公开(公告)号：US11599404B2

公开(公告)日：2023-03-07

申请号：US17110438

申请日：2020-12-03

Applicant: International Business Machines Corporation

Inventor： Yuk L. Chan ,  Tian Wu ,  Jia Qi Li ,  Zhi Shuai Han ,  Lei Yu ,  Hong Min ,  Fan Jing Meng ,  Abhishek Dokania

IPC: G06F11/07 ,  G06F16/245 ,  G06Q10/10

Abstract: According to an aspect, a method includes searching for a correlated log identifier in a correlation database based on detecting a metrics-based anomaly. The method also includes providing, in a problem diagnosis, related log information associated with the correlated log identifier based on locating one or more log entries including the correlated log identifier in a same time window as the metrics-based anomaly. The method further includes searching for a correlated metric in the correlation database based on detecting a log-based anomaly and providing, in the problem diagnosis, related metric information associated with the correlated metric based on locating one or more metrics records including the correlated metric in the same time window as the log-based anomaly.

公开(公告)号：US11762894B2

公开(公告)日：2023-09-19

申请号：US17456653

申请日：2021-11-29

Applicant: International Business Machines Corporation

Inventor： Zi Xiao Zhu ,  Pei Ni Liu ,  Tian Wu ,  Fan Jing Meng ,  HariGovind Venkatraj Ramasamy ,  Sandhya Narayan ,  Elliot Karl Kolodner

IPC: G06F16/35 ,  G06F40/211 ,  G06F40/30

CPC classification number: G06F16/35 ,  G06F40/211 ,  G06F40/30

Abstract: Embodiments of the present invention relate to methods, systems, and computer program products for event management. In a method, a plurality of notes that are comprised in a plurality of event records are obtained in a computer system. A plurality of paragraphs that are comprised in the plurality of notes are classified into a plurality of content types based on a content analysis of the plurality of paragraphs. The plurality of notes are classified into a plurality of semantic types based on the plurality of content types and a syntactic parsing to the plurality of notes. A knowledge item is generated for managing an event in the computer system based on a group of notes in the plurality of notes that are classified into the plurality of semantic types. With these embodiments, knowledge items for managing events may be obtained in an easier and more effective way.

公开(公告)号：US11513930B2

公开(公告)日：2022-11-29

申请号：US17110513

申请日：2020-12-03

Applicant: International Business Machines Corporation

Inventor： Yuk L. Chan ,  Lin Yang ,  Tian Wu ,  Jia Qi Li ,  Lei Yu ,  Hong Min ,  Fan Jing Meng

IPC: G06F11/00 ,  G06F11/30 ,  G06K9/62 ,  G06F11/32

Abstract: Techniques include collecting current logs from distributed sources, selecting a group of the current logs that are from a related source of the distributed sources, and generating a feature vector using the group of the current logs. A current status model is created for the feature vector using the group of the current logs. One or more anomalies are determined in the group of the current logs based on a difference between the current status model and a reference status model, the reference status model being based on history logs.

公开(公告)号：US11190421B1

公开(公告)日：2021-11-30

申请号：US17188299

申请日：2021-03-01

Applicant: INTERNATIONAL BUSINESS MACHINES CORPORATION

Inventor： Pei Ni Liu ,  Zi Xiao Zhu ,  Tian Wu ,  Jia Qi Li ,  Fan Jing Meng ,  Ruo Yi Liu

IPC: G06F15/173 ,  H04L12/26 ,  H04L12/24 ,  H04L12/801

Abstract: Embodiments of the present disclosure relate to a method for processing alerts. According to an embodiment of the present disclosure, a set of alerts matching a metric template are identified from received alerts during a period of time. A plurality of variable values are acquired from the set of alerts based on the metric template. The plurality of variable values are normalized according to a normalization rule of the metric template. A severity level for the set of alerts is determined based on the normalized variable values. In response to the severity level exceeding a certain threshold, an abstract alert including information related to the set of alerts is generated.

公开(公告)号：US11681865B2

公开(公告)日：2023-06-20

申请号：US17482531

申请日：2021-09-23

Applicant: International Business Machines Corporation

Inventor： Yuk Lung Chan ,  Tian Wu ,  Lei Yu ,  Jia Qi Li ,  Hong Min ,  Fan Jing Meng

IPC: G06F40/169 ,  G06N20/00 ,  G06F40/186 ,  G06F40/242

CPC classification number: G06F40/169 ,  G06F40/186 ,  G06F40/242 ,  G06N20/00

Abstract: Embodiments of the invention are directed to annotating a log based on processing log documentation. Aspects include obtaining the log having a plurality of entries. Aspects also include creating a set of log entry templates by processing the log documentation associated with the log, wherein each log entry template includes one or more constants and one or more variables. Aspects further include annotating each of the plurality of entries based on the set of templates, wherein the annotating includes labeling each value of the one or more variables with a variable name.

公开(公告)号：US20230169104A1

公开(公告)日：2023-06-01

申请号：US17456653

申请日：2021-11-29

Applicant: International Business Machines Corporation

Inventor： Zi Xiao Zhu ,  PEI NI LIU ,  Tian Wu ,  FAN JING Meng ,  HariGovind Venkatraj Ramasamy ,  Sandhya Narayan ,  Elliot Karl Kolodner

IPC: G06F16/35 ,  G06F40/30 ,  G06F40/211

CPC classification number: G06F16/35 ,  G06F40/30 ,  G06F40/211

Abstract: Embodiments of the present invention relate to methods, systems, and computer program products for event management. In a method, a plurality of notes that are comprised in a plurality of event records are obtained in a computer system. A plurality of paragraphs that are comprised in the plurality of notes are classified into a plurality of content types based on a content analysis of the plurality of paragraphs. The plurality of notes are classified into a plurality of semantic types based on the plurality of content types and a syntactic parsing to the plurality of notes. A knowledge item is generated for managing an event in the computer system based on a group of notes in the plurality of notes that are classified into the plurality of semantic types. With these embodiments, knowledge items for managing events may be obtained in an easier and more effective way.

公开(公告)号：US20220180217A1

公开(公告)日：2022-06-09

申请号：US17110430

申请日：2020-12-03

Applicant: International Business Machines Corporation

Inventor： Yuk L. Chan ,  Lei Yu ,  Jia Qi Li ,  Zhi Shuai Han ,  Tian Wu ,  Hong Min ,  FAN JING Meng

IPC: G06N5/02 ,  G06F16/901 ,  G06F40/30 ,  G06F11/07

Abstract: Aspects of the invention include computer systems, computer-implemented methods, and computer program products configured to integrate documentation knowledge with log mining data. A non-limiting example computer-implemented method includes determining a message-message relationship based on log message documentation and building a first subgraph based on the message-message relationship. The method further includes receiving a first message log entry having a message identifier and message field data. A second message log entry is correlated with the first message log entry based on at least one of the message identifier and the message field data. A second subgraph is built that includes the first message log entry and the second message log entry. The method includes building a graph that includes the first subgraph and the second subgraph.

公开(公告)号：US20220179881A1

公开(公告)日：2022-06-09

申请号：US17110460

申请日：2020-12-03

Applicant: International Business Machines Corporation

Inventor： Yuk L. Chan ,  Jia Qi Li ,  LIN YANG ,  Tian Wu ,  Lei Yu ,  Hong Min ,  Fan Jing Meng

IPC: G06F16/28

Abstract: Aspects of the invention include determining whether a first log message written by an application during a first job is a message of interest based on a context of the first log message and a probability that the application writes the message for a same job as the first job. Calculating in response to determining that the first log message is a message of interest and by the processor, a correlation score based on intersecting tokens between the first log message and a second log message. Determining the first log message correlates to the second log message based on comparing the score to a threshold score. Modifying a system log of a mainframe to link the first log message to the second log message based on the correlation.

公开(公告)号：US20220179730A1

公开(公告)日：2022-06-09

申请号：US17110535

申请日：2020-12-03

Applicant: International Business Machines Corporation

Inventor： Yuk L. Chan ,  Jia Qi Li ,  Zhi Shuai Han ,  Tian Wu ,  Lei Yu ,  Hong Min ,  FAN JING Meng

IPC: G06F11/07 ,  G06F16/901

Abstract: Techniques include generating a log sequence for new logs that have been received, searching a log sequence database for the log sequence having been generated, and determining that the log sequence is anomalous in response to not finding an identical log sequence in the log sequence database. In response to the log sequence not being found in the log sequence database, the log sequence is compared to a graph of historical log sequences to find a closest sequence path to one or more historical log sequences. An anomaly of the log sequence is diagnosed based on an occurrence at which the log sequence deviates from the closest sequence path of the one or more historical log sequences.

公开(公告)号：US11243835B1

公开(公告)日：2022-02-08

申请号：US17110458

申请日：2020-12-03

Applicant: International Business Machines Corporation

Inventor： Yuk L. Chan ,  Jia Qi Li ,  Lin Yang ,  Tian Wu ,  Lei Yu ,  Hong Min ,  Fan Jing Meng

IPC: G06F11/07

Abstract: Aspects of the invention include constructing a knowledge graph by writing a plurality of data structures to connect correlated log messages in a system log. Detecting an anomalous log message based on the knowledge graph, wherein the anomalous log message is connected to a plurality of candidate root cause error log messages. Determining respective sequences from each of the plurality of candidate root cause error log messages to the anomalous log message. Calculating a deviation score for each respective sequence based on a deviation of an expected sequence for each candidate root cause error log message and the determined sequence. Determining a root cause log error message based on the calculated deviation scores.