公开(公告)号：US10425291B2

公开(公告)日：2019-09-24

申请号：US15811667

申请日：2017-11-13

Applicant: Moogsoft Inc.

Inventor： Philip Tee ,  Robert Harper

IPC: H04L29/06 ,  H04L12/24 ,  H04L12/26

Abstract: An event clustering system is provided that in response to a time series infers a network topology. Matrices W and H are estimated as a local minimum. For each pair of nodes: (i) a computation of the convolution is made; a number of peaks within the convolution is a function of a delay; and a comparison is made to an average behavior of a pair of nodes that emits the same number of alerts. Alerts are only spread to adjacent nodes, alerts are caused by dysfunctional nodes that do not emit alerts, and a true topology coincides with the end of the recording.

公开(公告)号：US10050910B2

公开(公告)日：2018-08-14

申请号：US15375958

申请日：2016-12-12

Applicant: Moogsoft Inc.

Inventor： Philip Tee ,  Robert Harper

IPC: G06F15/16 ,  H04L12/58 ,  H04L12/24 ,  H04L29/08

Abstract: An event clustering system has an extraction engine in communication with a managed infrastructure. A signalizer engine includes one or more of an NMF engine, a k-means clustering engine and a topology proximity engine. The signalizer engine determines one or more common characteristics or features from events, the signalizer engine using the common features of events to produce clusters of events relating to the failure or errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. The system is configured to group two or more situations, where a situation is a collection of one or more events or alerts representative of a problem in the managed infrastructure.

公开(公告)号：US20180159744A1

公开(公告)日：2018-06-07

申请号：US15811667

申请日：2017-11-13

Applicant: Moogsoft Inc.

Inventor： Philip Tee ,  Robert Harper

IPC: H04L12/24 ,  H04L29/06 ,  H04L12/26

Abstract: An event clustering system is provided that in response to a time series infers a network topology. Matrices W and H are estimated as a local minimum. For each pair of nodes: (i) a computation of the convolution is made; a number of peaks within the convolution is a function of a delay; and a comparison is made to an average behavior of a pair of nodes that emits the same number of alerts. Alerts are only spread to adjacent nodes, alerts are caused by dysfunctional nodes that do not emit alerts, and a true topology coincides with the end of the recording.

公开(公告)号：US20170141947A1

公开(公告)日：2017-05-18

申请号：US15417497

申请日：2017-01-27

Applicant: Moogsoft Inc.

Inventor： Philip Tee ,  Robert Harper ,  Charles Mike Silvey ,  Andrew John Leonard ,  Jeffrey Ellison Townsend

IPC: H04L12/24 ,  G06F17/30

CPC classification number: G06F11/0709 ,  G06F3/0481 ,  G06F11/0751 ,  G06F11/0769 ,  G06F11/0772 ,  G06F11/079 ,  G06F16/285 ,  G06F16/358 ,  G06F16/904 ,  G06Q10/00 ,  H04L41/0631 ,  H04L41/065 ,  H04L41/0893 ,  H04L41/12 ,  H04L41/22 ,  H04L51/16 ,  H04L51/24

Abstract: A user interface system is provided. A first engine receives message data from managed infrastructure that includes managed infrastructure physical hardware which supports the flow and processing of information. A second engine determines common characteristics of events and produces clusters of events relating to the failure of errors in the managed infrastructure, where membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in the physical hardware managed infrastructure directed to supporting the flow and processing of information. One or more situations are created that are a collection of one or more events or alerts representative of the actionable problem in the managed infrastructure. An external connection adapter is coupled to the first and second engines and configured to provide access to one or more data fields within a file. A display computer system maps using a graphical user interface the one or more data fields relating to situations from clustered messages received from managed infrastructure to data from one or more data sources. The display computer system generates a dashboard display from a configuration in the file that includes situations from clustered messages received from managed infrastructure.

公开(公告)号：US20180091378A1

公开(公告)日：2018-03-29

申请号：US15811688

申请日：2017-11-14

Applicant: Moogsoft Inc.

Inventor： Philip Tee ,  Robert Harper

IPC: H04L12/24 ,  H04L29/06 ,  H04L12/26

CPC classification number: H04L41/142 ,  H04L12/1895 ,  H04L41/046 ,  H04L41/064 ,  H04L41/065 ,  H04L41/12 ,  H04L41/22 ,  H04L43/0823 ,  H04L43/10 ,  H04L63/102 ,  H04L63/1408 ,  H04L67/42

Abstract: A system is provided for clustering events. A first engine is configured to receive message data from a managed infrastructure that includes managed infrastructure physical hardware that supports the flow and processing of information, The at least one engine is configured to determine common characteristics of events and produce clusters of events relating to the failure of errors in the managed infrastructure. Membership in a cluster indicates a common factor of the events that is a failure or an actionable problem in a physical hardware of the managed infrastructure directed to supporting the flow and processing of information. The first engine is configured to create one or more situations that is a collection of one or more events or alerts representative of the actionable problem in the managed infrastructure. A second engine is configured to determine one or more common steps from events and produces clusters relating to events. The second engine determines one or more common characteristics of events and producing clusters of events relating to the failure or errors in the managed infrastructure. A statistical analytical engine is included.