| CPC G06F 16/285 (2019.01) [G06F 16/2452 (2019.01); G06F 16/24575 (2019.01)] | 11 Claims |
|
1. A system, comprising:
a processor configured to:
collect logs from a plurality of applications;
tokenize a log into a sequence of tokens, each token being a character string;
based at least in part on the sequence of tokens, match the log to a pattern represented by a sequence of nodes stored in a trie, the pattern being associated with a unique pattern identifier, wherein at least one node in the sequence of nodes is a wildcard node configured to match any subsequence of tokens, another node matches one of the tokens in the sequence of tokens, and one special expression node in the sequence of nodes is configured to match any sequence of tokens based on a predefined expression;
extract a set of free parameters and a set of metadata from the log, each free parameter comprising a subsequence of tokens, one of the free parameters from the set of free parameters matching the wildcard node, and another parameter from the set of free parameters matching the special expression node;
store the log as a combination of the unique pattern identifier, the set of free parameters, and the set of metadata, the stored combination comprising enough information to recreate the log, wherein the unique pattern identifier is associated with a last matched node in the sequence of nodes; and
perform a query at least in part by tokenizing a query request and matching the tokenized query request to one or more patterns stored in the trie; and
a memory coupled to the processor and configured to provide the processor with instructions.
|