CPC G06F 16/2365 (2019.01) [G06F 16/1734 (2019.01)] | 20 Claims |
1. A system comprising:
a processor;
a machine-readable storage medium comprising instructions executable by the processor to:
obtain a log file comprising a plurality of event records;
process a set of event records from the log file to determine a first series of logged event types and a first series of corresponding logged event attributes;
associate a numerical identifier with each logged event type within the first series of logged event types, to provide a first sequence of identifiers;
obtain a retrace dictionary based on the first sequence of identifiers, wherein the retrace dictionary links each numerical identifier in the first sequence of identifiers with a corresponding event record within the set of event records;
determine whether a selected numerical identifier within the first sequence of identifiers corresponds to occurrence of anomalous computing event; and
based on the retrace dictionary, identify an event record corresponding to the selected numerical identifier within the log file, as anomalous.
|