Chapter

Machine Learning and Knowledge Discovery in Databases

Volume 5781 of the series Lecture Notes in Computer Science pp 227-243

One Graph Is Worth a Thousand Logs: Uncovering Hidden Structures in Massive System Event Logs

  • Michal AharonAffiliated withHP-Labs Israel
  • , Gilad BarashAffiliated withHP-Labs Israel
  • , Ira CohenAffiliated withHP-Labs Israel
  • , Eli MordechaiAffiliated withHP-Labs Israel

* Final gross prices may vary according to local VAT.

Get Access

Abstract

In this paper we describe our work on pattern discovery in system event logs. For discovering the patterns we developed two novel algorithms. The first is a sequential and efficient text clustering algorithm which automatically discovers the templates generating the messages. The second, the PARIS algorithm (Principle Atom Recognition In Sets), is a novel algorithm which discovers patterns of messages that represent processes occurring in the system. We demonstrate the usefulness of our analysis, on real world logs from various systems, for debugging of complex systems, efficient search and visualization of logs and characterization of system behavior.