The following relates to diagnostic, predictive, data mining, and related arts. The following is described with illustrative reference to analysis of printing network logs for use in repair or preventative maintenance, but is useful in analysis of records of temporal events and sequences generally.
Electronic devices such as printers, automobiles, and so forth are complex devices that typically include electronic monitoring. For example, printer networks typically log substantive events such as print job receipt and completion, error codes generated during printing or while the printer is idle, warning messages such as low toner messages, and so forth. If a printer fails or requires service, the technician can access the event logs as an aid to diagnosis of the problem.
As another example, automobiles include on-board computers that monitor and record various automotive systems such as the engine, transmission, exhaust, tire pressure, and so forth. These records are retrieved from the on-board computer using a specialized digital interface, and are utilized by automotive maintenance personnel to diagnose problems reported by the motorist, or by forensic safety personnel to determine the cause of an automobile accident, or so forth.
In these and other applications, a difficulty arises in that the amount of data collected and stored can be overwhelming. Most of the recorded data reflect commonplace events that are not diagnostically useful. The relevant data for diagnostic or forensic applications are typically rare or unusual events.
Accordingly, it is known to provide event analyzers that search for and highlight rare or unusual events in event logs or records. However, these analyzers have certain deficiencies. They can be overinclusive in that they fail to isolate the root event causing the problem under study. Such overinclusiveness can arise because when a problem event occurs, other events which would otherwise be rare or unusual may then have a higher likelihood of occurrence. For example, an automotive stability control system activation event may generally be an unusual event worthy of note. However, if there is low air pressure in one of the tires, then the stability control system may activate more frequently than usual as it attempts to compensate for poor stability caused by the tire with low air pressure. An analysis identifying the stability control system activation events may be overinclusive when the root problem is low tire air pressure as indicated by an earlier low air pressure warning event. The technician encountering numerous stability control system activations output by the analyzer may erroneously conclude that the stability control system is misbehaving, and fail to notice the earlier low tire pressure warning event.
At the same time, event analyzers that flag rare or unusual events can be underinclusive. For example, a print job cancellation event by user “X” of a print job on printer “A” of a printing network log is not, by itself, an unusual event, and is unlikely to be identified by an event analyzer that identifies rare or unusual events. However, a print job cancellation on printer “A” by user “X” that is immediately followed initiation of a print job by the same user “X” on a different printer “B” may be an unusual event, possibly indicative of a problem with printer “A” recognized by user “X”.
Sequential approaches, such as Markov algorithms, are also known for use in event analyzers. In these approaches, the analysis searches for and flags rare or unusual event sequences. These approaches can reduce the overinclusiveness or underinclusiveness of isolated event-based analyzers. However, sequential approaches are limited in their ability to recognize complex event relationships, especially when several distinct processes overlap.