What technology area does this patent fall under?

Primary CPC classification G06F11/076. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Nov 26 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Analyzing computing system logs to predict events with the computing system

US10489229B2 · US · B2

Patent metadata
Field	Value
Publication number	US-10489229-B2
Application number	US-201615055970-A
Country	US
Kind code	B2
Filing date	Feb 29, 2016
Priority date	Feb 29, 2016
Publication date	Nov 26, 2019
Grant date	Nov 26, 2019

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

A method for analyzing data of a networked computing environment, the method includes a computer processor analyzing a plurality of data of a networked computing environment aggregated during a first time interval, where the data includes messages that include message IDs. The method further includes identifying a frequency value of occurrences of a message ID within the plurality of data during the first time interval. The method further includes determining whether the frequency value of the occurrences of the message ID during the first time interval correlates to an anomaly that occurs within the networked computing environment. The method further includes responding to determining that the frequency value of the occurrences of message ID within the first time interval correlates to the anomaly by determining a first response to the anomaly. The method further includes initiating the first response to one or more elements of the networked computing environment.

First claim

Opening claim text (preview).

What is claimed is: 1. A method for automating responses to manage a networked computing environment, the method comprising the steps of: determining, by one or more computer processors, that incoming real-time data generated within a networked computing environment includes occurrences of a first set of two or more message identifiers (IDs) that correspond to a second set of two or more message IDs respectively associated with a historical occurrence of one or more anomalies within the networked computing environment; determining, by one or more computer processors, that the incoming real-time data correlates to a previous anomaly that occurred within the networked computing environment based on determining respective rates of occurrence of the first set of two or more message IDs included in the incoming real-time data and the second set of two or more message IDs respectively associated with the historical occurrence of the one or more anomalies and determining a relationship between the first set of two or more message IDs included in the incoming real-time data and the second set of two or more message IDs respectively associated with the historical occurrence of the one or more anomalies that precede one or more non-fatal events within the networked computing environment, wherein the determined relationship between the first set of two or more message IDs and the second set of two or more message IDs includes: (i) determining that the first set of two or more message IDs and the second set of two or more message IDs occur within a defined window of time, (ii) determining that the first set of message IDs and the second set of message IDs both include at least a first message ID and a second message ID, (iii) redetermining respective rates of occurrences of at least a second message ID based on a modified window of time in response to determining that a first threshold value corresponding to a first rate of occurrence of a first message ID within the defined window of time is exceeded, and (iv) determining respective rates of occurrence of the first set of two or more message IDs and the second set of two or more message IDs are above respective thresholds of occurrence values; responsive to determining that the incoming real-time data correlates to the previous anomaly that occurred within the networked computing environment based on the determined relationship between the first set of two or more message IDs included in the incoming real-time data and the second set of two or more message IDs respectively associated with the historical occurrence of the one or more anomalies, determining, by one or more computer processors, a first automated response to the previous anomaly that occurred based on accessing a first network-accessible database that stores a plurality of previously determined responses that correspond to one or more anomalies; and initiating, by one or more computer processors, the determined first automated response to one or more elements of the networked computing environment to prevent a non-fatal event within the networked computing environment. 2. The method of claim 1 , further comprising the steps of: identifying, by one or more computer processors, a structure respectively associated with a message of a plurality of messages within included within the incoming real-time data by accessing a reference library; and determining, by one or more computer processors, information included within the incoming real-time data based on utilizing the identified structure respectively associated with the message, wherein the determined information respectively associated with the message includes a message ID and one or more elements selected from the group consisting of: a timestamp a response code, a message prefix, a process ID, and state data of an entity associated with a message. 3. The method of claim 1 , wherein a relationship between the second set of two or more message IDs and a corresponding historical occurrence of an anomaly includes: (i) an order among occurrences of two or more message IDs of the second set of two or more message IDs, (ii) overlaps between time intervals respectively associated with at least two message IDs, of the second set of two or more message IDs, within the defined window of time, and (iii) one or more logical conditions related to interactions among at least two message IDs. 4. The method of claim 1 , wherein a non-fatal event includes a degradation of performance associated with one or more executing software applications. 5. The method of claim 1 , wherein networked computing environment is a hybrid-cloud environment, and wherein the first network-accessible database, a second network-accessible database, and one or more system management functions operate within a private-cloud environment. 6. The method of claim 1 , wherein initiating the determined first automated response to one or more elements of the networked computing environment is performed utilizing dynamic automation and a virtual engineer. 7. A computer program product for automating responses to manage a networked computing environment, the computer program product comprising: one or more computer readable storage media and program instructions stored on the one or more computer readable storage media, the program instructions readable/executable by one or more computer processors: program instructions to determine that incoming real-time data generated within a networked computing environment includes occurrences of a first set of two or more message identifiers (IDs) that correspond to a second set of two or more message IDs respectively associated with a historical occurrence of one or more anomalies within the networked computing environment; program instructions to determine that the incoming real-time data correlates to a previous anomaly that occurred within the networked computing environment based on determining respective rates of occurrence of the first set of two or more message IDs included in the incoming real-time data data and the second set of two or more message IDs respectively associated with the historical occurrence of the one or more anomalies and determining a relationship between the first set of two or more message IDs included in the incoming real-time data and the second set of two or more message IDs respectively associated with the historical occurrence of the one or more anomalies that precede one or more non-fatal events within the networked computing environment, wherein the determined relationship between the first set of two or more message IDs and the second set of two or more message IDs includes: (i) determining that the first set of two or more message IDs and the second set of two or more message IDs occur within a defined window of time, (ii) determining that the first set of message IDs and the second set of message IDs both include at least a first message ID and a second message ID, (iii) redetermining respective rates of occurrences of at least a second message ID based on a modified window of time in response to determining that a first threshold value corresponding to a first rate of occurrence of a first message ID within the defined window of time is exceeded, and (iv) determining respective rates of occurrence of the first set of two or more message IDs and the second set of two or more message IDs are above respective thresholds of occurrence values; program instructions to respond to a determination that the incoming real-time data correlates to the previous anomaly that occurred within the networked computing environment based on the determined relationship between the first set of two or more message IDs included in the incoming real-time data and the second set of two or more message IDs r

Assignees

Inventors

Classifications

G06F11/0709
in a distributed system consisting of a plurality of standalone computer nodes, e.g. clusters, client-server systems · CPC title
G06F11/076Primary
by exceeding a count or rate limit, e.g. word- or bit count limit · CPC title

Patent family

Related publications grouped by family.

View patent family 59678496

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US10489229B2 cover?: A method for analyzing data of a networked computing environment, the method includes a computer processor analyzing a plurality of data of a networked computing environment aggregated during a first time interval, where the data includes messages that include message IDs. The method further includes identifying a frequency value of occurrences of a message ID within the plurality of data durin…
Who is the assignee on this patent?: IBM
What technology area does this patent fall under?: Primary CPC classification G06F11/076. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Nov 26 2019 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 8 related publications on this page (citations in our corpus or others sharing the same primary CPC).