System for decomposing events from managed infrastructures with situation room

US 10,243,779 B2
Filed: 02/14/2017
Issued: 03/26/2019
Est. Priority Date: 04/29/2013
Status: Active Grant

First Claim

Patent Images

1. A system for clustering events, comprising:

at least a first engine configured to receive message data from managed infrastructure that includes managed infrastructure physical hardware that supports the flow and processing of information, the at least first engine configured to determine common characteristics of events and produce clusters of events relating to the failure of errors in the managed infrastructure, where membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information, the at least first engine configured to create one or more situations that is a collection of one or more events or alerts representative of the actionable problem in the managed infrastructure;

a second engine using a source address for each of an event and a graph topology of the managed infrastructure that represents a node to node connectivity and a graph coordinate for each of an event, with an optional subset of attributes extracted for each of an event, the second engine providing a list of connections between components or nodes in the managed infrastructure,a display computer system with a collaborative interface (UI) accessible by at least two parties for situations relative to clustered messages relating to the managed infrastructure wherein the collaborative interface allows the at least two parties to take an action relative to a clustered message; and

converting the events into words and subsets used to group the events into clusters that relate to alerts and events indicative of failures or errors in the managed infrastructure and in response to grouping the events physical changes are made to managed infrastructure physical hardware.

View all claims

5 Assignments

Timeline View

Assignment View

0 Petitions

Accused Products

Abstract

A system is provided for clustering events. At least one engine is configured to receive message data from managed infrastructure that includes managed infrastructure physical hardware which supports the flow and processing of information. The at least one engine is configured to determine common characteristics of events and produce clusters of events relating to the failure of errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. The at least one engine is configured to create one or more situations that is a collection of one or more events or alerts representative of the actionable problem in the managed infrastructure. A situation room includes a collaborative interface (UI) for decomposing events from managed infrastructures. In response to production of the clusters one or more physical changes in a managed infrastructure hardware is made, where the hardware supports the flow and processing of information.

44 Citations

View as Search Results

30 Claims

1. A system for clustering events, comprising:
- at least a first engine configured to receive message data from managed infrastructure that includes managed infrastructure physical hardware that supports the flow and processing of information, the at least first engine configured to determine common characteristics of events and produce clusters of events relating to the failure of errors in the managed infrastructure, where membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information, the at least first engine configured to create one or more situations that is a collection of one or more events or alerts representative of the actionable problem in the managed infrastructure;
  
  a second engine using a source address for each of an event and a graph topology of the managed infrastructure that represents a node to node connectivity and a graph coordinate for each of an event, with an optional subset of attributes extracted for each of an event, the second engine providing a list of connections between components or nodes in the managed infrastructure,a display computer system with a collaborative interface (UI) accessible by at least two parties for situations relative to clustered messages relating to the managed infrastructure wherein the collaborative interface allows the at least two parties to take an action relative to a clustered message; and
  
  converting the events into words and subsets used to group the events into clusters that relate to alerts and events indicative of failures or errors in the managed infrastructure and in response to grouping the events physical changes are made to managed infrastructure physical hardware.
- View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27, 28, 29, 30)
- - 2. The system of claim 1, wherein the UI is configured to reduce a number of actions a user makes relative management of the physical hardware managed infrastructure.
  - 3. The system of claim 1, wherein the UI is configured to allow one or more users to execute incident management with or without collaborative interactivity relative to physical hardware managed infrastructure.
  - 4. The system of claim 1, wherein the UI is configured to provide one or more users to execute incident management relative to physical hardware managed infrastructure with or without collaborative interactivity in a situation room that is executed using the UI.
  - 5. The system of claim 3, wherein the UI provides a summary view;
    - a top level, and a UI relative to physical hardware managed infrastructure open situations.
  - 6. The system of claim 5, wherein the UI is configured to display physical hardware managed infrastructure services that can be impacted.
  - 7. The system of claim 1, further comprising:
    - interface logic configured to allow business application software to export application data to be displayed at the UI in an interactive visual format.
  - 8. The system of claim 1, wherein the UI is configured to use real time data.
  - 9. The system of claim 8, wherein the real time data is from a single or multiple sources.
  - 10. The system of claim 8, wherein the real time data is from one or more businesses.
  - 11. The system of claim 1, wherein the UI includes one or more data fields within a file.
  - 12. The system of claim 1, wherein the UI is configured to provide a graphical representation of data from one or more data sources and information from the one or more data fields.
  - 13. The system of claim 1, wherein the situation room is configured to create and display at the UI clustering messages.
  - 14. The system of claim 1, wherein the UI is configured to provide a graphical representation of data from one or more data sources and information from one or more data fields.
  - 15. The system of claim 1, wherein the situation room is coupled to a UI design system.
  - 16. The system of claim 1, wherein the situation room is coupled to a UI display computer system.
  - 17. The system of claim 1, further comprising:
    - link access modules.
  - 18. The system of claim 1, further comprising:
    - a compare and merge engine in communication with the UI.
  - 19. The system of claim 18, wherein clusters are published on a system bus for display in the situation room.
  - 20. The system of claim 1, wherein the at least one engine us a single engine.
  - 21. The system of claim 1, wherein the at least one engine includes first and second engines.
  - 22. The system of claim 21, wherein the first engine is an extraction engine.
  - 23. The system of claim 21, wherein the second engine is a signalizer engine.
  - 24. The system of claim 23, further comprising:
    - a compare and merge engine that receives outputs from the second engine.
  - 25. The system of claim 21, wherein the first engine in operation receives messages from the managed infrastructure.
  - 26. The system of claim 21, wherein the first engine in operation produces events that relate to the managed infrastructure.
  - 27. The system of claim 26, wherein the events are converted into words and subsets used to group the events into clusters that relate to failures or errors in the managed infrastructure.
  - 28. The system of claim 21, wherein the second engine includes one or more of an Non-negative Matrix Factorization NMF engine, a k-means clustering engine and a topology proximity engine.
  - 29. The system of claim 21, wherein the second engine is configured to determine one or more common characteristics of events and produces clusters relating to events.
  - 30. The system of claim 21, further comprising:
    - a third engine coupled to the first and second engines.

Specification

Resources

Litigation Campaign Assessment

Current Assignee
Dell Products LP (Dell Technologies Inc.)
Original Assignee
Moogsoft Inc. (Dell Technologies Inc.)
Inventors
Tee, Philip, Harper, Robert Duncan, Silvey, Charles Mike
Primary Examiner(s)
Ehne, Charles

Application Number

US15/432,081
Publication Number

US 20170155540A1
Time in Patent Office

770 Days
Field of Search
US Class Current
CPC Class Codes

G06F 11/0709   in a distributed system con...

G06F 11/0751   Error or fault detection no...

G06F 11/076   by exceeding a count or rat...

G06F 11/0778   Dumping, i.e. gathering err...

G06F 11/079   Root cause analysis, i.e. e...

G06F 11/30   Monitoring

G06F 11/3006   where the computing system ...

G06F 11/327   Alarm or error message display

G06F 16/285   Clustering or classification

G06F 16/9024   Graphs; Linked lists G06F16...

G06F 2201/86   Event-based monitoring

H04L 41/046   comprising network manageme...

H04L 41/065   involving logical or physic...

H04L 41/0883   Semiautomatic configuration...

H04L 41/22   comprising specially adapte...

H04L 43/0817   by checking functioning

H04L 43/0823   Errors, e.g. transmission e...

H04L 51/04   Real-time or near real-time...

H04L 51/216   Handling conversation histo...

H04L 65/403   Arrangements for multi-part...

H04L 67/535 : Tracking the activity of th...

H04L 67/55 : Push-based network services

H04L 67/75 : Indicating network or usage...

View All

System for decomposing events from managed infrastructures with situation room

First Claim

5 Assignments

0 Petitions

Accused Products

Abstract

44 Citations

30 Claims

Specification

Solutions

Use Cases

Quick Links

System for decomposing events from managed infrastructures with situation room

First Claim

5 Assignments

Subscription Required

Subscription Required

0 Petitions

Subscription Required

Accused Products

Subscription Required

Abstract

44 Citations

30 Claims

Specification

Subscription Required

Solutions

Use Cases

Quick Links