drain-rs
| Crates.io | drain-rs |
| lib.rs | drain-rs |
| version | 0.3.0 |
| source | src |
| created_at | 2020-09-22 11:42:28.550465 |
| updated_at | 2021-05-31 17:53:11.067043 |
| description | Automatically cluster semi-formatted text with the drain algorithm |
| homepage | |
| repository | https://github.com/benwtrent/drain-rs |
| max_upload_size | |
| id | 291515 |
| size | 57,207 |
Benjamin Trent (benwtrent)
documentation
https://docs.rs/drain-rs
README
drain-rs
Drain provides a mechanism for online log categorization.
This version provides:
- serialization/deserialization of drain state via serde json
- support for GROK patterns for more accurate categories and variable filtering
The goal of this particular project is to provide a nice, fast, rust upgrade to the original drain implementation. Original paper here:
-
Pinjia He, Jieming Zhu, Zibin Zheng, and Michael R. Lyu. Drain: An Online Log Parsing Approach with Fixed Depth Tree, Proceedings of the 24th International Conference on Web Services (ICWS), 2017.
This is a WIP, 0.2.x
Installing
[dependencies]
drain-rs = "0.2.0"
Using drain for clustering
To use drain for clustering:
//Create new drain tree object
let mut drain = DrainTree::new()
// Add log lines and see their group:
let log_group = drain.add_log_line(s.as_str());
To use drain with grok:
let mut g = grok::Grok::with_patterns();
let filter_patterns = vec![
"blk_(|-)[0-9]+", //blockid
"%{IPV4:ip_address}", //IP
"%{NUMBER:number}", //Num
];
// Build new drain tree
let mut drain = DrainTree::new()
.filter_patterns(filter_patterns)
.max_depth(4)
.max_children(100)
.min_similarity(0.5)
// HDFS log pattern, variable format printout in the content section
.log_pattern("%{NUMBER:date} %{NUMBER:time} %{NUMBER:proc} %{LOGLEVEL:level} %{DATA:component}: %{GREEDYDATA:content}", "content")
// Compile all the grok patterns so that they can be used
.build_patterns(&mut g);