The present disclosure relates to information technology (IT) systems, and more specifically, to methods, systems and computer program products for monitoring status messages in an IT system to identify intervals of unusual activity.
Today's complex IT systems, such as integrated data centers, require a team of experts to monitor various system messages for abnormal behavior, and to diagnose and fix anomalies before they result in systems failures and outages. In typical complex IT systems, the number of status messages created by the components of the IT system far exceed what can reasonably be read and analyzed by the team of IT experts. As a result, automated systems have been developed for reviewing and filtering these status messages.
Currently available automated systems for reviewing such status messages can be configured to calculate a score for messages. In some systems, the status messages are then grouped into intervals and a combined score is calculated for the interval. If the calculated score of an interval is greater than an arbitrarily fixed level, the interval is marked as being unusual. Once an interval is marked as unusual, the interval it is selected for further analysis by one of the systems experts.