I have some devices(network switch, router etc), they publish activity logs through syslog. I need to find actionable items from the logs as alerts. An Actionable item could be, a device has been shut down and not restarted, or device disk memory is full etc. I have following fields in syslogs timestamp source application_name facility full_message gl2_remote_ip gl2_remote_port gl2_source_input gl2_source_node level message process_id streams I don't have labelled examples of actionable messages. Can Apache metron do something here with unsupervised learning. ... View more