Creating a correlation rule defining a relationship between event types
First Claim
Patent Images
1. A method comprising:
- by a system having a processor;
receiving events that occurred in an infrastructure technology (IT) infrastructure comprising hardware components;
identifying a specific occurrence of a pattern of event types in the received events, the pattern of event types including a first event type and a second event type;
identifying a first configuration item (CI) associated with the first event type and a second CI associated with the second event type;
validating that a relationship exists between the first CI and the second CI;
abstracting the first CI and the second CI to a CI class level by;
identifying a first CI class associated with the first event type according to a class property of the first CI; and
identifying a second CI class associated with the second event type according to a class property of the second CI; and
creating a correlation rule correlating the first event type to the second event type based on the validated relationship that exists between the first CI associated with the first event type and the second CI associated with the second event type, wherein the correlation rule relates the first CI class to the second CI class; and
determining, using the correlation rule, a cause of a symptom event in the IT infrastructure.
8 Assignments
0 Petitions
Accused Products
Abstract
Plural clusters or occurrences of a pattern of event types are identified (304). Based on configuration items relating to events associated with the event types, a correlation rule is created (308) to define a relationship between the event types.
28 Citations
18 Claims
-
1. A method comprising:
by a system having a processor; receiving events that occurred in an infrastructure technology (IT) infrastructure comprising hardware components; identifying a specific occurrence of a pattern of event types in the received events, the pattern of event types including a first event type and a second event type; identifying a first configuration item (CI) associated with the first event type and a second CI associated with the second event type; validating that a relationship exists between the first CI and the second CI; abstracting the first CI and the second CI to a CI class level by; identifying a first CI class associated with the first event type according to a class property of the first CI; and identifying a second CI class associated with the second event type according to a class property of the second CI; and creating a correlation rule correlating the first event type to the second event type based on the validated relationship that exists between the first CI associated with the first event type and the second CI associated with the second event type, wherein the correlation rule relates the first CI class to the second CI class; and determining, using the correlation rule, a cause of a symptom event in the IT infrastructure. - View Dependent Claims (2, 3, 4, 5, 6)
-
7. A system comprising:
-
a storage medium to store a collection of events that have occurred within an information technology (IT) infrastructure comprising hardware components; and a processor to; identify plural occurrences of a particular pattern of event types occurring in the collection of events, the pattern of event types including an event pair of a first specific event of a first event type and a second specific event of a second event type; identify an instance of a configuration item (CI) associated with the first specific event of the first event type; identify an instance of a CI associated with the second specific event of the second event type; abstract the first CI and the second CI to a CI class level through; identification of a first CI class associated with the first event type according to a class property of the first CI; and identification of a second CI class associated with the second event type according to a class property of the second CI; and determine whether a relationship exists between the first CI class associated with the first specific event and the second CI class associated with the second specific event; when the relationship exists; create a correlation rule correlating the first event type associated with the first CI class and the second event type associated with the second CI class; and determine, using the correlation rule, a cause of a symptom event in the IT infrastructure; and when the relationship does not exist; determine not to correlate the first event type and the second event type. - View Dependent Claims (8, 9, 10, 11, 12)
-
-
13. A non-transitory machine-readable storage medium comprising instructions executable by a processor to:
-
access a collection of events that have occurred in an information technology (IT) infrastructure comprising hardware components; determine that plural occurrences of a particular pattern of event types are present in the collection of events, the particular pattern of event types including an event pair of a first specific event of a first event type and a second specific event of a second event type; and determine that the number of the plural occurrences exceed a predefined threshold, and in response, create a correlation rule correlating the first event type and the second event type by; identifying configuration item (CI) pairs among the plural occurrences, each CI pair including a first configuration item associated with a specific event of the first event type and a second configuration item associated with a specific event of the second event type; abstract each of the CI pairs to a CI class level through; identification of a first CI class associated with the first event type from a first CI of the CI pair; and identification of a second CI class associated with the second event type from a second CI of the CI pair; validating, for each identified CI pair, that a relationship exists between the first configuration item and the second configuration item of the identified CI pair; and creating the correlation rule responsive to validating that the relationships exist for the identified CI pairs, wherein the correlation rule specifies a relationship between the first event type associated with the first CI class and the second event type associated with the second CI class. - View Dependent Claims (14, 15, 16, 17, 18)
-
Specification