Automatic analysis of log entries through use of clustering

US 8,230,259 B2
Filed: 12/02/2009
Issued: 07/24/2012
Est. Priority Date: 12/02/2009
Status: Expired due to Fees

First Claim

Patent Images

1. A method in a computerized environment, said method comprising:

obtaining log entries;

determining a matching function between a log entry and an at least one cluster based on a first portion of the log entries;

associating a second portion of the log entries with the at least one cluster, based on the matching function;

associating at least one timeframe with the at least one cluster;

labeling a portion of the at least one timeframe; and

providing an indication referring to the at least one cluster associated with the first portion of the log entries and the second portion of the log entries;

whereby the first portion of the log entries and the second portion of the log entries are transformed to an at least one indication of the at least one cluster.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A set of log entries is automatically inspected to determine a bug. A training set is utilized to determine clustering of log identifications. Log entries are examined in real-time or retroactively and matched to clusters. Timeframe may also be matched to a cluster based on log entries associated with the timeframe. Error indications may be outputted to a user of the system in respect to a log entry or a timeframe.

Citations

12 Claims

1. A method in a computerized environment, said method comprising:
- obtaining log entries;
  
  determining a matching function between a log entry and an at least one cluster based on a first portion of the log entries;
  
  associating a second portion of the log entries with the at least one cluster, based on the matching function;
  
  associating at least one timeframe with the at least one cluster;
  
  labeling a portion of the at least one timeframe; and
  
  providing an indication referring to the at least one cluster associated with the first portion of the log entries and the second portion of the log entries;
  
  whereby the first portion of the log entries and the second portion of the log entries are transformed to an at least one indication of the at least one cluster.
- View Dependent Claims (2, 3, 4)
- - 2. The method of claim 1 further comprising validating the association of at least one label with the portion of the at least one timeframe.
  - 3. The method of claim 1 further comprising:
    - determining a possibility of a failure event associated with the at least one timeframe; and
      
      providing an indication associated with the failure event.
  - 4. The method of claim 3 further comprises:
    - filtering a portion of the log entries associated with the at least one timeframe; and
      
      determining a score of the at least one timeframe; and
      
      wherein the score is indicative of the possibility of the failure event.

5. A computerized apparatus, the apparatus comprising a hardware processor which is arranged to:
- obtain log entries;
  
  determine a matching function between a log entry and an at least one cluster based on a first portion of the log entries;
  
  associate a second portion of the log entries with the at least one cluster, based on the matching function;
  
  associate at least one timeframe with the at least one cluster;
  
  label a portion of the at least one timeframe; and
  
  provide an indication referring to the at least one cluster associated with the first portion of the log entries and the second portion of the log entries;
  
  whereby the first portion of the log entries and the second portion of the log entries are transformed to an at least one indication of the at least one cluster.
- View Dependent Claims (6, 7, 8)
- - 6. The apparatus of claim 5, wherein said hardware processor is further arranged to validate the association of at least one label with the portion of the at least one timeframe.
  - 7. The apparatus of claim 5, wherein said hardware processor is further arranged to:
    - determine a possibility of a failure event associated with the at least one timeframe; and
      
      provide an indication associated with the failure event.
  - 8. The apparatus of claim 7, wherein said hardware processor is further arranged to:
    - filter a portion of the log entries associated with the at least one timeframe; and
      
      determine a score of the at least one timeframe; and
      
      wherein the score is indicative of the possibility of the failure event.

9. A computer program product, said computer program product comprising a non-transitory computer readable medium, in which computer instructions are stored, which instructions, when read by a computer, cause the computer to:
- obtain log entries;
  
  determine a matching function between a log entry and an at least one cluster based on a first portion of the log entries;
  
  associate a second portion of the log entries with the at least one cluster, based on the matching function;
  
  associate at least one timeframe with the at least one cluster;
  
  label a portion of the at least one timeframe; and
  
  provide an indication referring to the at least one cluster associated with the first portion of the log entries and the second portion of the log entries;
  
  whereby the first portion of the log entries and the second portion of the log entries are transformed to an at least one indication of the at least one cluster.
- View Dependent Claims (10, 11, 12)
- - 10. The computer program product of claim 9, wherein said instructions, when read by the computer, cause the computer to:
    - validate the association of at least one label with the portion of the at least one timeframe.
  - 11. The computer program product of claim 9, wherein said instructions, when read by the computer, cause the computer to:
    - determine a possibility of a failure event associated with the at least one timeframe; and
      
      provide an indication associated with the failure event.
  - 12. The computer program product of claim 11, wherein said instructions, when read by the computer, cause the computer to:
    - filter a portion of the log entries associated with the at least one timeframe; and
      
      determine a score of the at least one timeframe; and
      
      wherein the score is indicative of the possibility of the failure event.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Fernandess, Yaacov, Rodeh, Ohad, Shpigelman, Lavi
Primary Examiner(s)
Beausoliel, Jr., Robert
Assistant Examiner(s)
Lottich, Joshua P

Application Number

US12/629,055
Publication Number

US 20110131453A1
Time in Patent Office

965 Days
Field of Search

714/4.1, 714/4.4, 714/20, 714/43, 714/47.1, 714/47.2, 714/48
US Class Current

714/20
CPC Class Codes

G06F 11/079 Root cause analysis, i.e. e...

Automatic analysis of log entries through use of clustering

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

Citations

12 Claims

Specification

Solutions

Use Cases

Quick Links

Automatic analysis of log entries through use of clustering

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

Citations

12 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links