| CPC G06F 16/2455 (2019.01) [G06F 11/302 (2013.01); G06F 11/3495 (2013.01); G06N 5/01 (2023.01); G06N 5/04 (2013.01); G06N 20/20 (2019.01)] | 20 Claims |
|
1. A method for alert rule evaluation in a monitoring system, comprising:
receiving an alert rule, the alert rule comprising a query and a condition;
determining that the alert rule is variant;
in response to determining that the alert rule is variant:
executing, at a start time, the query against a data store for an evaluation time window to obtain a query result for the evaluation time window;
determining that the query result for the evaluation time window satisfies the condition;
in response to determining that the query result for the evaluation time window satisfies the condition:
re-executing, in accordance with a fixed time interval and after the start time, the query against the data store for the evaluation time window to obtain the query result for the evaluation time window;
determining a number of consecutive times the query result for the evaluation time window remains unchanged;
determining that the number of consecutive times equals a predetermined number; and
generating an alert for the evaluation time window in response to determining that the number of consecutive times equals the predetermined number.
|