Methods for decomposing events from managed infrastructures
First Claim
Patent Images
1. A method for clustering events, comprising:
- receiving messages at an extraction engine from managed infrastructure that includes managed infrastructure physical hardware that supports the flow and processing of information;
producing events that relate to the managed infrastructure and converting the events into words and subsets used to group the events that relate to failures or errors in the managed infrastructure, including the managed infrastructure physical hardware;
providing a sigalizer engine that includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine, the sigalizer engine determining one or more common characteristics of events and producing clusters of events relating to the failure or errors in the managed infrastructure, the topology proximity engine using a source address for each event and a graph topology of the managed infrastructure which represents node to node connectivity of the topology proximity engine and assigns a graph coordinate to the event with an optional subset of attributes being extracted for each event and turned into a vector, the topology engine inputting a list of devices and a list a connections between components or nodes in the managed infrastructure;
where membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information; and
in response to production of the clusters making one or more physical changes in the managed infrastructure hardware.
5 Assignments
0 Petitions
Accused Products
Abstract
Methods are provided for clustering events. Data is received at an extraction engine from managed infrastructure. Events are converted into alerts and the alerts mapped to a matrix M. One or more common steps are determined from the events and clusters of events are produced relating to the alerts and or events.
-
Citations
21 Claims
-
1. A method for clustering events, comprising:
-
receiving messages at an extraction engine from managed infrastructure that includes managed infrastructure physical hardware that supports the flow and processing of information; producing events that relate to the managed infrastructure and converting the events into words and subsets used to group the events that relate to failures or errors in the managed infrastructure, including the managed infrastructure physical hardware; providing a sigalizer engine that includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine, the sigalizer engine determining one or more common characteristics of events and producing clusters of events relating to the failure or errors in the managed infrastructure, the topology proximity engine using a source address for each event and a graph topology of the managed infrastructure which represents node to node connectivity of the topology proximity engine and assigns a graph coordinate to the event with an optional subset of attributes being extracted for each event and turned into a vector, the topology engine inputting a list of devices and a list a connections between components or nodes in the managed infrastructure; where membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information; and in response to production of the clusters making one or more physical changes in the managed infrastructure hardware. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21)
-
Specification