-
公开(公告)号:US20210209303A1
公开(公告)日:2021-07-08
申请号:US17208345
申请日:2021-03-22
申请人: Ron Ben-Natan , Derek DiFilippo , Uri Hershenhorn , Roman Krashanitsa , Luigi Labigalini , Ury Segal
发明人: Ron Ben-Natan , Derek DiFilippo , Uri Hershenhorn , Roman Krashanitsa , Luigi Labigalini , Ury Segal
IPC分类号: G06F40/284 , G06F16/28 , G06N20/20 , G06F40/216 , G06F40/242
摘要: A log message classifier employs machine learning for identifying a corresponding parser for interpreting the incoming log message and for retraining a classification logic model processing the incoming log messages. Voluminous log messages generate a large amount of data, typically in a text form. Data fields are parseable from the message by a parser that knows a format of the message. The classification logic is trained by a set of messages having a known format for defining groups of messages recognizable by a corresponding parser. The classification logic is defined by a random forest that outputs a corresponding group and confidence value for each incoming message. Groups may be split to define new groups based on a recurring matching tail (latter portion) of the incoming messages. A trend of decreased confidence scores triggers a periodic retraining of the random forest, and may also generate an alert to operators.
-
公开(公告)号:US10956672B1
公开(公告)日:2021-03-23
申请号:US16225038
申请日:2018-12-19
申请人: Ron Ben-Natan , Derek Difilippo , Uri Hershenhorn , Roman Krashanitsa , Luigi Labigalini , Ury Segal
发明人: Ron Ben-Natan , Derek Difilippo , Uri Hershenhorn , Roman Krashanitsa , Luigi Labigalini , Ury Segal
IPC分类号: G06F7/00 , G06F40/284 , G06F16/28 , G06N20/20 , G06F40/216 , G06F40/242
摘要: A log message classifier employs machine learning for identifying a corresponding parser for interpreting the incoming log message and for retraining a classification logic model processing the incoming log messages. Voluminous log messages generate a large amount of data, typically in a text form. Data fields are parseable from the message by a parser that knows a format of the message. The classification logic is trained by a set of messages having a known format for defining groups of messages recognizable by a corresponding parser. The classification logic is defined by a random forest that outputs a corresponding group and confidence value for each incoming message. Groups may be split to define new groups based on a recurring matching tail (latter portion) of the incoming messages. A trend of decreased confidence scores triggers a periodic retraining of the random forest, and may also generate an alert to operators.
-