Event Summarization for System Management Wei Peng†, Chang-shing Perng§, Tao Li†, Haixun Wang§...

Event Summarization for System Management

Wei Peng†, Chang-shing Perng§, Tao Li†, Haixun Wang§†Florida International University

§IBM T.J.Waston Research Center

-presented by: Wei Peng

Introduction

• Why Event Summarization?– traditional approaches are cumbersome, labor

intensive, and error prone– focus on discovering frequent or interesting

patterns, scalability , and efficiency– understanding and interpreting patterns

• A divide-and-conquer method

A Motivating Example

Steps for Event Summarization

• Preprocess log data and generate events

• Discover temporal correlation between events (dependency)

• Rank dependencies

• Construct Event Relationship Networks (ERNs)

• Derive Action Rules from Event Summary

Preprocess Log Data and Generate events

• Preprocess the brief log messages

• Categorize it into common situations/states– Incorporate time information

• An event is a pair <e, t> that e is the situation/state, t is the time stamp of e

Discover Temporal Correlation between Events (Dependency)

• b depends on a– If the occurrence of b is predictable by the occurrence of a,

then the conditional distribution which models the waiting time of event type b given event type a’s presence would be different from the unconditional one

• Estimate two distributions• Dependency test

Independent Dependent

Rank Dependencies

• Forward Entropy

• Backward Entropy

Event Relationship Networks (ERNs)

Derive Action Rules from EventSummary

• If condition is true, take action– Event reduction rules– Event correlation rules– Problem avoidance rules

A Case Study

State: start, stop, dependency, create, connection, report, request, configuration, other

Decomposition Process in the Case Study

ERN in the Case Study

Thank You !