Cluster-based processing of unstructured log messages

Assignee

• Oracle International Corporation · US

Inventors

• Jae Young Yoon · San Mateo, US
• Dhileeban Kumaresan · Chilpur, IN
• Venktesh Alvenkar · Ghanpur, IN
• Sreeji Das · Fremont, US
• Harish Akali · Acton, US

Key dates

Classification

• Technology area (CPC G)Physics
• CPC primaryG06F2201/86
• WIPO fieldComputer technology
• WIPO sectorElectrical engineering

Abstract

Some embodiments relate to assigning individual log messages to clusters. An initial cluster assignment may be performed by applying a hash function to one or more non-variable components of the message to generate an initial cluster identifier. Subsequently, clustering may be further refined (e.g., by determining whether to merge clusters based on similarity values). An interface can present a representative message of each cluster and indicate which portions of the message correspond to a variable component. Particular inputs detected at the input corresponding to one of these components can cause other values for the component to be presented. For a given cluster, timestamps of assigned messages can be used to generate a time series, which can facilitate grouping of clusters (with similar or complementary shapes) and/or triggering alerts (with a condition corresponding to a temporal aspect).