公开(公告)号：US10430424B2

公开(公告)日：2019-10-01

申请号：US15033174

申请日：2013-10-30

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Fernando Vizer ,  Eran Samuni ,  Alon Sade

IPC: G06F17/30 ,  G06F16/2457 ,  G06F16/28 ,  G06F17/00 ,  G06F11/34 ,  G06Q30/00 ,  G06Q30/02

Abstract: A non-transitory, computer readable storage device includes software that, while being executed by a processor, causes the processor to choose, based on user activity, a plurality of candidate parameters to be monitored from a plurality of event messages. Further, the processor executes the software to estimate a level of similarity between the chosen plurality of candidate parameters by computing a similarity score for at least two of the chosen candidate parameters. Still further, the processor executes the software to determine a plurality of parameters from the chosen candidate parameters if the similarity score for the plurality of parameters is greater than a threshold.

公开(公告)号：US10423624B2

公开(公告)日：2019-09-24

申请号：US15511940

申请日：2014-09-23

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Yonatan Ben Simhon ,  Ira Cohen ,  Eran Samuni

IPC: G06F11/07 ,  G06F16/2455 ,  G06F17/27

Abstract: Method and systems for analyzing event log elements are provided. In one example, a method includes receiving an event log element in a computer. A similarity index is calculated between the event log element and a text element. A threshold of similarity is calculated. The similarity index is compared to the threshold. If the similarity index is greater than the threshold, the event log element is grouped into a cluster with the text element to create a file of cluster assignments.

公开(公告)号：US11457029B2

公开(公告)日：2022-09-27

申请号：US15033144

申请日：2013-12-14

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Eran Samuni ,  Daniel Adrian ,  Yohay Golan

IPC: H04L29/06 ,  H04L9/40 ,  G06F11/00

Abstract: In one example implementation, a log analysis system can comprise an activity engine to monitor user activity of a computer system, a baseline engine to generate an expected baseline of a log, and an abnormality engine to compare the log to the expected baseline to identify an abnormality, compare the abnormality to a user activity volume based on a correlation between the user activity volume and the log activity, and classify the log.

公开(公告)号：US20170300532A1

公开(公告)日：2017-10-19

申请号：US15511940

申请日：2014-09-23

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Yonatan Ben Simhon ,  Ira Cohen ,  Eran Samuni

IPC: G06F17/30 ,  G06F11/07

Abstract: Method and systems for analyzing event log elements are provided. In one example, a method includes receiving an event log element in a computer. A similarity index is calculated between the event log element and a text element. A threshold of similarity is calculated. The similarity index is compared to the threshold. If the similarity index is greater than the threshold, the event log element is grouped into a cluster with the text element to create a file of cluster assignments.

公开(公告)号：US20160259791A1

公开(公告)日：2016-09-08

申请号：US15033174

申请日：2013-10-30

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Fernando Vizer ,  Eran Samuni ,  Alon Sade

IPC: G06F17/30

CPC classification number: G06F16/24578 ,  G06F11/3452 ,  G06F11/3466 ,  G06F11/3476 ,  G06F16/285 ,  G06F17/00 ,  G06F2201/81 ,  G06F2201/86 ,  G06Q30/00 ,  G06Q30/02

Abstract: A non-transitory, computer readable storage device includes software that, while being executed by a processor, causes the processor to choose, based on user activity, a plurality of candidate parameters to be monitored from a plurality of event messages. Further, the processor executes the software to estimate a level of similarity between the chosen plurality of candidate parameters by computing a similarity score for at least two of the chosen candidate parameters. Still further, the processor executes the software to determine a plurality of parameters from the chosen candidate parameters if the similarity score for the plurality of parameters is greater than a threshold.

Abstract translation: 非暂时的计算机可读存储设备包括在由处理器执行时使得处理器基于用户活动来从多个事件消息中选择待监视的多个候选参数的软件。 此外，处理器执行软件以通过计算所选候选参数中的至少两个的相似性得分来估计所选择的多个候选参数之间的相似度水平。 此外，如果多个参数的相似性得分大于阈值，则处理器执行软件以从所选择的候选参数确定多个参数。

公开(公告)号：US20160253229A1

公开(公告)日：2016-09-01

申请号：US15033200

申请日：2013-10-30

Applicant: HEWLETT PACKARD ENTERPRISE DEVELOPMENT LP

Inventor： Alon Sade ,  Ilya Brodin ,  Eran Samuni

IPC: G06F11/07

CPC classification number: G06F11/079 ,  G06F11/07 ,  G06F11/0709 ,  G06F11/0751 ,  G06F11/0787 ,  G06F11/3051 ,  G06F11/3072 ,  G06F11/3476 ,  H04L41/06 ,  H04L41/0873

Abstract: Various methods and systems for analyzing event log elements are described that utilize numerous techniques to group and compare the large event log files logged by different computers and programs. In one example, a method includes receiving a first set of event log elements from a plurality of computers, and receiving a second set of event log elements from a target computer. The method continues by comparing the first set of event log elements and the second set of event log elements to identify a configuration difference between the target computer and the plurality of computers. The differences can be displayed to a user of the target computer.

Abstract translation: 描述了用于分析事件日志元素的各种方法和系统，其利用许多技术来分组和比较由不同计算机和程序记录的大事件日志文件。 在一个示例中，方法包括从多个计算机接收第一组事件日志元素，以及从目标计算机接收第二组事件日志元素。 该方法通过比较第一组事件日志元素和第二组事件日志元素来识别目标计算机和多个计算机之间的配置差异来继续。 差异可以显示给目标计算机的用户。

公开(公告)号：US20160162348A1

公开(公告)日：2016-06-09

申请号：US15019785

申请日：2016-02-09

Applicant: Hewlett Packard Enterprise Development LP

Inventor： Ruth Bernstein ,  Ira Cohen ,  Eran Samuni

IPC: G06F11/07

CPC classification number: G06F11/079 ,  G06F11/0709 ,  G06F11/3006 ,  G06F11/3409 ,  G06F11/3419 ,  G06F11/3452 ,  G06F2201/81 ,  G06F2201/87

Abstract: A method for automated detection of a real IT system problem may include obtaining monitor measurements of metrics associated with activities of a plurality of configuration items of the IT system. The method may also include detecting anomalies in the monitor measurements. The method may further include grouping concurrent anomalies of the detected anomalies corresponding to configuration items of the plurality of configuration items which are topologically linked to be regarded as a system anomaly. The method may further include calculating a significance score for the system anomaly, and determining that the system anomaly relates to a real system problem based on the calculated significance score.

Abstract translation: 用于自动检测真实IT系统问题的方法可以包括获得与IT系统的多个配置项的活动相关联的度量的监视器测量。 该方法还可以包括检测监视器测量中的异常。 所述方法还可以包括对与所述多个配置项目的配置项目相对应的检测到的异常的并发异常进行分组，所述配置项目被拓扑地链接以被认为是系统异常。 该方法还可以包括计算系统异常的显着性得分，并且基于所计算的显着性分数来确定系统异常与实际系统问题相关。