Upgrade to Pro — share decks privately, control downloads, hide ads and more …

Building an Adaptive Log Classification System. An Industrial Report

Exactpro
PRO
November 08, 2019
Technology
0
220

Building an Adaptive Log Classification System. An Industrial Report

Kirill Rudakov, Andrey Novikov, Anton Sitnikov, Evgenii Tsymbalov, Elena Treshcheva and Alexey Zverev

International Conference on Software Testing, Machine Learning and Complex Process Analysis (TMPA-2019)
7-9 November 2019, Tbilisi

Video: https://youtu.be/6IGRVRKL_M4

TMPA Conference website https://tmpaconf.org/
TMPA Conference on Facebook https://www.facebook.com/groups/tmpaconf/

Exactpro
PRO

November 08, 2019
Tweet

More Decks by Exactpro

See All by Exactpro
AI Testing Talks – Negative Testing
exactpro
PRO
1
27
Exactpro - Challenge 1 - Hackathon Submission
exactpro
PRO
0
150
Mentorship Training
exactpro
PRO
1
10
Autonomous Vehicles (AVs): Basics and Testing Challenges
exactpro
PRO
0
32
ISTQB CTFL Preparation Course Intakes 1 and 2 Updates
exactpro
PRO
0
61
ISTQB: AI and Agile Software Testing
exactpro
PRO
1
84
The State of QA in Georgia
exactpro
PRO
0
58
Soft Skills Required in QA
exactpro
PRO
0
72
Data Literacy
exactpro
PRO
0
28

Other Decks in Technology

See All in Technology
開発チーム内でのQAの役割
iseki
0
140
Exciting WebPageTest Scripting - WebPerf Meetup Hamburg, 20230323
tbaldauf
0
130
Zennを支える Google Cloud の技術
wadayusuke
0
110
BUILD UP for Web3 engineer
aramaki
0
510
QMファンネルとQAキャリア
gen519
PRO
1
180
Tackle the infodemic of misinformation from LINE
line_developers_tw
PRO
0
140
CDK使用歴1年の僕が現場でCDK導入するときに得たTips
miura55
0
320
CloudWatchエージェントとCloudWatchで行うアプリ監視
smt7174
0
100
試して分かった!AWS を使った PLCのデータ収集と分析基盤の実践ノウハウ #FA設備技術勉強会#13
ganota
1
350
ChatGPTをプロダクトに入れる開発が"毎日がAfter GPT"だった件/ChatGPT LT Link and Motivation
lmi
1
3.1k
ORM - Object-relational mapping
onk
PRO
0
510
SIGNATE開発失敗談
bonjiri_niwa
0
200

Featured

See All Featured
Making Projects Easy
brettharned
102
4.9k
Designing Experiences People Love
moore
130
22k
Designing for Performance
lara
600
65k
Streamline your AJAX requests with AmplifyJS and jQuery
dougneiner
128
8.8k
Faster Mobile Websites
deanohume
296
29k
How GitHub Uses GitHub to Build GitHub
holman
466
280k
From Idea to $5000 a Month in 5 Months
shpigford
374
44k
Six Lessons from altMBA
skipperchong
15
2.4k
個人開発の失敗を避けるイケてる考え方 / tips for indie hackers
panda_program
31
8.9k
Refactoring Trust on Your Teams (GOTO; Chicago 2020)
rmw
22
1.8k
StorybookのUI Testing Handbookを読んだ
zakiyama
8
3.4k
Art, The Web, and Tiny UX
lynnandtonic
284
18k

Transcript

  1. 7-9 November, Tbilisi
    Ivane Javakhishvili Tbilisi State University
    7-9 November, Tbilisi
    Ivane Javakhishvili Tbilisi State University
    Anton Sitnikov, Kirill Rudakov, Andrey Novikov, Evgeny Tsymbalov, Elena Trescheva, Alexey Zverev
    Exactpro
    Building an Adaptive
    Logs Classification System
    An industrial report

    View Slide

  2. 7-9 November, Tbilisi
    Ivane Javakhishvili Tbilisi State University
    Logs analysis in Fintech world
    ● Any feasible way to improve software quality is highly demanded
    ● Logs observation for passive testing – an elegant and non-disruptive way for
    early error discovery
    ● Log size is the problem

    View Slide

  3. 7-9 November, Tbilisi
    Ivane Javakhishvili Tbilisi State University
    Reducing complexity

    View Slide

  4. 7-9 November, Tbilisi
    Ivane Javakhishvili Tbilisi State University
    From M’s of log lines to ~10..100k of signatures
    ● A signature is a log line with values replaced by placeholders (TIMESTAMP,
    ID, URL, and many more)
    ● Signature extraction is made by regular expressions. They need to be
    manually added over time

    View Slide

  5. 7-9 November, Tbilisi
    Ivane Javakhishvili Tbilisi State University
    …and then to 1000’s of clusters
    Cluster is a set of close signatures, ideally meaning same error type for a human
    engineer
    Why signatures are not enough?
    ● ID’s are difficult to catch
    ● Words can be added/deleted, which leads to different signatures
    ● Fast growing clusters are sign of missing signature extraction rule

    View Slide

  6. 7-9 November, Tbilisi
    Ivane Javakhishvili Tbilisi State University
    Clustering approaches
    K-means on log lines
    Train by several days; see what’s new
    on new days.
    A signature makes new cluster if
    distant from all existing.
    + Can process massive logs
    + User defines radius ad hoc
    - Clusters are moving over time
    Agglomerative on signatures
    Fix cluster diameter; make new
    cluster if signature distant from
    existing clusters. Keep cluster
    history forever
    + Clusters stable, consistent history
    - Slower
    - Lots of small clusters, need to
    introduce “user macro-clusters”

    View Slide

  7. Initial classification
    New logs processing
    New logs (hour
    to day)
    Old clusters do not move.
    A user is notified when new
    cluster appears
    Initial class
    structure
    100k - 1M records a
    day
    ~10k signatures ~1k dense clusters
    Log archive
    (week)
    Hundreds of user clusters
    UI shows user clusters
    Human classification
    Vectorization in
    space of
    1,2,3-grams
    k-means-facilitated
    human overview,
    population of user
    clusters
    Greedy clustering to
    Jaccard-dense clusters
    Signature
    extraction.
    Vectorization in
    space of
    1,2,3-grams
    Two clusters mean the same?
    Human joins them to a user
    cluster and names it.
    User cluster contain single of
    multiple dense clusters
    New 1,2,3-gram?
    Add dimension, re-evaluate distances
    New signature?
    Calculate distance to old signatures
    Is adding to existing cluster break Jaccard
    compactness criterion? Then it is a new
    cluster.

    View Slide

  8. 7-9 November, Tbilisi
    Ivane Javakhishvili Tbilisi State University
    Business use cases
    ● See new error types for day
    ● Find cluster (exact or nearest) by raw log line
    ● Compare error portraits of two days (and test runs)

    View Slide

  9. 7-9 November, Tbilisi
    Ivane Javakhishvili Tbilisi State University
    Implementation

    View Slide

  10. 7-9 November, Tbilisi
    Ivane Javakhishvili Tbilisi State University
    DB/backend queries
    ● What new clusters appeared today?
    ● What clusters appeared on Day X but not on Day Y?
    ● When did Cluster X appears during the day, and how often?
    ● What cluster does this log line belong to?
    10

    View Slide

  11. REST Middleware for UI
    Clustering
    (after each parsing,
    called by parser/bash)
    UI server
    (React or Flask)
    Parsing
    (Regular,
    Bash-called)
    Model storage (file)
    ● Vocabulary
    ● Signatures x Vocabulary
    ● Distances (Jaccard
    matrix)
    ● Signatures
    ● Clusters & Rangers
    ● Settings
    mySQL
    Clustering
    Settings
    Macro-clusters
    UI settings
    signatures,
    appearances
    (each)
    Read
    cluster &
    new
    signatures
    Save
    re-calculated
    clusters
    Read
    clusters

    View Slide

  12. 7-9 November, Tbilisi
    Ivane Javakhishvili Tbilisi State University

    View Slide

  13. 7-9 November, Tbilisi
    Ivane Javakhishvili Tbilisi State University
    Q&A

    View Slide

  14. 7-9 November, Tbilisi
    Ivane Javakhishvili Tbilisi State University
    Thanks

    View Slide