Anomaly event detection using frequent patterns

摘要

A method is disclosed. The method includes: receiving, at a computing device, an event log including a plurality of events, where the plurality of events are derived from machine data generated by components of an information technology environment; determining a first score associated with a first granularity level by comparing a first event from the event log with a first plurality of frequent patterns generated for the first granularity level; determining a second score associated with a second granularity level by comparing the first event with a second plurality of frequent patterns generated for the second granularity level; determining an aggregate score for the first event based on the first score and the second score; comparing the aggregate score for the first event with an anomaly score threshold; and issuing an alert identifying the first event as an anomaly based on the aggregate score exceeding the anomaly score threshold.