Getting anomaly detection right by structuring logs automatically

With an approach that understands event structures, the structure:

would be uniquely understood, and its location in a multi-line log sequence would be diagnostically useful – for example identifying a Java exception. So, lack of context is one reason keyword matches make a weak foundation for useful anomaly detection. As discussed in an earlier blog, our software uses machine learning to automatically distil tens of millions of unstructured log lines down to a much smaller set of perfectly structured event types (with typed variables tracked in associated columns).

Source: www.zebrium.com