摘要:
Techniques for ordering categorical attributes so as to better visualize data are provided. In accordance with one embodiment of the invention, an ordering algorithm comprises the steps of: (a) translating the discrete ordering problem to a continuous optimization problem; (b) solving the continuous optimization problem; and (c) mapping an optimal continuous solution to the closest discrete solution.
摘要:
A technique is provided for systematically constructing one or more correlation rules for use by an event management system for managing a network with one or more computing devices. The technique comprises the following steps. First, in association with an event cache, event data representing past or historical events associated with the network of computing devices being managed by the event management system is obtained. Next, a first pattern is found or detected in the obtained event data associated with the event cache. The pattern is then classified. Then, at least one correlation rule is constructed based on the classified pattern. Lastly, in association with the event cache, the one or more events included in the pattern are replaced with a composite or cumulative event such that hierarchical patterns may be subsequently found for use in constructing further correlation rules.
摘要:
Systems and methods for instance counting and for the identification of a temporal pattern in an event sequence. The system addresses the use of “earliest-first” and “no-reuse” policies as criteria for the correctness of counting. The system also achieves higher performance than conventional methods by utilizing incremental computation.
摘要:
Techniques for data-driven validation, completion and construction of event relationship networks (ERNs) are provided. Event relationship networks are widely used in event management system design. To date, ERNs are constructed purely based on human expertise and there is no automatic or event semi-automatic method that validates or completes ERNs. The present invention provides techniques for automatically validating and completing existing ERNs and/or constructing new ERNs, based on collected event data.
摘要:
Techniques for mining or discovering one or more patterns in an input data set, wherein the input data set is characterized by attributes, comprises the following steps. First, the technique includes mapping attributes of the input data set to mapping values. Then, one or more candidate patterns are formed as groupings of two mapping values that occur within a predefined time period. Next, for each of the one or more candidate patterns, a qualification function is computed and a result of the qualification function is compared with at least one predefined threshold value. The one or more candidate patterns whose qualification function results are greater than or equal to the predefined threshold value are identified as one or more qualified patterns.
摘要:
Improved network topology discovery techniques are disclosed. For example, an automated method for discovering a topology of a network, having a plurality of nodes, includes the following steps. A first traceroute process is performed for a given source node and one or more destination nodes listed in a target list so as to discover one or more paths through one or more intermediate nodes between the given source node and the one or more destination nodes. The one or more intermediate nodes discovered during the first traceroute process are added to the target list. A second traceroute process is performed for the given source node and the one or more intermediate nodes discovered during the first traceroute process so as to discover one or more paths through one or more additional intermediate nodes between the given source node and the one or more intermediate nodes discovered during the first traceroute process. When one or more additional intermediate nodes are discovered as a result of performance of the second traceroute process, the one or more additional intermediate nodes are added to the target list and the traceroute process is repeated to determine the existence of any further intermediate nodes. When no new intermediate nodes are discovered as a result of performance of the second traceroute process or a subsequent traceroute process, the nodes in the target list are identified as a target closure set for the given source node.
摘要:
A method and system for generating problem resolution flowcharts, whereby users do not author flowcharts directly but instead author a dependency matrix of questions and answers related by state or underlying problem cause. After creation of a matrix of questions and answers, a corresponding flowchart is then calculated based on the information in the dependency matrix, and also based on the likelihood of the various problems and their causes. The probabilities of problems and their causes may be estimated or may be calculated from historical data accumulated by use of the flow chart, or some combination of the two. These probabilities are incorporated into the answer cells of the dependency matrix. The resulting flowchart is tested and evaluated, and the results of testing and evaluation are used to make modifications in the matrix of questions and answers. The flowchart is then made available for execution by a problem determination engine, usable by staff at a help center or directly as self-help to a customer over a network. Experience from use of the problem determination engine is accumulated for use in further refinements of the dependency matrix and its probabilities.
摘要:
An autonomic event parser configured for association with a message adapter. An autonomic event parser can include a store of parsing rules, the parsing rules having a strategically specified order. Additionally, a pattern analyzer can be programmed to identify patterns of received messages and to recommend the strategically specified order of the parsing rules. Finally, a parsing rules manager can be communicatively coupled both to the pattern analyzer and the store of parsing rules, the parsing rules manager having a configuration for ordering the parsing rules in the store based upon the recommended order of the pattern analyzer.
摘要:
Techniques for parsing rule creation are provided. A technique for constructing one or more message parsing rules may comprise the following steps. First, message data representing past messages, for example, associated with a network, an application and/or a system being analyzed, is obtained. For example, this may involve reading the past or historical message data from messages logs or having a system point to the message data in existing data storage. Parsing rules are then generated by a process from one or more existing rule templates and/or based on user selection and classification of at least a portion of a message. For example, the user may choose a message part and demonstratively classify the part, for example, as a positive or negative example. The generated rules may then be stored for access by a rule-based parsing system such as a message adaptation system. Prior to generation of the one or more parsing rules, a message structure may be established upon which generation of the rules may be based.
摘要:
A system and program product for generating throttling parameters for an information management (IT) system based on historical event log data. An embodiment of the system comprises: an identification system that examines the historical event log data and identifies throttling candidates, wherein each throttling candidate comprises an event type for redundant events that reoccur over at least one measured time period; and an analysis system that statistically analyzes event data associated with each throttling candidate and generates a set of throttling parameters for each throttling candidate based on the event data.