Administering incident pools for event and alert analysis
First Claim
Patent Images
1. A method of administering incident pools for event and alert analysis in a distributed processing system, the method comprising:
- assigning, by an incident analyzer, a plurality of incidents received from one or more components of the distributed processing system to a pool of incidents;
assigning, by the incident analyzer, to each incident assigned to the pool of incidents, a particular combined minimum time for inclusion of the incident in one or more pools;
in response to a determination that the pool of incidents is closing, determining, by the incident analyzer, for each incident in the pool of incidents, whether the incident has met its combined minimum time for inclusion in one or more pools;
if the incident has been in one or more pools for its combined minimum time, including, by the incident analyzer, the incident in a closed pool that results from the pool of incidents closing;
if the incident has not been in one or more pools for its combined minimum time, moving, by the incident analyzer, the incident to a next pool including forwarding to the next pool, by the incident analyzer, any associations between the incident and any other incidents that are included in the pool;
applying, by the incident analyzer, incident suppression rules using the incidents moved to the next pool, including preventing, in the next pool, alerts that are only generated based on incidents that generated previous alerts in the closed pool by;
identifying incidents that generated alerts in the closed pool before being moved to the next pool;
determining that a potential alert is generated in the next pool based entirely on one or more of the identified incidents; and
preventing the potential alert generated based entirely on one or more of the identified incidents for generating an alert; and
applying, by the incident analyzer, incident creation rules to the incidents moved to the next pool, while omitting any duplicate incidents caused by moving the incident to the next pool.
1 Assignment
0 Petitions
Accused Products
Abstract
Administering incident pools including assigning an incident received from one or more components of the distributed processing system to a pool of incidents; assigning to each incident a particular combined minimum time for inclusion of the incident in the pool; in response to the pool closing, determining for each incident in the pool whether the incident has met its combined minimum time for inclusion in the pool; if the incident has been in the pool for its combined minimum time, including the incident in the closed pool; if the incident has not been in the pool for its combined minimum time, moving the incident from the closed pool to a next pool; applying incident suppression rules using the incidents assigned to the next pool; and applying incident creation rules to the incidents that were assigned to the next pool, while omitting any duplicate incidents caused by the assignment.
172 Citations
7 Claims
-
1. A method of administering incident pools for event and alert analysis in a distributed processing system, the method comprising:
-
assigning, by an incident analyzer, a plurality of incidents received from one or more components of the distributed processing system to a pool of incidents; assigning, by the incident analyzer, to each incident assigned to the pool of incidents, a particular combined minimum time for inclusion of the incident in one or more pools; in response to a determination that the pool of incidents is closing, determining, by the incident analyzer, for each incident in the pool of incidents, whether the incident has met its combined minimum time for inclusion in one or more pools; if the incident has been in one or more pools for its combined minimum time, including, by the incident analyzer, the incident in a closed pool that results from the pool of incidents closing; if the incident has not been in one or more pools for its combined minimum time, moving, by the incident analyzer, the incident to a next pool including forwarding to the next pool, by the incident analyzer, any associations between the incident and any other incidents that are included in the pool; applying, by the incident analyzer, incident suppression rules using the incidents moved to the next pool, including preventing, in the next pool, alerts that are only generated based on incidents that generated previous alerts in the closed pool by; identifying incidents that generated alerts in the closed pool before being moved to the next pool; determining that a potential alert is generated in the next pool based entirely on one or more of the identified incidents; and preventing the potential alert generated based entirely on one or more of the identified incidents for generating an alert; and applying, by the incident analyzer, incident creation rules to the incidents moved to the next pool, while omitting any duplicate incidents caused by moving the incident to the next pool. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A method of administering incident pools for event and alert analysis in a distributed processing system, the method comprising:
-
assigning, by an incident analyzer, a plurality of incidents received from one or more components of the distributed processing system to a pool of incidents; assigning, by the incident analyzer, to each incident assigned to the pool of incidents, a particular combined minimum time for inclusion of the incident in one or more pools; in response to a determination that the pool of incidents is closing, determining, by the incident analyzer, for each incident in the pool of incidents, whether the incident has met its combined minimum time for inclusion in one or more pools; if the incident has been in one or more pools for its combined minimum time, including, by the incident analyzer, the incident in a closed pool that results from the pool of incidents closing; if the incident has not been in one or more pools for its combined minimum time, moving, by the incident analyzer, the incident to a next pool; applying, by the incident analyzer, incident suppression rules using the incidents moved to the next pool, wherein applying incident suppression rules using the incidents assigned to the next pool includes preventing within the next pool, alerts that are only generated based on incidents that generated previous alerts in the closed pool; applying, by the incident analyzer, incident creation rules to the incidents moved to the next pool, while omitting any duplicate incidents caused by moving the incident to the next pool, wherein the moving the incident to the next pool includes forwarding to the next pool, by the incident analyzer, any associations between the incident and any other incidents that are included in the pool; and wherein applying incident creation rules to only incidents that were not moved from the closed pool to the next pool includes creating one or more additional incidents based on the incidents that were not moved from the closed pool to the next pool, wherein the additional incidents are alerts.
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsCarey, James E., Sanders, Philip J.
-
Primary Examiner(s)Dao, Tuan
-
Assistant Examiner(s)Kraft, Shih-Wei
-
Application NumberUS13/710,523Publication NumberTime in Patent Office707 DaysField of SearchNoneUS Class Current719/318CPC Class CodesG06F 9/542 Event management; Broadcast...G06Q 10/00 Administration; ManagementG06Q 10/10 Office automation; Time man...
