| 摘要 |
The current document is directed to methods and systems for processing, classifying, and efficiently storing large volumes of event messages generated in modern computing systems. In a disclosed implementation, received event messages are normalized to identify non-parameter tokens within the event messages. The non-parameter event tokens are used to compute a metric for each event message. The metrics are used, in turn, to identify a type-associated cluster to which to assign each received event message. The type-associated clusters are created dynamically as streams of event messages are processed. The type-associated clusters may be dynamically split and merged to refine event-message typing. |
| 主权项 |
1. An event-message clustering system comprising:
one or more processors; one or more memories; and computer instructions, stored in one or more of the one or more memories that, when executed by one or more of the one or more processors, control the event-message clustering system to
receive event messages; andprocess each of the received event messages by
normalizing the event message to identify parameter tokens within the event message,computing, using non-parameter tokens within the event message, a metric to represent the event message,using the metric to select an event-message cluster to which to assign the event message,generating an event record using an identifier for the selected cluster and the parameter tokens, andstoring the event record within, or associated with, the selected cluster in a physical data-storage device. |
