Method and apparatus for supporting log analysis
First Claim
Patent Images
1. A computer-readable recording medium that stores a computer program for classifying a plurality of logs recorded in a log file, wherein the computer program causes a computer to execute:
- performing a parsing of the logs in the log file;
generating a rule for a log classification based on a result of the parsing;
performing the log classification, based on the rule generated, to classify the logs into a plurality of groups;
displaying a result of the log classification;
editing the rule based on an instruction from a user, wherein the rule generated includes deleting a first parameter that exists in each of a plurality of first logs, the first logs being included in the logs, and the first logs each including a same program name, replacing a value of a second parameter existing in each of the first logs with a predetermined character string when a number of values of the second parameter is more than a predetermined value, deleting a third parameter that exists in each of the first logs when a number of the first logs is less than a predetermined value, or replacing a variable part of a program name with a predetermined character string, a non-variable part of the program name existing in each of a plurality of second logs, when a number of the second logs is more than a predetermined value; and
determining whether a distribution of a response time is biased due to a specific combination of a parameter name and a parameter value,wherein the editing includes editing, when determined that the distribution of the response time is biased due to the specific combination, the rule so that a parameter name and a parameter value other that those included in the specific combination are deleted from the logs.
1 Assignment
0 Petitions
Accused Products
Abstract
An apparatus for classifying a plurality of logs recorded in a log file includes: a parsing unit that performs a parsing of the logs in the log file; a rule generating unit that generates a rule for a data classification based on a result of the parsing; a data classifying unit that performs the data classification, based on the rule generated, to classify the logs into a plurality of groups; a display unit that displays a result of the data classification; and a rule editing that edits the rules based on an instruction from a user.
26 Citations
15 Claims
-
1. A computer-readable recording medium that stores a computer program for classifying a plurality of logs recorded in a log file, wherein the computer program causes a computer to execute:
-
performing a parsing of the logs in the log file; generating a rule for a log classification based on a result of the parsing; performing the log classification, based on the rule generated, to classify the logs into a plurality of groups; displaying a result of the log classification; editing the rule based on an instruction from a user, wherein the rule generated includes deleting a first parameter that exists in each of a plurality of first logs, the first logs being included in the logs, and the first logs each including a same program name, replacing a value of a second parameter existing in each of the first logs with a predetermined character string when a number of values of the second parameter is more than a predetermined value, deleting a third parameter that exists in each of the first logs when a number of the first logs is less than a predetermined value, or replacing a variable part of a program name with a predetermined character string, a non-variable part of the program name existing in each of a plurality of second logs, when a number of the second logs is more than a predetermined value; and determining whether a distribution of a response time is biased due to a specific combination of a parameter name and a parameter value, wherein the editing includes editing, when determined that the distribution of the response time is biased due to the specific combination, the rule so that a parameter name and a parameter value other that those included in the specific combination are deleted from the logs. - View Dependent Claims (2, 3, 4, 5)
-
-
6. An apparatus for classifying a plurality of logs recorded in a log file, the log-analysis-supporting apparatus comprising:
-
a parsing unit that performs a parsing of the logs in the log file; a rule generating unit that generates a rule for a log classification based on a result of the parsing; a log classifying unit that performs the log classification, based on the rule generated, to classify the logs into a plurality of groups; a display unit that displays a result of the log classification; a rule editing unit that edits the rules based on an instruction from a user, wherein the rule generated by the rule generating unit includes deleting a first parameter that exists in each of a plurality of first logs, the first logs being included in the logs, and the first logs each including a same program name, replacing a value of a second parameter existing in each of the first logs with a predetermined character string when a number of values of the second parameter is more than a predetermined value, deleting a third parameter that exists in each of the first logs when a number of the first logs is less than a predetermined value, or replacing a variable part of a program name with a predetermined character string, a non-variable part of the program name existing in each of a plurality of second logs, when a number of the second logs is more than a predetermined value; and a determining unit that determines whether a distribution of a response time is biased due to a specific combination of a parameter name and a parameter value, wherein the editing includes editing, when determined that the distribution of the response time is biased due to the specific combination, the rule so that a parameter name and a parameter value other that those included in the specific combination are deleted from the logs. - View Dependent Claims (7, 8, 9, 10)
-
-
11. A method performed by a log-analysis-supporting system for classifying a plurality of logs recorded in a log file, the method comprising:
-
performing a parsing of the logs in the log file; generating a rule for a log classification based on a result of the parsing; performing the log classification, based on the rule generated, to classify the logs into a plurality of groups; displaying a result of the log classification; editing the rule based on an instruction from a user, wherein the rule generated includes deleting a first parameter that exists in each of a plurality of first logs, the first logs being included in the logs, and the first logs each including a same program name, replacing a value of a second parameter existing in each of the first logs with a predetermined character string when a number of values of the second parameter is more than a predetermined value, deleting a third parameter that exists in each of the first logs when a number of the first logs is less than a predetermined value, or replacing a variable part of a program name with a predetermined character string, a non-variable part of the program name existing in each of a plurality of second logs, when a number of the second logs is more than a predetermined value; and determining whether a distribution of a response time is biased due to a specific combination of a parameter name and a parameter value, wherein the editing includes editing, when determined that the distribution of the response time is biased due to the specific combination, the rule so that a parameter name and a parameter value other that those included in the specific combination are deleted from the logs. - View Dependent Claims (12, 13, 14, 15)
-
Specification