公开(公告)号：US09483583B2

公开(公告)日：2016-11-01

申请号：US11875955

申请日：2007-10-22

申请人： Uri Braun ,  Yuri Zaslavsky ,  Yosef Teitz

发明人： Uri Braun ,  Yuri Zaslavsky ,  Yosef Teitz

IPC分类号： G06F17/30

CPC分类号： G06F17/30985 ,  G06F17/30144 ,  G06F17/30964

摘要： A computerized method performed in a computer operatively connected to storage. Parsing rules are determined for parsing logs output as text and/or symbols from multiple devices in a computer network. The logs are stored in the storage. Multiple log samples are sampled from the logs. The log samples are input into an application running on the computer. The log samples are each sectioned into multiple sections which include variable information separated by static structural text. Each of the log samples is processed by: comparing the sections to a list of regular expressions. The list is maintained in the storage, and upon matching a matched section of the sections to a matched regular expression from the list of the regular expressions, the matched section is tagged with a tag associated with the matched regular expression. The tag associated to the matched regular expression is stored and combined with any unmatched sections and with the static structural text to create a log pattern. The log pattern is stored in a table only if the log pattern is distinct from all log patterns previously stored in the table.

摘要翻译： 在可操作地连接到存储器的计算机中执行的计算机化方法。 确定解析规则以将计算机网络中的多个设备的日志输出解析为文本和/或符号。 日志存储在存储器中。 从日志中采样多个日志样本。 日志样本被输入到在计算机上运行的应用程序中。 日志样本分为多个部分，包括由静态结构文本分隔的变量信息。 每个日志样本都通过以下方式处理：将部分与正则表达式列表进行比较。 该列表被保存在存储器中，并且在将匹配的段的部分匹配到正则表达式的列表中的匹配的正则表达式之后，匹配的部分被标记有与匹配的正则表达式相关联的标签。 与匹配的正则表达式关联的标签与任何不匹配的部分和静态结构文本进行存储和组合，以创建日志模式。 仅当日志模式与先前存储在表中的所有日志模式不同时，日志模式才会存储在表中。

公开(公告)号：US20090119307A1

公开(公告)日：2009-05-07

申请号：US11875955

申请日：2007-10-22

申请人： Uri Braun ,  Yuri Zaslavsky ,  Yosef Teitz

发明人： Uri Braun ,  Yuri Zaslavsky ,  Yosef Teitz

IPC分类号： G06F17/30

CPC分类号： G06F17/30985 ,  G06F17/30144 ,  G06F17/30964

摘要： A computerized method performed in a computer operatively connected to storage. Parsing rules are determined for parsing logs output as text and/or symbols from multiple devices in a computer network. The logs are stored in the storage. Multiple log samples are sampled from the logs. The log samples are input into an application running on the computer. The log samples are each sectioned into multiple sections which include variable information separated by static structural text. Each of the log samples is processed by: comparing the sections to a list of regular expressions. The list is maintained in the storage, and upon matching a matched section of the sections to a matched regular expression from the list of the regular expressions, the matched section is tagged with a tag associated with the matched regular expression. The tag associated to the matched regular expression is stored and combined with any unmatched sections and with the static structural text to create a log pattern. The log pattern is stored in a table only if the log pattern is distinct from all log patterns previously stored in the table.

摘要翻译： 在可操作地连接到存储器的计算机中执行的计算机化方法。 确定解析规则以将计算机网络中的多个设备的日志输出解析为文本和/或符号。 日志存储在存储器中。 从日志中采样多个日志样本。 日志样本被输入到在计算机上运行的应用程序中。 日志样本分为多个部分，包括由静态结构文本分隔的变量信息。 每个日志样本都通过以下方式处理：将部分与正则表达式列表进行比较。 该列表被保存在存储器中，并且在将匹配的段的部分匹配到正则表达式的列表中的匹配的正则表达式之后，匹配的部分被标记有与匹配的正则表达式相关联的标签。 与匹配的正则表达式关联的标签与任何不匹配的部分和静态结构文本进行存储和组合，以创建日志模式。 仅当日志模式与先前存储在表中的所有日志模式不同时，日志模式才会存储在表中。