Example techniques for adaptive time window-based log message deduplication are described. In an example, message values are obtained from received log messages. Further, the number of log messages received in a time window having a message value is counted. A log message from which the message value is obtained and the counted number are transmitted upon expiry of the time window. A length of a time window in which a subsequent counting of log messages is to be performed is determined based on various parameters.

Disclosed here is a system to automatically predict and resolve issues within a telecommunication network. Initially, the system builds a service registry to store dependence information within the network, which can include software components and hardware components. Various components of the network create logs of their operations. Machine learning models examine the logs and detect any issues. Upon detecting an issue or abnormal event, the system can automatically resolve the issue by determining the most similar issue occurring previously and determining a solution that resolved the previous most similar issue. In addition, the system can propagate the fix to dependent systems and/or notify the dependent systems of the issue.

Disclosed here is a system to automatically predict and resolve issues within a telecommunication network. Initially, the system builds a service registry to store dependence information within the network, which can include software components and hardware components. Various components of the network create logs of their operations. Machine learning models examine the logs and detect any issues. Upon detecting an issue or abnormal event, the system can automatically resolve the issue by determining the most similar issue occurring previously and determining a solution that resolved the previous most similar issue. In addition, the system can propagate the fix to dependent systems and/or notify the dependent systems of the issue.

The present disclosure generally discloses a problem event prediction capability. The problem event prediction capability may be configured to predict various types of problem events (e.g., customer problems, customer tickets, customer outages, network problems, network tickets, network outages, or the like, as well as various combinations thereof) based on various types of asynchronous machine data (e.g., alarms, alerts, triggers, machine logs, machine messages, diagnostic logs, diagnostic messages, or the like, as well as various combinations thereof). The problem event prediction capability may be configured to generate a set of problem prediction rules based on historical machine data and to apply the problem prediction rules to observed machine data in order to predict various types of problem events.

An example method of detecting device malfunctions at a subject device includes: obtaining a device event indicator representing an event detected at a device sensor of the subject device; obtaining an external event indicator representing an external event detected by an environmental sensor, the external event occurring external to the subject device; and identifying a device malfunction at the subject device based on the device event indicator and the external event indicator.

An example method of detecting device malfunctions at a subject device includes: obtaining a device event indicator representing an event detected at a device sensor of the subject device; obtaining an external event indicator representing an external event detected by an environmental sensor, the external event occurring external to the subject device; and identifying a device malfunction at the subject device based on the device event indicator and the external event indicator.

In various examples, a system identifies a first issue object associated with the alert by making a first set of determinations, based on an alert of an active issue of a system resource. Additionally, the system can determine whether the active issue associated with the first issue object can be automatically corrected by one or more self-healing processes, based on the first issue object. Moreover, the system can implement the one or more self-healing processes, based on determining that the active issue associated with the first issue object can be automatically corrected by one or more self-healing processes.

A system that incorporates the subject disclosure may perform, for example, a method that determines at least one threshold for detecting signal interference in a first plurality of segments occurring in a first radio frequency spectrum of a first wireless communication system, detecting a pattern of recurrence over time of signal interference in a segment of the first plurality of resource blocks according to the at least one threshold, and performing one or more mitigation steps to mitigate the signal interference without filtering the signal interference where the one or more mitigation steps include at least one of transmitting signals out of phase from the signal interference, adjusting transmit power, increasing power in a resource block of a long term evolution communication session, performing beam steering, or changing time parameters for the resource block without changing to a new resource block. Other embodiments are disclosed.

A system that incorporates the subject disclosure may perform, for example, a method that determines at least one threshold for detecting signal interference in a first plurality of segments occurring in a first radio frequency spectrum of a first wireless communication system, detecting a pattern of recurrence over time of signal interference in a segment of the first plurality of resource blocks according to the at least one threshold, and performing one or more mitigation steps to mitigate the signal interference without filtering the signal interference where the one or more mitigation steps include at least one of transmitting signals out of phase from the signal interference, adjusting transmit power, increasing power in a resource block of a long term evolution communication session, performing beam steering, or changing time parameters for the resource block without changing to a new resource block. Other embodiments are disclosed.

A framework for security information and event management (SIEM), the framework includes a first data store; a data router; one or more parsing mechanisms; one or more correlation machines; and one or more workflow engines, wherein said framework performs SIEM on behalf of multiple subscribers to said framework.