research-article

Unveiling clusters of events for alert and incident management in large-scale enterprise it

Authors:

Vivek Ramamurthy,

Regunathan Radhakrishnan,

Joseph FernandezAuthors Info & Claims

KDD '14: Proceedings of the 20th ACM SIGKDD international conference on Knowledge discovery and data mining

Pages 1630 - 1639

https://doi.org/10.1145/2623330.2623360

Published: 24 August 2014 Publication History

Abstract

Large enterprise IT (Information Technology) infrastructure components generate large volumes of alerts and incident tickets. These are manually screened, but it is otherwise difficult to extract information automatically from them to gain insights in order to improve operational efficiency. We propose a framework to cluster alerts and incident tickets based on the text in them, using unsupervised machine learning. This would be a step towards eliminating manual classification of the alerts and incidents, which is very labor intense and costly. Our framework can handle the semi-structured text in alerts generated by IT infrastructure components such as storage devices, network devices, servers etc., as well as the unstructured text in incident tickets created manually by operations support personnel. After text pre-processing and application of appropriate distance metrics, we apply different graph-theoretic approaches to cluster the alerts and incident tickets, based on their semi-structured and unstructured text respectively. For automated interpretation and read-ability on semi-structured text clusters, we propose a method to visualize clusters that preserves the structure and human-readability of the text data as compared to traditional word clouds where the text structure is not preserved; for unstructured text clusters, we find a simple way to define prototypes of clusters for easy interpretation. This framework for clustering and visualization will enable enterprises to prioritize the issues in their IT infrastructure and improve the reliability and availability of their services.

Supplementary Material

MP4 File (p1630-sidebyside.mp4)

Download
290.51 MB

References

[1]

J. Bien and R. Tibshirani. Hierarchical clustering with prototypes via minimax linkage. Journal of the American Statistical Association, 106(495):1075--1084, 2011.

[2]

S. F. C.Fowlkes and J.Malik. Spectral grouping using the nystrom method. IEEE Trans. on Pattern Analysis and Machine Intelligence, 26, February 2004.

Digital Library

[3]

J. Cohen, B. Dolan, M. Dunlap, J. M. Hellerstein, and C. Welton. Mad skills: new analysis practices for big data. Proceedings of the VLDB Endowment, 2(2):1481--1492, 2009.

Digital Library

[4]

P. ERDdS and A. R&WI. On random graphs i. Publ. Math. Debrecen, 6:290--297, 1959.

[5]

IBM Netcool. http://tinyurl.com/m5v8nh2.

[6]

S. Jain, I. Singh, A. Chandra, Z.-L. Zhang, and G. Bronevetsky. Extracting the textual and temporal structure of supercomputing logs. In High Performance Computing (HiPC), 2009 International Conference on, pages 254--263. IEEE, 2009.

[7]

J. Shi and J. Malik. Normalized cuts and image segmentation. IEEE Trans. on Pattern Analysis and Machine Intelligence, 22, August 2000.

Digital Library

[8]

A. N. Langville, C. D. Meyer, R. Albright, J. Cox, and D. Duling. Initializations for the nonnegative matrix factorization. In Proceedings of ACM SIGKDD International Conference on Knowledge Discovery and Data Mining, pages 23--26, 2006.

[9]

D. D. Lee and H. S. Seung. Learning the parts of objects by non-negative matrix factorization. Nature, 401(6755):788--791, 1999.

[10]

S. Z. Li, X. Hou, H. Zhang, and Q. Cheng. Learning spatially localized, parts-based representation. In Proceedings of IEEE Conference on Computer Vision and Pattern Recognition. IEEE, 2001.

[11]

A. W. Moore. An introductory tutorial on KD-trees, 1991. http://tinyurl.com/cja9o9.

[12]

P. Paatero and U. Tapper. Positive matrix factorization: A non-negative factor model with optimal utilization of error estimates of data values. Environmetrics, 5(2):111--126, 1994.

[13]

V. P. Pauca, F. Shahnaz, M. W. Berry, and R. J. Plemmons. Text mining using non-negative matrix factorizations. In Proceedings of SIAM International Conference on Data Mining, 2004.

[14]

F. Salfner and S. Tschirpke. Error log processing for accurate failure prediction. In WASL, 2008.

Digital Library

[15]

F. Shahnaz, M. W. Berry, V. P. Pauca, and R. J. Plemmons. Document clustering using nonnegative matrix factorization. Information Processing & Management, 42(2):373--386, 2006.

Digital Library

[16]

L. Tang, T. Li, L. Shwartz, F. Pinel, and G. Y. Grabarnik. An integrated framework for optimizing automatic monitoring systems in large it infrastructures. In Proceedings of the 19th ACM SIGKDD international conference on Knowledge discovery and data mining, pages 1249--1257. ACM, 2013.

Digital Library

[17]

W. Webber, A. Moffat, and J. Zobel. A similarity measure for indefinite rankings. ACM Transactions on Information Systems (TOIS), 28(4):20, 2010.

Digital Library

[18]

W. Xu, X. Liu, and Y. Gong. Document clustering based on non-negative matrix factorization. In Proceedings of ACM SIGIR conference on Research and Development in Information Retrieval, pages 267--273, 2003.

Digital Library

[19]

Y. Zhou, D. Wilkinson, R. Schreiber, and R. Pan. Large-scale parallel collaborative filtering for the Netflix prize. In Algorithmic Aspects in Information and Management, pages 337--348. Springer, 2008.

Digital Library

Cited By

Liu YLi TZhang RJin ZTong MLiu WWang YYang Z(2025)A Context-Aware Clustering Approach for Assisting Operators in Classifying Security AlertsIEEE Transactions on Software Engineering10.1109/TSE.2024.349758851:1(153-171)Online publication date: 1-Jan-2025
https://dl.acm.org/doi/10.1109/TSE.2024.3497588
Zha JShan XLu JZhu JLiu Z(2024)Leveraging Large Language Models for Efficient Alert Aggregation in AIOPsElectronics10.3390/electronics1322442513:22(4425)Online publication date: 12-Nov-2024
https://doi.org/10.3390/electronics13224425
Srinivas PHusain FParayil AChoure ABansal CRajmohan SRoychoudhury APaiva AAbreu RStorey MAniche MNagappan N(2024)Intelligent Monitoring Framework for Cloud Services: A Data-Driven ApproachProceedings of the 46th International Conference on Software Engineering: Software Engineering in Practice10.1145/3639477.3639753(381-391)Online publication date: 14-Apr-2024
https://dl.acm.org/doi/10.1145/3639477.3639753
Show More Cited By

Index Terms

Unveiling clusters of events for alert and incident management in large-scale enterprise it
1. Computing methodologies
  1. Machine learning
    1. Learning paradigms
      1. Unsupervised learning
        Cluster analysis
2. Information systems
  1. Information systems applications
    1. Data mining

Recommendations

Modified CURE algorithm with enhancement to identify number of clusters

In this paper, we present an effective way of identifying number of clusters k based on density of data in given dataset and optimality of clusters formed. We have used internal evaluation of clustering to choose optimal set of clusters after narrowing ...
Upper and lower bounds for complete linkage in general metric spaces
Abstract
In a hierarchical clustering problem the task is to compute a series of mutually compatible clusterings of a finite metric space $(P, dist)$ . Starting with the clustering where every point forms its own cluster, one iteratively merges two clusters ... $^{}^{}$
A general framework for efficient clustering of large datasets based on activity detection

Data clustering is one of the most popular data mining techniques with broad applications. K-Means is one of the most popular clustering algorithms, due to its high efficiency/effectiveness and wide implementation in many commercial/noncommercial ...

Comments

Please enable JavaScript to view thecomments powered by Disqus.

Information & Contributors

Information

Published In

cover image ACM Conferences

KDD '14: Proceedings of the 20th ACM SIGKDD international conference on Knowledge discovery and data mining

August 2014

2028 pages

ISBN:9781450329569

DOI:10.1145/2623330

General Chairs:
Sofus Macskassy
Facebook
,
Claudia Perlich
Dstillery
,
Program Chairs:
Jure Leskovec
Stanford University
,
Wei Wang
UCLA
,
Rayid Ghani
University of Chicago

Copyright © 2014 ACM.

Permission to make digital or hard copies of all or part of this work for personal or classroom use is granted without fee provided that copies are not made or distributed for profit or commercial advantage and that copies bear this notice and the full citation on the first page. Copyrights for components of this work owned by others than ACM must be honored. Abstracting with credit is permitted. To copy otherwise, or republish, to post on servers or to redistribute to lists, requires prior specific permission and/or a fee. Request permissions from [email protected]

Sponsors

Publisher

Association for Computing Machinery

New York, NY, United States

Publication History

Published: 24 August 2014

Permissions

Request permissions for this article.

Request Permissions

Check for updates

Author Tags

Qualifiers

Research-article

Conference

KDD '14

Sponsor:

KDD '14: The 20th ACM SIGKDD International Conference on Knowledge Discovery and Data Mining

August 24 - 27, 2014

New York, New York, USA

Acceptance Rates

KDD '14 Paper Acceptance Rate 151 of 1,036 submissions, 15%;

Overall Acceptance Rate 1,133 of 8,635 submissions, 13%

Upcoming Conference

KDD '25

Sponsor:
sigkdd
sigkdd

The 31st ACM SIGKDD Conference on Knowledge Discovery and Data Mining

August 3 - 7, 2025

Toronto , ON , Canada

Contributors

Other Metrics

View Article Metrics

Bibliometrics & Citations

Bibliometrics

Article Metrics

28
Total Citations
View Citations
666
Total Downloads

Downloads (Last 12 months)23
Downloads (Last 6 weeks)3

Reflects downloads up to 05 Mar 2025

Other Metrics

View Author Metrics

Citations

Cited By

Liu YLi TZhang RJin ZTong MLiu WWang YYang Z(2025)A Context-Aware Clustering Approach for Assisting Operators in Classifying Security AlertsIEEE Transactions on Software Engineering10.1109/TSE.2024.349758851:1(153-171)Online publication date: 1-Jan-2025
https://dl.acm.org/doi/10.1109/TSE.2024.3497588
Zha JShan XLu JZhu JLiu Z(2024)Leveraging Large Language Models for Efficient Alert Aggregation in AIOPsElectronics10.3390/electronics1322442513:22(4425)Online publication date: 12-Nov-2024
https://doi.org/10.3390/electronics13224425
Srinivas PHusain FParayil AChoure ABansal CRajmohan SRoychoudhury APaiva AAbreu RStorey MAniche MNagappan N(2024)Intelligent Monitoring Framework for Cloud Services: A Data-Driven ApproachProceedings of the 46th International Conference on Software Engineering: Software Engineering in Practice10.1145/3639477.3639753(381-391)Online publication date: 14-Apr-2024
https://dl.acm.org/doi/10.1145/3639477.3639753
Bhukar KKumar HMahindru RArora RNagar SAggarwal PParadkar ARoychoudhury APaiva AAbreu RStorey MAniche MNagappan N(2024)Dynamic Alert Suppression Policy for Noise Reduction in AIOpsProceedings of the 46th International Conference on Software Engineering: Software Engineering in Practice10.1145/3639477.3639752(178-188)Online publication date: 14-Apr-2024
https://dl.acm.org/doi/10.1145/3639477.3639752
Ghosh SGrover KWong JBansal CNamineni RVerma MRajmohan SChua TNgo CKumar RLauw HKa-Wei Lee R(2024)Dependency Aware Incident Linking in Large Cloud SystemsCompanion Proceedings of the ACM Web Conference 202410.1145/3589335.3648311(141-150)Online publication date: 13-May-2024
https://dl.acm.org/doi/10.1145/3589335.3648311
Yuan YZhou TTan XSun YLi YLi ZCai ZLi T(2024)Exploring Hierarchical Patterns for Alert Aggregation in Supercomputers2024 IEEE 35th International Symposium on Software Reliability Engineering (ISSRE)10.1109/ISSRE62328.2024.00014(25-36)Online publication date: 28-Oct-2024
https://doi.org/10.1109/ISSRE62328.2024.00014
Agarwal SChakraborty SGarg SBisht SJain CGonuguntla ASaini SChandra SBlincoe KTonella P(2023)Outage-Watch: Early Prediction of Outages using Extreme Event RegularizerProceedings of the 31st ACM Joint European Software Engineering Conference and Symposium on the Foundations of Software Engineering10.1145/3611643.3616316(682-694)Online publication date: 30-Nov-2023
https://dl.acm.org/doi/10.1145/3611643.3616316
Chen YZhang CDong ZYang DPeng XOu JYang HWu ZQu XLi WBissyandé TKlein JBird CSarro F(2023)Dynamic Graph Neural Networks-Based Alert Link Prediction for Online Service SystemsProceedings of the 38th IEEE/ACM International Conference on Automated Software Engineering10.1109/ASE56229.2023.00177(79-90)Online publication date: 11-Nov-2023
https://dl.acm.org/doi/10.1109/ASE56229.2023.00177
Mendes TBarata APereira MMendes-Moreira JCamacho RSousa R(2023)Unsupervised Online Event Ranking for IT OperationsIntelligent Data Engineering and Automated Learning – IDEAL 202310.1007/978-3-031-48232-8_32(345-355)Online publication date: 22-Nov-2023
https://dl.acm.org/doi/10.1007/978-3-031-48232-8_32
Chen JWang PWang WDwyer MDamian DZeller A(2022)Online summarizing alerts through semantic and behavior informationProceedings of the 44th International Conference on Software Engineering10.1145/3510003.3510055(1646-1657)Online publication date: 21-May-2022
https://dl.acm.org/doi/10.1145/3510003.3510055
Show More Cited By

View Options

Login options

Check if you have access through your login credentials or your institution to get full access on this article.

Full Access

Get this Publication

View options

PDF

View or Download as a PDF file.

eReader

View online with eReader.

Figures

Tables

Media

View Table of Conten