Unlock instant, AI-driven research and patent intelligence for your innovation.
Log analysis method and device based on feature matching
What is Al technical title?
Al technical title is built by PatSnap Al team. It summarizes the technical point description of the patent document.
An analysis method and feature matching technology, applied in the field of computer information, can solve problems such as difficult to grasp, cumbersome process of field analysis and processing, etc., to achieve the effect of increasing efficiency and lowering the threshold
Pending Publication Date: 2022-03-04
杭州极盾数字科技有限公司
View PDF0 Cites 0 Cited by
Summary
Abstract
Description
Claims
Application Information
AI Technical Summary
This helps you quickly interpret patents by identifying the three key elements:
Problems solved by technology
Method used
Benefits of technology
Problems solved by technology
[0003] Since structured data is usually in units of fields, the main work of converting unstructured data into structured data starts with extracting the desired fields from unstructured data, and the current extraction methods often require Manually writing regular expressions, grok expressions, etc., makes the process of field parsing and processing very cumbersome and difficult to master
Method used
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
View more
Image
Smart Image Click on the blue labels to locate them in the text.
Viewing Examples
Smart Image
Click on the blue label to locate the original text in one second.
Reading with bidirectional positioning of images and text.
Smart Image
Examples
Experimental program
Comparison scheme
Effect test
Embodiment 1
[0042] It mainly includes the following steps:
[0043] Step S1: Set the data source, such as figure 1 As shown, wherein the input unit 11 is used for the user to set the name for the new log source, the protocol or mode of the user inputting the collection log in the input unit 12 can be syslog, http, IMAP, etc., the source IP of the user input log in the input unit 13 , the input unit 14 responds to the completion of the setting by the user, and after completion, step S2 can be entered.
[0045] Step S21: if figure 2 As shown, the data samples are first obtained from the data source and displayed on the display unit 21 .
[0046] Step S22: Take out the template T from the built-in template library one by one i (feature_set, regex), record the feature set of the current template as T i [feature_set], one by one from the feature set T i Extract the feature feature from [feature_set] i , to determine whether the sample log c...
Embodiment 2
[0052] When setting the log parsing template, if no parsing template matching the current data source is found (or not satisfied with the found parsing template), pass figure 2 The trigger unit 25 enters the human-computer interaction module and generates a new parsing template semi-automatically.
[0053] Step S31: If image 3 As shown, the data sample obtained from the data source is displayed in the display unit 31;
[0054] Step S32: The user selects the field content to be extracted in the display unit 31, and an input unit 32 is triggered, and the user inputs a field name in the input unit. This operation can get a field, which is composed of three parts, field name (name), field value (value) and position (position), recorded as field (name, value, position), where position is determined by the starting position (start ) and the end position (end), recorded as position (start, end). Furthermore, the start position start represents the first character of the field cont...
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
PUM
Login to View More
Abstract
The invention discloses a log analysis method and device based on feature matching, and the method comprises the steps: firstly taking a small amount of sample logs for a new log source, searching an analysis template from a preset analysis template library through an automatic matching mode, triggering a man-machine interaction module if no matched analysis template is found, and carrying out the analysis of the sample logs through a man-machine interaction module; a new log analysis template can be automatically generated through a small amount of man-machine interaction, so that the log is analyzed; according to the method, the complexity of manually compiling regular expressions is avoided, and the generation difficulty of generating the log analysis template is greatly reduced, so that the usability and the maintainability of a log analysis platform are improved.
Description
technical field [0001] The invention relates to the field of computer information technology, in particular to a log analysis method and system for large-scale security equipment in an enterprise internal network. Background technique [0002] Now the operating system kernel, network mobile devices, application services, etc. will generate a large amount of log data, and most of these data are unstructured or semi-structured, it is difficult to directly understand and apply, only to say that these data are transformed into results after analysis and processing After the data is converted, it can be used and analyzed by subsequent systems. [0003] Since structured data is usually in units of fields, the main work of converting unstructured data into structured data starts with extracting the desired fields from unstructured data, and the current extraction methods often require Manually writing regular expressions, grok expressions, etc., makes the process of field parsing ...
Claims
the structure of the environmentally friendly knitted fabric provided by the present invention; figure 2 Flow chart of the yarn wrapping machine for environmentally friendly knitted fabrics and storage devices; image 3 Is the parameter map of the yarn covering machine
Login to View More
Application Information
Patent Timeline
Application Date:The date an application was filed.
Publication Date:The date a patent or application was officially published.
First Publication Date:The earliest publication date of a patent with the same application number.
Issue Date:Publication date of the patent grant document.
PCT Entry Date:The Entry date of PCT National Phase.
Estimated Expiry Date:The statutory expiry date of a patent right according to the Patent Law, and it is the longest term of protection that the patent right can achieve without the termination of the patent right due to other reasons(Term extension factor has been taken into account ).
Invalid Date:Actual expiry date is based on effective date or publication date of legal transaction data of invalid patent.
Login to View More 
Login to View More