公开(公告)号：US20230093225A1

公开(公告)日：2023-03-23

申请号：US17482531

申请日：2021-09-23

Applicant: International Business Machines Corporation

Inventor： Yuk Lung Chan ,  Tian Wu ,  Lei Yu ,  Jia Qi Li ,  Hong Min ,  Fan Jing Meng

IPC: G06F40/169 ,  G06F40/242 ,  G06F40/186 ,  G06N20/00

Abstract: Embodiments of the invention are directed to annotating a log based on processing log documentation. Aspects include obtaining the log having a plurality of entries. Aspects also include creating a set of log entry templates by processing the log documentation associated with the log, wherein each log entry template includes one or more constants and one or more variables. Aspects further include annotating each of the plurality of entries based on the set of templates, wherein the annotating includes labeling each value of the one or more variables with a variable name.

公开(公告)号：US11474892B2

公开(公告)日：2022-10-18

申请号：US17110535

申请日：2020-12-03

Applicant: International Business Machines Corporation

Inventor： Yuk L. Chan ,  Jia Qi Li ,  Zhi Shuai Han ,  Tian Wu ,  Lei Yu ,  Hong Min ,  Fan Jing Meng

IPC: G06F11/07 ,  G06F16/901

Abstract: Techniques include generating a log sequence for new logs that have been received, searching a log sequence database for the log sequence having been generated, and determining that the log sequence is anomalous in response to not finding an identical log sequence in the log sequence database. In response to the log sequence not being found in the log sequence database, the log sequence is compared to a graph of historical log sequences to find a closest sequence path to one or more historical log sequences. An anomaly of the log sequence is diagnosed based on an occurrence at which the log sequence deviates from the closest sequence path of the one or more historical log sequences.

公开(公告)号：US11385956B2

公开(公告)日：2022-07-12

申请号：US17132690

申请日：2020-12-23

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Jia Wei Yang ,  Fan Jing Meng

IPC: G06F11/00 ,  G06F11/07 ,  G06N5/02 ,  G06F16/28

Abstract: A computer-implemented method is presented for detecting anomalies in dynamic datasets generated in a cloud computing environment. The method includes monitoring a plurality of cloud servers receiving a plurality of data points, employing a two-level clustering training module to generate micro-clusters from the plurality of data points, each of the micro-clusters representing a set of original data from the plurality of data points, employing a detecting module to detect normal data points, abnormal data points, and unknown data points from the plurality of data points via a detection model, employing an evolving module using a different evolving mechanism for each of the normal, abnormal, and unknown data points to evolve the detection model, and generating a system report displayed on a user interface, the system report summarizing the micro-cluster information.

公开(公告)号：US20220179764A1

公开(公告)日：2022-06-09

申请号：US17110432

申请日：2020-12-03

Applicant: International Business Machines Corporation

Inventor： Yuk L. Chan ,  Tian Wu ,  Lei Yu ,  Jia Qi Li ,  Zhi Shuai Han ,  Hong Min ,  Fan Jing Meng ,  Abhishek Dokania

IPC: G06F11/30 ,  G06F11/07 ,  G06F40/30

Abstract: According to an aspect a computer-implemented method includes identifying a plurality of metrics and log identifiers that describe similar information as a plurality of documentation-based correlation data. One or more metric pair correlations are identified. One or more log frequency correlations are identified by temporal correlation. A plurality of correlated metric-log pairs is identified. A correlation database is populated with the documentation-based correlation data, the one or more metric pair correlations, the one or more log frequency correlations, and the correlated metric-log pairs to support anomaly detection in one or more monitored computer systems.

公开(公告)号：US20220179729A1

公开(公告)日：2022-06-09

申请号：US17110438

申请日：2020-12-03

Applicant: International Business Machines Corporation

Inventor： Yuk L. Chan ,  Tian Wu ,  Jia Qi Li ,  Zhi Shuai Han ,  Lei Yu ,  Hong Min ,  Fan Jing Meng ,  Abhishek Dokania

IPC: G06F11/07 ,  G06F16/245

Abstract: According to an aspect, a method includes searching for a correlated log identifier in a correlation database based on detecting a metrics-based anomaly. The method also includes providing, in a problem diagnosis, related log information associated with the correlated log identifier based on locating one or more log entries including the correlated log identifier in a same time window as the metrics-based anomaly. The method further includes searching for a correlated metric in the correlation database based on detecting a log-based anomaly and providing, in the problem diagnosis, related metric information associated with the correlated metric based on locating one or more metrics records including the correlated metric in the same time window as the log-based anomaly.

公开(公告)号：US11270226B2

公开(公告)日：2022-03-08

申请号：US16148393

申请日：2018-10-01

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Fan Jing Meng ,  Lin Yang ,  Xiao Zhang ,  Shi Lei Zhang ,  Jing Min Xu ,  Naga A. Ayachitula ,  Zhuo Su

IPC: G06N20/00 ,  G06F16/28

Abstract: Systems and methods for ticket classification and response include labeling tickets with a ticket classifier that assigns a ticket label and an associated confidence score to each ticket. Tickets are clustered according to semantic similarity to form ticket clusters. A template associated with each ticket cluster is determined. Templates and the respective ticket clusters are clustered according to semantic similarity to form one or more ticket super-clusters. Tickets that have below-threshold confidence scores are labeled according to the one or more ticket super-clusters. The tickets are automatically responded to.

公开(公告)号：US11212162B2

公开(公告)日：2021-12-28

申请号：US16515333

申请日：2019-07-18

Applicant: International Business Machines Corporation

Inventor： Dian Qi ,  Fan Jing Meng ,  Jing Min Xu ,  Lin Yang

IPC: H04L12/24

Abstract: Techniques for Bayesian-based event grouping are provided. One technique includes determining a group of alarm events from received alarm events; in response to the group of alarm events matching a group of historical alarm events, determining a first correlation, wherein the group of historical alarm events comprises correlated events associated with a same entity; and determining a root cause of the group of alarm events based on the first correlation.

公开(公告)号：US10740360B2

公开(公告)日：2020-08-11

申请号：US15357649

申请日：2016-11-21

Applicant: International Business Machines Corporation

Inventor： Pengfei Chen ,  Fan Jing Meng ,  Jing Min Xu ,  Lin Yang ,  Xiao Zhang

IPC: G06F17/30 ,  G06F16/28 ,  G06F9/46 ,  G06F16/2455 ,  H04L29/08

Abstract: Techniques that facilitate identification and/or analysis of sequences associated with computing devices are provided. In one example, a system includes a transaction component, a clustering component and a model component. The transaction component identifies at least one sequence in a stream of sequences generated by a computing device in communication with the system. The clustering component assigns the at least one sequence to a transaction sequence group. The model component generates a transaction model based on the transaction sequence group.

公开(公告)号：US10585774B2

公开(公告)日：2020-03-10

申请号：US15717879

申请日：2017-09-27

Applicant: International Business Machines Corporation

Inventor： Peng Fei Chen ,  Fan Jing Meng ,  Feng Wang ,  Yuan Wang ,  Jing Min Xu ,  Xiao Zhang

IPC: G06F11/34 ,  G06N5/02 ,  G06N20/00 ,  G06F11/22

Abstract: A method or apparatus for monitoring a system by detecting misbehaving components in the system is presented. A computing device receives historical data points based on a set of monitored signals of a system. The system has components that are monitored through the set of monitored signals. For each monitored component, the computing device performs unsupervised machine learning based on the historical data points to identify expected states and state transitions for the component. The computing device identifies one or more steady components based on the identified states of the monitored components. The computing device also receives real-time data points based on monitoring the set of signals from the system. For each identified steady component, the computing device examines the received real-time data points for deviation from the expected state and state transitions of the steady component. The computing device reports anomaly in the system based on the detected deviations.

公开(公告)号：US20180314535A1

公开(公告)日：2018-11-01

申请号：US16030949

申请日：2018-07-10

Applicant: International Business Machines Corporation

Inventor： Ajay A. Apte ,  Chang Sheng Li ,  Fan Jing Meng ,  Joseph P. Wigglesworth ,  Jing Min Xu ,  Bo Yang ,  Xue Jun Zhuo

IPC: G06F9/445

CPC classification number: G06F9/44505

Abstract: Determining a characteristic of a configuration file that is used to discover configuration files in a target machine, a computer identifies, using information associated with a configuration item of a machine, a candidate configuration file related to the configuration item of the machine, from among a plurality of files from the machine. The computer extracts a value of a feature of the candidate configuration file and aggregates the candidate configuration file with a second candidate configuration file related to the same configuration item identified from among a plurality of files from a second machine, based on the extracted value. The computer then determines a configuration file related to the configuration item from among the aggregated candidate configuration files based on a result of the aggregation, and determines a characteristic of the configuration file related to the configuration item.