Anomaly detection Engine for Linux Logs (ADE)

flowlayout.xml

ADE uses the flowlayout.xml file to control the analytics.  The flowlayout .xml file specifies
How to divide logs into time slices is specified using the target namespace value  FramingFlow . The duration key defines the  length of the interval in milliseconds.   
<tns:FramingFlow consecutive="true" duration="600000" name="tenMinutesTrain" databaseId="0">
    <tns:FramerClass>ConsecutiveTimeFramer</tns:FramerClass>
  </tns:FramingFlow>

 <tns:FramingFlow consecutive="true" duration="3600000" name="oneHour" databaseId="6">
    <tns:FramerClass>ContinuousTimeFramer</tns:FramerClass>
    <tns:FramerProperty Key="Permanent_Split_Factor" Value="6"/>
    <!--60 minutes will be split into 6 permanent XML output, which is 10 minutes per output-->
    <tns:FramerProperty Key="Temporary_Split_Factor" Value="5"/>
    <!--10 minutes will be split into 5 temporary XML output, which is 2 minutes per output-->
  </tns:FramingFlow>
What analytics  are defined  using the target namespace value AnalysisGroupFlow. Within the AnalysisGroupFlow  there are six target namespace values
    <tns:UploadFramingFlow>tenMinutesTrain</tns:UploadFramingFlow>
    <tns:TrainingIntervalFactor>6</tns:TrainingIntervalFactor>
    <tns:AnalysisFramingFlow>oneHour</tns:AnalysisFramingFlow>
    <tns:ScoringSchema id="LINUX01" ScoredEntity="message">
      <tns:ScorerClass>ClusteringContextScore</tns:ScorerClass>
      <tns:ScorerProperty Key="numClustersSqrtNumMsgs" Value="true"/>
      <tns:ScorerProperty Key="numClustersSqrtNumMsgsFactor" Value="3"/>
      <tns:ScorerProperty Key="numRuns" Value="50"/>
      <tns:ScorerProperty Key="clusterContextFraction" Value="0.3"/>
      <tns:ScorerProperty Key="seed" Value="1"/>
      <tns:ScorerProperty Key="maxTrials" Value="100000"/>
      <tns:ScorerProperty Key="maxIdleTrials" Value="15000"/>
      <tns:ScorerProperty Key="minAppearThresh" Value="3"/>
      <tns:ScorerProperty Key="alpha" Value="0.1"/>
      <tns:ScorerProperty Key="minAverageInformationRatio" Value="2"/>
      <tns:ScorerProperty Key="allowEmptyClusters" Value="false"/>
      <tns:ScorerProperty Key="useTimelineForMutualInformation" Value="true"/>
      <tns:ScorerProperty Key="trace" Value="false"/>
    </tns:ScoringSchema>
    <tns:Outputer id="LINUXx35">
      <tns:OutputerClass>org.openmainframe.ade.ext.output.ExtJaxbAnalyzedIntervalV2XmlStorer</tns:OutputerClass>
      <tns:OutputerProperty Key="createXSLDirectory" Value="true"/>
      <tns:OutputerProperty Key="formatXMLOutput" Value="true"/>
    </tns:Outputer>
    <tns:FinalAnomalyMessageScorer>LINUX51</tns:FinalAnomalyMessageScorer>
    <tns:FinalAnomalyIntervalScorer>LINUX52</tns:FinalAnomalyIntervalScorer>