| US 11,720,599 B1 | ||
| Clustering and visualizing alerts and incidents | ||
| Derek Chin-Teh Lin, San Mateo, CA (US); Regunathan Radhakrishnan, Foster City, CA (US); Rashmi Raghu, San Jose, CA (US); and Jin Yu, Sydney (AU) | ||
| Assigned to Pivotal Software, Inc., Palo Alto, CA (US) | ||
| Filed by Pivotal Software, Inc., Palo Alto, CA (US) | ||
| Filed on Feb. 12, 2015, as Appl. No. 14/621,331. | ||
| Claims priority of provisional application 61/939,706, filed on Feb. 13, 2014. | ||
| Int. Cl. G06F 16/28 (2019.01); G06F 16/22 (2019.01) | ||
| CPC G06F 16/285 (2019.01) [G06F 16/2246 (2019.01)] | 19 Claims |
|
1. A method, comprising:
receiving, by one or more processors, a plurality of text alerts, each text alert describing an event occurring on a computer system; normalizing each text alert into a respective string, including replacing a variable value with a variable name in each text alert and removing terms designated as stop words; for each pair of strings, computing a respective pair-wise distance, each pair-wise distance measuring a degree of similarity between the two strings in the respective pair; clustering the strings into a plurality of event clusters, wherein each event cluster includes a group of strings representing corresponding text alerts, each pair of strings in the group having a pair-wise distance that is shorter than a clustering threshold distance, and wherein the clustering includes representing, as two strings in a same cluster, two corresponding text alerts that are too different from one another to be clustered together without normalization, the two strings including variable names, rather than variable values, of terms in the two corresponding text alerts; and generating a user interface presentation that presents each event cluster of the plurality of event clusters with a visual indication of a respective number of occurrences of normalized text alerts having variable names belonging to the event cluster. |