Parallel incident processing
First Claim
1. A method of parallel incident processing in a distributed processing system, the method comprising:
- identifying, by an incident analyzer, a pool of incidents;
distributing, by the incident analyzer, the incidents across a plurality of threads of the incident analyzer, each thread having a set of incident processing rules;
generating by one or more threads of the plurality of threads of the incident analyzer, tuples, each tuple indicating a rule identification and a rule state;
identifying from the generated tuples, by the incident analyzer, tuples that have the same rule identification;
generating, by the incident analyzer, a merged tuple including merging the rule state of each of the identified tuples that have the same rule identification;
distributing, by the incident analyzer, across the plurality of threads of the incident analyzer, the merged tuple for incident suppression;
suppressing, by the plurality of threads of the incident analyzer, the merged tuple;
distributing, by the incident analyzer, across the plurality of threads, the suppressed merged tuple for execution of the rule, the rule corresponding to the same rule identification; and
generating by at least one thread of the plurality of threads of the incident analyzer, one or more alerts based on the execution of the rule.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, apparatuses, and computer program products for parallel incident processing are provided. Embodiments include an incident analyzer identifying a pool of incidents and distributing the incidents across a plurality of threads of the incident analyzer. One or more threads of the plurality of threads of the incident analyzer generate a tuple indicating a rule identification and a rule state. The incident analyzer also identifies from the generated tuples, tuples that have the same rule identification and generates a merged tuple by merging the rule state of each of the identified tuples that have the same rule identification.
215 Citations
17 Claims
-
1. A method of parallel incident processing in a distributed processing system, the method comprising:
-
identifying, by an incident analyzer, a pool of incidents; distributing, by the incident analyzer, the incidents across a plurality of threads of the incident analyzer, each thread having a set of incident processing rules; generating by one or more threads of the plurality of threads of the incident analyzer, tuples, each tuple indicating a rule identification and a rule state; identifying from the generated tuples, by the incident analyzer, tuples that have the same rule identification; generating, by the incident analyzer, a merged tuple including merging the rule state of each of the identified tuples that have the same rule identification; distributing, by the incident analyzer, across the plurality of threads of the incident analyzer, the merged tuple for incident suppression; suppressing, by the plurality of threads of the incident analyzer, the merged tuple; distributing, by the incident analyzer, across the plurality of threads, the suppressed merged tuple for execution of the rule, the rule corresponding to the same rule identification; and generating by at least one thread of the plurality of threads of the incident analyzer, one or more alerts based on the execution of the rule. - View Dependent Claims (2, 3, 4, 5, 6, 7)
-
-
8. An apparatus for parallel incident processing in a distributed processing system, the system comprising a computer processor and a computer memory operatively coupled to the computer processor, the computer memory having disposed within it computer program instructions that when executed by the computer processor cause the apparatus to carry out the steps of:
-
identifying, by an incident analyzer, a pool of incidents; distributing, by the incident analyzer, the incidents across a plurality of threads of the incident analyzer, each thread having a set of incident processing rules; generating by one or more threads of the plurality of threads of the incident analyzer, tuples, each tuple indicating a rule identification and a rule state; identifying from the generated tuples, by the incident analyzer, tuples that have the same rule identification; generating, by the incident analyzer, a merged tuple including merging the rule state of each of the identified tuples that have the same rule identification; distributing, by the incident analyzer, across the plurality of threads of the incident analyzer, the merged tuple for incident suppression; suppressing, by the plurality of threads of the incident analyzer, the merged tuple; distributing, by the incident analyzer, across the plurality of threads, the suppressed merged tuple for execution of the rule, the rule corresponding to the same rule identification; and generating by at least one thread of the plurality of threads of the incident analyzer, one or more alerts based on the execution of the rule. - View Dependent Claims (9, 10, 11, 12)
-
-
13. A computer program product for parallel incident processing in a distributed processing system, the computer program product disposed upon a computer readable storage medium, the computer program product comprising computer program instructions that when executed by a computer cause the computer to carry out the steps of:
-
identifying, by an incident analyzer, a pool of incidents; distributing, by the incident analyzer, the incidents across a plurality of threads of the incident analyzer, each thread having a set of incident processing rules; generating by one or more threads of the plurality of threads of the incident analyzer, tuples, each tuple indicating a rule identification and a rule state; identifying from the generated tuples, by the incident analyzer, tuples that have the same rule identification; generating, by the incident analyzer, a merged tuple including merging the rule state of each of the identified tuples that have the same rule identification; distributing, by the incident analyzer, across the plurality of threads of the incident analyzer, the merged tuple for incident suppression; suppressing, by the plurality of threads of the incident analyzer, the merged tuple; distributing, by the incident analyzer, across the plurality of threads, the suppressed merged tuple for execution of the rule, the rule corresponding to the same rule identification; and generating by at least one thread of the plurality of threads of the incident analyzer, one or more alerts based on the execution of the rule. - View Dependent Claims (14, 15, 16, 17)
-
Specification