Abnormality detection method, device and program
First Claim
Patent Images
1. An abnormality detection method for detecting abnormality in a system to be monitored, the method using a device including a processing section and a storage section,wherein the processing section executes the steps of:
- acquiring an access log and a process performance log from the system to be monitored;
sorting the acquired access log by time and recording the sorted access log as performance information by time;
extracting one or more process statuses corresponding to the recorded performance information by time from the acquired process performance log;
executing a task name assignment procedure to obtain one or more task names from the one or more extracted process statuses;
associating the one or more task names with the performance information by time and recording as one or more performance statuses; and
detecting abnormality based on a current performance status and a past performance status,wherein the step of detecting abnormality includes calculating a degree of difference between a current performance status and a past performance status included in the one or more recorded performance statuses,wherein the device is further provided with a display section; and
wherein the processing section further executes the steps of;
displaying the current performance status, the past performance status, the task names associated with the current and past performance statuses, and the calculated degree of difference on the display section;
sorting the one or more past performance statuses by the one or more associated task names;
selecting one of the one or more sorted past performance statuses according to a selection rule for use in calculating the degree of difference; and
calculating degrees of similarity between the task name associated with the current performance status and the one or more task names associated with the one or more sorted past performance statuses.
1 Assignment
0 Petitions
Accused Products
Abstract
Model data is generated from performance information sorted by day of the week, time period, and process status by a performance information analysis section and a process status analysis section. An abnormality determination section detects abnormality using appropriate model data. What the graph of an expected status is like, how much the graph of the current status that has been determined abnormal differs from the graph of the expected status, and how much the current status is like the expected status are displayed allowing a system manager to observe detailed information about abnormality determination.
-
Citations
7 Claims
-
1. An abnormality detection method for detecting abnormality in a system to be monitored, the method using a device including a processing section and a storage section,
wherein the processing section executes the steps of: -
acquiring an access log and a process performance log from the system to be monitored; sorting the acquired access log by time and recording the sorted access log as performance information by time; extracting one or more process statuses corresponding to the recorded performance information by time from the acquired process performance log; executing a task name assignment procedure to obtain one or more task names from the one or more extracted process statuses; associating the one or more task names with the performance information by time and recording as one or more performance statuses; and detecting abnormality based on a current performance status and a past performance status, wherein the step of detecting abnormality includes calculating a degree of difference between a current performance status and a past performance status included in the one or more recorded performance statuses, wherein the device is further provided with a display section; and wherein the processing section further executes the steps of; displaying the current performance status, the past performance status, the task names associated with the current and past performance statuses, and the calculated degree of difference on the display section; sorting the one or more past performance statuses by the one or more associated task names; selecting one of the one or more sorted past performance statuses according to a selection rule for use in calculating the degree of difference; and calculating degrees of similarity between the task name associated with the current performance status and the one or more task names associated with the one or more sorted past performance statuses. - View Dependent Claims (2, 3)
-
-
4. An abnormality detection device for detecting abnormality in a system to be monitored, comprising:
-
a processing section; and a storage section, wherein the processing section includes; a log collection control section which acquires an access log and a process performance log from the system to be monitored; a performance information analysis section which sorts the acquired access log by time and records the sorted access log as one or more performance statuses by time; a process status analysis/task name assignment section which extracts one or more process statuses of the one or more recorded performance statuses from the process performance log, obtains one or more task names from the one or more extracted process statuses, and records the one or more task names, associating them with the one or more recorded performance statuses; and a difference degree calculation section which calculates a degree of difference between a current performance status and a past performance status included in the one or more recorded performance statuses, wherein the processing section further includes a user interface control section which outputs and displays the current performance status, the past performance status, the task names associated with the current and past performance statuses, and the calculated degree of difference, wherein the storage section is provided with a selection rule table applied to select one of the one or more past performance statuses for use by the difference degree calculation section in calculating a degree of difference, and wherein the performance information analysis section performs; sorting the one or more past performance statuses by the associated task names, selecting one of the one or more recorded past performance statuses according to the selection rule table for use in calculating the degree of difference; and calculating degrees of similarity between the task name associated with the current performance status and the one or more task names associated with the one or more sorted past performance statuses. - View Dependent Claims (5)
-
-
6. A non-transitory computer readable storage medium storing an abnormality detection program for a device which includes a processing section and a storage section and which detects abnormality in a system to be monitored, the program causing the processing section to execute the steps of:
-
acquiring an access log and a process performance log from the system to be monitored; sorting the acquired access log by time and recording the sorted access log as performance information by time; extracting one or more process statuses corresponding to the performance information by time from the acquired process performance log; executing a task name assignment procedure to obtain one or more task names from the one or more extracted process statuses; associating the one or more task names with the performance information and recording as one or more performance statuses; and detecting abnormality based on a current performance status and a past performance status, wherein the step of detecting abnormality includes calculating a degree of difference between a current performance status and a past performance status included in the one or more recorded performance statuses, wherein the processing section is caused to execute the step of outputting the current performance status, the past performance status, the task names associated with the current and past performance statuses, and the calculated degree of difference, wherein the processing section is caused to further execute the steps of; sorting the past performance statuses by the associated task names; selecting one of the one or more sorted past performance statuses according to a selection rule for use in calculating the degree of difference; and calculating degrees of similarity between the task name associated with the current performance status and the one or more task names associated with the one or more sorted past performance statuses, and wherein the step of outputting includes displaying one or more of the one or more performance statuses whose calculated degrees of similarity are high. - View Dependent Claims (7)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeHitachi, Ltd.
-
Original AssigneeHitachi, Ltd.
-
InventorsNakamura, Tomohiro, Kikuchi, Katsuro, Nakagawa, Hiromitsu, Mori, Yasuhide
-
Primary Examiner(s)PATEL, KAMINI B
-
Application NumberUS12/709,832Publication NumberTime in Patent Office1,051 DaysField of Search714/36US Class Current714/26CPC Class CodesG06F 11/0709 in a distributed system con...G06F 11/0748 in a remote unit communicat...G06F 11/0751 Error or fault detection no...G06F 11/3476 Data logging G06F11/14, G06...G06F 2201/875 Monitoring of systems inclu...
