Parallel incident processing

US 9,170,860 B2
Filed: 07/26/2013
Issued: 10/27/2015
Est. Priority Date: 07/26/2013
Status: Active Grant

First Claim

Patent Images

1. A method of parallel incident processing in a distributed processing system, the method comprising:

identifying, by an incident analyzer, a pool of incidents;

distributing, by the incident analyzer, the incidents across a plurality of threads of the incident analyzer, each thread having a set of incident processing rules;

generating by one or more threads of the plurality of threads of the incident analyzer, tuples, each tuple indicating a rule identification and a rule state;

identifying from the generated tuples, by the incident analyzer, tuples that have the same rule identification;

generating, by the incident analyzer, a merged tuple including merging the rule state of each of the identified tuples that have the same rule identification;

distributing, by the incident analyzer, across the plurality of threads of the incident analyzer, the merged tuple for incident suppression;

suppressing, by the plurality of threads of the incident analyzer, the merged tuple;

distributing, by the incident analyzer, across the plurality of threads, the suppressed merged tuple for execution of the rule, the rule corresponding to the same rule identification; and

generating by at least one thread of the plurality of threads of the incident analyzer, one or more alerts based on the execution of the rule.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatuses, and computer program products for parallel incident processing are provided. Embodiments include an incident analyzer identifying a pool of incidents and distributing the incidents across a plurality of threads of the incident analyzer. One or more threads of the plurality of threads of the incident analyzer generate a tuple indicating a rule identification and a rule state. The incident analyzer also identifies from the generated tuples, tuples that have the same rule identification and generates a merged tuple by merging the rule state of each of the identified tuples that have the same rule identification.

215 Citations

17 Claims

1. A method of parallel incident processing in a distributed processing system, the method comprising:
- identifying, by an incident analyzer, a pool of incidents;
  
  distributing, by the incident analyzer, the incidents across a plurality of threads of the incident analyzer, each thread having a set of incident processing rules;
  
  generating by one or more threads of the plurality of threads of the incident analyzer, tuples, each tuple indicating a rule identification and a rule state;
  
  identifying from the generated tuples, by the incident analyzer, tuples that have the same rule identification;
  
  generating, by the incident analyzer, a merged tuple including merging the rule state of each of the identified tuples that have the same rule identification;
  
  distributing, by the incident analyzer, across the plurality of threads of the incident analyzer, the merged tuple for incident suppression;
  
  suppressing, by the plurality of threads of the incident analyzer, the merged tuple;
  
  distributing, by the incident analyzer, across the plurality of threads, the suppressed merged tuple for execution of the rule, the rule corresponding to the same rule identification; and
  
  generating by at least one thread of the plurality of threads of the incident analyzer, one or more alerts based on the execution of the rule.
- View Dependent Claims (2, 3, 4, 5, 6, 7)
- - 2. The method of claim 1 wherein the rule state is a collection of incidents.
  - 3. The method of claim 1 wherein the rule state represents that at least one incident has satisfied at least a portion of the rule.
  - 4. The method of claim 1 wherein the rule identification includes a location identification.
  - 5. The method of claim 1 wherein the rule identification includes a pool identification.
  - 6. The method of claim 1 wherein the incidents are alerts.
  - 7. The method of claim 1 wherein the incidents are events.

8. An apparatus for parallel incident processing in a distributed processing system, the system comprising a computer processor and a computer memory operatively coupled to the computer processor, the computer memory having disposed within it computer program instructions that when executed by the computer processor cause the apparatus to carry out the steps of:
- identifying, by an incident analyzer, a pool of incidents;
  
  distributing, by the incident analyzer, the incidents across a plurality of threads of the incident analyzer, each thread having a set of incident processing rules;
  
  generating by one or more threads of the plurality of threads of the incident analyzer, tuples, each tuple indicating a rule identification and a rule state;
  
  identifying from the generated tuples, by the incident analyzer, tuples that have the same rule identification;
  
  generating, by the incident analyzer, a merged tuple including merging the rule state of each of the identified tuples that have the same rule identification;
  
  distributing, by the incident analyzer, across the plurality of threads of the incident analyzer, the merged tuple for incident suppression;
  
  suppressing, by the plurality of threads of the incident analyzer, the merged tuple;
  
  distributing, by the incident analyzer, across the plurality of threads, the suppressed merged tuple for execution of the rule, the rule corresponding to the same rule identification; and
  
  generating by at least one thread of the plurality of threads of the incident analyzer, one or more alerts based on the execution of the rule.
- View Dependent Claims (9, 10, 11, 12)
- - 9. The apparatus of claim 8 wherein the rule state is a collection of incidents.
  - 10. The apparatus of claim 8 wherein the rule state represents that at least one incident has satisfied at least a portion of the rule.
  - 11. The apparatus of claim 8 wherein the rule identification includes a location identification.
  - 12. The apparatus of claim 8 wherein the rule identification includes a pool identification.

13. A computer program product for parallel incident processing in a distributed processing system, the computer program product disposed upon a computer readable storage medium, the computer program product comprising computer program instructions that when executed by a computer cause the computer to carry out the steps of:
- identifying, by an incident analyzer, a pool of incidents;
  
  distributing, by the incident analyzer, the incidents across a plurality of threads of the incident analyzer, each thread having a set of incident processing rules;
  
  generating by one or more threads of the plurality of threads of the incident analyzer, tuples, each tuple indicating a rule identification and a rule state;
  
  identifying from the generated tuples, by the incident analyzer, tuples that have the same rule identification;
  
  generating, by the incident analyzer, a merged tuple including merging the rule state of each of the identified tuples that have the same rule identification;
  
  distributing, by the incident analyzer, across the plurality of threads of the incident analyzer, the merged tuple for incident suppression;
  
  suppressing, by the plurality of threads of the incident analyzer, the merged tuple;
  
  distributing, by the incident analyzer, across the plurality of threads, the suppressed merged tuple for execution of the rule, the rule corresponding to the same rule identification; and
  
  generating by at least one thread of the plurality of threads of the incident analyzer, one or more alerts based on the execution of the rule.
- View Dependent Claims (14, 15, 16, 17)
- - 14. The computer program product of claim 13 wherein the rule state is a collection of incidents.
  - 15. The computer program product of claim 13 wherein the rule state represents that at least one incident has satisfied at least a portion of the rule.
  - 16. The computer program product of claim 13 wherein the rule identification includes a location identification.
  - 17. The computer program product of claim 13 wherein the rule identification includes a pool identification.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Carey, James E., Sanders, Philip J.
Primary Examiner(s)
DORAIS, CRAIG C

Application Number

US13/951,928
Publication Number

US 20150033243A1
Time in Patent Office

823 Days
Field of Search

None
US Class Current

1/1
CPC Class Codes

G06F 2209/544   Remote

G06F 2209/548   Queue

G06F 9/542   Event management; Broadcast...

Parallel incident processing

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

215 Citations

17 Claims

Specification

Solutions

Use Cases

Quick Links

Parallel incident processing

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

215 Citations

17 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links