Expand description
drain3 — fast log template extraction via fixed-depth prefix trees.
Rust port of logpai/Drain3. Splits log lines into tokens,
clusters them by a prefix tree keyed on token count, and replaces
variable tokens with a param placeholder (<*> by default).
§Example
use drain3::Config;
let samples: Vec<String> = vec![
"connection from 10.0.0.1 timeout after 5000ms".into(),
"connection from 10.0.0.2 timeout after 3000ms".into(),
"connection from 10.0.0.3 timeout after 1000ms".into(),
];
let matcher = drain3::train(&samples, Config::default())?;
let (id, args, ok) = matcher.match_line("connection from 192.168.1.1 timeout after 42ms");
assert!(ok);
assert_eq!(args, vec!["192.168.1.1", "42ms"]);Structs§
- Config
- Controls training and matching behavior.
- Config
Builder - Use builder syntax to set the inputs and finish with
build(). - Matcher
- A trained DRAIN matcher. Holds the prefix tree, token dictionary, and precomputed indices for fast line matching.
- Render
Plan - Template
- A trained log template.
Enums§
- Error
- Errors that can occur during training or template reconstruction.
Functions§
- matcher_
from_ templates - Rebuild a matcher from pre-existing templates.
- stride_
sample - Deterministically sample lines as fixed-size blocks at regular strides with random jitter inside each stride window.
- train
- Train a matcher with the provided config.