Please download the dossier by clicking on the dossier button x
×

Method of correlating events in data packet streams

  • US 7,805,482 B2
  • Filed: 12/30/2005
  • Issued: 09/28/2010
  • Est. Priority Date: 12/30/2005
  • Status: Active Grant
First Claim
Patent Images

1. A method of identifying a plurality of packets associated with correlating events in a stream of data packets of a distributed computing network having a central administration node and a plurality of worker nodes, the method comprising:

  • classifying a plurality of events according to event types that define the structure of events;

    providing in each data packet of the stream an event type identifier and an attribute associated with the event type identifier, the event type identifier indicating a type of a particular event from the classified events represented by each data packet, the attribute having a value indicating a context associated with a result of a system transaction within which the particular event occurred;

    applying a correlation set of selectors to said stream on a worker node, the correlation set of selectors including a first selector being responsive to data packets of a first event type identifier and extracting one or more first attributes from the data packets of the first event type identifier, each of the first attributes having a value associated therewith, the correlation set of selectors including a second selector being responsive to data packets of a second event type identifier and extracting one or more second attributes from the data packets of the second event type identifier, each of the second attributes having a value associated therewith;

    assessing on the worker node two or more data packets of said stream as being associated with correlating events if the value of the first attributes associated with the first event type identifier and the value of the second attributes associated with the second event type identifier extracted by the correlation set of selectors from the two or more data packets match; and

    accessing via the worker node a correlation session in a data store managed by said central administration node for each correlation assessed, said correlation session holding data items of tasks processing said correlating events.

View all claims
  • 9 Assignments
Timeline View
Assignment View
    ×
    ×