130 likes | 238 Views
Event Summarization for System Management. Wei Peng†, Chang-shing Perng§, Tao Li†, Haixun Wang§ †Florida International University §IBM T.J.Waston Research Center -presented by: Wei Peng. Introduction. Why Event Summarization?
E N D
Event Summarization for System Management Wei Peng†, Chang-shing Perng§, Tao Li†, Haixun Wang§ †Florida International University §IBM T.J.Waston Research Center -presented by: Wei Peng
Introduction • Why Event Summarization? • traditional approaches are cumbersome, labor intensive, and error prone • focus on discovering frequent or interesting patterns, scalability , and efficiency • understanding and interpreting patterns • A divide-and-conquer method
Steps for Event Summarization • Preprocess log data and generate events • Discover temporal correlation between events (dependency) • Rank dependencies • Construct Event Relationship Networks (ERNs) • Derive Action Rules from Event Summary
Preprocess Log Data and Generate events • Preprocess the brief log messages • Categorize it into common situations/states • Incorporate time information • An event is a pair <e, t> that e is the situation/state, t is the time stamp of e
Discover Temporal Correlation between Events (Dependency) • b depends on a • If the occurrence of b is predictable by the occurrence of a, then the conditional distribution which models the waiting time of event type b given event type a’s presence would be different from the unconditional one • Estimate two distributions • Dependency test Independent Dependent
Rank Dependencies • Forward Entropy • Backward Entropy
Derive Action Rules from EventSummary • If condition is true, take action • Event reduction rules • Event correlation rules • Problem avoidance rules
A Case Study State: start, stop, dependency, create, connection, report, request, configuration, other