RE: [logs] most popular reports...?

mjr@private

Kohlenberg, Toby wrote:
>But you have to figure out what your goals are if you are going to
>visualize the data.

Funny - Jose and I were having a similar discussion offline.
My theory is that visualization is mostly useful as an exploratory
tool. Basically, you've got your "Bass" "Treble" and "Volume"
knobs you can mess with, and you can change the position of
the antennas and mess with the UHF knob until the picture
comes clear. The underlying goo driving it all is statistics of
some sort or another. But once you've used the visualization
tool to explore the data set you might go "Wow. This one is useful!"
Then you can fine-tune to collect that value in a less-expensive
format (i.e.: a pie chart or whatever)  and you can start to
optimize by precomputing values you now know are of interest.

A bunch of years ago, when I was at NFR, I talked to a bunch of
guys from SAS. They were really hot to "do something with IDS
logs."  I was really hot to "have someone do something with IDS
logs." It seemed like a fit. I flew down to RTP with a CDROM of
useless data hoping it would magically turn into valuable
information. I told the SAS guys, "well, here it IS!" and they
said, "OK, so what does it MEAN?"   I was flummoxed: "huh?
You tell me!" They replied, "No! You tell US!"

There's this weird chicken/egg relationship. I think when we talk
visualization what we really want is something to facilitiate that
process of exploration. Of course we have this great tool for
that stuck behind our eyes and between our ears, and we'd
go to any lengths to avoid having to use it, lest it wear out. :)

In my logging tutorial, one of the first things I try to get people
to consider doing is just sitting there for a while looking at the
darned things with "more".

Hey! Can someone write me a 3-d version of "more" so I can
visualize my logs? ;)

mjr. 

_______________________________________________
LogAnalysis mailing list
LogAnalysis@private
http://lists.shmoo.com/mailman/listinfo/loganalysis