Method for Using Event Metadata to Configure an Event Management Solution.
Original Publication Date: 2004-May-18
Included in the Prior Art Database: 2004-May-18
This article describes a mechanism where the data stored on an event metadata repository can be used to assist a system administrator in defining event grouping expressions.
Method for Using Event Metadata to Configure an Event Management Solution .
A typical event management solution deals with large ammounts of data, usually in the order of millions of events a day.
The consumers of this event data often need to rely on some kind of organization under which smaller, more manageable, subsets of the event data are addressed. For instance, an operator may want to display only high severity events related to network failures.
Administrator of the solution also need to rely on this kind of organization, for instance, event sources may be configured to filter out antivirus related events once a security attack has been detected.
For both scenarios, the definition of such subsets of the event data require the system administrator to define some sort of logical expression that represents the event group.
The idea of a graphical tool that can assist the user in writing such logical expressions isn't new, but the actual problem is that each event source produces events of different types. For instance, Windows machines may produce events that contain fields that are specific to Windows applications, routers may produce events with fields specific to networking concepts. Most solutions only assist the user with referencing fields that are common across all event types (such as severity and creation time) but offer no assistance for fields that are specific to a certain event type.
This invention is based on a feature commonly available on event management solutions: an event metadata repository. Essentially, a metadata repository can represent in...