CN113626400A - Log event extraction method and system based on log tree and analytic tree - Google Patents
Log event extraction method and system based on log tree and analytic tree Download PDFInfo
- Publication number
- CN113626400A CN113626400A CN202110781337.0A CN202110781337A CN113626400A CN 113626400 A CN113626400 A CN 113626400A CN 202110781337 A CN202110781337 A CN 202110781337A CN 113626400 A CN113626400 A CN 113626400A
- Authority
- CN
- China
- Prior art keywords
- log
- tree
- field
- event
- fields
- Prior art date
- Legal status (The legal status is an assumption and is not a legal conclusion. Google has not performed a legal analysis and makes no representation as to the accuracy of the status listed.)
- Pending
Links
Images
Classifications
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/18—File system types
- G06F16/1805—Append-only file systems, e.g. using logs or journals to store data
- G06F16/1815—Journaling file systems
-
- G—PHYSICS
- G06—COMPUTING; CALCULATING OR COUNTING
- G06F—ELECTRIC DIGITAL DATA PROCESSING
- G06F16/00—Information retrieval; Database structures therefor; File system structures therefor
- G06F16/10—File systems; File servers
- G06F16/14—Details of searching files based on file metadata
- G06F16/148—File search processing
Landscapes
- Engineering & Computer Science (AREA)
- Theoretical Computer Science (AREA)
- Data Mining & Analysis (AREA)
- Databases & Information Systems (AREA)
- Physics & Mathematics (AREA)
- General Engineering & Computer Science (AREA)
- General Physics & Mathematics (AREA)
- Library & Information Science (AREA)
- Debugging And Monitoring (AREA)
Abstract
The invention discloses a log event extraction method and a system based on a log tree and an analysis tree, wherein the method comprises two steps of preprocessing and log content analysis, and specifically comprises the following steps: providing and maintaining a rule base consisting of regular expressions and heuristic rules, and extracting a small part of logs to automatically generate a log format; identifying the log as a log head and log content on line based on the log format; searching the analysis tree, and respectively calculating the similarity between static fields and dynamic parameters in the log tree and the event tree by adopting the longest common substring and the longest common subvector; and matching the log tree with the event tree by adopting a clustering technology, and extracting events and corresponding parameters. In order to deal with the complexity of the log content, the invention improves the steps of preprocessing and analyzing the log content in the online event extraction method. The workload of manually identifying the log format is reduced, the problem that the existing method is difficult to identify events containing indefinite number of parameters is solved, and the log events are extracted more accurately.
Description
Technical Field
The invention belongs to the field of log analysis event extraction, and particularly relates to a log event extraction method and system based on a log tree and a parse tree.
Background
With the rise of internet technology today, the expansion of computing and communication infrastructure, large-scale distributed systems have come into play. A journal is textual data generated by the printout code embedded in the program, recording the current operating state and behavior pattern of the system. In the process of system development and maintenance, field experts realize real-time monitoring, abnormality detection, fault prediction and diagnosis of the system through analyzing logs. The log scale is rapidly enlarged, and the abnormality generated in the rapidly updated system is difficult to efficiently identify only by manually analyzing the log, so that the system fault is effectively eliminated. Therefore, log analysis is gradually changed from an offline mode to an online mode, and from manual analysis relying on domain experts to automatic analysis.
Event extraction is an important link of log analysis, and is used for extracting parameters in log events and original logs and providing structured data and key information for log downstream analysis. The original log comprises log headers with fixed fields such as time stamp, level, etc. and log contents describing the current state behavior of the system. The main object of event extraction is log content. Before log contents are formally analyzed, log headers with variable field values and fixed field types are preprocessed and filtered, and interference of the log headers on event extraction results is reduced. Common pre-processing partitions the log header and log content based on a manually defined log format, identifying the various fields of the header. However, a large-scale distributed system usually corresponds to a plurality of heterogeneous logs, and redefining different log formats consumes a large amount of labor cost.
The log content structure is loose and complex, and the conventional classification or clustering technology is difficult to directly extract the log content. The traditional log event extraction method extracts log events based on domain knowledge, and is difficult to quickly cope with variable heterogeneous logs. Most recent researches adopt a mode combining heuristic rules and clustering to improve an event extraction method. A set of logs for an event has the same static fields and a similar log structure. Heuristic rules are typically based on observations of a large number of log structures. Therefore, the event extraction method usually adopts one or more heuristic rules to divide the logs, accurately divides the logs with similar structures into the same log group, and effectively improves the algorithm efficiency. After the division is finished, clustering operation is carried out on each log group, and finally the log clusters meeting the conditions and the corresponding log events are obtained through similarity calculation. This heuristic rule and clustering combined schema abstracts the event extraction process into a parse tree. The internal nodes of the tree are usually the incarnations of different heuristic rules for dividing the log group, such as the number of log fields, a certain field value of the log, and the like. The leaf node stores the final target of event extraction obtained by clustering, namely the log cluster represented as the event. And matching each preprocessed log to a corresponding log cluster by searching the parse tree. However, the existing event extraction method makes heuristic rules for the global structure information such as the number of log fields or the local content information such as the log field category, and ignores the internal structure information hidden between the fields. After the log is matched with the log cluster, comparing the log with each field of the event, directly replacing the fields with different values by wildcards, and extracting the values as parameters, thereby updating the event.
Disclosure of Invention
The invention aims to provide a log event extraction method and system based on a log tree and an analytic tree, which can be used for mining the internal structure information of a log, and accurately extract events containing an indefinite number of parameters and parameters in an original log line.
The technical solution for realizing the purpose of the invention is as follows: a log event extraction method based on a log tree and a parse tree comprises the following steps:
providing and maintaining a rule base consisting of regular expressions and heuristic rules, and extracting a small part of logs to automatically generate a log format;
identifying the log as a log head and log content on line based on the log format;
generating a log tree based on the log structure information;
searching the analysis tree, and respectively calculating the similarity between static fields and dynamic parameters in the log tree and the event tree by adopting the longest common substring and the longest common subvector; and matching the log tree with the event tree by adopting a clustering technology, and extracting events and corresponding parameters.
A log event extraction system based on log trees and parse trees, comprising:
the first module is used for providing and maintaining a rule base consisting of regular expressions and heuristic rules, and extracting a small part of logs to automatically generate a log format;
the second module is used for identifying the log as a log head and log content on line based on the log format;
a third module that generates a log tree based on the log structure information;
the fourth module is used for searching the analytic tree and respectively calculating the similarity between the static field and the dynamic parameter in the log tree and the event tree by adopting the longest common substring and the longest common subvector; and matching the log tree with the event tree by adopting a clustering technology, and extracting events and corresponding parameters.
Compared with the prior art, the invention has the following remarkable advantages: (1) the log format is automatically extracted in a mode of constructing a regular expression and a heuristic rule base, the workload of manually identifying the log format is reduced, and the log preprocessing efficiency is improved; (2) the log is converted into a log tree, so that the internal structure of the log is fully utilized to extract events, and the events containing the parameters with indefinite number are accurately identified; (3) and searching a matching log tree based on the parse tree, reducing the matching time, improving the matching accuracy, and extracting parameters in the original log line as the input of downstream anomaly detection and fault prediction.
Drawings
FIG. 1 is a flowchart of a log event extraction method based on a log tree and a parse tree according to the present invention.
Detailed Description
As shown in fig. 1, the log event extraction method based on the log tree and the parse tree of the present invention adopts the following steps:
step 1: and automatically identifying the log format based on the rule base. Based on heuristic rules and regular expressions in a rule base, the step extracts a small part of logs to automatically generate a log format.
(1) Dividing the field by adopting a space and executing alignment operation on the divided field;
(2) according to rule 1, the identifiable field is replaced with a regular expression in the rule base. The column complexity is calculated according to rule 2 with the number of column fields equal to the number of rows. Traversing the column field to calculate the column complexity, the formula is as follows:
wherein, when a row has the same value, the row complexity is 0; otherwise the column complexity is the number of possible values.
(3) After the column complexity is calculated, the index with the maximum complexity of 0 and the maximum value is found according to rule 3max。
Wherein, the rules and regular expressions in the rule base are as follows:
rule 1. partial fields of the original heterogeneous log header, such as date, time, level, and number, may be defined based on a limited regular expression.
Rule 2. the header of each log has the same number of fields, and each field is of the same type; the log contents corresponding to different log lines have different field numbers, and each field type is not always the same. After aligning the log rows, the complexity of each column is calculated.
Rule 3. the first field of log content must occur after the column of complexity 0. Define indexiFor each column index, search for index with 0 complexity and largest valuemaxThe index of the first field of the log content is indexmax+1。
Regular expressions contain a variety of field types, such as date, time, level, and the like.
Step 2: and (4) carrying out online pretreatment. The log is processed in a streaming manner, and a log header and log contents are identified according to a log format, wherein the log header comprises a timestamp, a rank or other fields.
(1) The fields are obtained based on the space division log.
(2) Each field of the log is identified according to a field index of the log format. The log is divided into a log header containing a timestamp and other fields, and log content.
And step 3: a log tree is generated based on the log structure information. And converting the log content into a log tree by using the hidden static field and the structural information of the dynamic parameters.
(1) The log is traversed from left to right, and when the first field of the log contains ' or is contained by ' [ ] ', the first field is marked as the root node and is also the indication field of the log.
(2) The log is then divided into fields according to ',' and spaces, each matching from right to left ': a sub-tree is created according to consecutive': the left field of ': as the parent node of the right field of': the right field.
And 4, step 4: the log tree is matched and the event tree is updated based on the parse tree.
The structure of the parse tree is that the root node is a special tree node which does not contain an indication field; the tree node comprises an indication field and a child node index; the leaf node comprises a plurality of log clusters corresponding to the same indication field.
The process of matching log trees is as follows:
(1) the indication field of the parse tree is searched. After the same indication field is searched, the next step is executed; otherwise, creating a new indication field node and the log cluster child node thereof.
(2) Searching all candidate log clusters, calculating the similarity Sim of the log tree and the event tree, and selecting the log cluster corresponding to the maximum similarity after comparison. Similarity is determined by static field similarity SimsSimilarity with dynamic parameters SimdTwo parts, Sim ═ Sims+Simd. The specific calculation steps are as follows:
(a) the first-level node field of the log tree is denoted by L ═ tl1, tl 2.., tln }, the number of fields included in L is | L | ═ n, the first-level node field of the event tree is denoted by E ═ te1, te 2., tem }, the number of fields included in E | ═ m.
(b) Static field similarityCommon { L, E } obtains the longest Common subfield of L and E using the Longest Common Substring (LCS) algorithm.
(c) Similarity of dynamic parametersWherein L-Common { L, E } is a portion of L that is not a Common subfield between L and E, and E-Common { L, E } is a portion of E that is not a Common subfield between L and E. Adopting the longest common sub-vector (LCV) for the non-common fields of L and E to obtain the non-common field vector VL of L and E { VL } VL1,vl2,...,vlkVE and VE ═ VE1,ve2,...,vej}. k and j are the number of non-common fields for L and E, respectively.
(3) Calculating to obtain the maximum similarity SimmaxThen, comparing with a similarity threshold St, when the similarity is greater than St, successfully matching the log tree, and executing the next step; and when the similarity is less than or equal to St, creating a new log cluster under the current indication node.
The process of updating the event tree is as follows:
(1) the root nodes of the event tree and the log tree have the same structure as the nodes of the first layer, and store static fields, and the nodes of the second layer and the lower layers store dynamic parameter fields and corresponding log IDs.
(2) When the log tree can not be matched with any existing event tree, the log tree is directly converted into the event tree, the nodes of the first layer of the log tree are kept unchanged, corresponding log IDs are added to the nodes of the second layer and the lower layer, and data in each node is stored in a (logId, data) form.
(3) And when the log tree is matched with the existing event tree, merging the log tree and the event tree. The method comprises the following specific steps:
(a) and obtaining the longest common field of all nodes in the first layer, and reserving the common field to the first layer of the event tree.
(b) And adding a non-public field between two adjacent public fields as a child node of the previous field into the event tree, and simultaneously keeping the log ID corresponding to the log tree. In case the corresponding node already exists in the second layer, only the (logId, data) needs to be added to the nodes of the old event tree, forming the nodes of the new event tree.
Further, the present invention also provides a log event extraction system based on log tree and parse tree, including:
the first module is used for providing and maintaining a rule base consisting of regular expressions and heuristic rules, and extracting a small part of logs to automatically generate a log format;
the second module is used for identifying the log as a log head and log content on line based on the log format;
a third module that generates a log tree based on the log structure information;
the fourth module is used for searching the analytic tree and respectively calculating the similarity between the static field and the dynamic parameter in the log tree and the event tree by adopting the longest common substring and the longest common subvector; and matching the log tree with the event tree by adopting a clustering technology, and extracting events and corresponding parameters.
The specific implementation manner of the first to fourth modules is the same as the specific process of the log event extraction method, and is not described herein again.
The above examples are only intended to illustrate the technical solution of the present invention, but not to limit it; although the present invention has been described in detail with reference to the foregoing embodiments, it will be understood by those of ordinary skill in the art that: the technical solutions described in the foregoing embodiments may still be modified, or some technical features may be equivalently replaced; and such modifications or substitutions do not depart from the spirit and scope of the corresponding technical solutions of the embodiments of the present invention.
Claims (10)
1. A log event extraction method based on a log tree and a parse tree is characterized by comprising the following steps:
providing and maintaining a rule base consisting of regular expressions and heuristic rules, and extracting a small part of logs to automatically generate a log format;
identifying the log as a log head and log content on line based on the log format;
generating a log tree based on the log structure information;
searching the analysis tree, and respectively calculating the similarity between static fields and dynamic parameters in the log tree and the event tree by adopting the longest common substring and the longest common subvector; and matching the log tree with the event tree by adopting a clustering technology, and extracting events and corresponding parameters.
2. The log event extraction method based on log tree and parse tree as claimed in claim 1, wherein said method provides and maintains a rule base composed of regular expressions and heuristic rules, extracts a small portion of logs to automatically generate log format, specifically: dividing the field by adopting a blank space, executing alignment operation on the divided field, and replacing the identifiable field by using a regular expression in a rule base according to a rule 1; calculating the column complexity with the number of column fields equal to the number of rows according to rule 2; traversing the column field to calculate the column complexity, and after the column complexity is obtained through calculation, searching the index with the maximum complexity of 0 and the maximum value according to the rule 3max;
Wherein, the rules and regular expressions in the rule base are as follows:
rule 1, partial fields of an original heterogeneous log header, including date, time, level and number, may be defined based on a limited regular expression;
rule 2. the header of each log has the same number of fields, and each field is of the same type; the log contents corresponding to different log lines have different field numbers, and each field type is not always the same; after aligning the log rows, calculating the complexity of each column;
rule 3. the first field of the log content must appear after the column with complexity 0; define indexiFor each column index, search for index with 0 complexity and largest valuemaxThe index of the first field of the log content is indexmax+1。
3. The method for extracting log events based on the log tree and the parse tree as claimed in claim 1, wherein the log format-based online identification log is a log header and a log content, and specifically includes: obtaining fields based on the space segmentation log, and identifying each field of the log according to a field index of a log format; the log is divided into a log header containing a timestamp and other fields, and log content.
4. The method for extracting log events based on log tree and parse tree as claimed in claim 1, wherein the log tree is generated based on log structure information, the log is traversed from left to right, when the first field of the log contains ': or is contained by ' [ ] ', the first field is recorded as the root node, and is also the indication field of the log; the log is then divided into fields according to ',' and spaces, each matching from right to left ': a sub-tree is created according to consecutive': the left field of ': as the parent node of the right field of': the right field.
5. The log tree and parse tree based log event extraction method of claim 1, wherein the log tree is matched and the event tree is updated based on the parse tree; searching the indication field of the analysis tree, creating a new indication field node and a log cluster child node thereof after searching different indication fields, otherwise searching all candidate log clusters, calculating the similarity Sim of the log tree and the event tree, and selecting the log cluster corresponding to the maximum similarity after comparison; calculating to obtain the maximum similarity SimmaxThen, the similarity threshold St is compared; when SimmaxWhen the log cluster is smaller than or equal to St, a new log cluster is created under the current indication node; when SimmaxWhen the log tree is more than St, the log tree is successfully matched, and the log tree and the event tree are combined; when the log tree can not be matched with any existing event tree, the log tree is directly converted into the event tree.
6. A log event extraction system based on log trees and parse trees, comprising:
the first module is used for providing and maintaining a rule base consisting of regular expressions and heuristic rules, and extracting a small part of logs to automatically generate a log format;
the second module is used for identifying the log as a log head and log content on line based on the log format;
a third module that generates a log tree based on the log structure information;
the fourth module is used for searching the analytic tree and respectively calculating the similarity between the static field and the dynamic parameter in the log tree and the event tree by adopting the longest common substring and the longest common subvector; and matching the log tree with the event tree by adopting a clustering technology, and extracting events and corresponding parameters.
7. The log event extraction system based on log tree and parse tree of claim 6, wherein the first module, employing space to segment fields and perform alignment operations on the segmented fields, replaces recognizable fields with regular expressions in a rule base according to rule 1; calculating the column complexity with the number of column fields equal to the number of rows according to rule 2; traversing the column field to calculate the column complexity, and after the column complexity is obtained through calculation, searching the index with the maximum complexity of 0 and the maximum value according to the rule 3max;
Wherein, the rules and regular expressions in the rule base are as follows:
rule 1, partial fields of an original heterogeneous log header, including date, time, level and number, may be defined based on a limited regular expression;
rule 2. the header of each log has the same number of fields, and each field is of the same type; the log contents corresponding to different log lines have different field numbers, and each field type is not always the same; after aligning the log rows, calculating the complexity of each column;
rule 3. the first field of the log content must appear after the column with complexity 0; define indexiFor each column index, search for index with 0 complexity and largest valuemaxThe index of the first field of the log content is indexmax+1。
8. The log tree and parse tree based log event extraction system of claim 6, wherein the second module, based on space-splitting log obtained fields, identifies each field of the log according to a field index of a log format; the log is divided into a log header containing a timestamp and other fields, and log content.
9. The log event extraction system according to claim 6, wherein the third module generates log tree based on log structure information, traverses the log from left to right, and records the first field as a root node and an indication field of the log when the first field of the log contains ': or is contained by ' [ ] '; the log is then divided into fields according to ',' and spaces, each matching from right to left ': a sub-tree is created according to consecutive': the left field of ': as the parent node of the right field of': the right field.
10. The log tree and parse tree based log event extraction system of claim 6, wherein the fourth module, based on the parse tree, matches the log tree and updates the event tree; searching the indication field of the analysis tree, creating a new indication field node and a log cluster child node thereof after searching different indication fields, otherwise searching all candidate log clusters, calculating the similarity Sim of the log tree and the event tree, and selecting the log cluster corresponding to the maximum similarity after comparison; calculating to obtain the maximum similarity SimmaxThen, the similarity threshold St is compared; when SimmaxWhen the log cluster is smaller than or equal to St, a new log cluster is created under the current indication node; when SimmaxWhen the log tree is more than St, the log tree is successfully matched, and the log tree and the event tree are combined; when the log tree can not be matched with any existing event tree, the log tree is directly converted into the event tree.
Priority Applications (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110781337.0A CN113626400A (en) | 2021-07-11 | 2021-07-11 | Log event extraction method and system based on log tree and analytic tree |
Applications Claiming Priority (1)
Application Number | Priority Date | Filing Date | Title |
---|---|---|---|
CN202110781337.0A CN113626400A (en) | 2021-07-11 | 2021-07-11 | Log event extraction method and system based on log tree and analytic tree |
Publications (1)
Publication Number | Publication Date |
---|---|
CN113626400A true CN113626400A (en) | 2021-11-09 |
Family
ID=78379375
Family Applications (1)
Application Number | Title | Priority Date | Filing Date |
---|---|---|---|
CN202110781337.0A Pending CN113626400A (en) | 2021-07-11 | 2021-07-11 | Log event extraction method and system based on log tree and analytic tree |
Country Status (1)
Country | Link |
---|---|
CN (1) | CN113626400A (en) |
Cited By (6)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114465875A (en) * | 2022-04-12 | 2022-05-10 | 北京宝兰德软件股份有限公司 | Fault processing method and device |
CN114860673A (en) * | 2022-07-06 | 2022-08-05 | 南京聚铭网络科技有限公司 | Log feature identification method and device based on dynamic and static combination |
CN115065536A (en) * | 2022-06-16 | 2022-09-16 | 北京天融信网络安全技术有限公司 | Network security data analyzer, analysis method, electronic device and storage medium |
CN115442211A (en) * | 2022-08-19 | 2022-12-06 | 南京邮电大学 | Weblog analysis method and device based on twin neural network and fixed analysis tree |
CN115794563A (en) * | 2023-02-06 | 2023-03-14 | 北京升鑫网络科技有限公司 | Noise reduction method, device, equipment and readable medium for system audit diary |
CN115871745A (en) * | 2022-12-28 | 2023-03-31 | 江苏安防科技有限公司 | Intelligent maintenance method and device applied to rail transit |
-
2021
- 2021-07-11 CN CN202110781337.0A patent/CN113626400A/en active Pending
Cited By (11)
Publication number | Priority date | Publication date | Assignee | Title |
---|---|---|---|---|
CN114465875A (en) * | 2022-04-12 | 2022-05-10 | 北京宝兰德软件股份有限公司 | Fault processing method and device |
CN114465875B (en) * | 2022-04-12 | 2022-07-29 | 北京宝兰德软件股份有限公司 | Fault processing method and device |
CN115065536A (en) * | 2022-06-16 | 2022-09-16 | 北京天融信网络安全技术有限公司 | Network security data analyzer, analysis method, electronic device and storage medium |
CN115065536B (en) * | 2022-06-16 | 2023-08-25 | 北京天融信网络安全技术有限公司 | Network security data parser, parsing method, electronic device and storage medium |
CN114860673A (en) * | 2022-07-06 | 2022-08-05 | 南京聚铭网络科技有限公司 | Log feature identification method and device based on dynamic and static combination |
CN114860673B (en) * | 2022-07-06 | 2022-09-30 | 南京聚铭网络科技有限公司 | Log feature identification method and device based on dynamic and static combination |
CN115442211A (en) * | 2022-08-19 | 2022-12-06 | 南京邮电大学 | Weblog analysis method and device based on twin neural network and fixed analysis tree |
CN115442211B (en) * | 2022-08-19 | 2023-08-04 | 南京邮电大学 | Network log analysis method and device based on twin neural network and fixed analysis tree |
CN115871745A (en) * | 2022-12-28 | 2023-03-31 | 江苏安防科技有限公司 | Intelligent maintenance method and device applied to rail transit |
CN115794563A (en) * | 2023-02-06 | 2023-03-14 | 北京升鑫网络科技有限公司 | Noise reduction method, device, equipment and readable medium for system audit diary |
CN115794563B (en) * | 2023-02-06 | 2023-04-11 | 北京升鑫网络科技有限公司 | Noise reduction method, device, equipment and readable medium for system audit diary |
Similar Documents
Publication | Publication Date | Title |
---|---|---|
CN113626400A (en) | Log event extraction method and system based on log tree and analytic tree | |
CN110888849B (en) | Online log analysis method and system and electronic terminal equipment thereof | |
CN114610515B (en) | Multi-feature log anomaly detection method and system based on log full semantics | |
CN101888309B (en) | Online log analysis method | |
CN110175158B (en) | Log template extraction method and system based on vectorization | |
CN105468677B (en) | A kind of Log Clustering method based on graph structure | |
CN113946461A (en) | Fault root cause analysis method and device | |
CN112949281B (en) | Incremental social event detection method for graph neural network | |
Zhang et al. | Log sequence anomaly detection based on local information extraction and globally sparse transformer model | |
CN115455429A (en) | Vulnerability analysis method and system based on big data | |
CN111190873B (en) | Log mode extraction method and system for log training of cloud native system | |
Zhang et al. | LogST: Log semi-supervised anomaly detection based on sentence-BERT | |
CN110347827A (en) | Event Distillation method towards isomery text operation/maintenance data | |
CN113723542A (en) | Log clustering processing method and system | |
CN112785015A (en) | Equipment fault diagnosis method based on case reasoning | |
CN111314109A (en) | Weak key-based large-scale Internet of things equipment firmware identification method | |
CN115828180A (en) | Log anomaly detection method based on analytic optimization and time sequence convolution network | |
CN113485878B (en) | Multi-data center fault detection method | |
Liu et al. | Web log analysis in genealogy system | |
CN114329453A (en) | Anomaly detection method based on system log | |
CN116484260B (en) | Semi-supervised log anomaly detection method based on bidirectional time convolution network | |
WO2024027487A1 (en) | Health degree evaluation method and apparatus based on intelligent operations and maintenance scene | |
He et al. | Unsupervised Log Anomaly Detection Based on Pre-training | |
Feng et al. | A novel semantic user operation restoration from massive web URL log | |
Zhang et al. | An Adaptive Parameters Density Cluster Algorithm for Data Cleaning in Big Data |
Legal Events
Date | Code | Title | Description |
---|---|---|---|
PB01 | Publication | ||
PB01 | Publication | ||
SE01 | Entry into force of request for substantive examination | ||
SE01 | Entry into force of request for substantive examination |