cli logs clustering
Project description
gool
Usage
gool is a cli logs clustering tool using drain3 library. It takes one or more log files as input and output clusters of your logs.
The user can tune some settings to build right size clusters :
- similarity-threshold : drain3 parameter (default 0.4) between 0 and 1. Value of 1 will lead to cluster with the same exact lines only. The higher, the more clusters you will get. This setting can be tunned in configuration file or on command line.
- tree-depth : drain3 parameter (default 4) which high value lead to more clusters. This setting can be tunned in configuration file or on command line.
- pattern masking : drain3 parameter to mask pattern so lines can be group easier. For example we can replace all IP, or time before processing. This setting can only be tunned in configuration file.
- filter : filter to only parse some of the line of the input files. For example if the user is focuses on error we can imagine something like : '.(| Warning || Error ).'.
For more details on drain3 parameters check the official repository : https://github.com/logpai/Drain3.
Launch gool (config taken in ~/.drain3.ini):
gool tests/data/log/Zookeeper_2k.log
Launch gool and filter lines before processing (config taken in ~/.drain3.ini):
gool tests/data/log/Zookeeper_2k.log -f ".*WARN.*"
which produces something like :
11:34:48.805482 INFO log_clustering : Loading configuration from /home/godardo/.drain3.ini log_clustering.py:111
11:34:48.829732 INFO log_clustering : Processed 1318 lines in 0.02 seconds (64798.84 lines/second). log_clustering.py:226
Zookeeper_2k.log ━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━ 100%
Log Clusters
┏━━━━━━━┳━━━━━━━━━━━━━━━━┳━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┓
┃ Count ┃ Char Size (KB) ┃ Template ┃
┡━━━━━━━╇━━━━━━━━━━━━━━━━╇━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━━┩
│ 313 │ 43 │ 2015-07-29 <TIME> - WARN [SendWorker:188978561024:QuorumCnxManager$SendWorker@679] - Interrupted while waiting for message on queue │
│ 289 │ 43 │ 2015-07-29 <TIME> - WARN [RecvWorker:188978561024:QuorumCnxManager$RecvWorker@762] - Connection broken for id 188978561024, my id = <*> error │
│ │ │ = │
│ 265 │ 30 │ 2015-07-29 <TIME> - WARN [RecvWorker:188978561024:QuorumCnxManager$RecvWorker@765] - Interrupting SendWorker │
│ 262 │ 31 │ 2015-07-29 <TIME> - WARN <*> - Send worker leaving thread │
│ 45 │ 7 │ <*> <TIME> - WARN [QuorumPeer[myid=1]/0:0:0:0:0:0:0:0:2181:QuorumCnxManager@368] - Cannot open channel to 2 at election address /<IP>:3888 │
│ 39 │ 7 │ <*> <TIME> - WARN [NIOServerCxn.Factory:<IP>/<IP>:2181:ZooKeeperServer@793] - Connection request from old client <*> will be dropped if │
│ │ │ server is in r-o mode │
│ 37 │ 4 │ <*> <TIME> - WARN [NIOServerCxn.Factory:<IP>/<IP>:2181:NIOServerCnxn@349] - caught end of stream exception │
│ 22 │ 3 │ 2015-08-25 <TIME> - WARN <*> - Cannot open channel to 3 at election address /<IP>:3888 │
│ 14 │ 2 │ 2015-08-24 <TIME> - WARN <*> - Cannot open channel to 3 at election address /<IP>:3888 │
│ 3 │ 0 │ 2015-07-30 <TIME> - WARN [WorkerSender[myid=1]:QuorumCnxManager@368] - Cannot open channel to <*> at election address /<IP>:3888 │
│ 3 │ 0 │ 2015-08-20 <TIME> - WARN [NIOServerCxn.Factory:<IP>/<IP>:2181:NIOServerCnxn@354] - Exception causing close of session <HEX> due to │
│ │ │ java.io.IOException: ZooKeeperServer not running │
│ 1 │ 0 │ 2015-07-30 <TIME> - WARN [LearnerHandler-/<IP>:35276:LearnerHandler@575] - ******* GOODBYE /<IP>:35276 ******** │
│ 1 │ 0 │ 2015-07-30 <TIME> - WARN [RecvWorker:3:QuorumCnxManager$RecvWorker@765] - Interrupting SendWorker │
│ 1 │ 0 │ 2015-08-25 <TIME> - WARN [RecvWorker:3:QuorumCnxManager$RecvWorker@762] - Connection broken for id 3, my id = 1, error = │
│ 1 │ 0 │ 2015-07-29 <TIME> - WARN [LearnerHandler-/<IP>:52264:LearnerHandler@575] - ******* GOODBYE /<IP>:52264 ******** │
│ 1 │ 0 │ 2015-07-29 <TIME> - WARN [LearnerHandler-/<IP>:52308:LearnerHandler@575] - ******* GOODBYE /<IP>:52308 ******** │
│ 1 │ 0 │ 2015-07-29 <TIME> - WARN [LearnerHandler-/<IP>:59060:LearnerHandler@575] - ******* GOODBYE /<IP>:59060 ******** │
│ 1 │ 0 │ 2015-07-29 <TIME> - WARN [LearnerHandler-/<IP>:59103:LearnerHandler@575] - ******* GOODBYE /<IP>:59103 ******** │
│ 1 │ 0 │ 2015-07-29 <TIME> - WARN [LearnerHandler-/<IP>:57247:LearnerHandler@575] - ******* GOODBYE /<IP>:57247 ******** │
│ 1 │ 0 │ 2015-07-29 <TIME> - WARN [LearnerHandler-/<IP>:57319:LearnerHandler@575] - ******* GOODBYE /<IP>:57319 ******** │
│ 1 │ 0 │ 2015-07-29 <TIME> - WARN [LearnerHandler-/<IP>:52476:LearnerHandler@575] - ******* GOODBYE /<IP>:52476 ******** │
│ 1 │ 0 │ 2015-07-29 <TIME> - WARN [LearnerHandler-/<IP>:59203:LearnerHandler@575] - ******* GOODBYE /<IP>:59203 ******** │
│ 1 │ 0 │ 2015-07-29 <TIME> - WARN [LearnerHandler-/<IP>:59211:LearnerHandler@575] - ******* GOODBYE /<IP>:59211 ******** │
│ 1 │ 0 │ 2015-07-29 <TIME> - WARN [LearnerHandler-/<IP>:52502:LearnerHandler@575] - ******* GOODBYE /<IP>:52502 ******** │
│ 1 │ 0 │ 2015-07-29 <TIME> - WARN [LearnerHandler-/<IP>:57458:LearnerHandler@575] - ******* GOODBYE /<IP>:57458 ******** │
│ 1 │ 0 │ 2015-07-29 <TIME> - WARN [LearnerHandler-/<IP>:57502:LearnerHandler@575] - ******* GOODBYE /<IP>:57502 ******** │
│ 1 │ 0 │ 2015-07-29 <TIME> - WARN [LearnerHandler-/<IP>:52703:LearnerHandler@575] - ******* GOODBYE /<IP>:52703 ******** │
│ 1 │ 0 │ 2015-07-29 <TIME> - WARN [LearnerHandler-/<IP>:59406:LearnerHandler@575] - ******* GOODBYE /<IP>:59406 ******** │
│ 1 │ 0 │ 2015-07-29 <TIME> - WARN [LearnerHandler-/<IP>:57580:LearnerHandler@575] - ******* GOODBYE /<IP>:57580 ******** │
│ 1 │ 0 │ 2015-07-29 <TIME> - WARN [LearnerHandler-/<IP>:52818:LearnerHandler@575] - ******* GOODBYE /<IP>:52818 ******** │
│ 1 │ 0 │ 2015-07-29 <TIME> - WARN [LearnerHandler-/<IP>:52844:LearnerHandler@575] - ******* GOODBYE /<IP>:52844 ******** │
│ 1 │ 0 │ 2015-07-29 <TIME> - WARN [LearnerHandler-/<IP>:57653:LearnerHandler@575] - ******* GOODBYE /<IP>:57653 ******** │
│ 1 │ 0 │ 2015-07-31 <TIME> - WARN [SendWorker:1:QuorumCnxManager$SendWorker@679] - Interrupted while waiting for message on queue │
│ 1 │ 0 │ 2015-08-07 <TIME> - WARN [QuorumPeer[myid=2]/0:0:0:0:0:0:0:0:2181:QuorumCnxManager@368] - Cannot open channel to 3 at election address │
│ │ │ /<IP>:3888 │
│ 1 │ 0 │ 2015-08-20 <TIME> - WARN [LearnerHandler-/<IP>:42241:Leader@576] - First is <HEX> │
│ 1 │ 0 │ 2015-07-29 <TIME> - WARN [WorkerSender[myid=3]:QuorumCnxManager@368] - Cannot open channel to 2 at election address /<IP>:3888 │
│ 1 │ 0 │ 2015-07-30 <TIME> - WARN [RecvWorker:1:QuorumCnxManager$RecvWorker@762] - Connection broken for id 1, my id = 3, error = │
└───────┴────────────────┴───────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────────┘
More option details with :
gool --help
Example of a drain3.ini file
gool try to load .drain3 file from your home. Otherwise you can use --cfg-file option. Without any configuration, gool will try to mask HEX, IP and times.
Below an example of configuration file :
[MASKING]
masking = [
{"regex_pattern":"((?<=[^A-Za-z0-9])|^)(0[xX][0-9a-fA-F]+)((?=[^A-Za-z0-9])|$)", "mask_with": "HEX"},
{"regex_pattern":"(\\d{2}:\\d{2}:\\d{2}(.\\d+|))", "mask_with": "TIME"},
{"regex_pattern":"((?<=[^A-Za-z0-9])|^)(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})((?=[^A-Za-z0-9])|$)", "mask_with": "IP"}
]
mask_prefix = <:
mask_suffix = :>
[DRAIN]
sim_th = 0.9
depth = 7
max_children = 200
extra_delimiters = ["_"]
Source Setup
The gool repository uses uv and git. Version is taken from git tag. The repo provide setup for VSCode.
Below the more useful commands.
Setup the uv virtual environment and install pre-commit hooks :
make install
Generate and launch the documentation server :
make docs
All available commands :
make help
Repository initiated with fpgmaas/cookiecutter-uv.
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.
Source Distribution
gool-1.0.1.tar.gz
(127.8 kB
view details)
Built Distribution
Filter files by name, interpreter, ABI, and platform.
If you're not sure about the file name format, learn more about wheel file names.
Copy a direct link to the current filters
gool-1.0.1-py3-none-any.whl
(10.0 kB
view details)
File details
Details for the file gool-1.0.1.tar.gz.
File metadata
- Download URL: gool-1.0.1.tar.gz
- Upload date:
- Size: 127.8 kB
- Tags: Source
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
3c6342ea9f7a6ef2f3b330b6d34a882b12b6f44e80a773d4fb38992dfabbf2dc
|
|
| MD5 |
d8ce8567c38c0cef0a03ba26422a5f98
|
|
| BLAKE2b-256 |
c8919997689580e4bb335db6264897e037b5de40be771b2c5f964a07ccc5944c
|
File details
Details for the file gool-1.0.1-py3-none-any.whl.
File metadata
- Download URL: gool-1.0.1-py3-none-any.whl
- Upload date:
- Size: 10.0 kB
- Tags: Python 3
- Uploaded using Trusted Publishing? No
- Uploaded via: twine/6.2.0 CPython/3.13.1
File hashes
| Algorithm | Hash digest | |
|---|---|---|
| SHA256 |
ae344d4eb776553f8797e3ad883b27dbf43287c8e4149721544ecfe0cc8b67e4
|
|
| MD5 |
4b0a46abf43d59f0d6d206c715214cd5
|
|
| BLAKE2b-256 |
88400c5ecd7c79b995f9be075de604e564d703b6321f51a92f9259e1ddab016a
|
