Typicality filtering of event indicators for information technology resources

US 8,326,974 B2
Filed: 01/07/2009
Issued: 12/04/2012
Est. Priority Date: 03/16/2004
Status: Active Grant

First Claim

Patent Images

1. A computer program product embodied in a computer readable storage device for filtering events in an information technology resource monitor, the computer program product comprising the programming instructions for:

determining a present count of occurrences of an event for a present monitoring period;

comparing the present count with numbers of occurrences of the event in a plurality of earlier monitoring periods;

invoking a first action if the present count exceeds a predetermined proportion of the numbers of occurrences of the event in the plurality of earlier monitoring periods; and

invoking a second action if the present count does not exceed the predetermined proportion of the numbers of occurrences of the event in the plurality of earlier monitoring periods.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A monitor for information technology resources improved by introducing typicality filters to analyze potential event indicators such as alerts. A typicality filter keeps a time-dependent history of the frequency of occurrence of an associated event, wherein time is segmented into monitoring periods. At the end of each monitoring period, a present count of occurrences of the event is determined, and compared with the numbers of occurrences of that event in a subset of monitoring periods read from the history. If the present count exceeds the number of occurrences of the event in a predetermined proportion of the subset of historical monitoring periods, a first action is invoked; otherwise, a second action is invoked.

18 Citations

11 Claims

1. A computer program product embodied in a computer readable storage device for filtering events in an information technology resource monitor, the computer program product comprising the programming instructions for:
- determining a present count of occurrences of an event for a present monitoring period;
  
  comparing the present count with numbers of occurrences of the event in a plurality of earlier monitoring periods;
  
  invoking a first action if the present count exceeds a predetermined proportion of the numbers of occurrences of the event in the plurality of earlier monitoring periods; and
  
  invoking a second action if the present count does not exceed the predetermined proportion of the numbers of occurrences of the event in the plurality of earlier monitoring periods.
- View Dependent Claims (2, 3, 4)
- - 2. The computer program product as recited in claim 1, wherein the predetermined proportion is a majority.
  - 3. The computer program product as recited in claim 1, wherein the second action includes logging the present count without taking further corrective action.
  - 4. The computer program product as recited in claim 1, wherein the plurality of earlier monitoring periods all begin at the same times on consecutive days previous to the present monitoring period.

5. A typicality filter implemented using a processor operatively coupled to a memory, wherein the typicality filter is suitable for filtering events in an information technology resource monitor, said filter comprising:
- an event counter for determining a present count of occurrences of an event for a present monitoring period;
  
  a history table for storing numbers of occurrences of the event in earlier monitoring periods; and
  
  logic for comparing the present count with numbers of occurrences of the event in a plurality of earlier monitoring periods selected from the history table, invoking a first action if the present count exceeds a predetermined proportion of the numbers of occurrences of the event in the plurality of earlier monitoring periods, and invoking a second action if the present count does not exceed the predetermined proportion of the numbers of occurrences of the event in the plurality of earlier monitoring periods.
- View Dependent Claims (6, 7, 8)
- - 6. The typicality filter as recited in claim 5, wherein the predetermined proportion is a majority.
  - 7. The typicality filter as recited in claim 5, wherein the second action includes logging the present count without taking further corrective action.
  - 8. The typicality filter as recited in claim 5, wherein the plurality of earlier monitoring periods all begin at the same times on consecutive days previous to the present monitoring period.

9. A method suitable for filtering events in an information technology resource monitor, the method comprising the steps of:
- determining, by an event counter in a typicality filter, a present count of occurrences of an event for a present monitoring period;
  
  comparing the present count with numbers of occurrences of the event in a plurality of earlier monitoring periods;
  
  invoking a first action if the present count exceeds a predetermined proportion of the numbers of occurrences of the event in the plurality of earlier monitoring periods; and
  
  invoking a second action if the present count does not exceed the predetermined proportion of the numbers of occurrences of the event in the plurality of earlier monitoring periods.
- View Dependent Claims (10, 11)
- - 10. The method as recited in claim 9, wherein the predetermined proportion is a majority.
  - 11. The method as recited in claim 9, wherein the second action includes logging the present count without taking further corrective action.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Blaisdell, Russell C., Lake, John Michael, MacLellan, Scot
Primary Examiner(s)
Etienne, Ario
Assistant Examiner(s)
Williams, Clayton R

Application Number

US12/349,569
Publication Number

US 20090106777A1
Time in Patent Office

1,427 Days
Field of Search

None
US Class Current

709/224
CPC Class Codes

H04L 41/0622   based on time

H04L 41/0627   by acting on the notificati...

H04L 43/16   Threshold monitoring

Typicality filtering of event indicators for information technology resources

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

18 Citations

11 Claims

Specification

Solutions

Use Cases

Quick Links

Typicality filtering of event indicators for information technology resources

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

18 Citations

11 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links