Log data analysis
First Claim
Patent Images
1. A system, comprising:
- one or more processors configured to;
obtain log data;
cluster portions of the log data into clusters of similar data portions;
generate a signature for each cluster, wherein the signature comprises a representation of log data in the cluster, wherein comparison of subsequent log data with the signature indicates whether the subsequent log data belongs in the cluster, and wherein the log data in the cluster conforms to the signature; and
cause the generated signature to be presented via one or more interfaces, wherein the one or more interfaces are configured to obtain a user instruction associated with an action to take with respect to the presented signature, wherein the action comprises editing the signature, and wherein the signature is modified in response to the obtained user instruction; and
a memory coupled to the one or more processors and configured to provide the one or more processors with instructions.
2 Assignments
0 Petitions
Accused Products
Abstract
Analyzing log data, such as security log data and event data, is disclosed. Log data is obtained. Portions of the log data are clustered into clusters of similar data portions. A signature for each cluster is generated. Comparison of subsequent log data with the signature indicates whether the subsequent log data belongs in the cluster.
-
Citations
30 Claims
-
1. A system, comprising:
-
one or more processors configured to; obtain log data; cluster portions of the log data into clusters of similar data portions; generate a signature for each cluster, wherein the signature comprises a representation of log data in the cluster, wherein comparison of subsequent log data with the signature indicates whether the subsequent log data belongs in the cluster, and wherein the log data in the cluster conforms to the signature; and cause the generated signature to be presented via one or more interfaces, wherein the one or more interfaces are configured to obtain a user instruction associated with an action to take with respect to the presented signature, wherein the action comprises editing the signature, and wherein the signature is modified in response to the obtained user instruction; and a memory coupled to the one or more processors and configured to provide the one or more processors with instructions. - View Dependent Claims (2, 3, 4, 5, 6, 7, 8, 9, 10, 11, 12, 13, 14, 15, 16, 17, 18, 19, 20, 21, 22, 23, 24, 25, 26, 27)
-
-
28. A method, comprising:
-
obtaining log data; clustering, using one or more processors, portions of the log data into clusters of similar data portions; generating a signature for each cluster, wherein the signature comprises a representation of log data in the cluster, wherein comparison of subsequent log data with the signature indicates whether the subsequent log data belongs in the cluster, and wherein the log data in the cluster conforms to the signature; and causing the generated signature to be presented via one or more interfaces, wherein the one or more interfaces are configured to obtain a user instruction associated with an action to take with respect to the presented signature, wherein the action comprises editing the signature, and wherein the signature is modified in response to the obtained user instruction. - View Dependent Claims (29)
-
-
30. A computer program product embodied in a non-transitory computer readable storage medium and comprising computer instructions for:
-
obtaining log data; clustering portions of the log data into clusters of similar data portions; generating a signature for each cluster, wherein the signature comprises a representation of log data in the cluster, wherein comparison of subsequent log data with the signature indicates whether the subsequent log data belongs in the cluster, and wherein the log data in the cluster conforms to the signature; and causing the generated signature to be presented via one or more interfaces, wherein the one or more interfaces are configured to obtain a user instruction associated with an action to take with respect to the presented signature, wherein the action comprises editing the signature, and wherein the signature is modified in response to the obtained user instruction.
-
Specification