Cross-cutting detection of event patterns
First Claim
1. An enterprise computing monitoring and management data processing system comprising:
- an event management computing platform coupled to a computing hierarchy of multiple nodes;
event processing logic disposed in the event management computing platform, the event processing logic comprising program code enabled to collect a plurality of events from different ones of the multiple nodes;
proximity detection logic comprising program code enabled to classify the plurality of the events according to a set of event attributes;
determine a temporal proximity of occurrence of first and second classified events;
further determine a frequency of occurrence of the temporal proximity between the first and the second classified events; and
,report a causal relationship, not previously identified, between the first and the second classified events when the frequency of occurrence exceeds a threshold value; and
a time based rolling window configured to display the different ones of the events of differing attribute sets in a specified time frame along parallel lines for different event source attributes.
1 Assignment
0 Petitions
Accused Products
Abstract
Embodiments of the present invention provide a method, system and computer program product for the detection of correlation rules in an enterprise computing monitoring and management system. In one embodiment of the invention, a method for detection of correlation rules can be provided. The method can include receiving events from multiple event sources, classifying the events according to a set of event attributes, determining a temporal proximity of occurrence of different classified events, further determining a frequency of occurrence of temporal proximity for particular classified events, and reporting a causal relationship between the particular classified events when the frequency of occurrence exceeds a threshold value.
-
Citations
16 Claims
-
1. An enterprise computing monitoring and management data processing system comprising:
-
an event management computing platform coupled to a computing hierarchy of multiple nodes; event processing logic disposed in the event management computing platform, the event processing logic comprising program code enabled to collect a plurality of events from different ones of the multiple nodes; proximity detection logic comprising program code enabled to classify the plurality of the events according to a set of event attributes; determine a temporal proximity of occurrence of first and second classified events; further determine a frequency of occurrence of the temporal proximity between the first and the second classified events; and
,report a causal relationship, not previously identified, between the first and the second classified events when the frequency of occurrence exceeds a threshold value; and a time based rolling window configured to display the different ones of the events of differing attribute sets in a specified time frame along parallel lines for different event source attributes. - View Dependent Claims (2, 3, 4)
-
-
5. A method for the detection of event correlation rules, the method comprising:
-
receiving a plurality of events from multiple event sources in a computer hierarchy of multiple nodes; classifying the plurality of the events according to a set of event attributes; determining a temporal proximity of occurrence of first and second classified events; further determining a frequency of occurrence of the temporal proximity between the first and the second classified events; reporting a causal relationship, not previously identified, between the first and the second classified events when the frequency of occurrence exceeds a threshold value; and rendering the different classified events in a time based rolling window for a specified time frame. - View Dependent Claims (6, 7, 8, 9, 10)
-
-
11. A computer program product comprising a computer usable storage medium embodying computer usable program code for the detection of event correlation rules, the computer program product including:
-
computer usable program code for receiving a plurality of events from multiple event sources in a computer hierarchy of multiple nodes; computer usable program code for classifying the plurality of the events according to a set of event attributes; computer usable program code for determining a temporal proximity of occurrence of first and second classified events; computer usable program code for further determining a frequency of occurrence of the temporal proximity between the first and the second classified events; computer usable program code for reporting a causal relationship, not previously identified, between the first and the second classified events when the frequency of occurrence exceeds a threshold value; and computer usable program code for rendering the different classified events in a time based rolling window for a specified time frame. - View Dependent Claims (12, 13, 14, 15, 16)
-
Specification