An Algorithm for Message Type Discovery in Unstructured Log Data

This publication doesn't include Faculty of Arts. It includes Institute of Computer Science. Official publication website can be found on muni.cz.

Authors

TOVARŇÁK Daniel

Type Article in Proceedings
Conference Proceedings of the 14th International Conference on Software Technologies - Volume 1: ICSOFT
MU Faculty or unit

Institute of Computer Science

Citation
Web https://www.scitepress.org/PublicationsDetail.aspx?ID=iR8+L9fcM+g%3d&t=1
Doi http://dx.doi.org/10.5220/0007919806650676
Keywords log abstraction; message type discovery; log management; logging; unstructured data
Attached files
Description Log message abstraction is a common way of dealing with the unstructured nature of log data. It refers to the separation of static and dynamic part of the log message, so that both parts can be accessed independently, allowing the message to be abstracted into a more structured representation. To facilitate this task, so-called message types and the corresponding matching patterns must be first discovered, and only after that can be this pattern-set used to pattern-match individual log messages in order to extract dynamic information and impose some structure on them. Because the manual discovery of message types is a tiresome and error-prone process, we have focused our research on data mining algorithms that are able to discover message types in already generated log data. Since we have identified several deficiencies of the existing algorithms, which are limiting their capabilities, we propose a novel algorithm for message type discovery addressing these deficiencies.
Related projects: