Dynamic Parsing Rules
First Claim
1. A method executed by one or more data processing devices, comprising:
- receiving log data;
receiving a first parsing rule and a second parsing rule, the first parsing rule and second parsing rule configured to extract a named value based on the received log data;
identifying a conflict between the first parsing rule and the second parsing rule;
resolving the conflict; and
extracting the named value using a combination of the first parsing rule and the second parsing rule.
15 Assignments
0 Petitions
Accused Products
Abstract
Methods, program products, and systems implementing dynamic parsing rules are disclosed. Log data from a variety of log producers can be parsed using parsing rules to generate information about an information system. The parsing rules can include system parsing rules and custom parsing rules. A state machine can be used to detect conflicts between various parsing rules. A central server can distribute the system parsing rules and custom parsing rules to one or more remote servers for distributed processing. In a hierarchical parsing system, a first tier parser can be used to identify types of sources generating the log data. Log data from each type of log source can be sent to a second tier parser that corresponds to the type of log source.
-
Citations
17 Claims
-
1. A method executed by one or more data processing devices, comprising:
-
receiving log data; receiving a first parsing rule and a second parsing rule, the first parsing rule and second parsing rule configured to extract a named value based on the received log data; identifying a conflict between the first parsing rule and the second parsing rule; resolving the conflict; and extracting the named value using a combination of the first parsing rule and the second parsing rule. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15)
-
-
16. A computer program product stored on a storage device, operable to cause one or more processors to perform operations comprising:
-
receiving log data; receiving a first parsing rule and a second parsing rule, the first parsing rule and second parsing rule configured to extract a named value based on the received log data; identifying a conflict between the first parsing rule and the second parsing rule; resolving the conflict; and extracting the named value using a combination of the first parsing rule and the second parsing rule.
-
-
17. A system comprising:
one or more processors configured to perform operations comprising; receiving log data; receiving a first parsing rule and a second parsing rule, the first parsing rule and second parsing rule configured to extract a named value based on the received log data; identifying a conflict between the first parsing rule and the second parsing rule; resolving the conflict; and extracting the named value using a combination of the first parsing rule and the second parsing rule.
Specification