1. Technical Field
The present invention relates generally to an improved data processing system and in particular to a method and data processing system for managing networked systems. Still more particularly, the present invention provides a method and apparatus for analyzing events and for visualizing cause and effect correlation information among multiple events at runtime in a networked system.
2. Description of Related Art
As distributed or networked systems become increasingly complex, effective management and evaluation of a networked system progressively increases in difficulty. In typical networked systems, a system manager monitors critical activities of network systems and applications.
A common approach to networked systems management is implementation of an event management system (EMS). An EMS is a system that receives system state information and that takes a corrective action in response to an indication of an undesirable system state. Event messages (referred to herein as “events”) indicative of a system state are sent to the EMS, and the EMS parses the event and takes a particular corrective action. The corrective action may be, for example, a maintenance command that is executed on one or more particular networked devices, or a message to a network manager that indicates the event such that the network manager may take a corrective action.
In general, an EMS contains a correlation engine that identifies relations among events. Subject matter experts, such as a network engineer or administrator, write correlation rules that the EMS evaluates for identification of the relations. A correlation rule may specify a corrective action based on the event.
In addition to a correlation engine, a conventional EMS includes an event console that provides a display of events in real-time. Display of events is provided as a list of independent elements. Each element is associated with a single event and contains various event properties. An event displayed by an event console contains no indication of any relationship with another event. Rather, relations among events is specified only by correlation rules written by the subject matter expert. Thus, an event console provides no visual indication to a user, e.g., a network manager, of the correlation among events, such as a cause and effect relationship, that may exist between events displayed by the event console. Due to the complexity of networked systems and event relations, it is difficult to ascertain events that may occur as a result of received events.
Thus, it would be advantageous to provide a method for generating visualization output of event correlation information among events in a networked system. It would be further advantageous to provide a mechanism for providing a runtime visualization output of cause and effect relationships of multiple events received in a networked system and event relations derived from the received events.