spell-rs

spell-rs is a Spell implementation in Rust.

Spell is a Streaming Parser for Event Logs using an LCS (Longest Common Subsequence).

The minimum Rust version is 1.31 due to the use crate:: syntax.

Reference

Min Du and Feifei Li. Spell: Streaming Parsing of System Event Logs. 2016 IEEE 16th International Conference on Data Mining (ICDM) pp. 859-864, Barcelona, Spain, December, 2016. DOI: 10.1109/ICDM.2016.0103. https://ieeexplore.ieee.org/document/7837916

• Original paper: https://www.cs.utah.edu/~lifeifei/papers/spell.pdf
• Presentation slides: https://www.cs.utah.edu/~mind/papers/spell_slides.pdf

Details

Spell ingests log lines one by one and build up a list of formatting strings that can be used to analyze the logs. For example (see presentation slides, page 19), given the two log entries:

Temperature (41C) exceeds warning threshold
Temperature (42C, 43C) exceeds warning threshold

the LCS is:

Temperature * exceeds warning threshold

which can then be used to analyze the logs.

As of cedf57a7a73b1052de937d13150c2b9d8a03237c, the Rust implementation gives the exact same results as the Java one.

Python Wrapper

Universal Python package (wheel) can be built on all platforms using:

cd python

# Compile Rust code
pip install --editable .

# Test Python package
python ./test.py

# Build a wheel
python setup.py --verbose bdist_wheel

Docker

This only requires Docker.

# Build a Docker image containing everything required
./docker/docker_build.sh

# Run the commands to build wheel inside a docker container
./docker/docker_run.sh

Other Implementations

• Spell, Java version
• pyspell, a Python version
• spell, another Python version

License

This project is licensed under either of

• Apache License, Version 2.0, (LICENSE-APACHE or http://www.apache.org/licenses/LICENSE-2.0)
• MIT license (LICENSE-MIT or http://opensource.org/licenses/MIT)

at your option.