Application health monitoring based on historical application health data and application logs
US-2019377652-A1 · Dec 12, 2019 · US
Utilizing machine learning models with a centralized repository of log data to predict events and generate alerts and recommendations
US2022019935A1 · US · A1
| Field | Value |
|---|---|
| Publication number | US-2022019935-A1 |
| Application number | US-202016929866-A |
| Country | US |
| Kind code | A1 |
| Filing date | Jul 15, 2020 |
| Priority date | Jul 15, 2020 |
| Publication date | Jan 20, 2022 |
| Grant date | — |
How to read this patent
A practical reading order for non-experts. Skip the full description unless you need deep technical detail.
- Title
What the patent document calls the invention.
- Abstract
A short plain-language summary of the technical disclosure.
- Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
- Key dates
Filing, priority, publication, and grant dates set the timeline.
- First independent claim
The legal scope of protection — read this for what is actually claimed.
- CPC / IPC classifications
Technology tags used to group this patent with similar filings.
- Citations and related patents
Prior art links and similar publications in this corpus.
Abstract
Official abstract text for this publication.
A device may receive log data from application logs associated with applications, service logs associated with services, and server logs associated with server devices. The device may store the log data. The device may perform natural language processing on the log data to convert the log data into event data identifying events associated with categories. The device may process the event data, with a first machine learning model, to identify patterns in the event data and to generate an alert based on the patterns. The device may process the event data, with a second machine learning model, to generate a correlation matrix for the event data and to predict an event based on the correlation matrix. The device may process the event data, with a third machine learning model, to classify the event data based on the categories and to generate a recommendation based on classifying the event data.
First claim
Opening claim text (preview).
What is claimed is: 1 . A method, comprising: receiving, by a device, log data from application logs associated with applications, service logs associated with services, and server logs associated with server devices; storing, by the device, the log data in a centralized log repository; performing, by the device, natural language processing on the log data, stored in the centralized log repository, to convert the log data into event data identifying events associated with categories; processing, by the device, the event data, with one or more first machine learning models, to identify patterns in the event data and to generate an alert based on the patterns; processing, by the device, the event data, with one or more second machine learning models, to generate a correlation matrix for the event data and to predict an event based on the correlation matrix; processing, by the device, the event data, with one or more third machine learning models, to classify the event data based on the categories and to generate a recommendation based on classifying the event data; and performing, by the device, one or more actions based on one or more of the alert, the event, or the recommendation. 2 . The method of claim 1 , wherein performing the one or more actions comprises one or more of: providing data identifying the one or more of the alert, the event, or the recommendation for display; causing an application to be reprogrammed based on the one or more of the alert, the event, or the recommendation; causing one of the server devices to restart based on the one or more of the alert, the event, or the recommendation; or causing a new server device to be implemented based on the one or more of the alert, the event, or the recommendation. 3 . The method of claim 1 , wherein performing the one or more actions comprises one or more of: causing a robot to be dispatched to service one of the server devices based on the one or more of the alert, the event, or the recommendation; causing a technician to be dispatched to service one of the server devices based on the one or more of the alert, the event, or the recommendation; or retraining one or more of the one or more first machine learning models, the one or more second machine learning models, or the one or more third machine learning models based on the one or more of the alert, the event, or the recommendation. 4 . The method of claim 1 , wherein the one or more first machine learning models include one or more of: a support vector machine model, a random forest model, a Monte Carlo tree search model, or a temporal difference learning model. 5 . The method of claim 1 , wherein the one or more second machine learning models include one or more of: a support vector machine model, a random forest model, an auto regressive integrated moving average (ARIMA) model, a seasonal ARIMA model, or a vector autoregressive moving average with exogenous regressors model. 6 . The method of claim 1 , wherein the one or more third machine learning models include one or more of: a support vector machine model, a random forest model, a Monte Carlo tree search model, a temporal difference learning model, or a dynamic sentence generation model. 7 . The method of claim 1 , wherein processing the event data, with the one or more first machine learning models, to identify the patterns in the event data and to generate the alert based on the patterns comprises: identifying application behavior patterns based on the event data; identifying historical critical issue data from user ticket data of the event data; classifying the event data based on the application behavior patterns and the history critical issue data; and generate the alert for a critical event identified based on classifying the event data. 8 . A device, comprising: one or more memories; and one or more processors, communicatively coupled to the one or more memories, configured to: receive log data from application logs associated with applications, service logs associated with services, and server logs associated with server devices; store the log data in a centralized log repository for a predetermined retention time period; perform natural language processing on the log data, stored in the centralized log repository, to convert the log data into event data identifying events associated with categories; selectively: process the event data, with one or more first machine learning models, to identify patterns in the event data and to generate an alert based on the patterns; process the event data, with one or more second machine learning models, to generate a correlation matrix for the event data and to predict an event based on the correlation matrix; or process the event data, with one or more third machine learning models, to classify the event data based on the categories and to generate a recommendation based on classifying the event data; and perform one or more actions based on one or more of the alert, the event, or the recommendation. 9 . The device of claim 8 , wherein the one or more processors, when processing the event data, with the one or more second machine learning models, to generate the correlation matrix for the event data and to predict the event based on the correlation matrix, are configured to: separate critical events from the event data; insert impact data in the event data without the critical events; identify correlations and seasonal variations in the event data and the impact data; generate the correlation matrix based on the correlations and the seasonal variations in the event data and the impact data; and predict the event based on the correlation matrix. 10 . The device of claim 8 , wherein the one or more processors, when processing the event data, with the one or more third machine learning models, to classify the event data based on the categories and to generate the recommendation based on classifying the event data, are configured to: classify the event data into the categories; identify, based on classifying the event data into the categories, correlations between application response times and hardware metrics of the server devices; and generate the recommendation based on the correlations between the application response times and the hardware metrics of the server devices. 11 . The device of claim 8 , wherein the log data includes data identifying one or more of: authentication, authorization, and access data associated with the applications, the services, and the server devices, threats associated with the applications, the services, and the server devices, changes associated with the applications, the services, and the server devices, resource usage associated with the applications, the services, and the server devices, or availability data associated with the applications, the services, and the server devices. 12 . The device of claim 8 , wherein the event data includes data identifying one or more of: a debug event associated with debugging one of the applications, the services, or the server devices, a warning event associated with one of the applications, the services, or the server devices, a critical event associated with one of the applications, the services, or the server devices, an information event associated with one of the applications, the services, or the server devices, or an error event associated with one of the applications, the services, or the server devices. 13 . The device of claim 8 , wherein the one or more processors, when performing the one or more actions, are configured to: generate a
Assignees
Inventors
Classifications
Generating training patterns; Bootstrap methods, e.g. bagging or boosting · CPC title
Dynamic search techniques; Heuristics; Dynamic trees; Branch-and-bound · CPC title
Tree-organised classifiers · CPC title
using kernel methods, e.g. support vector machines [SVM] · CPC title
Monitoring arrangements determined by the means or processing involved in reporting the monitored data (error or fault reporting or logging G06F11/0766) · CPC title
Patent family
Related publications grouped by family.
External sources
Frequently asked questions
Answers are generated from the same data shown on this page.
- What does patent US2022019935A1 cover?
- A device may receive log data from application logs associated with applications, service logs associated with services, and server logs associated with server devices. The device may store the log data. The device may perform natural language processing on the log data to convert the log data into event data identifying events associated with categories. The device may process the event data, …
- Who is the assignee on this patent?
- Accenture Global Solutions Ltd
- What technology area does this patent fall under?
- Primary CPC classification G06N20/00. Mapped technology areas include Physics.
- When was this patent published?
- Publication date Thu Jan 20 2022 00:00:00 GMT+0000 (Coordinated Universal Time) (A1). Legal status and post-grant events are not shown on this page.
- What related patents are in patentsdb?
- We list 4 related publications on this page (citations in our corpus or others sharing the same primary CPC).