Browse Prior Art Database

Logs Shrinker Algorithm

IP.com Disclosure Number: IPCOM000244812D
Publication Date: 2016-Jan-18
Document File: 3 page(s) / 608K

Publishing Venue

The IP.com Prior Art Database

Abstract

The algorithm helps customers and support teams to quick identify problems using common logs files. It transforms huge table with logs information into small one grouping all errors into similar topics. The small amount of data is easier for interpretation and helps to take remedial actions.

This text was extracted from a PDF file.
This is the abbreviated version, containing approximately 57% of the total text.

Page 01 of 3

Logs Shrinker Algorithm

The LSA algorithm can be used for logs generated by one system, application or component. Processing of more systems will required to introduce unique system identifier.

LSA overview:

The LSA leverages a pattern approach. It consists with two of them:

Pattern for grouping the same records - similar for others techniques, so called


1.

"horizontal grouping"

Pattern for grouping the first group, works as "vertical grouping". This produces


2.

unique set of records (super groups) with their ID.

The super groups are merged and printed out as final results with some un-grouped context records from the same time frame. It is worth to say it replaces all dates, date stamps, numbers, sequences, etc. into tags before hands in order to unify the records' messages. The information is not important in the algorithm so it's masked in the patterns.

How the LSA works in details:

-- Load logs


1. Load all messages into memory table with time stamp and description fields


2. Order the table by time stamp -- Identify errors


3. Review all descriptions and mark messages with error-like strings example: error, fault, ERR, exception, ...
-- Count the same errors


4. For each error message add information about number of the identical error in the

whole table

-- Limit number of all log messages, set focus for lower possible range


5. Mark all messages without errors which starts 5 seconds before each error example: all messages down to 5 seconds before error come out
-...