公开(公告)号：US20180181680A1

公开(公告)日：2018-06-28

申请号：US15388184

申请日：2016-12-22

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Eli Revach ,  Amitai Shlomo Shtossel ,  Fernando Vizer

IPC: G06F17/30 ,  G06N99/00

CPC classification number: G06F16/90348 ,  G06F16/35 ,  G06F16/9024 ,  G06N5/022

Abstract: In examples, an apparatus comprises: a memory, and a processor coupled to the memory. The processor to: adaptively order an ordered set of regular expressions based on training messages to produce a set of adaptively ordered regular expressions having an adaptive order, determine a first of the adaptively ordered regular expressions that matches an additional message, and determine whether a second of the adaptively ordered regular expressions matches the additional message. Responsive to determining that the second of the other of the adaptively ordered regular expressions matches the additional message, the processor to: classify the additional message with the first regular expression if the first regular expression has a higher priority in the adaptive order; and classify the additional message with the second regular expression if the second regular expression has a higher priority in the adaptive order.

公开(公告)号：US11113317B2

公开(公告)日：2021-09-07

申请号：US15280920

申请日：2016-09-29

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Fernando Vizer ,  Ofra Pavlovitz ,  Eran Bentziony

IPC: G06F16/28 ,  G06F16/2455

Abstract: A plurality of log messages may be clustered into a plurality of clusters. For each of the plurality of log messages, the log message may be partitioned into a series of substrings. At least two of the plurality of clusters may be selected. For each one of the at least two selected clusters, a parsing rule may be generated corresponding to a plurality of substrings each of which are at a given location of a respective one of the log messages of the plurality of log messages in the one of the selected cluster.

公开(公告)号：US10419269B2

公开(公告)日：2019-09-17

申请号：US15438477

申请日：2017-02-21

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Pavel Danichev ,  Ron Maurer ,  Nurit Peres ,  Fernando Vizer

IPC: G06F15/173 ,  H04L12/24 ,  H04L12/26 ,  H04L29/06

Abstract: Event-time pairs are received for a current time slot. Each event-time pair denotes the occurrence of an event at a system by an event type as well as an occurrence time. For each different event type, a property value for the time slot is computed for each different property of a number of different properties, from the event-time pairs having the different event type. For each different property, a time-decaying histogram of identified property values of the different property is updated using the property value computed for the different property for the current time slot. An anomaly score for each identified property value within the time-decaying histogram of each different property is computed to detect occurrence of an anomaly within the system.

公开(公告)号：US20180241654A1

公开(公告)日：2018-08-23

申请号：US15438477

申请日：2017-02-21

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Pavel Danichev ,  Ron Maurer ,  Nurit Peres ,  Fernando Vizer

IPC: H04L12/26 ,  H04L29/08

CPC classification number: H04L41/064 ,  H04L29/06891 ,  H04L41/069 ,  H04L43/024 ,  H04L43/04 ,  H04L43/067 ,  H04L63/145

Abstract: Event-time pairs are received for a current time slot. Each event-time pair denotes the occurrence of an event at a system by an event type as well as an occurrence time. For each different event type, a property value for the time slot is computed for each different property of a number of different properties, from the event-time pairs having the different event type. For each different property, a time-decaying histogram of identified property values of the different property is updated using the property value computed for the different property for the current time slot. An anomaly score for each identified property value within the time-decaying histogram of each different property is computed to detect occurrence of an anomaly within the system.

公开(公告)号：US10430424B2

公开(公告)日：2019-10-01

申请号：US15033174

申请日：2013-10-30

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Fernando Vizer ,  Eran Samuni ,  Alon Sade

IPC: G06F17/30 ,  G06F16/2457 ,  G06F16/28 ,  G06F17/00 ,  G06F11/34 ,  G06Q30/00 ,  G06Q30/02

Abstract: A non-transitory, computer readable storage device includes software that, while being executed by a processor, causes the processor to choose, based on user activity, a plurality of candidate parameters to be monitored from a plurality of event messages. Further, the processor executes the software to estimate a level of similarity between the chosen plurality of candidate parameters by computing a similarity score for at least two of the chosen candidate parameters. Still further, the processor executes the software to determine a plurality of parameters from the chosen candidate parameters if the similarity score for the plurality of parameters is greater than a threshold.

公开(公告)号：US20180089304A1

公开(公告)日：2018-03-29

申请号：US15280920

申请日：2016-09-29

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Fernando Vizer ,  Ofra Pavlovitz ,  Eran Bentziony

IPC: G06F17/30

CPC classification number: G06F16/287 ,  G06F16/24554 ,  G06F16/24564

Abstract: A plurality of log messages may be clustered into a plurality of clusters. For each of the plurality of log messages, the log message may be partitioned into a series of substrings. At least two of the plurality of clusters may be selected. For each one of the at least two selected clusters, a parsing rule may be generated corresponding to a plurality of substrings each of which are at a given location of a respective one of the log messages of the plurality of log messages in the one of the selected cluster.

公开(公告)号：US10754894B2

公开(公告)日：2020-08-25

申请号：US15388184

申请日：2016-12-22

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Eli Revach ,  Amitai Shlomo Shtossel ,  Fernando Vizer

IPC: G06F16/903 ,  G06N5/02 ,  G06F16/35 ,  G06F16/901

Abstract: In examples, an apparatus comprises: a memory, and a processor coupled to the memory. The processor to: adaptively order an ordered set of regular expressions based on training messages to produce a set of adaptively ordered regular expressions having an adaptive order, determine a first of the adaptively ordered regular expressions that matches an additional message, and determine whether a second of the adaptively ordered regular expressions matches the additional message. Responsive to determining that the second of the other of the adaptively ordered regular expressions matches the additional message, the processor to: classify the additional message with the first regular expression if the first regular expression has a higher priority in the adaptive order; and classify the additional message with the second regular expression if the second regular expression has a higher priority in the adaptive order.

公开(公告)号：US20160259791A1

公开(公告)日：2016-09-08

申请号：US15033174

申请日：2013-10-30

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Fernando Vizer ,  Eran Samuni ,  Alon Sade

IPC: G06F17/30

CPC classification number: G06F16/24578 ,  G06F11/3452 ,  G06F11/3466 ,  G06F11/3476 ,  G06F16/285 ,  G06F17/00 ,  G06F2201/81 ,  G06F2201/86 ,  G06Q30/00 ,  G06Q30/02

Abstract: A non-transitory, computer readable storage device includes software that, while being executed by a processor, causes the processor to choose, based on user activity, a plurality of candidate parameters to be monitored from a plurality of event messages. Further, the processor executes the software to estimate a level of similarity between the chosen plurality of candidate parameters by computing a similarity score for at least two of the chosen candidate parameters. Still further, the processor executes the software to determine a plurality of parameters from the chosen candidate parameters if the similarity score for the plurality of parameters is greater than a threshold.

Abstract translation: 非暂时的计算机可读存储设备包括在由处理器执行时使得处理器基于用户活动来从多个事件消息中选择待监视的多个候选参数的软件。 此外，处理器执行软件以通过计算所选候选参数中的至少两个的相似性得分来估计所选择的多个候选参数之间的相似度水平。 此外，如果多个参数的相似性得分大于阈值，则处理器执行软件以从所选择的候选参数确定多个参数。