The present invention relates to event analysis, and more specifically, to event analysis in network management event streams. Data center and network management disciplines have focused extensively on fault and root cause analysis process, tools, and best practices. When events occur in a data center, a notification may be sent to an event manager or fault management system. The event may be a crashed database or a malfunctioning application. The event may be de-duplicated, correlated, and enriched. It may be handled via a policy enforced by a rules engine and it may be used to automatically create a ticket for a help desk.
Events and tickets can be considered the “backbone” of fault management. For providers of large telecommunication networks in particular, the scale of the number of events has increased rapidly. This is a consequence of the growth in customer numbers, increased average level of usage per customer, and consolidation through mergers to form larger telecommunication companies. There is also increased diversity of events due to an expanding variety of devices that are monitored as new technologies are adopted.