Automatic generation of actionable recommendations from problem reports
US-9250993-B2 · Feb 2, 2016 · US
Generating actionable alert messages for resolving incidents in an information technology environment
US11539578B2 · US · B2
| Field | Value |
|---|---|
| Publication number | US-11539578-B2 |
| Application number | US-202017098078-A |
| Country | US |
| Kind code | B2 |
| Filing date | Nov 13, 2020 |
| Priority date | Apr 30, 2018 |
| Publication date | Dec 27, 2022 |
| Grant date | Dec 27, 2022 |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
Machine data reflecting operation of a monitored system is ingested and made available for search by a data intake and query system (DIQS). A monitoring function may search the data ingested by the DIQS to determine instances of notable events in regards to the monitored system and may further determine a defined invokable action message (IAM) associated with a notable event instance. Processing ensues to send an IAM to a communications device used by support personnel. The IAM includes information about an action invocation message (AIM) suitable to cause the performance of an action that possibly remedies or improves an operational condition represented by the notable event. Support personnel engages a user interface representation corresponding to the AIM and the AIM is sent to a remedial node where performance of the action is invoked.
First claim
Opening claim text (preview).
What is claimed: 1. A method comprising: identifying a notable event from data reflecting operation of computing devices in an information technology (IT) environment, wherein the notable event is identified based on a notable event definition, and wherein the notable event is associated with a notable event type; generating an invokable action message, wherein the invokable action message includes information based on an invokable action message definition associated with the notable event type, wherein the invokable action message definition identifies at least a first recipient and a second recipient of the invokable action message; sending the invokable action message to a first computing device associated with the first recipient, wherein the invokable action message causes the first computing device to display a user interface including an interface element corresponding to an invokable action associated with the invokable action message; determining that a period of time has elapsed without a response from the first computing device associated with the first recipient; responsive to determining that the period of time has elapsed, sending the invokable action message to a second computing device associated with the second recipient; receiving, from the second computing device, an action invocation message associated with the invokable action; and executing the invokable action. 2. The method of claim 1 , wherein the invokable action message definition comprises information identifying a node involved in executing the invokable action. 3. The method of claim 1 , wherein the computing device is a handheld mobile device. 4. The method of claim 1 , wherein the invokable action is executed at least in part by an application configured as a deep linking handler for at least a portion of network traffic received from a node, wherein the application causes display of the user interface including the interface element corresponding to the invokable action. 5. The method of claim 1 , wherein a node involved in executing the invokable action is external to a monitoring system that identified the notable event. 6. The method of claim 1 , wherein the IT environment comprises a node involved in execution of the invokable action. 7. The method of claim 1 , wherein identifying the notable event includes executing a search query based at least in part on information of the notable event definition. 8. The method of claim 1 , further comprising executing a search query based at least in part on information of the notable event definition to identify the notable event, wherein the search query is executed against data managed by a data intake and query system. 9. The method of claim 1 , further comprising executing a search query based at least in part on information of the notable event definition to identify the notable event, wherein the search query is executed against data managed by a data intake and query system, wherein the data includes machine data or data derived from machine data, and wherein the machine data is ingested from multiple sources by the data intake and query system. 10. The method of claim 1 , wherein the notable event indicates an occurrence of a potential security threat in the IT environment. 11. The method of claim 1 , wherein the notable event definition includes a notable event filter, and wherein the method further comprises determining that the notable event satisfies the notable event filter. 12. The method of claim 1 , wherein the invokable action message definition includes identifiers of a plurality of recipients of the invokable action message, and wherein the invokable action message is sent to two or more of the plurality of recipients in an order defined in the invokable action message definition. 13. The method of claim 1 , wherein the period of time is defined in the invokable action message definition. 14. The method of claim 1 , further comprising: receiving, from the computing device, a request to update a portion of the information displayed in the invokable action message; executing a search query used to obtain updated data associated with the portion of the information displayed in the invokable action message; and sending the updated data to the computing device. 15. A non-transitory computer-readable storage medium storing instructions which, when executed by one or more processors, cause performance of operations comprising: identifying a notable event from data reflecting operation of computing devices in an information technology (IT) environment, wherein the notable event is identified based on a notable event definition, and wherein the notable event is associated with a notable event type; generating an invokable action message, wherein the invokable action message includes information based on an invokable action message definition associated with the notable event type, wherein the invokable action message definition identifies at least a first recipient and a second recipient of the invokable action message; sending the invokable action message to a first computing device associated with the first recipient, wherein the invokable action message causes the first computing device to display a user interface including an interface element corresponding to an invokable action associated with the invokable action message; determining that a period of time has elapsed without a response from the first computing device associated with the first recipient; responsive to determining that the period of time has elapsed, sending the invokable action message to a second computing device associated with the second recipient; receiving, from the second computing device, an action invocation message associated with the invokable action; and executing the invokable action. 16. The non-transitory computer-readable storage medium of claim 15 , wherein the invokable action message definition comprises information identifying a node involved in executing the invokable action. 17. The non-transitory computer-readable storage medium of claim 15 , wherein the computing device is a handheld mobile device. 18. The non-transitory computer-readable storage medium of claim 15 , wherein the invokable action is executed at least in part by an application configured as a deep linking handler for at least a portion of network traffic received from a node, wherein the application causes display of the user interface including the interface element corresponding to the invokable action. 19. The non-transitory computer-readable storage medium of claim 15 , wherein a node involved in executing the invokable action is external to a monitoring system that identified the notable event. 20. A system comprising: a first one or more electronic devices to implement a data intake and query system, the data intake and query system including instructions that upon execution cause the data intake and query system to: identify a notable event from data reflecting the operation of computing devices in an information technology (IT) environment, wherein the notable event is identified based on a notable event definition, and wherein the notable event is associated with a notable event type; and a second one or more electronic devices to implement a monitoring system, the monitoring system including instructions that upon execution cause the monitoring system to: receive an indication of the notable event; generate an invokable action message, wherein the invokable action message includes information b
Assignees
Inventors
Classifications
the data filtering being achieved by aggregating or compressing the monitored data · CPC title
using filtering, e.g. reduction of information by using priority, element types, position or time · CPC title
Monitoring or testing based on specific metrics, e.g. QoS, energy consumption or environmental parameters · CPC title
Semiautomatic configuration, e.g. proposals from system · CPC title
using network fault recovery (ring fault isolation or reconfiguration in loop networks without recovery actions by a network management system H04L12/437) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US11539578B2 cover?
- Machine data reflecting operation of a monitored system is ingested and made available for search by a data intake and query system (DIQS). A monitoring function may search the data ingested by the DIQS to determine instances of notable events in regards to the monitored system and may further determine a defined invokable action message (IAM) associated with a notable event instance. Processin…
- Who is the assignee on this patent?
- Splunk Inc
- What technology area does this patent fall under?
- Primary CPC classification H04L41/069. Mapped technology areas include Electricity.
- When was this patent published?
- Publication date Tue Dec 27 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 12 related publications on this page (citations in our corpus or others sharing the same primary CPC).