Browse Prior Art Database

Method and System for Prioritizing Performance Metric Anomalies Related Log Events

IP.com Disclosure Number: IPCOM000243646D
Publication Date: 2015-Oct-07
Document File: 2 page(s) / 55K

Publishing Venue

The IP.com Prior Art Database

Abstract

Disclosed is a method and system for a prioritization scheme for predictive analytics anomalies which can complement existing manual prioritization schemes that involve broadening scope of data used for prioritization and resulting in more valuable anomaly prioritization.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 51% of the total text.

Page 01 of 2

Method and System for Prioritizing Performance Metric Anomalies Related Log Events

Within the context of IT Operations, several types of data commonly exist as a result of the management and monitoring of applications including performance (monitoring), event, log, ticket, and capacity. These disparate data types are typically managed in solos within organizations and thus introducing significant challenges when attempting to quickly and accurately isolate and resolve service impacting issues.

An emerging mechanism in IT Operations is Predictive Analytics through anomaly

detection. The predictive analytics process analyzes performance metrics and generates anomalies based learned normal behavior. The resulting anomalies are typically generated in real time as data streams in from performance monitoring tools and are based on a set of criteria defined by data mining algorithms. These are typically presented in an operations console in the form of anomaly events and represent a relatively recent data type that has had limited interaction with other data operations data types.

At any given point in time, many such anomaly events are presented on an operations console and determining the IT Operations response to anomaly events can be very manual and problematic. Some schemes involve manually assigning a severity to an anomaly event or enriching an anomaly event with contextual data such as an application name or function to help determine which anomaly event should be addressed first. For example, if an anomaly event relates to an Online Banking

Application server, make that a high-priority anomaly with a hope that IT Operations teams act upon that one first. Other times, the predictive analytic process itself may provide a sense of how anomalous an underlying situation is via notions of confidence scores. However, to date, where anomalies are derived by these advanced analytic

schemes are concerned, the existing prioritization scheme do not provide effective enough prioritization as they take too narrow of a view of the overall system behavior. Typically only one data type (such as event OR performance OR...