Method of identifying a root cause of a network event
First Claim
1. A method of identifying a root cause of an event in a network of linked entities, the method comprising:
- a. defining a plurality of signatures, each signature comprising one or more classes, the classes being categorized by a taxonomy of classes;
b. receiving a first message from the network;
c. assigning one or more of the signatures to the first message;
d. establishing a set of one or more hypotheses, each hypothesis identifying;
i. a respective root cause; and
ii. one of the signatures assigned to the first message;
e. receiving one or more subsequent messages from the network;
f. determining whether each subsequent message matches a signature identified by a hypothesis established in step d; and
g. generating an output based on the determination in step f;
wherein at least one of the signatures comprise one or more association classes categorized by a taxonomy of association classes, each association class defining an association between two entities; and
wherein steps c and f comprise matching an association class of the message with the association class of the signature.
2 Assignments
0 Petitions
Accused Products
Abstract
A method of identifying a root cause of an event in a network of linked entities. The method comprises: defining a plurality of signatures, each signature comprising one or more classes, the classes being categorized by a taxonomy of classes; receiving a first message from the network; assigning one or more of the signatures to the first message; establishing a set of one or more hypotheses, each hypothesis identifying:a respective root cause; and one of the signatures assigned to the first message; receiving one or more subsequent messages from the network; determining whether each subsequent message matches a signature identified by a previously hypothesis; and generating an output based on the determination.
Typically the method involves an element of human interaction. Typically at least one of the signatures includes a class which encloses two or more subclasses categorized by the taxonomy of classes. The ability to define signatures including such higher level entity classes in the taxonomy enables a human user to generate, store and edit generic hypotheses quickly and intuitively, and/or provides an output which can be easily understood by a human user.
18 Citations
16 Claims
-
1. A method of identifying a root cause of an event in a network of linked entities, the method comprising:
-
a. defining a plurality of signatures, each signature comprising one or more classes, the classes being categorized by a taxonomy of classes; b. receiving a first message from the network; c. assigning one or more of the signatures to the first message; d. establishing a set of one or more hypotheses, each hypothesis identifying; i. a respective root cause; and ii. one of the signatures assigned to the first message; e. receiving one or more subsequent messages from the network; f. determining whether each subsequent message matches a signature identified by a hypothesis established in step d; and g. generating an output based on the determination in step f; wherein at least one of the signatures comprise one or more association classes categorized by a taxonomy of association classes, each association class defining an association between two entities; and
wherein steps c and f comprise matching an association class of the message with the association class of the signature.- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12)
-
-
13. A method of identifying a root cause of an event in a network of linked entities, the method comprising:
-
a. receiving a first message from the network; b. establishing a first hypothesis associated with the first message; c. receiving one or more subsequent messages from the network; d. for each subsequent message; i. establishing a new hypothesis, and; ii. determining whether the subsequent message matches any previously established hypothesis by comparing an observation time associated with the message with an event time associated with the hypothesis; e. generating an output based on the determination in step d.ii; and f. defining a plurality of signatures, wherein any subsequent message which does not match one of the signatures does not establish a new hypothesis, and wherein at least one of the signatures comprise one or more association classes categorized by a taxonomy of association classes, each association class defining an association between two entities. - View Dependent Claims (14, 15, 16)
-
Specification