I’ve got a stream of event logs (log4j variation - timestamp host class msg summary etc) coming in – I want to identify what event log messages have an element of seasonal regularity (i.e. every weekend, every month, every day at a certain time etc). I know there are some already through manual exploration, but would love to be able to search / report on what events have a form of seasonality.
Looking at x11 or predict, they seem to be for time series data, and not event log msgs as such..
Not an answer - but more of my own thought on how to achieve this using cluster.
Can I list all the events group in a cluster and the work out the time between each event in the cluster? Doing that would give me a way of seeing a pattern if there is an element of seasonally of each event.. i.e. every hour or every x days etc...
OK.. so I can table out all the events on a per cluster basis with
search 'n' cluster | table time, clustercount, cluster label
BUT how could I work out the time between each event in each cluster? Some sort of foreach?