公开(公告)号：WO2019060043A1

公开(公告)日：2019-03-28

申请号：PCT/US2018/043802

申请日：2018-07-26

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： XU, Jianwu ,  ZHANG, Hui ,  CHEN, Haifeng ,  NIE, Bin

IPC: G06F11/34 ,  G06F11/30 ,  G01N3/08

Abstract: Methods and systems for system maintenance include identifying patterns in heterogeneous logs. Predictive features are extracted from a set of input logs based on the identified patterns. It is determined that the predictive features indicate a future system failure using a first model. A second model is trained, based on a target sample from the predictive features and based on weights associated with a distance between the target sample and a set of samples from the predictive features, to identify one or more parameters of the second model associated with the future system failure. A system maintenance action is performed in accordance with the identified one or more parameters.

公开(公告)号：WO2016048652A1

公开(公告)日：2016-03-31

申请号：PCT/US2015/048967

申请日：2015-09-08

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： ZHANG, Hui ,  XU, Jianwu ,  GUOFEI, Jiang ,  YOSHIHIRA, Kenji

IPC: G06F11/34 ,  G06F11/30

CPC classification number: G06N99/005

Abstract: A method and system are provided. The method includes performing (320), by a logs-to-time-series converter, a logs-to-time-series conversion by transforming a plurality of heterogeneous logs into a set of time series. Each of the heterogeneous logs includes a time stamp and text portion with one or more fields. The method further includes performing (330), by a time-series-to-sequential-pattern converter, a time-series-to-sequential-pattern conversion by mining invariant relationships between the set of time series, and discovering sequential message patterns and association rules in the plurality of heterogeneous logs using the invariant relationships. The method also includes executing (340), by a processor, a set of log management applications, based on the sequential message patterns and the association rules.

Abstract translation: 提供了一种方法和系统。 该方法包括：通过日志到时间序列转换器，通过将多个异构日志变换为一组时间序列来执行（320）日志到时间序列转换。 每个异类日志包括具有一个或多个字段的时间戳和文本部分。 该方法还包括通过时间序列顺序模式转换器对时间序列到序列模式转换执行（330），该时间序列到序列模式转换通过挖掘该组时间序列之间的不变关系，并且发现顺序消息模式和 使用不变关系在多个异构日志中的关联规则。 该方法还包括基于顺序消息模式和关联规则，由处理器执行（340）一组日志管理应用程序。

公开(公告)号：WO2019112867A1

公开(公告)日：2019-06-13

申请号：PCT/US2018/062991

申请日：2018-11-29

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： XU, Jianwu ,  ZONG, Bo ,  CHEN, Haifeng

IPC: G06F11/34 ,  G06F11/30

Abstract: Systems and methods for system event searching based on heterogeneous logs are provided. A system can include a processor device operatively coupled to a memory device wherein the processor device is configured to mine a variety of log patterns from various of heterogeneous logs to obtain known-event log patterns and unknown-event log patterns, as well as to build a weighted vector representation of the log patterns. The processor device is also configured to evaluate a similarity between the vector representation of the unknown-event and known-event log patterns, identify a known event that is most similar to an unknown event to troubleshoot system faults based on past actions for similar events to improve an operation of a computer system.

公开(公告)号：WO2019050624A1

公开(公告)日：2019-03-14

申请号：PCT/US2018/042218

申请日：2018-07-16

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： XU, Jianwu ,  SAHA, Tanay Kumar ,  CHEN, Haifeng ,  ZHANG, Hui

IPC: G06F17/30 ,  G06F11/34

CPC classification number: G06F16/26 ,  B01D29/111 ,  B01D29/216 ,  B01D29/33 ,  B01D39/20 ,  E21B43/082 ,  E21B43/086 ,  G06F7/08 ,  G06F16/2237 ,  G06F16/285

Abstract: A method and system are provided for processing computer log messages for log visualization and log retrieval. The method includes collecting log messages from one or more computer system components, performing a log tokenization process on the log messages to generate tokens, transforming the tokens into log vectors associated with a metric space, performing dimensionality reduction on the metric space to project the metric space into a lower dimensional sub-space, storing similarity distances between respective pairs of the log vectors, and in response to receiving a query associated with a query log message for reducing operational inefficiencies of the one or more computer system components, employing the similarity distances to retrieve one or more similar log messages corresponding to the query log message for reducing the operational inefficiencies of the one or more computer system components.

公开(公告)号：WO2017083148A1

公开(公告)日：2017-05-18

申请号：PCT/US2016/060131

申请日：2016-11-02

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： ZHANG, Hui ,  CHEN, Haifeng ,  XU, Jianwu ,  JIANG, Guofei ,  YOSHIHIRA, Kenji

IPC: G06F11/34 ,  G06F17/10

CPC classification number: G06N5/047 ,  G06N99/005

Abstract: Systems and methods are disclosed for detecting periodic event behaviors from machine generated logging by: capturing heterogeneous log messages, each log message including a time stamp and text content with one or more fields; recognizing log formats from log messages; transforming the text content into a set of time series data, one time series for each log format; during a training phase, analyzing the set of time series data and building a category model for each periodic event type in heterogeneous logs; and during live operation, applying the category model to a stream of time series data from live heterogeneous log messages and generating a flag on a time series data point violating the category model and generating an alarm report for the corresponding log message.

Abstract translation: 公开了系统和方法，用于通过以下方式检测来自机器生成日志记录的周期性事件行为：捕获异构日志消息，每个日志消息包括具有一个或多个字段的时间戳和文本内容; 从日志消息中识别日志格式; 将文本内容转换为一组时间序列数据，每个日志格式的一个时间序列; 在训练阶段期间，分析该组时间序列数据并为异构日志中的每个周期性事件类型建立类别模型; 并在实时操作期间，将类别模型应用于来自实时异构日志消息的时间序列数据流，并在违反类别模型的时间序列数据点上生成标志，并为相应日志消息生成警报报告。

公开(公告)号：WO2021055239A1

公开(公告)日：2021-03-25

申请号：PCT/US2020/050302

申请日：2020-09-11

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： XU, Jianwu ,  LI, Ding ,  CHENG, Wei ,  CHEN, Haifeng

IPC: G06F8/41 ,  G06F8/35 ,  G06F8/38 ,  G06N20/00 ,  G06N3/08

Abstract: A method for automatically recommending a reviewer for submitted codes is presented. The method includes employing (801), in a learning phase, an artificial intelligence agent for learning an underlying and contextual structure of code regions, mapping (803) the code regions into a distributed representation to define code region representations, employing (805), in a recommendation phase, the artificial intelligence agent to produce a ranked list of recommended reviewers for any given submitted code review request, and outputting (807) the ranked list of recommended reviewers to a visualization device.

公开(公告)号：WO2018111355A1

公开(公告)日：2018-06-21

申请号：PCT/US2017/047285

申请日：2017-08-17

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： DEBNATH, Biplob ,  ZHANG, Hui ,  ARORA, Nipun ,  XU, Jianwu ,  JIANG, Guofei ,  ZONG, Bo

IPC: G05B23/02

Abstract: A computer-implemented method executed on a processor (214) for automatically analyzing log contents received via a network (803) and detecting content-level anomalies is presented. The computer-implemented method includes building a statistical model (103) based on contents of a set of training logs and detecting, based on the set of training logs, content-level anomalies (106) for a set of testing logs. The method further includes maintaining an index and metadata, generating attributes for fields, editing model capability to incorporate user domain knowledge, detecting anomalies using field attributes, and improving anomaly quality by using user feedback (107).

公开(公告)号：WO2017177012A1

公开(公告)日：2017-10-12

申请号：PCT/US2017/026370

申请日：2017-04-06

Applicant: NEC LABORATORIES AMERICA, INC

Inventor： XU, Jianwu ,  ZHANG, Ke ,  ZHANG, Hui ,  MIN, Renqiang ,  JIANG, Guofei

IPC: G06F11/34 ,  G06F11/00 ,  G06N3/02

Abstract: Methods for system failure prediction include clustering log files according to structural log patterns. Feature representations of the log files are determined based on the log clusters. A likelihood of a system failure is determined based on the feature representations using a neural network. An automatic system control action is performed if the likelihood of system failure exceeds a threshold.

Abstract translation:

系统故障预测的方法包括根据结构日志模式对日志文件进行聚类。 日志文件的功能表示是根据日志群集确定的。 基于使用神经网络的特征表示来确定系统故障的可能性。 如果系统故障的可能性超过阈值，则执行自动系统控制动作。

公开(公告)号：WO2017087591A1

公开(公告)日：2017-05-26

申请号：PCT/US2016/062397

申请日：2016-11-17

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： XU, Jianwu ,  ZHANG, Hui ,  ARORA, Nipun ,  DEBNATH, Biplob ,  JIANG, Guofei

IPC: G06F11/34

CPC classification number: G06F11/3612 ,  G06F11/0706 ,  G06F11/0766 ,  G06F11/3636

Abstract: Systems and methods are disclosed for handling log data from one or more applications, sensors or instruments by receiving heterogeneous logs from arbitrary/unknown systems or applications; generating regular expression patterns from the heterogeneous log sources using machine learning and extracting a log pattern therefrom; generating models and profiles from training logs based on different conditions and updating a global model database storing all models generated over time; tokenizing raw log messages from one or more applications, sensors or instruments running a production system; transforming incoming tokenized streams are into data-objects for anomaly detection and forwarding of log messages to various anomaly detectors; and generating an anomaly alert from the one or more applications, sensors or instruments running a production system.

Abstract translation: 公开了用于通过从任意/未知系统或应用接收异构日志来处理来自一个或多个应用，传感器或仪器的日志数据的系统和方法; 使用机器学习从异构日志源生成正则表达式模式并从中提取日志模式; 根据不同的条件从训练日志生成模型和配置文件，并更新存储随时间生成的所有模型的全局模型数据库; 标记来自运行生产系统的一个或多个应用程序，传感器或仪器的原始日志消息; 将输入的标记化流转换成用于异常检测和将日志消息转发到各种异常检测器的数据对象; 并从运行生产系统的一个或多个应用程序，传感器或仪器生成异常警报。

公开(公告)号：WO2019112986A1

公开(公告)日：2019-06-13

申请号：PCT/US2018/063722

申请日：2018-12-04

Applicant: NEC LABORATORIES AMERICA, INC.

Inventor： XU, Jianwu ,  ZONG, Bo ,  CHEN, Haifeng

IPC: G06F11/34

Abstract: Methods and systems for event detection and correction include determining a log pattern for a received event. The log pattern is translated to an event search query. The event search query is weighted according to discriminative dimensions using term- frequency inverse-document-frequency. The event search query is matched to one or more known events. A corrective action is automatically performed based on a solution associated with the one or more known events.