US 12,079,100 B1
Systems and methods for machine-learning based alert grouping and providing remediation recommendations
William Deaderick, Austin, TX (US); William Stanton, Boulder, CO (US); and Thomas Camp Vieth, Cambridge, MA (US)
Assigned to Splunk Inc., San Francisco, CA (US)
Filed by Splunk, Inc., San Francisco, CA (US)
Filed on Jan. 31, 2022, as Appl. No. 17/589,847.
Application 17/589,847 is a division of application No. 17/589,532, filed on Jan. 31, 2022.
This patent is subject to a terminal disclaimer.
Int. Cl. G06F 11/00 (2006.01); G06F 11/07 (2006.01); G06F 11/30 (2006.01); G06F 11/34 (2006.01); G06F 16/2458 (2019.01); G06F 16/242 (2019.01)
CPC G06F 11/3082 (2013.01) [G06F 11/0793 (2013.01); G06F 11/3409 (2013.01); G06F 16/2477 (2019.01); G06F 16/244 (2019.01)] 14 Claims
OG exemplary drawing
 
1. A computerized method comprising:
generating a user interface that illustrates assignments of a plurality of alerts into one or more alert groupings that are positioned so that each alert grouping of the one or more of alert groupings is positioned at different regions of a dashboard produced by the user inferface, wherein an alert grouping is a grouping of one or more alerts;
receiving user feedback via the user interface indicating that a first alert grouping of the one or more alert groupings is to be closed such that alerts may no longer be assigned to the first alert grouping;
subsequent to receiving the user feedback closing the first alert grouping, receiving an alert to be assigned to any of a plurality of existing open alert groupings or to a newly created alert grouping;
assigning the alert through deployment of a machine learning model implementing a distance metric to either a first existing open alert grouping of the plurality of existing open alert groupings or the newly created alert grouping, wherein the distance metric includes a set of weightings determined for a feature vector of the alert, and wherein assigning the alert is based on an overall distance between the feature vector of the alert and a feature vector of each of the plurality of existing open alert groupings according to a weighted sum of the distance between the feature vector of the alert and the feature vector of each of the plurality of existing open alert groupings, wherein the alert is assigned to either (i) an existing open alert grouping having a shortest overall distance to the alert that satisfies one or more time constraints, or (ii) the newly created alert grouping;
determining (i) that the first alert grouping, which is closed, has a shortest distance to the alert and (ii) a remediation effort taken that resulted in resolution of an incident indicated by the first alert grouping; and
updating the user interface resulting in illustrating (i) an assignment of the alert, (ii) the first alert grouping having the shortest distance to the alert and (iii) an instruction to a viewer on the remediation effort taken to resolve the incident indicated by the first alert grouping.