Auto parser for system raw log without human guidance
Project description
Spell
Use python implement the paper Spell: Streaming Parsing of System Event Logs
from Min Du, Feifei Li @University of Utah.
This implement is refactored and enhancement version of logpai's logparser.
Getting Started
python example.py
After executing the line above, the result
folder will be created and you will see two files: structured.csv
and templates.csv
.
*_main_structured.csv
... | Level | Component | Content | EventId | EventTemplate | ParameterList |
---|---|---|---|---|---|---|
... | INFO | dfs.DataNode$DataXceiver | Receiving block blk_-1608999687919862906 src: /10.250.19.102:54106 dest: /10.250.19.102:50010 | f57d69cf | Receiving block blk_-1608999687919862906 src <*> <*> dest <*> 50010 | ['/10.250.19.102:54106', '/10.250.19.102'] |
... | INFO | dfs.DataNode$PacketResponder | PacketResponder 1 for block blk_-1608999687919862906 terminating | 7b619377 | PacketResponder <*> for block blk_-1608999687919862906 terminating | ['1'] |
... | INFO | dfs.DataNode$DataXceiver | Receiving block blk_-1608999687919862906 src: /10.250.10.6:40524 dest: /10.250.10.6:50010 | f57d69cf | Receiving block blk_-1608999687919862906 src <*> <*> dest <*> 50010 | ['/10.250.10.6:40524', '/10.250.10.6'] |
*_main_templates.csv
EventId | EventTemplate | Occurrences |
---|---|---|
6af214fd | Receiving block <*> src <*> <*> dest <*> 50010 | 5 |
26ae4ce0 | BLOCK* NameSystem.allocateBlock <*> | 2 |
dc2c74b7 | PacketResponder <*> for block <*> terminating | 4 |
As you see, there have three test log files. Use for loop to simulate (nearly) streaming situation.
In the result
folder, there are _main_*.csv
files and *.log_*.csv
files. The _main_*.csv
files will keep appending the new coming log when it has been parse.
Plot
We can use graphviz to visualize the tree-structured of the parser.
python plot_tree.py
Tests
sh test.sh
Name | Stmts | Miss | Cover |
---|---|---|---|
spell/init.py | 0 | 0 | 100% |
spell/spell.py | 321 | 218 | 32% |
test/test_spell.py | 55 | 1 | 98% |
TOTAL | 376 | 219 | 42% |
TODO
- Refactor
spellpy.py
- Test coverage
Project details
Release history Release notifications | RSS feed
Download files
Download the file for your platform. If you're not sure which to choose, learn more about installing packages.