Interactive Visualization for System Log Analysis

We present a visualization interface to assist system administrators in searching system logs. Even with current regular expression matchers such as grep, the amount of log data is difficult for humans to understand. We augment grep with a visualization of the matched patterns. To further reduce the amount of information displayed, we cluster similarlyperforming nodes and only show a single node representative of the entire cluster. The user can then interactively search the log, zoom in on a certain time window, and choose the number of clusters. Our simulations show that our clustering is effective and our system is fast: the clustering successfully isolates anomalously-performing nodes in a variety of situations; the visualization can interactively visualize hundreds of millions of log messages across a hundred nodes at interactive rates.