| CPC G06F 11/3476 (2013.01) [G06F 11/0793 (2013.01); G06F 11/3072 (2013.01)] | 20 Claims |
|
1. An apparatus comprising:
at least one processing device comprising a processor coupled to a memory;
the at least one processing device being configured:
to determine a set of two or more log patterns to utilize for scanning a set of logs associated with a cluster of two one or more information technology assets, a given one of the set of two or more log patterns comprising a mapping between (i) at least a portion of a given raw log entry and (ii) a given descriptive textual label representing content of the given raw log entry;
to scan the set of logs associated with the cluster of two or more information technology assets to identify instances of the determined set of two or more log patterns;
to generate a log timeline of the identified instances of the determined set of two or more log patterns; and
to utilize the generated log timeline to cross-correlate the identified instances of the determined set of two or more log patterns for the cluster of two or more information technology assets, the generated log timeline consolidating a first set of events occurring on a first one of the two or more information technology assets in the cluster and a second set of events occurring on a second one of the two or more information technology assets in the cluster, the first set of events and the second set of events being associated with ones of the two or more log patterns in different ones of two or more functional areas of an information technology software stack running on the cluster of two or more information technology assets.
|