TR2022013419A2 - ROOT CAUSE DETECTION SYSTEM THAT PREDICTATS FAILURES THROUGH REAL-TIME ERROR LOGS - Google Patents

Abstract

This invention includes the ?log? that provides information about all kinds of operations. It is related to the root cause detection system (1), which predicts whether there will be any malfunction in incoming requests in the structure that produces data (A), increases the quality of service (B) by detecting the root causes of the malfunctions, and predicts malfunctions through real-time error logs. . System (1) provides service with high service (B) quality by predicting identified critical malfunctions and analyzing the root causes of these malfunctions.

Description

DESCRIPTION ROOT PREDICTING FAILURES THROUGH REAL-TIME ERROR LOGS WHY DETECTION SYSTEM Technical Field This invention has a structure that produces "log" data that provides information about all kinds of operations. predicting whether there may be any malfunctions in the requests and Increasing service quality by detecting the root causes of malfunctions, It is related to the root cause detection system that predicts failure through timed error logs.

Known Status of the Technique In modern information systems, many computers are used together to perform distributed operations. It is carried out as. This approach is used in distributed systems to be scalable and to carry out the required operations without causing congestion in the system. makes it possible to achieve this. These systems are real-time Services such as search engines, social networks, e-commerce applications that need to work It is used to provide Among these, serving millions of users There are also payment systems and banking systems. These systems are available 24/7 Uninterrupted operation, high availability and reliability must meet their requirements. Therefore, small Even problems can lead to interruption of the services and applications offered, causing significant may result in loss of income.

Systems record the transactions by producing informative messages, defined as "logs". They record it. Thus, “log” messages also carry information about the status of the system. log Alarms in situations that require the attention of the system administrator in their messages is produced. Although some alarms do not require immediate intervention, they may cause larger malfunctions. It warns to check the system before it occurs. Malfunctions that occur Prevent malfunctions as they can cause temporary or serious interruptions in the system. Prediction is very important for the system. Especially payment systems and objects In large-scale, distributed systems (software, use of heterogeneous technologies (hardware, communication protocol, etc.) and standardization It is very difficult to manage the system without automation due to its absence. This For reasons, uninterrupted service in banking, IoT, and similar applications service quality parameters such as delay, response time, etc. must be defined.

The most important technical problem encountered today is the large information system problem. In architectures, the severity level of the system log message ranges from irreparable errors, errors, warnings and As the information level decreases, the number of messages created by the system increases to very high numbers. It can come out. For this reason, it may cause problems in the system and may be due to critical reasons. Log data at various levels in the system are analyzed separately to detect errors. It is very important that it can be done. Nowadays, when necessary depending on the state of the system It only eliminates irreparable errors and errors in a highly efficient manner without creating a large load on the system. using system logs at the error level and information at all log levels Depending on the need, structures that detect malfunctions and root causes are needed. is heard.

Another technical problem is that the severity levels of system log messages in the systems are different. The time is not determined accurately. Therefore, the message to be detected as a malfunction This type of error is not always irreparable. At the same time, it is at the level of irreparable error. System log messages always respond to critical system errors. It is not coming. For this reason, today, it is used to detect identified errors. fault and root cause detection for different errors determined by the system administrator There is a need for structures that can achieve this.

Another technical problem is that the system log messages produced are not automatically processed by the system. It is to determine the message keys by classifying them as: These message keys Language processing is used to determine the information, independently of the parameters contained in the message. using various algorithms such as the N-gram analysis algorithm used in the Record message keys are determined in the system. In addition, various artificial intelligence parameters independent by using algorithms and various clustering algorithms. Log messages can be grouped automatically. Nowadays, it is done by further checking the similarities between the groupings, as has been done in the past Ensures that inefficient groupings do not continue and grouping can be done again structures are needed.

Patent application numbered US 9,497,072 82, which is in the state of the art document, monitoring a networked computing environment and reporting multiple alarms in a single Methods for combining them under a root cause are explained. a network connected detecting an alert corresponding to a performance problem in the computer environment For this purpose, the root cause detection tool uses multiple It can collect a large number of alerts from numerous performance management tools. Root cause The identification tool then encounters a performance issue based on multiple alarms. can create a correlated failure graph. The created failure graph has a primary can specify the leaf node group and create a group based on the primary leaf node cluster. can identify the chain of failure. Suppresses (or suppresses) alarms not associated with the first fault chain. hides) and only raises a consolidated alarm associated with the first fault chain. In the recommended method improvements only occur over time, regardless of requests made by the customer. It was developed based on

Patent application numbered US 9,772,898 B2, which is in the state of the art document, to determine the root causes of system failures in a distributed system Methods and regulations are included. The method in question is as follows It uses at least one processor to execute the computer code that performs the steps.

The collected machine status data is saved on a storage device. Current The data collected is added to the historical machine status data. Invented machine The process of creating a healthy map model based on state data It carries out. The invention monitors the status of the system and monitors at least one system in the distributed system. In order to detect the faulty machine status, the current status is used with the healthy map model. compares. Based on this comparison, at least one major reason determines. The identified cause is listed in a list on the imaging device. is shown. In this invention, data showing the current machine status is used. However, among these data, the systems providing service on the machines may vary depending on the requests. The errors they encounter are not evaluated. Hardware performance of the system Data is collected on it. Besides, comparison with healthy system state The root causes identified by this method may be incorrect. Malfunctions occur only at the moment and It is not caused by malfunctions in the section where it occurs. Therefore the fault The histories of transactions associated with are used to enable this analysis to be performed with greater accuracy. should be examined, but the invention does not contain such a solution.

Patent application numbered US 9,727,407 B2, which is in the state of the art document, a series of problem log entries from a computing system, A subset of problem log entries that are related to a failed request is identified. AIt cluster is the subset of issue log entries that correspond to the corresponding log in the reference model. the healthy state of the computing system to identify any part of it that deviates from its inputs. It is compared to a reference model below that defines log entries per request type.

At least one high-value log entry is defined in the subset's partition. at least one high value journal entry is output. Get the basics of the problem using system aIt clusters He is trying to get to the why. The invention is only related to a failed request. examined the reasons, but carried out this process without a more comprehensive time-based examination. It can make erroneous root cause predictions because it performs this procedure. And also, Many different levels of IOG are used to determine the reasons for requests defined as unsuccessful. Since the collection process is performed, it can create a large load on the system.

Patent application numbered US 10,891,297 B2, which is in the state of the art document, which can efficiently structure, collect, and analyze log records. A system that can do this has been designed. Bulus analyzes daily IOG information It has been developed as a system method and computer program that can do this. one day to automatically create a log parser with analysis of line contents An improved approach is described. Additionally, key/value from log content An efficient approach to extract its content is described. Recommended system, system At the stage of classifying the records, the classification method is collected and the system It cannot change as the amount of data and IOG processed by it increases. This system is wrong This causes the operations to become less efficient. The invention described in the document, Java Persistence Application Programming Interface Implementation of applications using (JPAPI), Java Transaction API (JTA) and Hibernate It performs the scanning of the records obtained from the servers. Stack Errors involving the classes and methods of these libraries are detected in the traces. It is used for interpretation. Explain the reasons for these errors to the operation teams. transmits. Predict errors arising from classes and methods It does not perform. In addition, it carries out an analysis of the past. It does not have a pre-alarm mechanism. errors that occur during source code writing in software projects and A method to determine the root causes of errors that occur during the development of the code. The system has been improved. This system only performs a code-based review. Source A retrospective review by keeping a record of the changes made to the code It can be done. Code-based error analysis performed in this invention may arise from the relationships, connections and requests received between the services. It is not useful in detecting errors. In addition, mistakes are made before It does not have an alarm mechanism that can predict the situation.

As a result, solutions that will meet the needs described above are on the subject. Due to its inadequacy, it has been deemed necessary to make a development in the relevant technical field.

Purpose of the Invention The invention was inspired by current situations and eliminated the above-mentioned negativities. aims to solve.

The purpose of this invention is to produce "log" data that provides information about all kinds of operations, Predicting that there will be no malfunctions in the requests received. and improves service quality by identifying the root causes of malfunctions, root cause detection system that predicts failure through real-time error logs is to be revealed.

The structural and characteristic features and all the advantages of the invention are shown in the figures and figures given below. More clearly thanks to the detailed explanation written by making references to these figures. will be understood and therefore the evaluation should be based on these figures and detailed explanations. It needs to be taken into consideration.

Figures to Help Understand the Invention Figure 1 is a schematic representation of the system that is the subject of the invention.

Figure 2 shows the fault detection and root cause analysis control processes of the system subject to the invention. is the schematic representation of .

Figure 3 is a schematic representation of the general fault detection process of the system that is the subject of the invention.

Figure 4 is a schematic representation of the pre-processing process of the system that is the subject of the invention.

Figure 5 is the schematic representation of the feature extraction process of the system that is the subject of the invention.

Description of Part References 1. Root cause detection system 2. Communication network Request management unit recording unit log database Fault alarm and root cause unit Fault alarm and root cause database Management interface log recorder Fault detection and root cause analysis server Log processing module Fault detection module Root cause analysis module Log preprocessing module Log grouping module Feature extraction module Classification module Instant root cause analysis module Long-term root cause analysis module Database server Log key database Log key probabilities database Fault control module Parameter detection module . Text analysis module 26. Comparison module 27. Key generation module 28. Log key sequence analysis module 29. Analysis module . Log key transition probability analysis module 31. Log time analysis module 32. General log analysis module A. Log data (Log message, Record message) B. Service C. System administrator d.alarm E. Customer F.Attribute G. Log key sequence H. Time series Detailed Description of the Invention In this detailed description, the preferred embodiments of the system (1) that are the subject of the invention are only It is explained for a better understanding of the subject.

This invention has a structure that produces "log" data (A) that provides information about all kinds of operations. foresees that there will be no problems in case of encountering any malfunction in the requests and Increasing service (B) quality by identifying the root causes of malfunctions, Root cause detection system that predicts failure through real-time error logs (1) System (1); only fatal error in a highly efficient manner without creating a large burden and system (1) records at the error level and information at all log levels It detects malfunctions and root causes depending on the need.

The seriousness levels of system (1) recording messages (A) may be different. Therefore the fault The type of message (A) to be detected as is not always a fatal error. Same System (1) log messages (A) at irreparable error level are always very critical It does not correspond to errors caused by system (1). The system subject to the invention (1) is It is used to detect errors and different methods determined by the system administrator (C). It can detect faults and root causes for errors.

The system (1) also analyzes the similarities between automatically grouped log data (A). by checking to ensure that less inefficient groupings of the past continue and It allows regrouping.

In addition, the system (1) is one of the services used to realize an incoming request. (B) uses the incoming system (1) registration messages (A) to determine whether the request is a failure or a successful one. He can predict whether it will turn out that way or not. System (1) In addition to doing this depending on the request number, you can also do this independently of the request number analysis of log data (A) within a certain time window. It carries out. In this way, the system (1) raises an alarm (D) before the error occurs. It can produce and detect the root causes of possible errors.

System (1) can detect the root causes of the detected malfunctions. Detected By storing the root causes, the frequency of encounter of the root causes and the difference between the root causes The relationship is controlled. Relationships between root causes belong to the log messages (A). It is determined by evaluating the correlations and transitions between the keys.

While errors at the code level can be detected, errors in services (B) or services (B) Errors arising from interconnections can also be detected with the help of system (1).

The system (1) predicts the identified critical malfunctions and determines the root cause of these malfunctions. to provide service with high service (B) quality by analyzing the reasons provides.

The system (1) of the invention, whose schematic representation is presented in Figure 1; service (B) that ensures all or part of the requests are fulfilled, between the customers (E) using the service or system (1) and the service provided secure communication network that carries out the communication (2), Requests from customers (E) are sent to the necessary services (B) or servers. request management unit (3), which ensures the transmission of all services (B) transmitted from the request management unit (3) and recording unit (4), which collects log information by associating requests, log database (5) that stores all logs collected in the recording unit (4), By analyzing the log records collected in the recording unit (4), both optional and Fault alarm and root cause detection that enables detection of problems over time stores information about previously encountered malfunctions, alarms (D) and root causes fault alarm and root cause database (7) and The system administrator (C) responsible for the management is informed about the errors that will be encountered in advance. providing notification, information on the reasons for these errors, and more Presenting all kinds of information about previously encountered errors to the system administrator (C), It allows parameter adjustments to be made when necessary and is connected to the system (1). Management interface (8) offering all kinds of intervention possibilities Contains.

The system subject to the invention (1) is for fault detection and root cause analysis control processes; log record that collects all records in the system (1) by associating them with request numbers instant log data sent by the log recording unit (9) collected from the system (1) (A) field and fault detection and root cause analysis detection and root cause analysis server (10), located within the fault detection and root cause analysis server (10) and log log processing module (11), which performs the processing operations located within the fault detection and root cause analysis server (10) and fault detection module (12), which performs detection operations, located within the fault detection and root cause analysis server (10) and Why does the log processing module (11) perform the analysis operations and detect the fault? communicating with the module (12) and the management interface (8) via the communication network (2). root cause analysis module (13), located in the log processing module (11) and performing the log pre-processing process. log preprocessing module (14), It is located in the log processing module (11) and the log data (A) is Log grouping module that groups both by number and time (15), It is located in the fault detection module (12) and contains both the request number and time. feature that extracts features (F) from log data (A) within the window extraction module (16), from self-induced errors in the fault detection module (12). Classification module (17), which can train and enable classification. It is included in the root cause analysis module (13) and provides instant root cause analysis. Instant root cause analysis module (18) in the live system (1), previous data in the root cause analysis module (13) Long-term root cause analysis module that performs root cause analysis based on (19), via communication network (2) with the fault detection and root cause analysis server (10) database server that communicates and stores data used in the system (1) (20), located in the database server (20) and storing log keys. log key database (21) that provides and previously encountered malfunction in the database server (20), fault alarm and root cause, which enables the storage of alarm (D) and root causes database (7) (Figure 2).

The system subject to the invention (1) is used in the general process of fault detection; It takes the instant log data (A) collected from the system (1) and performs the log pre-processing process. log pre-processing module (14), which performs After the log pre-processing module (14), the running log data (A) is processed both by request and log grouping module (15), which groups by both number and time After the log grouping module (15) runs, both the request number and extracts features (F) from log data (A) within the time window After the feature extraction module (16) runs, it protects itself from errors. Classification module (17), which trains and enables classification. log key database (21), which stores keys bidirectional data processing with log pre-processing module (14) and feature extraction module (16). who perform the exchange and the probabilities of encountering Iog keys database (22), which stores log key probabilities The system operates after the classification module (17) and in case of a malfunction. fault control module (23), which produces an alarm (D) to attract the attention of the manager (C), fault that stores previously encountered faults, alarms (D) and root causes alarm and root cause database (7), After the fault control module (23), the fault alarm and root cause which performs bidirectional data exchange with the database (7) and is based on instant logs. as well as root cause analysis along with analysis of past alarms (D) and causes which performs and enables the detection of errors in the code and the system (1) root cause analysis module (13) (Figure 3).

The system (1) subject to the invention is used during the pre-processing process; log key database (21), where log keys are stored, maintains probabilities associated with log keys, including comparison log key probabilities database (22), depending on the time in the text, the state of the system (1) or different conditions Parameter detection, which enables the determination of parameters that may change Working after the parameter detection module (24), N-gram analysis of the text is carried out efficiently. Analysis is carried out using language processing algorithms such as Random Indexing as well as machine which allows it to be learned and analyzed using artificial intelligence-based methods. text analysis module (25), log key probabilities database running after the text analysis module (25) (22) and the new incoming Iog data (A), which receives data from the Iog key database (21). The vector summarizing the key created by analysis is included in the data set. Comparison module (26) that allows comparison with keys and After the comparison module (26), the running and log key is transferred to the database (21). Key creation module (27) that allows adding keys (Figure 4).

The system (1) subject to the invention is used in the feature (F) extraction process; Probability information of previously encountered log keys is stored. log key probabilities database (22), Iog of a specific request number or encountered within the time window machine learning analysis of the Iog key sequence (G) to which data (A) is matched, is carried out using artificial intelligence and various statistical methods, and log key sequence analysis module (28), which enables the attributes (F) to be obtained, running after the log key sequence analysis module (28), N-gram analysis, various using language processing, machine learning and artificial intelligence methods analysis that performs the analysis and enables the attributes (F) to be obtained. log key probabilities database (22) running after the analysis module (29) Switches in the Iog key sequence that perform bidirectional data exchange with Iog, which evaluates the transition probabilities between the data and extracts the features (F). switch transition probability analysis module (30), Iog of a specific request number or encountered within the time window The machine performs the analysis of the time series (H) that has the time information of the data (A). learning, using artificial intelligence and various statistical methods, and log time analysis module (31) that enables the features (F) to be obtained and Iog of a specific request number or encountered within the time window public data that has all information except time and key information (A) and attributes (F) using artificial intelligence and various statistical methods. General IOG analysis module (32) that enables (Figure 5).

System (1) collects requests from customers (E). Requests from Customer (E), in the request management unit (3) with unique identification numbers over the communication network (2) It is paired and optionally transmitted to different services (B).

Services (B) use different levels of seriousness (information, warning, error) while performing the request-related operations. and irreversible error) system (1) produces recording messages (A) and these messages (A) are sent to the recording unit It is collected by (4). The generated recording messages (A) are transmitted to the fault alarm and root cause analysis unit (6).

It is also recorded in the log database (5). Fault alarm and root cause analysis unit (6) incoming log data (A) comes over the communication network (2). Log data (A), communication network It directs to the log processing module (11) via (2).

By pre-processing in the log pre-processing module (14), the log data in (A) The parameters are determined by the parameter determination module (24).

A vector N-gram analysis that summarizes the record message (A) is made with the help of the text analysis module (25). By using language processing methods, machine learning and deep learning algorithms such as obtained. This vector registration key is used during the matching phase.

The log key existing in the log message (A) in the comparison module (26) is in the database (21). compared to keys. If a match is found, the record message (A) is sent to the relevant key. is matched.

If a suitable match is not found, other message (A) keys that cannot be matched are It is compared with . If grouping can be done regarding the message (A) key, creating a key The key is created by the module (27) and the log key is added to the database (21) and registration message (A) is matched with the corresponding registration message (A). If no match is found, registration message (A) is marked as unknown and the process continues and if no match can be made, The messages are added to group (A).

The record message (A) matched with the key is sent to Log to be grouped according to the request number. is sent to the grouping module (15). Log grouping module (15) by request number groups the incoming messages (A) and when a certain number of messages (A) is reached, the communication network (2) It is sent to the fault detection module (12) with the help of Besides, time windows This grouping is also done using . No new registration key received for a certain period of time The request numbers are deleted and removed from the fault detection module (12).

If the incoming message (A) belongs to a request number that has been encountered before, Fault detection via communication network (2) together with previously received messages (A). is transmitted to the module (12). Registration message (A) paired with request number and registration key The key is sent to the fault detection module (12).

In the feature extraction module (16) located within the fault detection module (12), the incoming sequential system (1) records message (A) sequence is processed and the message (A) sequence belonging to the request number is processed. summarizing features (F) are extracted. System (1) register messages (A) and keys various methods such as N-Gram analysis, Random Indexing, etc. Various features (F) based on sequential patterns are extracted with . The extracted feature (F) vector is sent to the classification module (17). Classification long short term memory algorithm, support vector algorithm used in module (17) request number using various machine learning and deep learning algorithms It is classified as malfunction or normal.

The classification result is sent to the management interface (8) and is transmitted to the database server (20). Request number classified as a fault and the relevant record message (A) information is transmitted to the management interface (8) and displayed for the system administrator (C) to see. alarm (D) is generated.

The request number and registration message (A) information classified as a failure is also The reason is transmitted to the analysis module (13). In the root cause analysis module (13), first the immediate root With the cause analysis module (18), services (B) and connections that may cause problems are determined.

Service (B) and connections that may cause problems are managed with the request number. is transmitted to the interface (8). Sequential registration message based on request number marked as failure (A) sequence includes long-term root cause analysis with instant root cause analysis module (18). It is also transmitted to the module (19).

By communicating with the fault alarm and root cause database (7), previous faults can be retrieved. Comparisons are made using various reasons, correlation and various techniques. This Services (B) and connections that are likely to cause errors as a result of comparisons is determined and transmitted to the management interface (8) over the communication network (2).

System (1) can operate without the need for any intervention. Besides The system administrator (C) manages all kinds of information in the system (1) with the help of the management interface (8). It can control the parameter when necessary. Log key to database (21) log key can be defined and these log keys can be used by the system (1) in the future. It can determine the parameters whether they can be changed or not.

System (1), operations carried out by services (B) for requests from customers (E) Using the logs obtained as a result, you can check whether you encounter errors in the future stages. It predicts what will happen, depending on both demand and time.

System (1) determines the root causes of possible errors, both immediate and long-term. It conducts analysis based on long-term data. The system (1) basically consists of five main parts. is occurring. These sections are log processing module (11), troubleshooting module (12), root cause analysis module (13), management interface (8), log key database (21) and fault alarm and The root cause is the database server (20) containing the database (7). Communication network (2) this It is responsible for instant communication between modules and servers. The invention is distributed or analyzes of log data collected through a system (1) operating with monologue architecture. by doing so in advance, both depending on the request number and time. predicting errors and identifying the root causes of predicted and occurring errors and that all information regarding these malfunctions be forwarded to the system administrator (C). provides

The log processing module (11) basically includes the log pre-processing module (14) and log grouping module (14). It contains the module (15). From the system (1) records in the log pre-processing module (14) The key messages (A) to which the incoming messages (A) belong are determined.

Parameter detection module (24) located within the log pre-processing module (14), system (1) by detecting parameters such as number, date, IP address in the registration message (A) and It performs the process of replacing the keywords with keywords indicating their types. Text The analysis module (25) is located within the log pre-processing module (14). language processing system (1) record messages with various methods such as N-Gram analysis used in the The words in (A) are analyzed. Log preprocessing in the comparison module (26) It is located in the module (14) and the log key is located in the database (21). It compares the (A) keys with the observed message (A) keys. This comparison is the highest after the previous system (1) register message (A) key The probabilistic message is made starting from the (A) key. Log into probability information key probabilities can be accessed from the database (22). Key generation module (27), If the key belonging to the message (A) observed in the system (1) cannot be found, the message (A) key is It creates a log key and ensures that this key is added to the database (21). log In the grouping module (15), the system (1) assigns the record messages (A) to the request number they belong to. grouping them within the system (1) depending on the number of messages (A) and when a certain number of messages (A) are reached. Attribute extraction of the information in the registration message (A) is used to extract the attributes (F). It ensures that the data is transmitted to the module (16). Considering this trading time window It can also be done by keeping The fault detection module (12) uses the transmitted log data (A) It enables the extraction of features (F). This feature extraction module (16) system (1) will be used for troubleshooting using information from log messages (A). It enables the features (F) to be obtained. In the feature extraction module (16) sequential system (1) with various analyzes such as N-gram analysis of the record message (A) key sequence Extracting features (F) by examining all aspects Log key sequence analysis module (28) and analysis module (29). Log time analysis module (31) The system (1) evaluates the arrival times of the record messages (A) and creates the attribute (F) array. It enables its creation. Log switch transition probability analysis module (30), log key probabilities from the database (22) normal and error request numbers feature (F) sequence using the probabilities in the transition probability matrices created for It constitutes. The general log analysis module (32) is included in the system (1) log messages (A). field, request numbers and time window using features connected to the system (1) It enables the creation of separate attributes (F) for Then classification module (17) determines whether any malfunction occurs for the request number whose attributes (F) are extracted. It is used to predict whether it will occur. Various methods such as long-short term memory procedure series of data obtained using machine learning and deep learning procedures. It is predicted whether a malfunction will occur or not by using attributes (F). Then the root cause analysis module (13) records the system (1) in case a malfunction is detected in the system (1). It performs root cause analysis by analyzing the message (A) sequence. (1) error in the system determining the sub-service (B) or the relationship between services (B) that causes It provides. The alarms (D) generated at this stage and the root causes identified are malfunction alarms. and the root cause is stored in the database (7). Fault alarm and root cause database (7) also keeps the root causes to be analyzed in the long term. Fault The system administrator (C) accesses the alarm and root cause database (7), and the system (1) By analyzing the reasons why errors occur and how often they occur, It can decide what needs to be done in the system (1) to correct it.

The management interface (8) allows the system administrator (C) to access the system (1) outputs. and the system administrator (C) to observe the information and alarms (D) about the system (1). It provides. The main causes of generated alarms (D) and errors are management It is displayed to the system administrator (C) on the interface (8).

The system proposed in the invention (1) is the system (1) that was previously assembled at the initial stage. In addition to being able to educate himself with the help of recordings, he can also learn within a living structure. When it is started, it displays the log data (A) and the success of the requests encountered during the run. to work by automatically carrying out his own education by analyzing his situations. can start. The training process of the machine continues as long as it is used.

Claims (5)

STEMS 1. Through real-time error logs, which produce "log" data (A) that provides information about all kinds of operations, predict whether any malfunctions may occur in incoming requests, and increase the quality of service (B) by detecting the root causes of the malfunctions. It is a root cause detection system (1) that predicts failure, and its feature is; .0 is the service (B) that enables all or some of the requests to be realized, the secure communication network (2) that carries out the communication between the customers (E) using the service or system (1) and the service provided, .to is the secure communication network that enables the requests from the customers (E) to be transferred to the necessary services. (B) or the request management unit (3) that ensures transmission to the servers, the recording unit (4) that collects log information by associating all services (B) transmitted from the auto request management unit (3) and the requests from the servers, v the collected data collected in the recording unit (4). The fault alarm and root cause unit (6), which enables the detection of both optional and time-based problems by analyzing the log records collected in the log database auto recording unit (4), which stores all the logs, automatically detects previously encountered faults, alarms (D) and root causes. fault alarm and root cause database (7) that stores the information and v provides the system administrator (C) responsible for the management to be informed in advance about the errors that will be encountered, provides the information about the reasons for these errors and all kinds of information about the errors previously encountered to the system administrator (C), when necessary. It contains a management interface (8) that enables parameter adjustments and provides all kinds of intervention opportunities to the system (1). 2. It is the system (1) mentioned in accordance with claim 1, and its feature is; For fault detection and root cause analysis control processes, .to is the log recording unit (9) that collects all records in the system (1) by associating them with request numbers, and receives the instant log data (A) sent by the log recording unit (9) collected from the system (1). and the fault detection and root cause analysis server (10), which performs the fault detection and root cause analysis operations, and the fault detection and root cause analysis server (10), which is located within the fault detection and root cause analysis server (10). The fault detection module (12), which performs the root cause analysis operations and is located within the fault detection and root cause analysis server (10), and communicates with the IOG processing module (11), the fault detection module (12) and the management interface (8). The root cause analysis module (13) that communicates over the network (2), the IOG pre-processing module (14) that performs the log grouping within the fault detection module (12) that groups both the request number and the time window. The feature extraction module (16), which extracts the features (F) from the IOG data (A), the classification module (17), which is located within the fault detection module (12), can train itself from errors that occur and enables classification, and the root cause analysis module (13). The instant root cause analysis module (18) is located within the root cause analysis module (13) and performs the instant root cause analysis in the live system (1), and the long-term root cause analysis module (13) is located within the root cause analysis module (13) and performs the root cause analysis based on previous data. 19), the database server (20), which communicates with the fault detection and root cause analysis server (10) via the communication network (2) and stores the data used in the system (1), the log key located in the database server (20) and allowing the IOG keys to be stored. It contains a fault alarm and root cause database (7) located within the database (21) and database server (20), which enables the storage of previously encountered faults, alarms (D) and root causes. 3. It is the system (1) mentioned in accordance with claim 1, and its feature is; In the general process of fault detection, the log pre-processing module (14) receives the instant log data (A) collected from the system (1) and performs the log pre-processing process. The log grouping module (15), which groups by time, works after the feature extraction module (16), which extracts attributes (F) from the log data (A) within both the request number and the time window. The classification log pre-processing module (14), which trains itself from errors and enables classification, and the log key database (21), which performs bi-directional data exchange and stores log keys, the log pre-processing module (14) and the feature extraction module (16). log key probabilities database (22), which performs data exchange and stores the probabilities of encountering log keys, fault control module (23), which works after the classification module (17) and produces an alarm (D) to attract the attention of the system administrator (C) in case of a fault, previously The fault alarm and root cause database (7), which stores the faults, alarms (D) and root causes encountered, operates after the fault control module (23), performs bidirectional data exchange with the fault alarm and root cause database (7), and is based on instant logs. It also contains a root cause analysis module (13) that performs root cause analysis along with the analysis of past alarms (D) and causes and enables the detection of the error in the code and system (1). 4. It is the system (1) mentioned in accordance with claim 1, and its feature is; In the pre-processing process, the log key database (21) where the registration keys are stored, the log key probabilities database (22) where the probabilities associated with the log keys are kept, including comparison, the parameters that may change depending on the time in the text, the state of the system (1) or different conditions. The parameter detection module (24), which enables the determination of the text, and the text analysis module (25), which works after the parameter detection module (24), enables the text to be analyzed efficiently with language processing algorithms such as N-gram Analysis, Random Indexing, as well as methods based on machine learning and artificial intelligence (25). ), which runs after the text analysis module (25), receives data from the log key probabilities database (22) and the log key database (21), enables the vector summarizing the key created by analyzing the newly arrived log data (A) to be compared with the keys in the data set. It contains a comparison module (26) and a key creation module (27) that runs after the comparison module (26) and allows adding a key to the log key database (21). 5. It is the system (1) mentioned in accordance with claim 1, and its feature is; In the feature (F) extraction process, the log key probabilities database (22) where the probability information of the previously encountered log keys is stored, machine learning of the analysis of the log key sequence (G) to which the log data (A) belonging to a certain request number or encountered within the time window is matched. , log key sequence analysis module (28), which enables it to be carried out with artificial intelligence and various statistical methods and to obtain attributes (F), N-gram analysis, various language processing, machine learning and artificial intelligence, which works after the log key sequence analysis module (28). The analysis module (29), which performs the analysis of the sequence using intelligence methods and enables the attributes (F) to be obtained, works after the analysis module (29), performs bidirectional data exchange with the log key probabilities database (22), evaluates the transition probabilities between the keys in the log key sequence. and the log key transition probability analysis module (30), which extracts the attributes (F), analyzes the time series (H) containing the time information of the log data (A) belonging to a certain request number or encountered within the time window, using machine learning, artificial intelligence and various statistical data. The log time analysis module (31), which performs the analysis with methods and enables the attributes (F) to be obtained, and the general log information array (I), which contains all information except time and key information of the log data (A) belonging to a certain request number or encountered within the time window. ) sequence using machine learning, artificial intelligence and various statistical methods and enables the attributes (F) to be obtained.