spell-rs is a Spell implementation in Rust.
Spell is a Streaming Parser for Event Logs using an LCS (Longest Common Subsequence).
The minimum Rust version is 1.31 due to the use crate::
syntax.
Min Du and Feifei Li. Spell: Streaming Parsing of System Event Logs. 2016 IEEE 16th International Conference on Data Mining (ICDM) pp. 859-864, Barcelona, Spain, December, 2016. DOI: 10.1109/ICDM.2016.0103. https://ieeexplore.ieee.org/document/7837916
- Original paper: https://www.cs.utah.edu/~lifeifei/papers/spell.pdf
- Presentation slides: https://www.cs.utah.edu/~mind/papers/spell_slides.pdf
Spell ingests log lines one by one and build up a list of formatting strings that can be used to analyze the logs. For example (see presentation slides, page 19), given the two log entries:
Temperature (41C) exceeds warning threshold
Temperature (42C, 43C) exceeds warning threshold
the LCS is:
Temperature * exceeds warning threshold
which can then be used to analyze the logs.
As of cedf57a7a73b1052de937d13150c2b9d8a03237c, the Rust implementation gives the exact same results as the Java one.
Universal Python package (wheel) can be built on all platforms using:
cd python
# Compile Rust code
pip install --editable .
# Test Python package
python ./test.py
# Build a wheel
python setup.py --verbose bdist_wheel
This only requires Docker.
# Build a Docker image containing everything required
./docker/docker_build.sh
# Run the commands to build wheel inside a docker container
./docker/docker_run.sh
This project is licensed under either of
- Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
- MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)
at your option.