| CPC G06F 11/0778 (2013.01) [G06F 11/0709 (2013.01); G06F 11/0781 (2013.01)] | 20 Claims |
|
1. A computer implemented method comprising:
obtaining a log file comprising a plurality of log entries, each log entry comprising an error message and a timestamp;
identifying communities of errors, where identifying communities of errors comprises:
creating an error type for each unique error message in the plurality of log entries;
dividing the log file into a plurality of sessions, each session representing a predetermined period of time;
generating a graph, wherein each error type is plotted as a node in the graph;
determining, for a plurality of node pairs, a number of sessions in which both nodes of each node pair occur;
plotting edges between each node pair of the plurality of node pairs;
assigning a weight to each edge based on the determined number of sessions; and
performing a community detection algorithm on the graph to identify communities of errors; and
identifying anomalous sessions by identifying sessions comprising errors from more than one community.
|