What technology area does this patent fall under?

Primary CPC classification G06F11/3476. Mapped technology areas include Physics.

When was this patent published?

Publication date Tue Mar 29 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).

Rule-based continuous diagnosing and alerting from application logs

US11288165B2 · US · B2

Patent metadata
Field	Value
Publication number	US-11288165-B2
Application number	US-202117219122-A
Country	US
Kind code	B2
Filing date	Mar 31, 2021
Priority date	Apr 16, 2019
Publication date	Mar 29, 2022
Grant date	Mar 29, 2022

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

One or more embodiments analyze log records of applications to determine whether a composite rule pertaining to events associated with the log records occurring within a specified time window are satisfied. Satisfaction of the composite rule may facilitate real-time diagnosis and detection of patterns in logs which indicate problems, threats, systemic issues, or performance issues relating to the applications. The composite rule may specify events associated with log records from multiple different applications that occur within a same specified time window and are associated with a same tenant and entity. Satisfaction of the composite rule may be analyzed by a state machine that tracks satisfaction of the individual rules within the composite rule in a sequence of stages. A notification, alert, or alarm may be generated when the composite rule is satisfied.

First claim

Opening claim text (preview).

What is claimed is: 1. A non-transitory computer-readable storage medium storing instructions, which when executed by one or more hardware processors, cause performance of operations comprising: identifying a plurality of fields referenced by a composite rule comprising a first rule and a second rule, the first rule corresponding to log data generated during a first time window, the second rule corresponding to log data generated during a second time window, wherein the first time window is different than the second time window; analyzing a plurality of log records to identify a subset of log records that include values for fields referenced by at least one rule of the composite rule; selecting a first set of log records and a second set of log records from the subset of log records for evaluating the composite rule, the first set of log records being associated with the first time window and the second set of log records being associated with the second time window; determining that the composite rule is triggered based on: determining that the first rule is triggered by the particular first set of log records associated with the first time window; and determining that the second rule is triggered by the particular second set of log records associated with the second time window; and generating a notification based on the triggering of the composite rule, wherein the first time window and the second time window correspond to non-overlapping windows of time. 2. The non-transitory computer-readable storage medium of claim 1 , wherein the log data comprises first log data generated by a first application and second log data generated by a second application. 3. The non-transitory computer-readable storage medium media of claim 1 , wherein the at least one application and the corresponding log data are associated with a single entity. 4. The non-transitory computer-readable storage medium of claim 1 , wherein the first time window and the second time window are windows of a same size in a particular set of tumbling temporal windows. 5. The non-transitory computer-readable storage medium of claim 1 , wherein the first time window and the second time window are adjacent time windows. 6. The non-transitory computer-readable storage medium of claim 1 , wherein determining that the composite rule is triggered further comprises: identifying a first event in the first time window that triggers the first rule; setting a first accumulator to indicate that the first rule is triggered; comparing a value stored in the first accumulator to a first threshold value; responsive to determining that the value stored in the first accumulator meets the first threshold value, identifying a second event in the second time window that triggers the second rule; updating a second accumulator to indicate that the second rule is triggered; and generating the notification based on the updating the second accumulator. 7. The non-transitory computer-readable storage medium of claim 6 , further comprising transmitting the generated notification and including in the transmitted notification a description of the first event and a description of the second event. 8. A method comprising: identifying a plurality of fields referenced by a composite rule comprising a first rule and a second rule, the first rule corresponding to log data generated during a first time window, the second rule corresponding to log data generated during a second time window, wherein the first time window is different than the second time window; analyzing a plurality of log records to identify a subset of log records that include values for fields referenced by at least one rule of the composite rule; selecting a first set of log records and a second set of log records from the subset of log records for evaluating the composite rule, the first set of log records being associated with the first time window and the second set of log records being associated with the second time window; determining that the composite rule is triggered based on: determining that the first rule is triggered by the particular first set of log records associated with the first time window; and determining that the second rule is triggered by the particular second set of log records associated with the second time window; and generating a notification based on the triggering of the composite rule, wherein the first time window and the second time window correspond to non-overlapping windows of time. 9. The method of claim 8 , wherein the log data comprises first log data generated by a first application and second log data generated by a second application. 10. The method of claim 8 , wherein the at least one application and the corresponding log data are associated with a single entity. 11. The method of claim 8 , wherein the first time window and the second time window correspond to windows of a same size in a particular set of tumbling temporal windows. 12. The method of claim 8 , wherein the first time window and the second time window are adjacent time windows. 13. The method of claim 8 , wherein determining that the composite rule is triggered further comprises: identifying a first event in the first time window that triggers the first rule; setting an accumulator to indicate that the first rule is triggered; identifying a second event in the second time window that triggers the second rule; updating the accumulator to indicate that the second rule is triggered; and generating the notification based on the updated accumulator. 14. The method of claim 13 , further comprising transmitting the generated notification and including in transmitted notification a description of the first event and a description of the second event. 15. A system comprising: at least one device including a hardware processor; the system being configured to perform operations comprising: identifying a plurality of fields referenced by a composite rule comprising a first rule and a second rule, the first rule corresponding to log data generated during a first time window, the second rule corresponding to log data generated during a second time window, wherein the first time window is different than the second time window; analyzing a plurality of log records to identify a subset of log records that include values for fields referenced by at least one rule of the composite rule; selecting a first set of log records and a second set of log records from the subset of log records for evaluating the composite rule, the first set of log records being associated with the first time window and the second set of log records being associated with the second time window; determining that the composite rule is triggered based on: determining that the first rule is triggered by the particular first set of log records associated with the first time window; and determining that the second rule is triggered by the particular second set of log records associated with the second time window; and generating a notification based on the triggering of the composite rule, wherein the first time window and the second time window correspond to non-overlapping windows of time. 16. The system of claim 15 , wherein the log data comprises first log data generated by a first application and second log data generated by a second application. 17. The system of claim 15 , wherein the at least one application and the corresponding log data are associated with a single entity. 18. The system of claim 15 , wherein the first time window and the seco

Assignees

Oracle Int Corp

Inventors

Classifications

G06F9/4498
Finite state machines · CPC title
G06F11/0754
by exceeding limits · CPC title
G06F11/3476Primary
Data logging (G06F11/14, G06F11/2205 take precedence) · CPC title
G06F11/302Primary
where the computing system component is a software system · CPC title
G06F11/3065
Monitoring arrangements determined by the means or processing involved in reporting the monitored data (error or fault reporting or logging G06F11/0766) · CPC title

Patent family

Related publications grouped by family.

View patent family 72832444

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US11288165B2 cover?: One or more embodiments analyze log records of applications to determine whether a composite rule pertaining to events associated with the log records occurring within a specified time window are satisfied. Satisfaction of the composite rule may facilitate real-time diagnosis and detection of patterns in logs which indicate problems, threats, systemic issues, or performance issues relating to t…
Who is the assignee on this patent?: Oracle Int Corp
What technology area does this patent fall under?: Primary CPC classification G06F11/3476. Mapped technology areas include Physics.
When was this patent published?: Publication date Tue Mar 29 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).

How to read this patent

Abstract

First claim

Assignees

Inventors

Classifications

Patent family

External sources

Related patents

Intrusion detection based on anomalies in access patterns

Methods and systems to compound alerts in a distributed computing system

Techniques for managing and analyzing log data

Alarm to event tracing

Managing alert profiles

Event Model for Correlating System Component States

Frequently asked questions