Event Summarization for System Management Wei Peng†, Chang-shing Perng§, Tao Li†, Haixun Wang§...
-
Upload
andrew-powell -
Category
Documents
-
view
226 -
download
0
description
Transcript of Event Summarization for System Management Wei Peng†, Chang-shing Perng§, Tao Li†, Haixun Wang§...
Event Summarization for System Management
Wei Peng†, Chang-shing Perng§, Tao Li†, Haixun Wang§†Florida International University
§IBM T.J.Waston Research Center
-presented by: Wei Peng
Introduction
• Why Event Summarization?– traditional approaches are cumbersome, labor
intensive, and error prone– focus on discovering frequent or interesting
patterns, scalability , and efficiency– understanding and interpreting patterns
• A divide-and-conquer method
A Motivating Example
Steps for Event Summarization
• Preprocess log data and generate events
• Discover temporal correlation between events (dependency)
• Rank dependencies
• Construct Event Relationship Networks (ERNs)
• Derive Action Rules from Event Summary
Preprocess Log Data and Generate events
• Preprocess the brief log messages
• Categorize it into common situations/states– Incorporate time information
• An event is a pair <e, t> that e is the situation/state, t is the time stamp of e
Discover Temporal Correlation between Events (Dependency)
• b depends on a– If the occurrence of b is predictable by the occurrence of a,
then the conditional distribution which models the waiting time of event type b given event type a’s presence would be different from the unconditional one
• Estimate two distributions• Dependency test
Independent Dependent
Rank Dependencies
• Forward Entropy
• Backward Entropy
Event Relationship Networks (ERNs)
Derive Action Rules from EventSummary
• If condition is true, take action– Event reduction rules– Event correlation rules– Problem avoidance rules
A Case Study
State: start, stop, dependency, create, connection, report, request, configuration, other
Decomposition Process in the Case Study
ERN in the Case Study
Thank You !