Method and system for time-based correlation of events
First Claim
1. A method, comprising:
- receiving, from an interface, event information corresponding to an event associated with the operation of a system;
identifying, at a processor, related event information corresponding to a plurality of events that occurred before the event, wherein the event is related to the plurality of events;
storing, in a memory, the event information and the related event information as a group of events;
determining, at the processor, whether the group of events occurred within a first specified amount of time, by;
identifying a time window ending at the occurrence of the event and beginning the first specified amount of time before the occurrence of the event;
determining whether each event of the group of events occurred during the identified time window;
determining, at the processor, whether an intervening reset event was detected during the identified time window;
if the intervening reset event was detected during the identified time window, deleting all events, of the plurality of events, that occurred before the intervening reset event; and
identifying, at the processor, an incident associated with the group of events in response to determining that no intervening reset event was detected during the identified time window, and that the group of events occurred within the first specified amount of time.
2 Assignments
0 Petitions
Accused Products
Abstract
A method includes receiving event information corresponding to an event associated with the operation of a system. The method also includes identifying related event information corresponding to a plurality of events that occurred before the event, wherein the event is related to the plurality of events. The method also includes storing the event information and the related event information as a group of events. The method further includes determining whether the group of events occurred within a first specified amount of time by identifying a time window ending at the occurrence of the event and beginning the first specified amount of time before the occurrence of the event and determining whether each event of the group of events occurred during the identified time window. The method further includes identifying an incident associated with the group of events upon determining that the group of events occurred within the first specified amount of time.
-
Citations
27 Claims
-
1. A method, comprising:
-
receiving, from an interface, event information corresponding to an event associated with the operation of a system; identifying, at a processor, related event information corresponding to a plurality of events that occurred before the event, wherein the event is related to the plurality of events; storing, in a memory, the event information and the related event information as a group of events; determining, at the processor, whether the group of events occurred within a first specified amount of time, by; identifying a time window ending at the occurrence of the event and beginning the first specified amount of time before the occurrence of the event; determining whether each event of the group of events occurred during the identified time window; determining, at the processor, whether an intervening reset event was detected during the identified time window; if the intervening reset event was detected during the identified time window, deleting all events, of the plurality of events, that occurred before the intervening reset event; and identifying, at the processor, an incident associated with the group of events in response to determining that no intervening reset event was detected during the identified time window, and that the group of events occurred within the first specified amount of time. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9)
-
-
10. A system, comprising:
-
an interface operable to receive event information corresponding to an event; a processor coupled to the interface and operable to identify related event information corresponding to a plurality of events that occurred before the event, wherein the event is related to the plurality of events; a memory coupled to the processor and operable to store the event information and the related event information as a group of events; and wherein the processor is further operable to; determine whether the group of events occurred within a first specified amount of time, by; identifying a time window ending at the occurrence of the event and beginning the first specified amount of time before the occurrence of the event; determining whether each event of the group of events occurred during the identified time window; and determine whether an intervening reset event was detected during the identified time window; if the intervening reset event was detected during the identified time window, deleting all events, of the plurality of events, that occurred before the intervening reset event; and identify an incident associated with the group of events in response to determining that no intervening reset event was detected during the identified time window, and that the group of events occurred within the first specified amount of time. - View Dependent Claims (11, 12, 13, 14, 15, 16, 17, 18)
-
-
19. Logic embodied in non-transitory computer readable media, the logic, when executed by a processor, operable to:
-
receive event information corresponding to an event associated with the operation of a system; identify related event information corresponding to a plurality of events that occurred before the event, wherein the event is related to the plurality of events; store the event information and the related event information as a group of events; determine whether the group of events occurred within a first specified amount of time, by; identifying a time window ending at the occurrence of the event and beginning the first specified amount of time before the occurrence of the event; determining whether each event of the group of events occurred during the identified time window; and determine whether an intervening reset event was detected during the identified time window; if the intervening reset event was detected during the identified time window, deleting all events, of the plurality of events, that occurred before the intervening reset event; and identify an incident associated with the group of events in response to determining that no intervening reset event was detected during the identified time window, and that the group of events occurred within the first specified amount of time. - View Dependent Claims (20, 21, 22, 23, 24, 25, 26, 27)
-
Specification