US 11,928,144 B2
Clustering of log messages
Tomer Levy, Tel-Aviv (IL); Asaf Yigal, Tel-Aviv (IL); Ziv Segal, RaAnana (IL); Amir Kalron, Tel Aviv (IL); Eran Nir, Tel Aviv (IL); Asaf Mesika, Rishon-LeZion (IL); and Doron Gill, Givataim (IL)
Assigned to LogsHero Ltd., Tel-Aviv (IL)
Filed by LogsHero Ltd., Tel-Aviv (IL)
Filed on Dec. 8, 2021, as Appl. No. 17/544,979.
Application 17/544,979 is a continuation of application No. 15/997,742, filed on Jun. 5, 2018, granted, now 11,216,502.
Prior Publication US 2022/0092102 A1, Mar. 24, 2022
Int. Cl. G06F 16/35 (2019.01); G06F 16/903 (2019.01); G06F 17/17 (2006.01); G06F 18/22 (2023.01)
CPC G06F 16/355 (2019.01) [G06F 16/90344 (2019.01); G06F 17/17 (2013.01); G06F 18/22 (2023.01)] 19 Claims
OG exemplary drawing
 
1. A computer implemented method of detecting at least one anomaly within a plurality of non-training log messages during run-time, by using a clustering model targeting a predefined source of the run-time messages, comprising:
using at least one processor for:
calculating a string distance between a textual content of each of a plurality of non-training log messages, in run-time, and a representative string pattern of each of a plurality of clusters of a clustering model targeting a predetermined certain source of messages, wherein said clustering model is constructed during a training phase, using a plurality of training messages which are selected, constructed and adapted to represent non-training messages originated by said predetermined certain source which is targeted for log message analysis during a run-time phase;
detecting at least one log message of the plurality of non-training log messages for which the string distance to the representative string pattern of each of the plurality of clusters exceeds a predefined threshold; and
generating an alert indicative of the at least one detected log message as at least one suspected anomaly.