What technology area does this patent fall under?

Primary CPC classification H04L43/16. Mapped technology areas include Electricity.

When was this patent published?

Publication date Tue Oct 17 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.

What related patents are in patentsdb?

We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).

System event analyzer and outlier visualization

US9794158B2 · US · B2

Patent metadata
Field	Value
Publication number	US-9794158-B2
Application number	US-201514847666-A
Country	US
Kind code	B2
Filing date	Sep 8, 2015
Priority date	Sep 8, 2015
Publication date	Oct 17, 2017
Grant date	Oct 17, 2017

How to read this patent

A practical reading order for non-experts. Skip the full description unless you need deep technical detail.

Title
What the patent document calls the invention.
Abstract
A short plain-language summary of the technical disclosure.
Assignees and inventors
Who owns or filed the patent and who is credited as inventor.
Key dates
Filing, priority, publication, and grant dates set the timeline.
First independent claim
The legal scope of protection — read this for what is actually claimed.
CPC / IPC classifications
Technology tags used to group this patent with similar filings.
Citations and related patents
Prior art links and similar publications in this corpus.

Abstract

Official abstract text for this publication.

An event analysis system receives events in a time-series from a set of monitored systems and identifies a set of alert threshold values for each of the types of events to identify outliers in the time-series at an evaluated time. Portions of historic event data is selected to identify windows of event data near the evaluated time at a set of seasonally-adjusted times to predict the value of the event type. The alert threshold value may also account for a prediction based on recent, higher-frequency events. Using the alert threshold values for a plurality of event types, the event data is compared with the alert threshold values to determine an alert level for the data. The event data types are also clustered and displayed with the alert levels to provide a visualization of the event data and identify outliers when the new event data is received.

First claim

Opening claim text (preview).

What is claimed is: 1. A method comprising: receiving a time-series sequence of event data for each event type in a plurality of event types; determining a set of correlations between pairs of the event types in the plurality of event types based on a comparison of the time-series sequence of each event type; clustering the event types based on the set of correlations; identifying subject event data for each event type in the plurality of event types for an evaluation time; comparing the subject event data for each event type to one or more alert threshold values for each event type; determining an alert level for each event data type based on the comparison of the subject event data; and generating a display including each event data type represented by a node, the event data types at a location in the display based on the clustering and each event data type coded according to the alert level for the event data type. 2. The method of claim 1 , further comprising: determining whether the correlation between each pair of connections between event types exceeds a threshold; and responsive to the correlation exceeding the threshold, adding a connection between the nodes of the pair of connections in the display. 3. The method of claim 1 , further comprising: identifying a centrality score for each event type based on the correlation pairs; determining a notification score based on the alert level for each event node, the centrality score of each event node, and, for pairs of event nodes associated with the node, an alert level above an alert threshold; and sending a notification when the notification score exceeds a threshold. 4. The method of claim 1 , further comprising: displaying a timeline user interface element in the display; receiving a selection of a second evaluation time; and updating the display with alert levels for the second evaluation time. 5. The method of claim 1 , wherein the clustering is based on an absolute value of the correlations in the set of correlations. 6. A non-transitory computer-readable medium having instructions stored thereon, the instructions executable by a processor and when executed causing the processor to: receive a time-series sequence of event data for each event type in a plurality of event types; determine a set of correlations between pairs of the event types in the plurality of event types based on a comparison of the time-series sequence of each event type; cluster the event types based on the set of correlations; identify subject event data for each event type in the plurality of event types for an evaluation time; compare the subject event data for each event type to one or more alert threshold values for each event type; determine an alert level for each event data type based on the comparison of the subject event data; and generate a display including each event data type represented by a node, the event data types at a location in the display based on the clustering and each event data type coded according to the alert level for the event data type. 7. The computer-readable medium of claim 6 , the instructions further causing the processor to: determine whether the correlation between each pair of connections between event types exceeds a threshold; and responsive to the correlation exceeding the threshold, add a connection between the nodes of the pair of connections in the display. 8. The computer-readable medium of claim 6 , the instructions further causing the processor to: identify a centrality score for each event type based on the correlation pairs; determine a notification score based on the alert level for each event node, the centrality score of each event node, and, for pairs of event nodes associated with the node, an alert level above an alert threshold; and send a notification when the notification score exceeds a threshold. 9. The computer-readable medium of claim 6 , further comprising: display a timeline user interface element in the display; receive a selection of a second evaluation time; and update the display with alert levels for the second evaluation time. 10. The computer-readable medium of claim 6 , wherein the clustering is based on an absolute value of the correlations in the set of correlations. 11. A method comprising: receiving a time-series sequence of event data for each event type in a plurality of event types associated with one or more monitored systems; determining a set of correlation scores between pairs of the event types in the plurality of event types based on a comparison of the time-series sequence of each event type; identifying subject event data for each event type in the plurality of event types for an evaluation time; comparing the subject event data for each event type to one or more alert threshold values for each event type; determining an alert level for each event data type based on the comparison of the subject event data; determining a system health score for the plurality of event types, the system health score combining the alert levels for each event data type, the alert level for each data type increased based on the correlation scores for the pairs of event types including that data type; determining whether the system health score exceeds a notification threshold; and responsive to determining the system health score exceeds the notification threshold, generating a notification for an operator of the of notifying an operator of the monitored systems. 12. The method of claim 11 , further comprising identifying annotation data associated with one or more of the event types in the plurality of event types, the annotation data indicating an action that may affect the event data of the one or more event types; and modifying the alert levels for the one or more event types for the system health score based on the annotation data. 13. The method of claim 12 , wherein the annotation data is selected from among a group consisting of: a code change, service pricing, planned downtime, weather, gatherings, and any combination thereof. 14. The method of claim 11 , wherein the notification is generated when the system health score also exceeds the notification threshold for a designated amount of time. 15. The method of claim 11 , wherein the system health score is increased for an event type when another event type, having a correlation with the event type higher than a correlation threshold, has an alert level. 16. The method of claim 11 , wherein system health score is compared with a plurality of notification thresholds, and a notification level is selected based on the comparison to the plurality of notification thresholds. 17. The method of claim 16 , further comprising selecting the operator to notify based on which of the selected notification level from the plurality of notification thresholds. 18. A non-transitory computer-readable medium having instructions stored thereon, the instructions executable by a processor and when executed causing the processor to: receive a time-series sequence of event data for each event type in a plurality of event types associated with one or more monitored systems; determine a set of correlation scores between pairs of the event types in the plurality of event types based on a comparison of the time-series sequence of each event type; identify subject event data for each event type in the plurality of event types for an evaluation time; compare the subject event data for each event type to one or more alert threshold values for each event type; determi

Assignees

Uber Technologies Inc

Inventors

Classifications

H04L43/16Primary
Threshold monitoring · CPC title
H04L41/0622
based on time · CPC title
H04L41/064
involving time analysis · CPC title
H04L41/069
using logs of notifications; Post-processing of notifications · CPC title

Patent family

Related publications grouped by family.

View patent family 58190698

External sources

Frequently asked questions

Answers are generated from the same data shown on this page.

What does patent US9794158B2 cover?: An event analysis system receives events in a time-series from a set of monitored systems and identifies a set of alert threshold values for each of the types of events to identify outliers in the time-series at an evaluated time. Portions of historic event data is selected to identify windows of event data near the evaluated time at a set of seasonally-adjusted times to predict the value of th…
Who is the assignee on this patent?: Uber Technologies Inc
What technology area does this patent fall under?: Primary CPC classification H04L43/16. Mapped technology areas include Electricity.
When was this patent published?: Publication date Tue Oct 17 2017 00:00:00 GMT+0000 (Coordinated Universal Time) (B2). Legal status and post-grant events are not shown on this page.
What related patents are in patentsdb?: We list 6 related publications on this page (citations in our corpus or others sharing the same primary CPC).

How to read this patent

Abstract

First claim

Assignees

Inventors

Classifications

Patent family

External sources

Related patents

Locating devices by correlating time series datasets

Mining group patterns in dynamic relational data via individual event monitoring

Contextual graph matching based anomaly detection

System and method for providing revenue protection based on weather derivatives and merchant transaction data

System and method for predicting items purchased based on transaction data

Time-based visualization of the number of events having various values for a field

Frequently asked questions