Analyzing log streams based on correlations between data structures of defined node types
First Claim
Patent Images
1. A method by a log stream analysis computer comprising:
- identifying a set of records within log streams within a log repository containing a defined term and which are all constrained to being within a time period, wherein the log streams are generated by respective software sources executed by the host nodes characterizing performance data captured by the respective software sources over the time period;
determining similarity values that indicate similarity between content of the records containing the defined term in the time period;
generating a term node comprising a data structure that identifies the defined term and lists identities of the records containing the defined term in the time period and corresponding ones of the similarity values in the time period;
identifying hosts within the log streams;
for each of a plurality of the hosts not corresponding to an existing host node, generating a host node comprising a data structure that identifies the host and lists an identity of a hardware configuration of the host, an identity of the software source of the log stream, and a defined type of the software source; and
determining correlation between records of the log streams within the log repository based on content of the data structures of the host nodes.
1 Assignment
0 Petitions
Accused Products
Abstract
A method by a log stream analysis computer includes identifying records of log streams within a log repository containing a defined term. The log streams are generated by respective software sources executed by the host nodes. Similarity values are determined to indicate similarity between content of the records containing the defined term. A term node is generated to contain a data structure that identifies the defined term and lists identities of the records and corresponding ones of the similarity values. Related log stream analysis computers are disclosed.
8 Citations
19 Claims
-
1. A method by a log stream analysis computer comprising:
-
identifying a set of records within log streams within a log repository containing a defined term and which are all constrained to being within a time period, wherein the log streams are generated by respective software sources executed by the host nodes characterizing performance data captured by the respective software sources over the time period; determining similarity values that indicate similarity between content of the records containing the defined term in the time period; generating a term node comprising a data structure that identifies the defined term and lists identities of the records containing the defined term in the time period and corresponding ones of the similarity values in the time period; identifying hosts within the log streams; for each of a plurality of the hosts not corresponding to an existing host node, generating a host node comprising a data structure that identifies the host and lists an identity of a hardware configuration of the host, an identity of the software source of the log stream, and a defined type of the software source; and determining correlation between records of the log streams within the log repository based on content of the data structures of the host nodes. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10)
-
-
11. A method by a log stream analysis computer comprising:
-
identifying a set of records within log streams within a log repository containing a defined term and which are all constrained to being within a time period, wherein the log streams are generated by respective software sources executed by the host nodes characterizing performance data captured by the respective software sources over the time period; determining similarity values that indicate similarity between content of the records containing the defined term in the time period; generating a term node comprising a data structure that identifies the defined term and lists identities of the records containing the defined term in the time period and corresponding ones of the similarity values in the time period; identifying software sources within the log streams; for each of a plurality of the software sources having a defined type not corresponding to an existing source type node, generating a source type node containing a data structure that identifies the defined type of the software source and lists identifiers of records of one of the log streams generated by the software source, identifies the software source, and identifies one of the host nodes executing the software source; and determining correlation between records of the log streams within the log repository based on content of the data structures of the source type nodes. - View Dependent Claims (12, 13)
-
-
14. A log stream analysis computer comprising:
-
a processor; and a memory coupled to the processor, the memory comprising a non-transitory computer readable storage medium having computer readable program code embodied in the medium that when executed by the processor causes the processor to perform operations comprising; identifying a set of records within log streams within a log repository containing a defined term and which are all constrained to being within a time period, wherein the log streams are generated by respective software sources executed by the host nodes characterizing performance data captured by the respective software sources over the time period; determining similarity values that indicate similarity between content of the records containing the defined term in the time period; generating a term node comprising a data structure that identifies the defined term in the time period and lists identities of the records and corresponding ones of the similarity values in the time period; identifying one of hosts and software sources within the log streams; responsive to identifying hosts within the log streams, for each of a plurality of the hosts not corresponding to an existing host node, generating a host node containing a data structure that identifies the host and lists an identity of a hardware configuration of the host, an identity of the software source of the log stream, and a defined type of the software source; responsive to identifying software sources within the log streams, for each of a plurality of the software sources having a defined type not corresponding to an existing source type node, generating a source type node containing a data structure that identifies the defined type of the software source and lists identifiers of records of one of the log streams generated by the software source, identifies the software source, and identifies one of the host nodes executing the software source; and determining correlation between records of the log streams based on content of the data structures of the term nodes and based on content of one of the data structures of the host nodes and the data structures of the source type nodes. - View Dependent Claims (15, 16, 17, 18, 19)
-
Specification