CN113626400A - Log event extraction method and system based on log tree and analytic tree - Google Patents

Log event extraction method and system based on log tree and analytic tree Download PDF

Info

Publication number
CN113626400A
CN113626400A CN202110781337.0A CN202110781337A CN113626400A CN 113626400 A CN113626400 A CN 113626400A CN 202110781337 A CN202110781337 A CN 202110781337A CN 113626400 A CN113626400 A CN 113626400A
Authority
CN
China
Prior art keywords
log
tree
field
event
fields
Prior art date
Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
Pending
Application number
CN202110781337.0A
Other languages
Chinese (zh)
Inventor
傅媛媛
徐建
Current Assignee (The listed assignees may be inaccurate. Google has not performed a legal analysis and makes no representation or warranty as to the accuracy of the list.)
Nanjing University of Science and Technology
Original Assignee
Nanjing University of Science and Technology
Priority date (The priority date is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the date listed.)
Filing date
Publication date
Application filed by Nanjing University of Science and Technology filed Critical Nanjing University of Science and Technology
Priority to CN202110781337.0A priority Critical patent/CN113626400A/en
Publication of CN113626400A publication Critical patent/CN113626400A/en
Pending legal-status Critical Current

Links

Images

Classifications

    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/18File system types
    • G06F16/1805Append-only file systems, e.g. using logs or journals to store data
    • G06F16/1815Journaling file systems
    • GPHYSICS
    • G06COMPUTING; CALCULATING OR COUNTING
    • G06FELECTRIC DIGITAL DATA PROCESSING
    • G06F16/00Information retrieval; Database structures therefor; File system structures therefor
    • G06F16/10File systems; File servers
    • G06F16/14Details of searching files based on file metadata
    • G06F16/148File search processing

Landscapes

  • Engineering & Computer Science (AREA)
  • Theoretical Computer Science (AREA)
  • Data Mining & Analysis (AREA)
  • Databases & Information Systems (AREA)
  • Physics & Mathematics (AREA)
  • General Engineering & Computer Science (AREA)
  • General Physics & Mathematics (AREA)
  • Library & Information Science (AREA)
  • Debugging And Monitoring (AREA)

Abstract

The invention discloses a log event extraction method and a system based on a log tree and an analysis tree, wherein the method comprises two steps of preprocessing and log content analysis, and specifically comprises the following steps: providing and maintaining a rule base consisting of regular expressions and heuristic rules, and extracting a small part of logs to automatically generate a log format; identifying the log as a log head and log content on line based on the log format; searching the analysis tree, and respectively calculating the similarity between static fields and dynamic parameters in the log tree and the event tree by adopting the longest common substring and the longest common subvector; and matching the log tree with the event tree by adopting a clustering technology, and extracting events and corresponding parameters. In order to deal with the complexity of the log content, the invention improves the steps of preprocessing and analyzing the log content in the online event extraction method. The workload of manually identifying the log format is reduced, the problem that the existing method is difficult to identify events containing indefinite number of parameters is solved, and the log events are extracted more accurately.

Description

Log event extraction method and system based on log tree and analytic tree
Technical Field
The invention belongs to the field of log analysis event extraction, and particularly relates to a log event extraction method and system based on a log tree and a parse tree.
Background
With the rise of internet technology today, the expansion of computing and communication infrastructure, large-scale distributed systems have come into play. A journal is textual data generated by the printout code embedded in the program, recording the current operating state and behavior pattern of the system. In the process of system development and maintenance, field experts realize real-time monitoring, abnormality detection, fault prediction and diagnosis of the system through analyzing logs. The log scale is rapidly enlarged, and the abnormality generated in the rapidly updated system is difficult to efficiently identify only by manually analyzing the log, so that the system fault is effectively eliminated. Therefore, log analysis is gradually changed from an offline mode to an online mode, and from manual analysis relying on domain experts to automatic analysis.
Event extraction is an important link of log analysis, and is used for extracting parameters in log events and original logs and providing structured data and key information for log downstream analysis. The original log comprises log headers with fixed fields such as time stamp, level, etc. and log contents describing the current state behavior of the system. The main object of event extraction is log content. Before log contents are formally analyzed, log headers with variable field values and fixed field types are preprocessed and filtered, and interference of the log headers on event extraction results is reduced. Common pre-processing partitions the log header and log content based on a manually defined log format, identifying the various fields of the header. However, a large-scale distributed system usually corresponds to a plurality of heterogeneous logs, and redefining different log formats consumes a large amount of labor cost.
The log content structure is loose and complex, and the conventional classification or clustering technology is difficult to directly extract the log content. The traditional log event extraction method extracts log events based on domain knowledge, and is difficult to quickly cope with variable heterogeneous logs. Most recent researches adopt a mode combining heuristic rules and clustering to improve an event extraction method. A set of logs for an event has the same static fields and a similar log structure. Heuristic rules are typically based on observations of a large number of log structures. Therefore, the event extraction method usually adopts one or more heuristic rules to divide the logs, accurately divides the logs with similar structures into the same log group, and effectively improves the algorithm efficiency. After the division is finished, clustering operation is carried out on each log group, and finally the log clusters meeting the conditions and the corresponding log events are obtained through similarity calculation. This heuristic rule and clustering combined schema abstracts the event extraction process into a parse tree. The internal nodes of the tree are usually the incarnations of different heuristic rules for dividing the log group, such as the number of log fields, a certain field value of the log, and the like. The leaf node stores the final target of event extraction obtained by clustering, namely the log cluster represented as the event. And matching each preprocessed log to a corresponding log cluster by searching the parse tree. However, the existing event extraction method makes heuristic rules for the global structure information such as the number of log fields or the local content information such as the log field category, and ignores the internal structure information hidden between the fields. After the log is matched with the log cluster, comparing the log with each field of the event, directly replacing the fields with different values by wildcards, and extracting the values as parameters, thereby updating the event.
Disclosure of Invention
The invention aims to provide a log event extraction method and system based on a log tree and an analytic tree, which can be used for mining the internal structure information of a log, and accurately extract events containing an indefinite number of parameters and parameters in an original log line.
The technical solution for realizing the purpose of the invention is as follows: a log event extraction method based on a log tree and a parse tree comprises the following steps:
providing and maintaining a rule base consisting of regular expressions and heuristic rules, and extracting a small part of logs to automatically generate a log format;
identifying the log as a log head and log content on line based on the log format;
generating a log tree based on the log structure information;
searching the analysis tree, and respectively calculating the similarity between static fields and dynamic parameters in the log tree and the event tree by adopting the longest common substring and the longest common subvector; and matching the log tree with the event tree by adopting a clustering technology, and extracting events and corresponding parameters.
A log event extraction system based on log trees and parse trees, comprising:
the first module is used for providing and maintaining a rule base consisting of regular expressions and heuristic rules, and extracting a small part of logs to automatically generate a log format;
the second module is used for identifying the log as a log head and log content on line based on the log format;
a third module that generates a log tree based on the log structure information;
the fourth module is used for searching the analytic tree and respectively calculating the similarity between the static field and the dynamic parameter in the log tree and the event tree by adopting the longest common substring and the longest common subvector; and matching the log tree with the event tree by adopting a clustering technology, and extracting events and corresponding parameters.
Compared with the prior art, the invention has the following remarkable advantages: (1) the log format is automatically extracted in a mode of constructing a regular expression and a heuristic rule base, the workload of manually identifying the log format is reduced, and the log preprocessing efficiency is improved; (2) the log is converted into a log tree, so that the internal structure of the log is fully utilized to extract events, and the events containing the parameters with indefinite number are accurately identified; (3) and searching a matching log tree based on the parse tree, reducing the matching time, improving the matching accuracy, and extracting parameters in the original log line as the input of downstream anomaly detection and fault prediction.
Drawings
FIG. 1 is a flowchart of a log event extraction method based on a log tree and a parse tree according to the present invention.
Detailed Description
As shown in fig. 1, the log event extraction method based on the log tree and the parse tree of the present invention adopts the following steps:
step 1: and automatically identifying the log format based on the rule base. Based on heuristic rules and regular expressions in a rule base, the step extracts a small part of logs to automatically generate a log format.
(1) Dividing the field by adopting a space and executing alignment operation on the divided field;
(2) according to rule 1, the identifiable field is replaced with a regular expression in the rule base. The column complexity is calculated according to rule 2 with the number of column fields equal to the number of rows. Traversing the column field to calculate the column complexity, the formula is as follows:
Figure BDA0003157268730000031
wherein, when a row has the same value, the row complexity is 0; otherwise the column complexity is the number of possible values.
(3) After the column complexity is calculated, the index with the maximum complexity of 0 and the maximum value is found according to rule 3max
Wherein, the rules and regular expressions in the rule base are as follows:
rule 1. partial fields of the original heterogeneous log header, such as date, time, level, and number, may be defined based on a limited regular expression.
Rule 2. the header of each log has the same number of fields, and each field is of the same type; the log contents corresponding to different log lines have different field numbers, and each field type is not always the same. After aligning the log rows, the complexity of each column is calculated.
Rule 3. the first field of log content must occur after the column of complexity 0. Define indexiFor each column index, search for index with 0 complexity and largest valuemaxThe index of the first field of the log content is indexmax+1
Regular expressions contain a variety of field types, such as date, time, level, and the like.
Step 2: and (4) carrying out online pretreatment. The log is processed in a streaming manner, and a log header and log contents are identified according to a log format, wherein the log header comprises a timestamp, a rank or other fields.
(1) The fields are obtained based on the space division log.
(2) Each field of the log is identified according to a field index of the log format. The log is divided into a log header containing a timestamp and other fields, and log content.
And step 3: a log tree is generated based on the log structure information. And converting the log content into a log tree by using the hidden static field and the structural information of the dynamic parameters.
(1) The log is traversed from left to right, and when the first field of the log contains ' or is contained by ' [ ] ', the first field is marked as the root node and is also the indication field of the log.
(2) The log is then divided into fields according to ',' and spaces, each matching from right to left ': a sub-tree is created according to consecutive': the left field of ': as the parent node of the right field of': the right field.
And 4, step 4: the log tree is matched and the event tree is updated based on the parse tree.
The structure of the parse tree is that the root node is a special tree node which does not contain an indication field; the tree node comprises an indication field and a child node index; the leaf node comprises a plurality of log clusters corresponding to the same indication field.
The process of matching log trees is as follows:
(1) the indication field of the parse tree is searched. After the same indication field is searched, the next step is executed; otherwise, creating a new indication field node and the log cluster child node thereof.
(2) Searching all candidate log clusters, calculating the similarity Sim of the log tree and the event tree, and selecting the log cluster corresponding to the maximum similarity after comparison. Similarity is determined by static field similarity SimsSimilarity with dynamic parameters SimdTwo parts, Sim ═ Sims+Simd. The specific calculation steps are as follows:
(a) the first-level node field of the log tree is denoted by L ═ tl1, tl 2.., tln }, the number of fields included in L is | L | ═ n, the first-level node field of the event tree is denoted by E ═ te1, te 2., tem }, the number of fields included in E | ═ m.
(b) Static field similarity
Figure BDA0003157268730000041
Common { L, E } obtains the longest Common subfield of L and E using the Longest Common Substring (LCS) algorithm.
(c) Similarity of dynamic parameters
Figure BDA0003157268730000051
Wherein L-Common { L, E } is a portion of L that is not a Common subfield between L and E, and E-Common { L, E } is a portion of E that is not a Common subfield between L and E. Adopting the longest common sub-vector (LCV) for the non-common fields of L and E to obtain the non-common field vector VL of L and E { VL } VL1,vl2,...,vlkVE and VE ═ VE1,ve2,...,vej}. k and j are the number of non-common fields for L and E, respectively.
(3) Calculating to obtain the maximum similarity SimmaxThen, comparing with a similarity threshold St, when the similarity is greater than St, successfully matching the log tree, and executing the next step; and when the similarity is less than or equal to St, creating a new log cluster under the current indication node.
The process of updating the event tree is as follows:
(1) the root nodes of the event tree and the log tree have the same structure as the nodes of the first layer, and store static fields, and the nodes of the second layer and the lower layers store dynamic parameter fields and corresponding log IDs.
(2) When the log tree can not be matched with any existing event tree, the log tree is directly converted into the event tree, the nodes of the first layer of the log tree are kept unchanged, corresponding log IDs are added to the nodes of the second layer and the lower layer, and data in each node is stored in a (logId, data) form.
(3) And when the log tree is matched with the existing event tree, merging the log tree and the event tree. The method comprises the following specific steps:
(a) and obtaining the longest common field of all nodes in the first layer, and reserving the common field to the first layer of the event tree.
(b) And adding a non-public field between two adjacent public fields as a child node of the previous field into the event tree, and simultaneously keeping the log ID corresponding to the log tree. In case the corresponding node already exists in the second layer, only the (logId, data) needs to be added to the nodes of the old event tree, forming the nodes of the new event tree.
Further, the present invention also provides a log event extraction system based on log tree and parse tree, including:
the first module is used for providing and maintaining a rule base consisting of regular expressions and heuristic rules, and extracting a small part of logs to automatically generate a log format;
the second module is used for identifying the log as a log head and log content on line based on the log format;
a third module that generates a log tree based on the log structure information;
the fourth module is used for searching the analytic tree and respectively calculating the similarity between the static field and the dynamic parameter in the log tree and the event tree by adopting the longest common substring and the longest common subvector; and matching the log tree with the event tree by adopting a clustering technology, and extracting events and corresponding parameters.
The specific implementation manner of the first to fourth modules is the same as the specific process of the log event extraction method, and is not described herein again.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.

Claims (10)

1. A log event extraction method based on a log tree and a parse tree is characterized by comprising the following steps:
providing and maintaining a rule base consisting of regular expressions and heuristic rules, and extracting a small part of logs to automatically generate a log format;
identifying the log as a log head and log content on line based on the log format;
generating a log tree based on the log structure information;
searching the analysis tree, and respectively calculating the similarity between static fields and dynamic parameters in the log tree and the event tree by adopting the longest common substring and the longest common subvector; and matching the log tree with the event tree by adopting a clustering technology, and extracting events and corresponding parameters.
2. The log event extraction method based on log tree and parse tree as claimed in claim 1, wherein said method provides and maintains a rule base composed of regular expressions and heuristic rules, extracts a small portion of logs to automatically generate log format, specifically: dividing the field by adopting a blank space, executing alignment operation on the divided field, and replacing the identifiable field by using a regular expression in a rule base according to a rule 1; calculating the column complexity with the number of column fields equal to the number of rows according to rule 2; traversing the column field to calculate the column complexity, and after the column complexity is obtained through calculation, searching the index with the maximum complexity of 0 and the maximum value according to the rule 3max
Wherein, the rules and regular expressions in the rule base are as follows:
rule 1, partial fields of an original heterogeneous log header, including date, time, level and number, may be defined based on a limited regular expression;
rule 2. the header of each log has the same number of fields, and each field is of the same type; the log contents corresponding to different log lines have different field numbers, and each field type is not always the same; after aligning the log rows, calculating the complexity of each column;
rule 3. the first field of the log content must appear after the column with complexity 0; define indexiFor each column index, search for index with 0 complexity and largest valuemaxThe index of the first field of the log content is indexmax+1
3. The method for extracting log events based on the log tree and the parse tree as claimed in claim 1, wherein the log format-based online identification log is a log header and a log content, and specifically includes: obtaining fields based on the space segmentation log, and identifying each field of the log according to a field index of a log format; the log is divided into a log header containing a timestamp and other fields, and log content.
4. The method for extracting log events based on log tree and parse tree as claimed in claim 1, wherein the log tree is generated based on log structure information, the log is traversed from left to right, when the first field of the log contains ': or is contained by ' [ ] ', the first field is recorded as the root node, and is also the indication field of the log; the log is then divided into fields according to ',' and spaces, each matching from right to left ': a sub-tree is created according to consecutive': the left field of ': as the parent node of the right field of': the right field.
5. The log tree and parse tree based log event extraction method of claim 1, wherein the log tree is matched and the event tree is updated based on the parse tree; searching the indication field of the analysis tree, creating a new indication field node and a log cluster child node thereof after searching different indication fields, otherwise searching all candidate log clusters, calculating the similarity Sim of the log tree and the event tree, and selecting the log cluster corresponding to the maximum similarity after comparison; calculating to obtain the maximum similarity SimmaxThen, the similarity threshold St is compared; when SimmaxWhen the log cluster is smaller than or equal to St, a new log cluster is created under the current indication node; when SimmaxWhen the log tree is more than St, the log tree is successfully matched, and the log tree and the event tree are combined; when the log tree can not be matched with any existing event tree, the log tree is directly converted into the event tree.
6. A log event extraction system based on log trees and parse trees, comprising:
the first module is used for providing and maintaining a rule base consisting of regular expressions and heuristic rules, and extracting a small part of logs to automatically generate a log format;
the second module is used for identifying the log as a log head and log content on line based on the log format;
a third module that generates a log tree based on the log structure information;
the fourth module is used for searching the analytic tree and respectively calculating the similarity between the static field and the dynamic parameter in the log tree and the event tree by adopting the longest common substring and the longest common subvector; and matching the log tree with the event tree by adopting a clustering technology, and extracting events and corresponding parameters.
7. The log event extraction system based on log tree and parse tree of claim 6, wherein the first module, employing space to segment fields and perform alignment operations on the segmented fields, replaces recognizable fields with regular expressions in a rule base according to rule 1; calculating the column complexity with the number of column fields equal to the number of rows according to rule 2; traversing the column field to calculate the column complexity, and after the column complexity is obtained through calculation, searching the index with the maximum complexity of 0 and the maximum value according to the rule 3max
Wherein, the rules and regular expressions in the rule base are as follows:
rule 1, partial fields of an original heterogeneous log header, including date, time, level and number, may be defined based on a limited regular expression;
rule 2. the header of each log has the same number of fields, and each field is of the same type; the log contents corresponding to different log lines have different field numbers, and each field type is not always the same; after aligning the log rows, calculating the complexity of each column;
rule 3. the first field of the log content must appear after the column with complexity 0; define indexiFor each column index, search for index with 0 complexity and largest valuemaxThe index of the first field of the log content is indexmax+1
8. The log tree and parse tree based log event extraction system of claim 6, wherein the second module, based on space-splitting log obtained fields, identifies each field of the log according to a field index of a log format; the log is divided into a log header containing a timestamp and other fields, and log content.
9. The log event extraction system according to claim 6, wherein the third module generates log tree based on log structure information, traverses the log from left to right, and records the first field as a root node and an indication field of the log when the first field of the log contains ': or is contained by ' [ ] '; the log is then divided into fields according to ',' and spaces, each matching from right to left ': a sub-tree is created according to consecutive': the left field of ': as the parent node of the right field of': the right field.
10. The log tree and parse tree based log event extraction system of claim 6, wherein the fourth module, based on the parse tree, matches the log tree and updates the event tree; searching the indication field of the analysis tree, creating a new indication field node and a log cluster child node thereof after searching different indication fields, otherwise searching all candidate log clusters, calculating the similarity Sim of the log tree and the event tree, and selecting the log cluster corresponding to the maximum similarity after comparison; calculating to obtain the maximum similarity SimmaxThen, the similarity threshold St is compared; when SimmaxWhen the log cluster is smaller than or equal to St, a new log cluster is created under the current indication node; when SimmaxWhen the log tree is more than St, the log tree is successfully matched, and the log tree and the event tree are combined; when the log tree can not be matched with any existing event tree, the log tree is directly converted into the event tree.
CN202110781337.0A 2021-07-11 2021-07-11 Log event extraction method and system based on log tree and analytic tree Pending CN113626400A (en)

Priority Applications (1)

Application Number Priority Date Filing Date Title
CN202110781337.0A CN113626400A (en) 2021-07-11 2021-07-11 Log event extraction method and system based on log tree and analytic tree

Applications Claiming Priority (1)

Application Number Priority Date Filing Date Title
CN202110781337.0A CN113626400A (en) 2021-07-11 2021-07-11 Log event extraction method and system based on log tree and analytic tree

Publications (1)

Publication Number Publication Date
CN113626400A true CN113626400A (en) 2021-11-09

Family

ID=78379375

Family Applications (1)

Application Number Title Priority Date Filing Date
CN202110781337.0A Pending CN113626400A (en) 2021-07-11 2021-07-11 Log event extraction method and system based on log tree and analytic tree

Country Status (1)

Country Link
CN (1) CN113626400A (en)

Cited By (6)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114465875A (en) * 2022-04-12 2022-05-10 北京宝兰德软件股份有限公司 Fault processing method and device
CN114860673A (en) * 2022-07-06 2022-08-05 南京聚铭网络科技有限公司 Log feature identification method and device based on dynamic and static combination
CN115065536A (en) * 2022-06-16 2022-09-16 北京天融信网络安全技术有限公司 Network security data analyzer, analysis method, electronic device and storage medium
CN115442211A (en) * 2022-08-19 2022-12-06 南京邮电大学 Weblog analysis method and device based on twin neural network and fixed analysis tree
CN115794563A (en) * 2023-02-06 2023-03-14 北京升鑫网络科技有限公司 Noise reduction method, device, equipment and readable medium for system audit diary
CN115871745A (en) * 2022-12-28 2023-03-31 江苏安防科技有限公司 Intelligent maintenance method and device applied to rail transit

Cited By (11)

* Cited by examiner, † Cited by third party
Publication number Priority date Publication date Assignee Title
CN114465875A (en) * 2022-04-12 2022-05-10 北京宝兰德软件股份有限公司 Fault processing method and device
CN114465875B (en) * 2022-04-12 2022-07-29 北京宝兰德软件股份有限公司 Fault processing method and device
CN115065536A (en) * 2022-06-16 2022-09-16 北京天融信网络安全技术有限公司 Network security data analyzer, analysis method, electronic device and storage medium
CN115065536B (en) * 2022-06-16 2023-08-25 北京天融信网络安全技术有限公司 Network security data parser, parsing method, electronic device and storage medium
CN114860673A (en) * 2022-07-06 2022-08-05 南京聚铭网络科技有限公司 Log feature identification method and device based on dynamic and static combination
CN114860673B (en) * 2022-07-06 2022-09-30 南京聚铭网络科技有限公司 Log feature identification method and device based on dynamic and static combination
CN115442211A (en) * 2022-08-19 2022-12-06 南京邮电大学 Weblog analysis method and device based on twin neural network and fixed analysis tree
CN115442211B (en) * 2022-08-19 2023-08-04 南京邮电大学 Network log analysis method and device based on twin neural network and fixed analysis tree
CN115871745A (en) * 2022-12-28 2023-03-31 江苏安防科技有限公司 Intelligent maintenance method and device applied to rail transit
CN115794563A (en) * 2023-02-06 2023-03-14 北京升鑫网络科技有限公司 Noise reduction method, device, equipment and readable medium for system audit diary
CN115794563B (en) * 2023-02-06 2023-04-11 北京升鑫网络科技有限公司 Noise reduction method, device, equipment and readable medium for system audit diary

Similar Documents

Publication Publication Date Title
CN113626400A (en) Log event extraction method and system based on log tree and analytic tree
CN110888849B (en) Online log analysis method and system and electronic terminal equipment thereof
CN114610515B (en) Multi-feature log anomaly detection method and system based on log full semantics
CN101888309B (en) Online log analysis method
CN110175158B (en) Log template extraction method and system based on vectorization
CN105468677B (en) A kind of Log Clustering method based on graph structure
CN113946461A (en) Fault root cause analysis method and device
CN112949281B (en) Incremental social event detection method for graph neural network
Zhang et al. Log sequence anomaly detection based on local information extraction and globally sparse transformer model
CN115455429A (en) Vulnerability analysis method and system based on big data
CN111190873B (en) Log mode extraction method and system for log training of cloud native system
Zhang et al. LogST: Log semi-supervised anomaly detection based on sentence-BERT
CN110347827A (en) Event Distillation method towards isomery text operation/maintenance data
CN113723542A (en) Log clustering processing method and system
CN112785015A (en) Equipment fault diagnosis method based on case reasoning
CN111314109A (en) Weak key-based large-scale Internet of things equipment firmware identification method
CN115828180A (en) Log anomaly detection method based on analytic optimization and time sequence convolution network
CN113485878B (en) Multi-data center fault detection method
Liu et al. Web log analysis in genealogy system
CN114329453A (en) Anomaly detection method based on system log
CN116484260B (en) Semi-supervised log anomaly detection method based on bidirectional time convolution network
WO2024027487A1 (en) Health degree evaluation method and apparatus based on intelligent operations and maintenance scene
He et al. Unsupervised Log Anomaly Detection Based on Pre-training
Feng et al. A novel semantic user operation restoration from massive web URL log
Zhang et al. An Adaptive Parameters Density Cluster Algorithm for Data Cleaning in Big Data

Legal Events

Date Code Title Description
PB01 Publication
PB01 Publication
SE01 Entry into force of request for substantive examination
SE01 Entry into force of request for substantive examination