I'm looking for a proper way/approach/pattern for the following problem: I have a long log-file with error messages (errorID, errortype, timestamps for begin and end of error, plus additional info about the error). Most of these are unimportant but certain combinations of messages are important, lets say a few 100 patterns of error messages are important (timewise and content-of-the-message-wise), e.g.:
eg.1) if message x appears y times within a certain time interval I want find it (regardless of other messages in-between)
eg.2) message z is important by itself and I want to find it
eg.3) a block of x messeges of type y have the same timestamp and I want to find them
This is essentially pattern matching, where each occurence of the pattern would be returned with the patternID and the timestamp of the first message in the pattern (or the timeinterval of all the messages). I could code this easily with a lot of if-statements for each pattern I want to find (eg. filter the logs and display if something was found), but this is not scaleable and gets messy pretty fast.
Factory+AbstractFactory-pattern would be my first approach (Abstract for the general type of pattern, the normal factory for the specific implementation), but I would need a factory for each pattern and that just creates hundreds of classes, similarly the strategy pattern. I also found that there are things called rules engines, but from what I found they are not flexible enough to capture my problem easily.
Any suggestions for a good way capture this problem (no software, I want to code it on my own)?
Cheers, Pascal
Aucun commentaire:
Enregistrer un commentaire