Event and alert analysis in a distributed processing system

US 9,602,337 B2
Filed: 09/11/2013
Issued: 03/21/2017
Est. Priority Date: 09/11/2013
Status: Active Grant

First Claim

Patent Images

1. An apparatus for event and alert analysis in a distributed processing system, the distributed processing system including a local event analyzer embedded in an alert analyzer, the apparatus comprising a computer processor and a computer memory operatively coupled to the computer processor, the computer memory having disposed within it computer program instructions that when executed by the computer processor cause the apparatus to carry out the steps of:

receiving, by the local event analyzer embedded in the alert analyzer, events from an event queue;

creating, based on the received events and local event analysis rules specific to the alert analyzer, by the local event analyzer, a temporary alert for the alert analyzer, wherein the temporary alert is an alert that is visible to one or more specific alert analyzers including the alert analyzer;

receiving, by the alert analyzer, alerts created by a plurality of event analyzers, wherein each event analyzer of the plurality of event analyzers is configured to create the alerts by processing the events from the event queue according to each event analyzer'"'"'s own event analysis rules; and

analyzing, by the alert analyzer, based on alert analysis rules, the temporary alert and the alerts created by the plurality of event analyzers.

View all claims

1 Assignment

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

Methods, apparatuses, and computer program products for event and alert analysis are provided. Embodiments include a local event analyzer embedded in an alert analyzer receiving events from an event queue. Embodiments also include the local event analyzer creating, based on the received events and local event analysis rules specific to the alert analyzer, a temporary alert for the alert analyzer. Embodiments also include the alert analyzer analyzing the temporary alert based on alert analysis rules.

240 Citations

15 Claims

1. An apparatus for event and alert analysis in a distributed processing system, the distributed processing system including a local event analyzer embedded in an alert analyzer, the apparatus comprising a computer processor and a computer memory operatively coupled to the computer processor, the computer memory having disposed within it computer program instructions that when executed by the computer processor cause the apparatus to carry out the steps of:
- receiving, by the local event analyzer embedded in the alert analyzer, events from an event queue;
  
  creating, based on the received events and local event analysis rules specific to the alert analyzer, by the local event analyzer, a temporary alert for the alert analyzer, wherein the temporary alert is an alert that is visible to one or more specific alert analyzers including the alert analyzer;
  
  receiving, by the alert analyzer, alerts created by a plurality of event analyzers, wherein each event analyzer of the plurality of event analyzers is configured to create the alerts by processing the events from the event queue according to each event analyzer'"'"'s own event analysis rules; and
  
  analyzing, by the alert analyzer, based on alert analysis rules, the temporary alert and the alerts created by the plurality of event analyzers.
- View Dependent Claims (2, 3, 4, 5, 6, 15)
- - 2. The apparatus of claim 1 wherein the local event analyzer has a local events pool;
    - the apparatus further comprising computer memory having disposed within it computer program instructions that when executed by the computer processor cause the apparatus to carry out the steps of controlling, by the alert analyzer, the local events pool.
  - 3. The apparatus of claim 1 wherein the local event analyzer has a local event analyzer checkpoint, the apparatus further comprising computer memory having disposed within it computer program instructions that when executed by the computer processor cause the apparatus to carry out the steps of controlling, by the alert analyzer, the local event analyzer checkpoint.
  - 4. The apparatus of claim 3 wherein controlling, by the alert analyzer, the local event analyzer checkpoint includes coordinating the local event analyzer checkpoint with an alert analyzer checkpoint of the alert analyzer.
  - 5. The apparatus of claim 1 wherein the distributed processing system includes a plurality of alert analyzers;
    - wherein each alert analyzer includes an instance of the local event analyzer; and
      
      wherein the apparatus further comprises;
      
      computer memory having disposed within it computer program instructions that when executed by the computer processor cause the apparatus to carry out the steps of;
      
      for each instance of the local event analyzer, receiving the events from the event queue; and
      
      for each instance of the local event analyzer, creating a temporary alert for the alert analyzer in which the instance of the local event analyzer is embedded.
  - 6. The apparatus of claim 1 wherein the temporary alert is only visible to the alert analyzer.
  - 15. The apparatus of claim 1, wherein analyzing the temporary alert and the alerts created by the plurality of event analyzers based on alert analysis rules includes:
    - identifying duplicate alerts;
      
      identifying alerts of a particular type for transmission to a particular component; and
      
      suppressing the identified alerts.

7. A computer program product for event and alert analysis in a distributed processing system, the distributed processing system including a local event analyzer embedded in an alert analyzer, the computer program product disposed upon a computer readable medium, the computer readable medium is not a signal, the computer program product comprising computer program instructions that when executed by a computer cause the computer to carry out the steps of:
- receiving, by the local event analyzer embedded in the alert analyzer, events from an event queue;
  
  creating, based on the received events and local event analysis rules specific to the alert analyzer, by the local event analyzer, a temporary alert for the alert analyzer, wherein the temporary alert is an alert that is visible to one or more specific alert analyzers including the alert analyzer;
  
  receiving, by the alert analyzer, alerts created by a plurality of event analyzers, wherein each event analyzer of the plurality of event analyzers is configured to create the alerts by processing the events from the event queue according to each event analyzer'"'"'s own event analysis rules; and
  
  analyzing, by the alert analyzer, based on alert analysis rules, the temporary alert and the alerts created by the plurality of event analyzers.
- View Dependent Claims (8, 9, 10, 11, 12, 13, 14)
- - 8. The computer program product of claim 7 wherein the local event analyzer has a local events pool;
    - the computer program product further comprising computer program instructions that when executed by a computer cause the computer to carry out the steps of controlling, by the alert analyzer, the local events pool.
  - 9. The computer program product of claim 7 wherein the local event analyzer has a local event analyzer checkpoint, the computer program product further comprising computer program instructions that when executed by a computer cause the computer to carry out the steps of controlling, by the alert analyzer, the local event analyzer checkpoint.
  - 10. The computer program product of claim 9 wherein controlling, by the alert analyzer, the local event analyzer checkpoint includes coordinating the local event analyzer checkpoint with an alert analyzer checkpoint of the alert analyzer.
  - 11. The computer program product of claim 7 wherein the distributed processing system includes a plurality of alert analyzers;
    - wherein each alert analyzer includes an instance of the local event analyzer; and
      
      wherein the computer program product further comprises computer program instructions that when executed by a computer cause the computer to carry out the steps of;
      
      for each instance of the local event analyzer, receiving the events from the event queue; and
      
      for each instance of the local event analyzer, creating a temporary alert for the alert analyzer in which the instance of the local event analyzer is embedded.
  - 12. The computer program product of claim 7 wherein the temporary alert is only visible to the alert analyzer.
  - 13. The computer program product of claim 7, wherein the computer readable medium includes a signal bearing medium.
  - 14. The computer program product of claim 7, wherein the computer readable medium includes a storage medium.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
International Business Machines Corporation
Original Assignee
International Business Machines Corporation
Inventors
Boger, Lynn A., Carey, James E., Davis, Kristan D., Sanders, Philip J.
Primary Examiner(s)
Vu, Viet
Assistant Examiner(s)
BELCHER, HERMAN A

Application Number

US14/023,849
Publication Number

US 20150074164A1
Time in Patent Office

1,287 Days
Field of Search

709/201
US Class Current

1/1
CPC Class Codes

G06F 11/0724   in a multiprocessor or a mu...

G06F 11/0748   in a remote unit communicat...

G06F 11/0781   Error filtering or prioriti...

G06F 11/3006   where the computing system ...

G06F 11/3055   Monitoring arrangements for...

G06F 11/3065   Monitoring arrangements det...

G06F 2201/86   Event-based monitoring

H04L 41/0631   using root cause analysis; ...

H04L 67/10   in which an application is ...

H04L 67/51   Discovery or management the...

Event and alert analysis in a distributed processing system

First Claim

1 Assignment

0 Petitions

Accused Products

Abstract

240 Citations

15 Claims

Specification

Solutions

Use Cases

Quick Links

Event and alert analysis in a distributed processing system

First Claim

1 Assignment

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

240 Citations

15 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links