Business to business network management event detection and response system and method
First Claim
1. In an enterprise system including a network, a method of processing events within the enterprise system, said method comprising the steps of:
- conducting pattern recognition analysis on incoming event data records, the pattern recognition analysis supplementing said incoming event data records if the incoming event data records hold data that match predetermined logic parameters;
aggregating said event data records from multiple disparate sources within the enterprise system to an aggregation manager, said event data records containing event data that identifies events indicative of one of an operation failure or an operation error in the enterprise system;
processing said event data records to produce modified event data records that include additional informational data regarding said event data, the additional informational data comprising client specific information useful in obtaining resolution of the event or events that resulted in the generation of the event data records, the processing including accessing a database to obtain said informational data and merging said informational data with event data contained in said event data records to produce said modified event data records;
analyzing said modified event data records to determine whether a response is required, the step of analyzing including screening the modified event data records, wherein the number of events in which a response is required is minimized; and
automatically responding without any manual intervention to at least one of said modified event data records to provide an appropriate response when it is determined that a response is required, including forwarding at least a portion of the event data and the informational data contained in said one modified event data record to a response capability, and enabling the response capability to send a notification to a vendor that services said portion of the network, said notification identifying a detected event;
wherein the automatically responding includes automatically initiating testing of at least a part of said portion of the network.
5 Assignments
0 Petitions
Accused Products
Abstract
A network management system includes an automatic reconnaissance (resolution) component which, in one embodiment, includes four main operational components, namely a real-time parse/analysis component, a data merge component, a data analysis component, and a response capability component. These four components interact to provide real-time event recognition and response. The network management system efficiently receives, parses, and comprehends a large amount of event and statistical data that could be indicative of a network systems operation failure with resultant response actions initiated through such an infrastructure improving mean time to recovery.
-
Citations
40 Claims
-
1. In an enterprise system including a network, a method of processing events within the enterprise system, said method comprising the steps of:
-
conducting pattern recognition analysis on incoming event data records, the pattern recognition analysis supplementing said incoming event data records if the incoming event data records hold data that match predetermined logic parameters; aggregating said event data records from multiple disparate sources within the enterprise system to an aggregation manager, said event data records containing event data that identifies events indicative of one of an operation failure or an operation error in the enterprise system; processing said event data records to produce modified event data records that include additional informational data regarding said event data, the additional informational data comprising client specific information useful in obtaining resolution of the event or events that resulted in the generation of the event data records, the processing including accessing a database to obtain said informational data and merging said informational data with event data contained in said event data records to produce said modified event data records; analyzing said modified event data records to determine whether a response is required, the step of analyzing including screening the modified event data records, wherein the number of events in which a response is required is minimized; and automatically responding without any manual intervention to at least one of said modified event data records to provide an appropriate response when it is determined that a response is required, including forwarding at least a portion of the event data and the informational data contained in said one modified event data record to a response capability, and enabling the response capability to send a notification to a vendor that services said portion of the network, said notification identifying a detected event; wherein the automatically responding includes automatically initiating testing of at least a part of said portion of the network. - View Dependent Claims (2, 3, 4, 5)
-
-
6. A method of responding to the detection of events occurring within a network of an enterprise system, said method comprising the steps of:
-
conducting pattern recognition analysis on incoming event data records, the pattern recognition analysis supplementing said incoming event data records if the incoming event data records hold data that match predetermined logic parameters; aggregating said event data records from multiple disparate sources within the enterprise system to detect events indicative of one of an operation failure or an operation error in the network; normalizing said event data records to produce normalized event data records that include client data specific to events and useful in obtaining resolution of the event or events that resulted in the generation of the event data, the normalizing including merging client data specific to events with event data contained in event data records to provide a normalized event data records for assisting in analyzing event data records and providing an appropriate response; storing said normalized event data records in a data store; analyzing said normalized event data records to determine whether an event is an alarmable event that requires a response, the step of analyzing including screening the normalized event data records, wherein the number of events in which a response is required is minimized; and providing an appropriate response to each alarmable event wherein the step of providing an appropriate response includes the steps of;
forwarding at least a portion of the event data and the informational data contained in a modified event data record to a response capability,enabling the response capability sending a notification to a vendor that services a portion of the network, said notification identifying a detected event and automatically without any manual intervention initiating of said portion of the network in which an alarmable event is detected, and automatically initiating testing of at least a part of said portion of the network. - View Dependent Claims (7, 8, 9, 10, 11, 12, 13, 14)
-
-
15. A method in a network management system for monitoring a network, the method comprising the steps of:
-
conducting, using a processor, pattern recognition analysis on incoming event data records, the pattern recognition analysis supplementing said incoming data event records if the incoming event data records hold data that match predetermined logic parameters; aggregating the event data records from multiple disparate sources within the enterprise system to an aggregation manager; analyzing the event data records to identify events indicative of one of an operation failure or an operation error in the network; extracting from the event data records event data required to obtain resolution of events; accessing a database to obtain client data useful in obtaining resolution of the event or events that resulted in the generation of the event data records; processing said event data records to produce modified event data records that include additional informational data regarding said event data, the processing including merging said client data with the extracted event data to provide normalized event data records; analyzing the normalized event data records to determine whether an event is an alarmable event that requires a response, the step of analyzing including screening the normalized event data records to minimize the number of events in which a response is required; automatically without any manual intervention responding to alarmable events to obtain resolution of the alarmable events, including automatically contacting a vendor that services a portion of the network, including forwarding at least a portion of the event data to a response capability, and enabling the response capability to send a notification to a vendor that services a portion of the network, said notification identifying a detected event; wherein the automatically responding includes automatically initiating testing of at least a part of the portion of the network. - View Dependent Claims (16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A system for managing operations of a network, comprising:
-
a cached data store implemented as a hardware memory; a database storing client data; an event pattern recognition processor configured to conduct pattern recognition analysis on incoming event data records, the event pattern recognition processor configured to supplement said incoming event data records, if the incoming event data records hold data that match predetermined logic parameters; an aggregation manager including a parse and analysis component, a data merge component, and a data analysis component, wherein the aggregation manager is configured to, automatically without any manual intervention, initiate testing of at least part of the portion of the network, the parse and analysis component configured to parsing the event data contained in said event data records to remove extraneous data and provide extracted event data for use in resolving the event; said data merge component configured to use said extracted event data to access the database to obtain client data related to the event data and to merge client data obtained from the database with the event data; said data analysis component configured to analyze the normalized event data to determine whether an event is an alarmable event, the step of analyzing the normalized event data including screening the normalized event data, wherein the number of events in which a response is required is minimized; and a response component configured to respond to normalized event data for alarmable events, without any manual intervention, to initiate the obtaining of resolution of the alarmable events, wherein the response component is configured to automatically contact a vendor that services a portion of the network to obtain resolution of alarmable events, including forwarding at least a portion of the merged event data to a response capability, and enabling the response capability to send a notification to a vendor that services said portion of the network, said notification identifying a detected event, and the response component is further configured to automatically initiate testing of at least a part of said portion of the network. - View Dependent Claims (29, 30, 31, 32, 33, 34, 35, 36, 37, 38, 39, 40)
-
Specification