US 12,284,089 B2
Alert correlating using sequence model with topology reinforcement systems and methods
Jiayi Gu Hoffman, Sunnyvale, CA (US); Mahesh Ramachandran, San Jose, CA (US); and Bhanu Pratap Singh, Fremont, CA (US)
Assigned to Hewlett Packard Enterprise Development LP, Spring, TX (US)
Filed by OPSRAMP, INC., San Jose, CA (US)
Filed on Aug. 25, 2022, as Appl. No. 17/822,157.
Application 17/822,157 is a continuation of application No. 16/876,723, filed on May 18, 2020, abandoned.
Claims priority of provisional application 62/968,399, filed on Jan. 31, 2020.
Prior Publication US 2023/0133541 A1, May 4, 2023
Int. Cl. G06F 7/76 (2006.01); G06F 9/54 (2006.01); G06F 18/22 (2023.01); G06F 18/23 (2023.01); G06N 3/08 (2023.01); H04L 41/0631 (2022.01); H04L 41/16 (2022.01)
CPC H04L 41/16 (2013.01) [G06F 9/542 (2013.01); G06F 9/544 (2013.01); G06F 18/22 (2023.01); G06F 18/23 (2023.01); G06N 3/08 (2013.01); H04L 41/0631 (2013.01)] 23 Claims
OG exemplary drawing
 
1. A method comprising:
training, by a system comprising a hardware processor, a sequence model using time sequences of alerts on a recurrent neural network comprising a first long short-term memory layer;
invoking, by the system, the sequence model based on receipt of a first alert;
generating, by the sequence model, a first time sequence of alerts comprising the first alert;
receiving, by the system, a plurality of alerts from one or more applications operating in a network environment comprising computing devices coupled through one or more networks, wherein the plurality of alerts comprise an alert relating to a failure of a computing resource or a program;
generating a second time sequence of alerts including a subset of the plurality of alerts, the subset of the plurality of alerts excluding at least one alert of the plurality of alerts based on the first time sequence of alerts generated by the sequence model, wherein the generating of the second time sequence of alerts comprises:
determining that the at least one alert of the plurality of alerts is not included in the first time sequence of alerts generated by the sequence model, and
excluding the at least one alert from the second time sequence of alerts based on determining that the at least one alert is not included in the first time sequence of alerts generated by the sequence model;
correlating, by the system, the second time sequence of alerts using topology reinforcement to identify a cluster of related alerts;
attributing, by the system, the cluster of related alerts to a common triggering event associated with the failure of the computing resource or the program; and
resolving the failure of the computing resource or the program based on the cluster of related alerts output by the system, the cluster of related alerts providing insight into a root cause of the related alerts, the insight into the root cause used as part of resolving the failure, wherein the recurrent neural network comprises a second long short-term memory layer connected to the first long short-term memory layer, and a dropout layer for regularization, the dropout layer connected to the second long short-term memory layer.