Log processing and analysis
First Claim
Patent Images
1. A process comprising:
- obtaining a log of execution of an executable program;
parsing log messages contained in the log without prior knowledge of a structure of the log messages, wherein parsing a particular log message involves parsing the particular log message into an object identifier and one or more of a string constant and a non-identifier, the object identifier being one or more segments of the particular log message not parsed as a string constant or a non-identifier, the object identifier representative of one or more instances of programmatic elements in the executable program;
identifying relationships among object identifiers of parsed log messages by inferring object types of objects represented by the object identifiers and identifying relationships among the object types of objects to obtain identified relationships, wherein an object type of the object identifier in the particular log message is inferred from a schema of the object identifier and the one or more of a string constant and a non-identifier in the particular log message;
constructing a representation of the identified relationships; and
outputting the representation, wherein the representation comprises a set of event timelines, each event timeline corresponding to an object, each event timeline depicting one or more nodes which each represent an event identified in a log message which contains the corresponding object, and wherein the event timelines are organized in nested hierarchical relationships corresponding to identified relationships of the corresponding object.
1 Assignment
0 Petitions
Accused Products
Abstract
A log of execution of an executable program is obtained. Log messages contained in the log are parsed to generate object identifiers representative of instances of programmatic elements in the executable program. Relationships among the object identifiers are identified. A representation of identified relationships is constructed and outputted as, for example, a visual representation.
-
Citations
16 Claims
-
1. A process comprising:
-
obtaining a log of execution of an executable program; parsing log messages contained in the log without prior knowledge of a structure of the log messages, wherein parsing a particular log message involves parsing the particular log message into an object identifier and one or more of a string constant and a non-identifier, the object identifier being one or more segments of the particular log message not parsed as a string constant or a non-identifier, the object identifier representative of one or more instances of programmatic elements in the executable program; identifying relationships among object identifiers of parsed log messages by inferring object types of objects represented by the object identifiers and identifying relationships among the object types of objects to obtain identified relationships, wherein an object type of the object identifier in the particular log message is inferred from a schema of the object identifier and the one or more of a string constant and a non-identifier in the particular log message; constructing a representation of the identified relationships; and outputting the representation, wherein the representation comprises a set of event timelines, each event timeline corresponding to an object, each event timeline depicting one or more nodes which each represent an event identified in a log message which contains the corresponding object, and wherein the event timelines are organized in nested hierarchical relationships corresponding to identified relationships of the corresponding object. - View Dependent Claims (2, 3, 4, 5, 6)
-
-
7. A non-transitory machine-readable storage medium comprising instructions that, when executed by a processor:
-
discover a log of execution of an executable program; extract a string constant from the executable program; use the string constant to parse an unstructured log message contained in the log to generate an object identifier representative of an instance of a programmatic element in the executable program, wherein generating the object identifier involves identifying a segment of the unstructured log message that does not match the string constant or another non-identifier; identify a relationship between the object identifier and another object identifier to obtain an identified relationship for output in a representation, wherein identifying the relationship involves inferring an object type of the object identifier from a schema of the object identifier and the string constant or another non-identifier in the unstructured log message, construct a representation of the identified relationships; and output the representation, wherein the representation comprises a set of event timelines, each event timeline corresponding to an object, each event timeline depicting one or more nodes which each represent an event identified in a log message which contains the corresponding object, and wherein the event timelines are organized in nested hierarchical relationships corresponding to identified relationships of the corresponding object. - View Dependent Claims (8, 9, 10, 11, 12, 13)
-
-
14. A non-transitory machine-readable storage medium comprising instructions that, when executed by a processor:
-
extract string constants from an executable program; obtain log data that includes identified relationships among object identifiers representative of instances of programmatic elements in the executable program; construct a representation of the identified relationships; and output the representation, wherein the log data is based on unstructured log messages generated by log statements provided to the executable program and parsed using the string constants to generate the object identifiers, wherein generating the object identifiers involves identifying segments of the unstructured log messages that do not match the string constants or other non-identifiers in the unstructured log messages, and wherein the identified relationships are identified by inferring the object types of the object identifiers from schemas of the object identifiers, string constants, and other non-identifiers in the unstructured log messages; wherein the representation comprises a set of event timelines, each event timeline corresponding to an object, each event timeline depicting one or more nodes which each represent an event identified in a log message which contains the corresponding object, and wherein the event timelines are organized in nested hierarchical relationships corresponding to identified relationships of the corresponding object. - View Dependent Claims (15, 16)
-
Specification