This would go inn too Big data Analyzes.
I have a huge load of events coming from our network infrastructure.
When I look at one host and fan failure, I do see that it send syslog message every 10 minute.
Same for port-security message, every 5 minutes.
How to go trough the huge log, example last 4 hour and then see what message repeats all the time at equal time span the last 4 hour?
Look at this example data:
Time Event
09:01
09:02 Event_A
09:03 Event_B
09:04 Event_C
09:05 Event_D
09:06
09:07 Event_A
09:08
09:09 Event_B
09:10 Event_F
09:11
09:12 Event_A
09:13 Event_B
09:14 Event_C
09:15 Event_D
09:16
09:17 Event_A
09:18 Event_D
09:19
09:20 Event_F
09:21 Event_B
09:22 Event_A
09:23
09:24 Event_C
09:25
09:26 Event_D
09:27 Event_A
09:28
09:29
09:30 Event_B
09:31
09:32 Event_A
09:33
09:34 Event_C
09:35 Event_F
From these data you can see the following time span between each equal event type:
Event Type Diff in min
Event_A
Event_A 5
Event_A 5
Event_A 5
Event_A 5
Event_A 5
Event_A 5
Event_B
Event_B 6
Event_B 4
Event_B 8
Event_B 9
Event_C
Event_C 10
Event_C 10
Event_C 10
Event_D
Event_D 10
Event_D 3
Event_D 8
Event_F
Event_F 10
Event_F 15
From this I can see that my interesting data is `Event_A` and `Event_C`, since the occurs trough the whole time span at fixed time.
I have looked at `cluster`, `transaction` and more, but do not see how to get the time stored and calculated.
Time may not be exactly repeated on the same micro seconds, but I guess it can be rounded down to nearest second.
↧