Skip to content
/ spellpy Public

Use python to implement "SPELL - Streaming Parsing of System Event Logs" parser that can auto parse custom raw log without human guidance

License

MIT license
13 stars 7 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

nailo2c/spellpy

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

26 Commits
.vscode
.vscode
 
 
data
data
 
 
plot
plot
 
 
spellpy
spellpy
 
 
tests
tests
 
 
.gitignore
.gitignore
 
 
LICENSE
LICENSE
 
 
README.md
README.md
 
 
example.py
example.py
 
 
plot_tree.py
plot_tree.py
 
 
requirements.txt
requirements.txt
 
 
setup.py
setup.py
 
 
test.sh
test.sh
 
 

Repository files navigation

Spell

Use python implement the paper Spell: Streaming Parsing of System Event Logs from Min Du, Feifei Li @University of Utah.

This implement is refactored and enhancement version of logpai's logparser.

Install

pip install spellpy

Getting Started

python example.py

After executing the line above, the result folder will be created and you will see two files: structured.csv and templates.csv.

 

  • *_main_structured.csv
... Level Component Content EventId EventTemplate ParameterList
... INFO dfs.DataNode$DataXceiver Receiving block blk_-1608999687919862906 src: /10.250.19.102:54106 dest: /10.250.19.102:50010 f57d69cf Receiving block blk_-1608999687919862906 src <*> <*> dest <*> 50010 ['/10.250.19.102:54106', '/10.250.19.102']
... INFO dfs.DataNode$PacketResponder PacketResponder 1 for block blk_-1608999687919862906 terminating 7b619377 PacketResponder <*> for block blk_-1608999687919862906 terminating ['1']
... INFO dfs.DataNode$DataXceiver Receiving block blk_-1608999687919862906 src: /10.250.10.6:40524 dest: /10.250.10.6:50010 f57d69cf Receiving block blk_-1608999687919862906 src <*> <*> dest <*> 50010 ['/10.250.10.6:40524', '/10.250.10.6']

 

  • *_main_templates.csv
EventId EventTemplate Occurrences
6af214fd Receiving block <*> src <*> <*> dest <*> 50010 5
26ae4ce0 BLOCK* NameSystem.allocateBlock <*> 2
dc2c74b7 PacketResponder <*> for block <*> terminating 4

 

As you see, there have three test log files. Use for loop to simulate (nearly) streaming situation.

In the result folder, there are _main_*.csv files and *.log_*.csv files. The _main_*.csv files will keep appending the new coming log when it has been parse.

Plot

We can use graphviz to visualize the tree-structured of the parser.

python plot_tree.py

 

tree

Tests

sh test.sh
Name Stmts Miss Cover
spell/init.py 0 0 100%
spell/spell.py 321 218 32%
test/test_spell.py 55 1 98%
TOTAL 376 219 42%

TODO

  • Refactor spellpy.py
  • Test coverage

About

Use python to implement "SPELL - Streaming Parsing of System Event Logs" parser that can auto parse custom raw log without human guidance

Topics

python parser machine-learning aiops

Resources

Readme

License

MIT license
Activity

Stars

13 stars

Watchers

2 watching

Forks

7 forks
Report repository

Releases

No releases published

Packages

No packages published

Languages