Flexible event data content management for relevant event and alert analysis within a distributed processing system
First Claim
Patent Images
1. A system for flexible event data content management for relevant event and alert analysis within a distributed processing system, the system comprising a computer processor, a computer memory operatively coupled to the computer processor, the computer memory having disposed within it computer program instructions capable, when executed by the computer processor, of causing the system to carry out the steps of:
- capturing, by each of a plurality of interface connectors, an event from a resource of a component of the distributed processing system, wherein each of the one or more events is a notification of an error occurring in a hardware component of the distributed computing system, wherein each event is identified by an event identifier, wherein each event identifier is unique such that no two interface connectors capture events with identical event identifiers;
inserting, by each of the plurality of interface connectors, one or more of the events into an event database, wherein no two interface connectors insert events with identical event identifiers into the event database;
receiving from the plurality of interface connectors, by the notifier, a plurality of notifications of insertion of the plurality of events into the event database,wherein each notification of insertion corresponds to each insertion of an event into the event database;
based on the received notifications, tracking, by the notifier, the number of events indicated as inserted into the event database;
receiving from the notifier, by a monitor, a cumulative notification indicating the number of all of the events that have been inserted into the event database as indicated by the plurality of notifications received by the notifier, wherein the monitor retrieves the notification of insertion of the events inserted into the event database without polling the event database, wherein the cumulative notification is transmitted in response to the notifier determining that the number of events that the interface connector has indicated have been inserted into the event database exceeds a predetermined number;
in response to receiving the cumulative notification, retrieving, by the monitor, from the event database, events inserted into the event database; and
processing, by the monitor, the retrieved events, including;
identifying, in dependence upon the retrieved events, one or more alerts; and
processing the one or more alerts in dependence upon one or more alert analysis rules.
1 Assignment
0 Petitions
Accused Products
Abstract
Methods, systems, and computer program products for flexible event data content management for relevant event and alert analysis within a distributed processing system are provided. Embodiments include capturing, by an interface connector, an event from a resource of the distributed processing system; inserting, by the interface connector, the event into an event database; receiving from the interface connector, by a notifier, a notification of insertion of the event into the event database; based on the received notification, tracking, by the notifier, the number of events indicated as inserted into the event database; receiving from the notifier, by a monitor, a cumulative notification indicating the number of events that have been inserted into the event database; in response to receiving the cumulative notification, retrieving, by the monitor, from the event database, events inserted into the event database; and processing, by the monitor, the retrieved events.
228 Citations
6 Claims
-
1. A system for flexible event data content management for relevant event and alert analysis within a distributed processing system, the system comprising a computer processor, a computer memory operatively coupled to the computer processor, the computer memory having disposed within it computer program instructions capable, when executed by the computer processor, of causing the system to carry out the steps of:
-
capturing, by each of a plurality of interface connectors, an event from a resource of a component of the distributed processing system, wherein each of the one or more events is a notification of an error occurring in a hardware component of the distributed computing system, wherein each event is identified by an event identifier, wherein each event identifier is unique such that no two interface connectors capture events with identical event identifiers; inserting, by each of the plurality of interface connectors, one or more of the events into an event database, wherein no two interface connectors insert events with identical event identifiers into the event database; receiving from the plurality of interface connectors, by the notifier, a plurality of notifications of insertion of the plurality of events into the event database, wherein each notification of insertion corresponds to each insertion of an event into the event database; based on the received notifications, tracking, by the notifier, the number of events indicated as inserted into the event database; receiving from the notifier, by a monitor, a cumulative notification indicating the number of all of the events that have been inserted into the event database as indicated by the plurality of notifications received by the notifier, wherein the monitor retrieves the notification of insertion of the events inserted into the event database without polling the event database, wherein the cumulative notification is transmitted in response to the notifier determining that the number of events that the interface connector has indicated have been inserted into the event database exceeds a predetermined number; in response to receiving the cumulative notification, retrieving, by the monitor, from the event database, events inserted into the event database; and processing, by the monitor, the retrieved events, including; identifying, in dependence upon the retrieved events, one or more alerts; and processing the one or more alerts in dependence upon one or more alert analysis rules. - View Dependent Claims (2, 3)
-
-
4. A computer program product for restarting event and alert analysis in a distributed processing system, the computer program product disposed upon a non-transmission computer readable storage medium, wherein the non-transmission computer readable storage medium is not a signal, the computer program product comprising computer program instructions that when executed by a computer cause the computer to carry out the steps of:
-
capturing, by each of a plurality of interface connectors, an event from a resource of a component of the distributed processing system, wherein each of the one or more events is a notification of an error occurring in a hardware component of the distributed computing system, wherein each event is identified by an event identifier, wherein each event identifier is unique such that no two interface connectors capture events with identical event identifiers; inserting, by each of the plurality of interface connectors, one or more of the events into an event database, wherein no two interface connectors insert events with identical event identifiers into the event database; receiving from the plurality of interface connectors, by the notifier, a plurality of notifications of insertion of the plurality of events into the event database, wherein each notification of insertion corresponds to each insertion of an event into the event database; based on the received notifications, tracking, by the notifier, the number of events indicated as inserted into the event database; receiving from the notifier, by a monitor, a cumulative notification indicating the number of all of the events that have been inserted into the event database as indicated by the plurality of notifications received by the notifier, wherein the monitor retrieves the notification of insertion of the events inserted into the event database without polling the event database, wherein the cumulative notification is transmitted in response to the notifier determining that the number of events that the interface connector has indicated have been inserted into the event database exceeds a predetermined number; in response to receiving the cumulative notification, retrieving, by the monitor, from the event database, events inserted into the event database; and processing, by the monitor, the retrieved events, including; identifying, in dependence upon the retrieved events, one or more alerts; and processing the one or more alerts in dependence upon one or more alert analysis rules. - View Dependent Claims (5, 6)
-
Specification
-
- Resources
Litigation Campaign Assessment
Thank you for your request. You will receive a custom alert email when the Litigation Campaign Assessment is available.
×
-
Current AssigneeInternational Business Machines Corporation
-
Original AssigneeInternational Business Machines Corporation
-
InventorsCarey, James E., Markland, Matthew W., Sanders, Philip J.
-
Primary Examiner(s)Onat, Umut
-
Application NumberUS13/166,470Publication NumberTime in Patent Office1,882 DaysField of SearchNoneUS Class Current1/1CPC Class CodesG06F 9/542 Event management; Broadcast...H03M 13/1102 Codes on graphs and decodin...H04B 7/0413 MIMO systemsH04L 1/0041 Arrangements at the transmi...
