Message log analysis for system behavior evaluation
First Claim
Patent Images
1. A method comprising:
- mapping, by a controller, a first plurality of messages from a message log to a mapped plurality of numerical values, wherein each numerical value from the mapped plurality of numerical values is mapped to only one message from the first plurality of messages;
performing, by the controller, a time-series analysis on the mapped plurality of numerical values with respect to when corresponding messages from the first plurality of messages occur in time; and
transmitting, by the controller, a signal that represents a characteristic of the time-series analysis;
wherein the controller comprises a processor coupled to memory.
22 Assignments
0 Petitions
Accused Products
Abstract
A technique is disclosed that enables the run-time behavior of a data-processing system to be analyzed and, in many cases, to be predicted. In particular, the illustrative embodiment of the present invention comprises i) transforming the messages that constitute an unstructured log into a numerical series and ii) applying a time-series analysis on the resultant series for the purpose of pattern detection. Indeed, it is recognized in the illustrative embodiment that the problem really is to detect patterns that depict aspects of system behavior, regardless of the textual content of the individual log messages. In other words, by analyzing the totality of the messages in the log or logs—as opposed to looking for pre-defined patterns of the individual messages—system behavior can be mapped and understood. The mapping helps in characterizing the system for the purposes of predicting failure, determining the time required to reach stability during failure recovery, and so forth.
46 Citations
18 Claims
-
1. A method comprising:
-
mapping, by a controller, a first plurality of messages from a message log to a mapped plurality of numerical values, wherein each numerical value from the mapped plurality of numerical values is mapped to only one message from the first plurality of messages; performing, by the controller, a time-series analysis on the mapped plurality of numerical values with respect to when corresponding messages from the first plurality of messages occur in time; and transmitting, by the controller, a signal that represents a characteristic of the time-series analysis; wherein the controller comprises a processor coupled to memory. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8)
-
-
9. A method comprising:
-
sorting, by a controller, a first plurality of messages from a message log via a string-based sort technique into a sorted set of messages, wherein the sorted set of messages comprises all messages from the first plurality; assigning, by the controller, a unique index to each of the sorted messages to form a non-empty set of indexes, wherein; (i) each index in the non-empty set of indexes is assigned to only one message from the first plurality of messages, and (ii) each index in the non-empty set of indexes is assigned to a corresponding message based on the position of the corresponding message in the sorted set of messages; performing, by the controller, a time-series analysis on the non-empty set of indexes with respect to when corresponding messages from the first plurality of messages occur in time; and transmitting, by the controller, a signal that represents a characteristic of the time-series analysis; wherein the controller comprises a processor coupled to memory. - View Dependent Claims (10, 11, 12, 13, 14)
-
-
15. A method comprising:
-
receiving, by a controller, a first message in a first plurality of messages from a message log; determining, by the controller, a distance between a first message string, which is representative of the first message, and a reference string, wherein the determining includes; (i) partitioning the first message into J multiple substrings, J being an integer greater than one and wherein the value of J is based on an estimated number of possible messages in the message log, and (ii) assigning, by the controller, weights to each substring based on the position of the string in the first message, the weighted set of substrings resulting in the first message string; assigning, by the controller, a numerical value to the distance, the numerical value constituting a mapped plurality of numerical values; performing, by the controller, a time-series analysis on the mapped plurality with respect to when corresponding messages from the first plurality occur in time; and transmitting, by the controller, a signal that represents a characteristic of the time-series analysis; wherein the controller comprises a processor coupled to memory. - View Dependent Claims (16, 17, 18)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeArlington Technologies, LLC (Dominion Harbor Enterprises, LLC)
-
Original AssigneeAvaya Incorporated
-
InventorsGarg, Sachin, Singh, Navjot, Yajnik, Shalini, Vasireddy, Ranjith
-
Primary Examiner(s)Rivas, Omar Fernandez
-
Application NumberUS11/874,161Publication NumberTime in Patent Office1,511 DaysField of SearchNoneUS Class Current706/62CPC Class CodesH04L 12/66 Arrangements for connecting...
