Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.lang.java.programmer > #4443

Re: analysis of java application logs

From Robert Klemme <shortcutter@googlemail.com>
Newsgroups comp.lang.java.programmer
Subject Re: analysis of java application logs
Date 2011-05-23 02:20 -0700
Organization http://groups.google.com
Message-ID <ef3e4f7a-539f-4dd3-a82e-5982cd171a51@h9g2000yqk.googlegroups.com> (permalink)
References <bd933ace-5641-4711-9105-4e949a602b87@c1g2000yqe.googlegroups.com>

Show all headers | View raw

On 23 Mai, 09:50, Ulrich Scholz <d...@thispla.net> wrote:
> I'm looking for an approach to the problem of analyzing application
> log files.
>
> I need to analyse Java log files from applications (i.e., not logs of
> web servers). These logs contain Java exceptions, thread dumps, and
> free-form log4j messages issued by log statements inserted by
> programmers during development. Right now, these man-made log entries
> do not have any specific format.
>
> What I'm looking for is a tool and/or strategy that supports in lexing/
> parsing, tagging, and analysing the log entries. Because there is only
> little defined syntax and grammar - and because you might not know
> what you are looking for - the task requires the quick issuing of
> queries against the log data base. Some sort of visualization would be
> nice, too.
>
> Pointers to existing tools and approaches as well as appropriate tools/
> algorithms to develop the required system would be welcome.

I once did a project for our Ruby Best Practices blog.  The code is
over there at github:
https://github.com/rklemme/muppet-laboratories

Explanations can be found in the blog.  This is the first posting of
the series:
http://blog.rubybestpractices.com/posts/rklemme/005_Enter_the_Muppet_Laboratories.html

This works different from what you want: log files are read and
written out to small log files according to particular criteria.  But
you could reuse the parsing part (including detection of multi line
log statements) and write what you found into a relational database.
If you have it in the DB you can query for at least timestamp, log
level, message content and probably also thread id and class.  If you
want to do custom tagging you could do that once the data is in the
database.

Since we do not know what goal your analysis has and how many
different questions to want to ask the data it's not entirely clear
whether that would be the optimal approach for your problem.  One
variant to the above would be to provide the parsing process a number
of regular expressions with a label attached and label all log entries
during insertion into the database.  But since modern relational
databases usually also support full text indexing and regular
expression matches that might also be solved with a view.  If your
data volume is large you need to additionally make sure this remains
efficient.

Kind regards

robert

Back to comp.lang.java.programmer | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

analysis of java application logs Ulrich Scholz <d7@thispla.net> - 2011-05-23 00:50 -0700
  Re: analysis of java application logs Robert Klemme <shortcutter@googlemail.com> - 2011-05-23 02:20 -0700
  Re: analysis of java application logs jlp <jlp@jlp.com> - 2011-05-23 11:45 +0200
  Re: analysis of java application logs Lew <noone@lewscanon.com> - 2011-05-23 09:11 -0400
    Re: analysis of java application logs Daniele Futtorovic <da.futt.news@laposte-dot-net.invalid> - 2011-05-23 19:16 +0200
      Re: analysis of java application logs Lew <noone@lewscanon.com> - 2011-05-23 15:02 -0400
        Re: analysis of java application logs Daniele Futtorovic <da.futt.news@laposte-dot-net.invalid> - 2011-05-23 22:03 +0200
          Re: analysis of java application logs Michael Wojcik <mwojcik@newsguy.com> - 2011-05-26 14:43 -0400
        Re: analysis of java application logs Arved Sandstrom <asandstrom3minus1@eastlink.ca> - 2011-05-23 18:32 -0300
          Re: analysis of java application logs Ulrich Scholz <d7@thispla.net> - 2011-05-25 06:00 -0700
            Re: analysis of java application logs Arved Sandstrom <asandstrom3minus1@eastlink.ca> - 2011-05-25 19:04 -0300
        Re: analysis of java application logs Martin Gregorie <martin@address-in-sig.invalid> - 2011-05-23 22:25 +0000
          Re: analysis of java application logs Nigel Wade <nmw-news@ion.le.ac.uk> - 2011-05-24 12:26 +0100
            Re: analysis of java application logs Martin Gregorie <martin@address-in-sig.invalid> - 2011-05-24 12:29 +0000
              Re: analysis of java application logs Lew <noone@lewscanon.com> - 2011-05-24 08:49 -0400
                Re: analysis of java application logs Martin Gregorie <martin@address-in-sig.invalid> - 2011-05-24 14:37 +0000
                Re: analysis of java application logs Lew <noone@lewscanon.com> - 2011-05-24 12:26 -0400
                Re: analysis of java application logs Jim Gibson <jimsgibson@gmail.com> - 2011-05-24 11:00 -0700
                Re: analysis of java application logs Lew <noone@lewscanon.com> - 2011-05-24 14:35 -0400
                Re: analysis of java application logs Nigel Wade <nmw-news@ion.le.ac.uk> - 2011-05-25 09:53 +0100
            Re: analysis of java application logs Daniele Futtorovic <da.futt.news@laposte-dot-net.invalid> - 2011-05-24 19:12 +0200
  Re: analysis of java application logs Patricia Shanahan <pats@acm.org> - 2011-05-23 06:17 -0700
    Re: analysis of java application logs Robert Klemme <shortcutter@googlemail.com> - 2011-05-23 20:33 +0200
      Re: analysis of java application logs Martin Gregorie <martin@address-in-sig.invalid> - 2011-05-23 19:07 +0000
  Re: analysis of java application logs CncShipper <anon@nowhere.com> - 2011-05-23 14:56 +0000
    Re: analysis of java application logs Lew <noone@lewscanon.com> - 2011-05-23 11:43 -0400
      Re: analysis of java application logs jlp <jlp@jlp.com> - 2011-05-23 18:00 +0200
        Re: analysis of java application logs Lew <noone@lewscanon.com> - 2011-05-23 12:20 -0400
          Re: analysis of java application logs Daniele Futtorovic <da.futt.news@laposte-dot-net.invalid> - 2011-05-23 19:06 +0200
            Re: analysis of java application logs Robert Klemme <shortcutter@googlemail.com> - 2011-05-23 20:27 +0200
              Re: analysis of java application logs Daniele Futtorovic <da.futt.news@laposte-dot-net.invalid> - 2011-05-23 21:02 +0200
              Re: analysis of java application logs Lew <noone@lewscanon.com> - 2011-05-23 15:06 -0400
                Re: analysis of java application logs Robert Klemme <shortcutter@googlemail.com> - 2011-05-23 22:10 +0200
                Re: analysis of java application logs Lew <noone@lewscanon.com> - 2011-05-23 17:04 -0400
  Re: analysis of java application logs Tom Anderson <twic@urchin.earth.li> - 2011-05-24 15:04 +0100
    Re: analysis of java application logs Martin Gregorie <martin@address-in-sig.invalid> - 2011-05-24 14:50 +0000
      Re: analysis of java application logs Michael Wojcik <mwojcik@newsguy.com> - 2011-05-26 14:58 -0400
      Re: analysis of java application logs Lawrence D'Oliveiro <ldo@geek-central.gen.new_zealand> - 2011-05-30 16:23 +1200
        Re: analysis of java application logs Lew <noone@lewscanon.com> - 2011-05-30 01:08 -0400

csiph-web