Diagnosing incidents for information technology service management

We claim: 1. A method for diagnosing and detecting causes of an incident interactively, comprising: classifying the incident by keywords by searching a problem ticket describing the incident for the keywords, the keywords comprising at least server name, application name, middleware and symptoms, wherein the incident is classified automatically by a processor according to the keywords occurring in the problem ticket based on the server name, the application name, the middleware and the symptoms in common with other tickets, the keywords assigned accuracy weights respectively based on a validity of the respective keyword and boosting weights respectively based on impact of the respective keyword; adding dependency keywords to the keywords, the dependency keywords representing dependent components among IT components involved in the problem ticket, wherein the dependency keywords are respectively given a boosting weight, wherein the respective default boosting weight is assigned to each keyword based on the impact of the keyword; searching for co-occurring and reoccurring group of incidents based on the keywords, the co-occurring and reoccurring group of incidents determined based on a similarity score determined as a function of the accuracy weights and the boosting weights associated with said keywords identified in the problem ticket and one or more of said keywords identified in an incident in the co-occurring and reoccurring group of incidents, the co-occurring group of incidents comprising incident tickets that occurred concurrently at different information technology (IT) components and the reoccurring group of incidents comprising incident tickets that repeat over time; summarizing commonalities in the group of incidents; correlating the group of incidents with causes; defining association rules between the commonalities; and predicting potential problems based on the correlated group of incidents with causes. 2. The method of claim 1 , wherein the searching for co-occurring and reoccurring group of incidents further comprises searching for similarity among the incidents in the group, the similarity determined by computing a similarity score based on weighted vector of keywords occurring in the incidents. 3. The method of claim 1 , wherein the searching for co-occurring and reoccurring group of incidents further comprises searching for dependency among the incidents in the group. 4. The method of claim 1 , wherein the searching for co-occurring and reoccurring group of incidents further comprises searching for shared environment among the incidents in the group. 5. The method of claim 1 , wherein the causes comprise changes to an information technology system, traffic of the information technology system, maintenance of the information technology system. 6. The method of claim 1 , wherein the classifying comprises: extracting keywords from consolidated incident data; validating the keywords using provided and automatically learned domain knowledge built from historical incident data, wherein the automatically learned domain knowledge comprises at least said defined association rules; and assigning accuracy weight for each of the keywords based on confidence level associated with each of the association rules. 7. The method of claim 1 , wherein the searching comprises: finding incidents matching the keywords and other keywords with one or more dependency relationships specified in the association rules; and calculating a score of each of the found incidents based on accuracy of matched keywords, dependency, and context. 8. The method of claim 1 , wherein the correlating comprises: finding common events comprising one or more of changes, traffic anomaly patterns, and other events preceding the group of incidents; statistically determining a correlation relationship between the common events and the incidents. 9. The method of claim 1 , further comprising: generating diagnosis comprising creating a report showing the co-occurring and reoccurring incidents, the causes, the defined association rules between the commonalities of the incident group and the causes. 10. The method of claim 9 , further comprising: collecting user feedback on the report and iteratively improving the diagnosis. 11. A non-transitory computer readable storage medium storing a program of instructions executable by a machine to perform a method of diagnosing and detecting causes of an incident interactively, comprising: classifying the Incident by keywords by searching a problem ticket describing the incident for the keywords, the keywords comprising at least server name, application name, middleware and symptoms, wherein the incident is classified automatically by a processor according to the keywords occurring in the problem ticket based on the server name, the application name, the middleware and the symptoms in common with other tickets, the keywords assigned accuracy weights respectively based on a validity of the respective keyword and boosting weights respectively based on impact of the respective keyword; adding dependency keywords to the keywords, the dependency keywords representing dependent components among IT components involved in the problem ticket, wherein the dependency keywords are respectively given a boosting weight, wherein the respective default boosting weight is assigned to each keyword based on the impact of the keyword; searching for co-occurring and reoccurring group of incidents based on the keywords, the co-occurring and reoccurring group of incidents determined based on a similarity score determined as a function of the accuracy weights and the boosting weights associated with said keywords identified in the problem ticket and one or more of said keywords identified in an incident in the co-occurring and reoccurring group of incidents, the co-occurring group of incidents comprising incident tickets that occurred concurrently at different information technology (IT) components and the reoccurring group of incidents comprising incident tickets that repeat over time; summarizing commonalities in the group of incidents; correlating the group of incidents with causes; defining association rules between the commonalities; and predicting potential problems based on the correlated group of incidents with causes. 12. The computer readable storage medium of claim 11 , wherein the searching for co-occurring and reoccurring group of incidents further comprises searching for similarity among the incidents in the group, the similarity determined by computing a similarity score based on weighted vector of keywords occurring in the incidents. 13. The computer readable storage medium of claim 11 , wherein the searching for co-occurring and reoccurring group of incidents further comprises searching for dependency among the incidents in the group. 14. The computer readable storage medium of claim 11 , wherein the searching for co-occurring and reoccurring group of incidents further comprises searching for shared environment among the incidents in the group. 15. The computer readable storage medium of claim 11 , wherein the causes comprise changes to an information technology system, traffic of the information technology system, maintenance of the information technology system. 16. The computer readable storage medium of claim 11 , wherein the classifying comprises: extracting keywords from consolidated incident data; validating the keywords using provided and automatically learned domain knowledge built from historical incident data, wherein the automatically learned domain k