The present invention relates to processing log entries, and more specifically, to identifying parameter values in log entries.
Most computer systems generate log entries that are written to a log of some form. These entries are typically made up of a combination of language text and parameter values. For example, a log entry may include: a timestamp; a message code or identifier; and a text string with values inserted into it when the entry is generated which identify the specific resource(s) and/or state being reported on in the entry.
An example of this is the entry: “File PEN failed to open on 11/12/2016 with error code 2016”.
This is created inside an application by taking the message: “File {1} failed to open on {2} with error code {3}” and substituting the arguments “PEN”, “11/12/2016” and “2016” for the parameters.
Although an individual log entry can be read by an appropriately experienced person; the requirement is often to view changes over time, at which point reviewing the flat text file can be time consuming. There can be very useful information in these logs; however, their structure does not make it easy to find relevant information. In particular, it can be difficult to find relationships between entries scattered through the log.
The prior art involves parsing the log to determine areas that contain relevant information either manually or using software.