How to help Drain3 TemplateMiner distinct very similar log events that clearly have a different meaning? #109
Description
Currently, I just use Drain for OpenStack logs via Python. I just import the TemplateMiner and without setting any additional configuration variables, I let it parse and find the templates.
However, lines that are very similar:
nova-compute.log.1.2017-05-16_13:55:31 2017-05-16 00:00:04.500 2931 INFO nova.compute.manager [req-3ea4052c-895d-4b64-9e2d-04d64c4d94ab - - - - -] [instance: b9000564-fe1a-409b-b8cc-1e88b294cd1d] VM Started (Lifecycle Event)
nova-compute.log.1.2017-05-16_13:55:31 2017-05-16 00:00:04.562 2931 INFO nova.compute.manager [req-3ea4052c-895d-4b64-9e2d-04d64c4d94ab - - - - -] [instance: b9000564-fe1a-409b-b8cc-1e88b294cd1d] VM Paused (Lifecycle Event)
The difference is "VM Started" and "VM Paused".
but have a radically different meaning are grouped into the same cluster. Is there a way how I can help drain with this issue? I tried setting values in the Drain3.ini like Depth, max distance and required similarity but given that only a single word makes the difference here, that didn't help.
Thankful for all answers!