Managing incident reports

US 8,959,063 B2
Filed: 09/19/2012
Issued: 02/17/2015
Est. Priority Date: 09/19/2012
Status: Active Grant

First Claim

Patent Images

1. A computer-implemented method for managing system alert incidents, comprising:

receiving, from a plurality of tenants in at least one multi-tenant system, a plurality of alert reports, each alert report representing at least one system alert incident associated with the plurality of tenants in the at least one multi-tenant systems;

analyzing, by a hardware processor, the plurality of alert reports for duplicate alert reports, wherein analyzing the plurality of received alert reports includes;

identifying duplicate alert reports, wherein identifying the duplicate alert reports comprises;

generating a hash code corresponding to each of the plurality of alert reports; and

comparing each of the generated hash codes with each of the other generated hash codes and previously-generated hash codes associated with previously received alert reports to identify duplicate alert reports having similar generated hash codes;

correlating each duplicate alert report of the plurality of duplicate alert reports into a correlated incident report; and

aggregating the correlated incident reports into at least one summarized incident report.

View all claims

2 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

The present disclosure describes methods, systems, and computer program products for managing incident reports can include receiving alert messages from multiple tenants and aggregating the alert messages into a reduced, correlated incident reports. For example, the method includes receiving, from a number of tenants, alert reports that represent at least one system alert incident associated with the tenants. The alert reports can be collected and analyzed for duplicate reports. The analysis for duplicate reports can include identifying a number of duplicate alert reports and correlating each identified duplicate alert reports into a correlated incident report. The correlated incident report can be aggregated into a summarized incident report for processing.

72 Citations

View as Search Results

17 Claims

1. A computer-implemented method for managing system alert incidents, comprising:
- receiving, from a plurality of tenants in at least one multi-tenant system, a plurality of alert reports, each alert report representing at least one system alert incident associated with the plurality of tenants in the at least one multi-tenant systems;
  
  analyzing, by a hardware processor, the plurality of alert reports for duplicate alert reports, wherein analyzing the plurality of received alert reports includes;
  
  identifying duplicate alert reports, wherein identifying the duplicate alert reports comprises;
  
  generating a hash code corresponding to each of the plurality of alert reports; and
  
  comparing each of the generated hash codes with each of the other generated hash codes and previously-generated hash codes associated with previously received alert reports to identify duplicate alert reports having similar generated hash codes;
  
  correlating each duplicate alert report of the plurality of duplicate alert reports into a correlated incident report; and
  
  aggregating the correlated incident reports into at least one summarized incident report.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
- - 2. The method of claim 1, further comprising sending the at least one summarized incident report to a multi-tenant monitoring system for processing.
  - 3. The method of claim 2, wherein correlating the plurality of alert reports comprises identifying a correlation key where the correlation key corresponds to at least one generated hash code of a particular alert report, the method further comprising:
    - identifying a common correlation key for at least two alert reports; and
      
      associating the at least two alert reports having the common correlation key with a correlated incident report.
  - 4. The method of claim 1, wherein the plurality of alert reports are received at a multi-tenant monitoring system, the method further comprising:
    - identifying at least one preexisting summarized incident report at the multi-tenant monitoring system; and
      
      comparing the at least one summarized incident report with the at least one preexisting summarized incident reports.
  - 5. The method of claim 1, further comprising:
    - collecting, at a system tenant of a particular multi-tenant system, the plurality of alert reports associated with a particular multi-tenant system prior to analyzing the plurality of alert reports from the single multitenant system.
  - 6. The method of claim 1, wherein the plurality of alert reports comprises system problem reports (SPR).
  - 7. The method of claim 6, wherein each alert report of the plurality of alert reports is generated in a corresponding tenant of a multi-tenant system.
  - 8. The method of claim 6, wherein each alert reports comprises alert classification fields of at least one of check group, check ID, event key, or key fields.
  - 9. The method of claim 1, wherein the received alert reports are received from at least a first multi-tenant system and a second multi-tenant system different than the first multi-tenant system.

10. A tangible, non-transitory computer readable medium encoded with a computer program, the program comprising instructions that when executed by one or more hardware processors cause the one or more hardware processors to perform operations for authenticating an end user comprising:
- receiving, from a plurality of tenants in at least one multi-tenant system, a plurality of alert reports, each alert report representing at least one system alert incident associated with the plurality of tenants in the at least one multi-tenant systems;
  
  analyzing the plurality of alert reports for duplicate alert reports, wherein analyzing the plurality of received alert reports includes;
  
  identifying duplicate alert reports, wherein identifying the duplicate alert reports comprises;
  
  generating a hash code corresponding to each of the plurality of alert reports; and
  
  comparing each of the generated hash codes with each of the other generated hash codes and previously-generated hash codes associated with previously received alert reports to identify duplicate alert reports having similar generated hash codes;
  
  correlating each duplicate alert report of the plurality of duplicate alert reports into a correlated incident report; and
  
  aggregating the correlated incident reports into at least one summarized incident report.
- View Dependent Claims (11, 12, 13)
- - 11. The computer readable medium with the computer program of claim 10, further comprising instructions that when executed by one or more computers cause the one or more computers to perform operations comprising sending the at least one summarized incident report to a multi-tenant monitoring system for processing.
  - 12. The computer readable medium with the computer program of claim 10, wherein correlating the plurality of alert reports comprises defining a correlation key, where the correlation key corresponds to at least one generated hash code of a particular alert report, the operations further comprising:
    - identifying a common correlation key for at least two alert reports; and
      
      associating the at least two alert reports having the common correlation key with a correlated incident report.
  - 13. The computer readable medium with the computer program of claim 10, further comprising instructions that when executed by one or more computers cause the one or more computers to perform operations comprising collecting, at a system tenant of a particular multi-tenant system, the plurality of alert reports associated with a particular multi-tenant system prior to analyzing the plurality of alert reports from the single multitenant system.

14. A system comprising:
- a hardware processor interoperably coupled with a computer-readable medium storing computer instructions executable by the hardware processor to perform operations comprising;
  
  receiving, from a plurality of tenants in at least one multi-tenant system, a plurality of alert reports, each alert report representing at least one system alert incident associated with the plurality of tenants in the at least one multi-tenant systems;
  
  analyzing the plurality of alert reports for duplicate alert reports, wherein analyzing the plurality of received alert reports includes;
  
  identifying duplicate alert reports, wherein identifying the duplicate alert reports comprises;
  
  generating a hash code corresponding to each of the plurality of alert reports; and
  
  comparing each of the generated hash codes with each of the other generated hash codes and previously-generated hash codes associated with previously received alert reports to identify duplicate alert reports having similar generated hash codes;
  
  correlating each duplicate alert report of the plurality of duplicate alert reports into a correlated incident report; and
  
  aggregating the correlated incident reports into at least one summarized incident report.
- View Dependent Claims (15, 16, 17)
- - 15. The system of claim 14, the operations further comprising sending the at least one summarized incident report to a service provider cockpit for processing.
  - 16. The system of claim 14, wherein correlating the plurality of alert reports comprises defining a correlation key, where the correlation key corresponds to at least one generated hash code of a particular alert report, the operations further comprising:
    - identifying a common correlation key for at least two alert reports; and
      
      associating the at least two alert reports having the common correlation key with a correlated incident report.
  - 17. The system of claim 14, the operations further comprising collecting, at a system tenant of a particular multi-tenant system, the plurality of alert reports associated with a particular multi-tenant system prior to analyzing the plurality of alert reports from the single multitenant system.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
SAP SE
Original Assignee
SAP SE
Inventors
Haeberle, Tilmann, Stegmueller, Herbert
Primary Examiner(s)
NGUYEN, PHONG H

Application Number

US13/622,676
Publication Number

US 20140081925A1
Time in Patent Office

881 Days
Field of Search

707/664, 707/692, 707/758, 707/792, 707/805
US Class Current

707/692
CPC Class Codes

G06F 11/0709   in a distributed system con...

G06F 11/0766   Error or fault reporting or...

G06F 16/174   Redundancy elimination perf...

G06F 16/24556   Aggregation; Duplicate elim...

G06F 16/904   Browsing; Visualisation the...

Managing incident reports

First Claim

2 Assignments

0 Petitions

Accused Products

Abstract

72 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Managing incident reports

First Claim

2 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

72 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links