Thank you for all the amazing work you've done!

I successfully ran through the training and predicting process of deeplog model using the same HDFS data file that you are using (from loghub).

And I'm using Drain as my parsing tool to get the structured log data. I ended up having 48 unique event ID in the template. And I'm using around 5000 sessions for the training and the train loss and validation loss converged to 0.2 (start from 0.8) around 300+ epochs. I didn't change the default parameter setting in the deeplog.py file except for the number of classes (48 in my case).

The result that I got from prediction is shown below. It does not look as promising as the benchmark.

I'm not sure why but is it because of the parsing tool?

And idea or suggetions of improving the model results are welcome!!

Thank you for your work. It was very helpful.

I have a Two questions about LogAnomaly.

First, When I read LogAnomaly paper there was Template2Vec Section. But I can't find that part in your code. There was a count vector part, but the sequence part does not seem to have Template2Vec applied.

Second, Attention was implemented in the logdeep/models/lstm.py, but it was not used.

Again, Thanks for your work. :)

Hi, thank you for this awesome toolkit!

What confuses me is that it seems that you don't set an attention layer, which is mentioned in the paper, in the RobustLog model. Do you mind explaining the reason for me? I'm a ML/DL newbie. Thanks in advance!

Hi, thank you for making this amazing project.

I have some question when I use the BGL dataset to train and test. In the logdeep/dataset/sample.py you use 'hdfs/event2semantic_vec.json', I have no idea what is the function of this file. And when I use the BGL dataset, how I generate this file? Or I needn't this file? If it is not needed, how should I modify sample.py?

looking forward to your reply.

Hello, I started to use this ropo and it is grat! But I need to see the original data of the train and the test (normal and abnormal). I understood that the data generated from the csv 'HDFS_100k.log_structured', but how it has generated? and what format exactly is the date and time in this file?

thanks!

I look at your input to deeplog model is just numerical token sequences. Why isn't one-hot encoding transformation used as the input? The numbers in sequences represent operations, so they are nominal, not ordinal.

Hi @donglee-afar: I read the answers to the issue areas, but I still don't understand the data processing process. I don't know how to convert "sequece_hdfs.csv" to "hdfs_train" in logdeep project.

Could please you help me with it?😀 Can you provide a reference code and a workflow?

thank you very much.

How would I go about using deeplog for Apache logs?

192.168.0.14 - - [15/Sep/2021:07:28:39 -0400] "GET /media/plg_system_popup/js/jquery.js HTTP/1.1" 200 293755 "https://192.168.0.52/" "Mozilla /5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Firefox/78.0"

(python38) houjingwen@MacBook-Pro-2 demo % python3 loganomaly.py train
Traceback (most recent call last): File "loganomaly.py", line 11, in from logdeep.models.lstm import loganomaly,deeplog,robustlog File "/Users/houjingwen/Desktop/logdeep-master/logdeep/models/lstm.py", line 1, in import torch ModuleNotFoundError: No module named 'torch'