first event from a computing device over a computer network, wherein the first event is selected from the group consisting of a computer system event and a business event, the computer system event corresponding to a resource problem within a computer system and the business event corresponding to a business transaction; comparing the first event with a plurality of correlation rules in order to identify one of the plurality of correlation rules that corresponds to the first event; selecting one of the correlation rules in response to the comparing; in response to selecting the correlation rule, retrieving an external data filtering predicate from the selected correlation rule, wherein the external data filtering predicate identifies external data in which to retrieve; retrieving the external data based upon the external data filtering predicate; determining whether the external data meets the external data filtering predicate; in response to determining that the external data meets the external data filtering predicate, retrieving a trigger condition from the selected correlation rule, wherein the trigger condition includes a correlation pattern that corresponds to the first event and a second event; detecting that the second event occurred; in response to detecting that the second event occurred, retrieving a correlation conclusion from the selected correlation rule; and performing the correlation conclusion action, wherein the correlation conclusion action includes modifying the external data.
-
-
2. A computer program product stored in a computer storage medium that stores computer instructions that, when executed by an information handling system, causes the information handling system to perform actions comprising:
-
receiving a first event from a computing device over a computer network, wherein the first event is selected from the group consisting of a computer system event and a business event, the computer system event corresponding to a resource problem within a computer system and the business event corresponding to a business transaction; comparing the first event with a plurality of correlation rules in order to identify one of the plurality of correlation rules that corresponds to the first event; selecting one of the correlation rules in response to the comparing; in response to selecting the correlation rule, retrieving an external data filtering predicate from the selected correlation rule, wherein the external data filtering predicate identifies external data in which to retrieve; retrieving the external data based upon the external data filtering predicate; determining whether the external data meets the external data filtering predicate; in response to determining that the external data meets the external data filtering predicate, retrieving a trigger condition from the selected correlation rule, wherein the trigger condition includes a correlation pattern that corresponds to the first event and a second event; detecting that the second event occurred; in response to detecting that the second event occurred, retrieving a correlation conclusion from the selected correlation rule; and performing the correlation conclusion action, wherein the correlation conclusion action includes modifying the external data.
-
-
3. An information handling system comprising:
-
one or more processors; a memory accessible by the processors; one or more nonvolatile storage devices accessible by the processors; and an event correlation tool comprising software code executed by the processors to perform steps comprising; receiving a first event from a computing device over a computer network, wherein the first event is selected from the group consisting of a computer system event and a business event, the computer system event corresponding to a resource problem within a computer system and the business event corresponding to a business transaction; comparing the first event with a plurality of correlation rules stored in one of the nonvolatile storage devices in order to identify one of the plurality of correlation rules that corresponds to the first event; selecting one of the correlation rules in response to the comparing; in response to selecting the correlation rule, retrieving an external data filtering predicate from the selected correlation rule, wherein the external data filtering predicate identifies external data in which to retrieve; retrieving the external data from one of the nonvolatile storage devices based upon the external data filtering predicate; determining whether the external data meets the external data filtering predicate; in response to determining that the external data meets the external data filtering predicate, retrieving a trigger condition from the selected correlation rule, wherein the trigger condition includes a correlation pattern that corresponds to the first event and a second event; detecting that the second event occurred; and performing the correlation conclusion action, wherein the correlation conclusion action includes modifying the external data.
-
Specification