Implement Drain3-based log clustering flow (#23)

- Drain3 - Ray-based experiment
SkyAPM · Sep 17, 2022 · 5872919 · 5872919
1 parent bba0a2f
commit 5872919
Show file tree

Hide file tree

Showing 12 changed files with 1,365 additions and 0 deletions.
diff --git a/.licenserc.yaml b/.licenserc.yaml
@@ -29,5 +29,7 @@ header:
     - '**/*.lock'
     - '**/*.csv'
     - '**/*.log'
+    - 'experiments/log/clustering/drain_parser/*'
+    - '**/*.ini'
 
   comment: on-failure
diff --git a/experiments/log/clustering/drain3.ini b/experiments/log/clustering/drain3.ini
@@ -0,0 +1,28 @@
+[SNAPSHOT]
+snapshot_interval_minutes = 10
+compress_state = True
+
+[MASKING]
+masking = [
+          {"regex_pattern":"((?<=[^A-Za-z0-9])|^)(([0-9a-f]{2,}:){3,}([0-9a-f]{2,}))((?=[^A-Za-z0-9])|$)", "mask_with": "ID"},
+          {"regex_pattern":"((?<=[^A-Za-z0-9])|^)(\\d{1,3}\\.\\d{1,3}\\.\\d{1,3}\\.\\d{1,3})((?=[^A-Za-z0-9])|$)", "mask_with": "IP"},
+          {"regex_pattern":"((?<=[^A-Za-z0-9])|^)([0-9a-f]{6,} ?){3,}((?=[^A-Za-z0-9])|$)", "mask_with": "SEQ"},
+          {"regex_pattern":"((?<=[^A-Za-z0-9])|^)([0-9A-F]{4} ?){4,}((?=[^A-Za-z0-9])|$)", "mask_with": "SEQ"},
+          {"regex_pattern":"((?<=[^A-Za-z0-9])|^)(0x[a-f0-9A-F]+)((?=[^A-Za-z0-9])|$)", "mask_with": "HEX"},
+          {"regex_pattern":"((?<=[^A-Za-z0-9])|^)([\\-\\+]?\\d+)((?=[^A-Za-z0-9])|$)", "mask_with": "NUM"},
+          {"regex_pattern":"(?<=executed cmd )(\".+?\")", "mask_with": "CMD"}
+          ]
+mask_prefix = <:
+mask_suffix = :>
+
+[DRAIN]
+sim_th = 0.4
+depth = 4
+max_children = 100
+max_clusters = 1024
+max_logs=10240
+extra_delimiters = ["_"]
+
+[PROFILING]
+enabled = True
+report_sec = 30