公开(公告)号：US10587555B2

公开(公告)日：2020-03-10

申请号：US14841965

申请日：2015-09-01

Applicant: SAP Portals Israel Ltd

Inventor： Gary Machol ,  Asaf Bruner ,  Roy Fishman ,  Sarah Lavie ,  Tahel Milstein ,  Dany Shapiro

IPC: H04L12/58

Abstract: The present disclosure involves systems, software, and computer implemented methods for correlating critical events to identified log data. An example event log analyzer can identify a set of log messages. One or more occurrences of a first critical event and a time of each of the occurrences are identified. One or more candidate subsets of log messages are identified. Each log message in each candidate subset is associated with a timestamp that is within a predefined time window prior to the time of an occurrence of the first critical event. A candidate subset of log messages is selected as a correlator of the first critical event. A rule is defined using the selected candidate subset of log messages. The rule defines a second critical event that correlates to the first critical event. The rule is associated with one or more actions to perform when the second critical event occurs.

公开(公告)号：US20170063762A1

公开(公告)日：2017-03-02

申请号：US14841965

申请日：2015-09-01

Applicant: SAP Portals Israel Ltd

Inventor： Gary Machol ,  Asaf Bruner ,  Roy Fishman ,  Sarah Lavie ,  Tahel Milstein ,  Dany Shapiro

IPC: H04L12/58

CPC classification number: H04L51/18 ,  H04L51/36

Abstract: The present disclosure involves systems, software, and computer implemented methods for correlating critical events to identified log data. An example event log analyzer can identify a set of log messages. One or more occurrences of a first critical event and a time of each of the occurrences are identified. One or more candidate subsets of log messages are identified. Each log message in each candidate subset is associated with a timestamp that is within a predefined time window prior to the time of an occurrence of the first critical event. A candidate subset of log messages is selected as a correlator of the first critical event. A rule is defined using the selected candidate subset of log messages. The rule defines a second critical event that correlates to the first critical event. The rule is associated with one or more actions to perform when the second critical event occurs.

Abstract translation: 本公开涉及用于将关键事件与识别的日志数据相关联的系统，软件和计算机实现的方法。 示例事件日志分析器可以标识一组日志消息。 识别出一个或多个出现的第一关键事件和每个事件的时间。 识别日志消息的一个或多个候选子集。 每个候选子集中的每个日志消息与在第一关键事件发生之前的预定时间窗口内的时间戳相关联。 选择日志消息的候选子集​​作为第一关键事件的相关器。 使用所选择的日志消息的候选子集​​来定义规则。 该规则定义了与第一个关键事件相关的第二个关键事件。 该规则与发生第二个关键事件时执行的一个或多个操作相关联。