HTTP Status Code Prediction with Machine Learning

ByPrasad

With the ever-increasing sophistication of digital systems, the need to monitor, understand, and anticipate issues in these systems has become paramount. One of the primary ways of doing this is through log analysis – the practice of examining log entries generated by system activities.

In this blog post, we’ll take a deep dive into a specific application of machine learning in log analysis: Predicting HTTP status codes from log messages. To bring this to life, we’ll walk through a Python script that illustrates how to implement this prediction model.

HTTP Status Codes: The Heartbeat of the Web

HTTP status codes are three-digit responses sent by a server in response to a client’s request made to the server. These codes provide quick information about the result of a request – was it successful, unauthorized, not found, or resulted in a server error? Predicting these codes can give us an insight into future issues and enable us to proactively handle potential problems, resulting in better system reliability and user experience.

The Machine Learning Approach

We’ll use a supervised machine learning model to predict HTTP status codes based on the associated log messages. Specifically, we’ll leverage a random forest classifier, which is a powerful ensemble learning method known for its versatility and robustness.

A Deep Dive into the Script

import csv
import json
import re
import pandas as pd
from sklearn.model_selection import train_test_split
from sklearn.feature_extraction.text import TfidfVectorizer
from sklearn.ensemble import RandomForestClassifier
from sklearn.pipeline import Pipeline
from sklearn.metrics import classification_report, confusion_matrix
from imblearn.over_sampling import RandomOverSampler

# Function to preprocess JSON strings
def preprocess_json_string(json_string):
    return json_string.replace('""', '"').strip('"')

# Function to extract status codes from JSON strings
def extract_status_code(json_string):
    match = re.search(r'"status_code":(\d+)', json_string)
    return int(match.group(1)) if match else None

# Read log lines from a CSV file
log_lines = []
with open('log.csv', 'r') as csvfile:
    reader = csv.DictReader(csvfile)
    for row in reader:
        log_lines.append(row['Message'])

# Preprocess log lines and extract status codes
preprocessed_log_lines = [preprocess_json_string(log_line) for log_line in log_lines]
status_codes = [extract_status_code(log_line) for log_line in preprocessed_log_lines]

# Create a DataFrame
data = pd.DataFrame({'log_line': preprocessed_log_lines, 'status_code': status_codes})

# Remove rows with missing values
data = data.dropna()

# Save the extracted data to a new CSV file
data.to_csv('extracted_data.csv', index=False)

# Split the dataset into train and test sets
X_train, X_test, y_train, y_test = train_test_split(data['log_line'], data['status_code'], test_size=0.2, random_state=42)

# Oversample the training data
ros = RandomOverSampler(random_state=42)
X_train_resampled, y_train_resampled = ros.fit_resample(pd.DataFrame(X_train), y_train)

# Create a pipeline with TfidfVectorizer and RandomForestClassifier
pipeline = Pipeline([
    ('tfidf', TfidfVectorizer()),
    ('clf', RandomForestClassifier(random_state=42))
])

# Train the model
pipeline.fit(X_train_resampled['log_line'], y_train_resampled)

# Predict status codes for the test set
y_pred = pipeline.predict(X_test)

# Evaluate the model
print(classification_report(y_test, y_pred))
print(confusion_matrix(y_test, y_pred))

Our Python script performs the prediction task in a series of well-defined steps. Let’s dive into each one:

Step 1: Data Preparation We start by reading the log lines from a CSV file named ‘log.csv’. These lines are preprocessed and HTTP status codes are extracted using custom Python functions. The preprocessed log lines and corresponding status codes are stored in a pandas DataFrame.

Step 2: Data Cleaning Next, we remove rows with missing values. This ensures that our model is trained with high-quality data.

Step 3: Data Splitting The data is split into a training set and a test set. The training set is used to train the model, while the test set is used to evaluate the model’s performance.

Step 4: Handling Class Imbalance Real-world datasets often suffer from class imbalance – certain classes (in our case, certain HTTP status codes) have fewer samples than others. To overcome this, we oversample the minority classes in the training data, ensuring that our model doesn’t become biased towards the majority class. This step can be avoided in case sufficient data is available.

Step 5: Model Training We build a machine learning pipeline that first transforms our log lines into numerical features using TfidfVectorizer and then feeds these features into a RandomForestClassifier. The model is trained using the oversampled training data.

Step 6: Model Evaluation Finally, we evaluate the model’s performance on the test data using a classification report and confusion matrix. These metrics help us assess the model’s predictive power and accuracy.

Classification Report

Class     Precision    Recall   F1-score   Support
---------------------------------------------------
200.0       1.00        0.93       0.96      7448
201.0       0.32        0.95       0.48       424
400.0       1.00        1.00       1.00      1062
401.0       0.17        0.99       0.30        98
403.0       0.00        0.00       0.00         2
404.0       0.74        1.00       0.85       207
412.0       0.94        0.98       0.96        96
422.0       1.00        0.96       0.98     20495
---------------------------------------------------
Accuracy                            0.95     29832
Macro Avg   0.65        0.85       0.69     29832
Weighted Avg 0.98       0.95       0.96     29832

Confusion Matrix

Class   200.0 201.0 400.0 401.0 403.0 404.0 412.0 422.0
----------------------------------------------------------
200.0   6953   455     0    12     3    22     3     0
201.0      1   404     0     0    19     0     0     0
400.0      1     0  1061     0     0     0     0     0
401.0      1     0     0    97     0     0     0     0
403.0      2     0     0     0     0     0     0     0
404.0      0     0     0     0     0   207     0     0
412.0      1     0     0     0     0     1    94     0
422.0     24   385     0   448     3    49     3 19583

The Bigger Picture

The ability to predict HTTP status codes from log messages is just one example of how machine learning can bring value to log analysis. By providing insights into future system behavior, we can be proactive in maintaining and improving system performance, ultimately enhancing user experience.

This example underscores the potential of machine learning in making sense of unstructured text data. As we continue to generate vast amounts of log data, the use of machine learning in log analysis is set to become an increasingly important tool in our digital toolbox.

Similar Posts

How to migrate Node.js API Workloads from EC2 to EKS – A Comprehensive Guide

ByPrasad

In the current cloud-native era, Kubernetes has rapidly emerged as a favored choice due to its efficiency, scalability, and robust orchestration capabilities. Numerous organizations are shifting their workloads from traditional virtual machine environments to container orchestration platforms, such as Amazon’s Elastic Kubernetes Service (EKS).

Apache Log4j Vulnerability: Detection, Impact, and Resolution

ByPrasad

Apache Log4j is a Java-based logging utility used extensively in software applications to record activities and diagnose problems. Its popularity and widespread adoption have made the recent vulnerability particularly alarming. CVE-2021-45105 is a security vulnerability that allows an attacker to execute arbitrary code remotely. It’s a classic example of a Remote Code Execution (RCE) vulnerability, considered one of the most dangerous types of vulnerabilities because it can provide an attacker with control over a victim’s system.

PII and SAAS

ByPrasad

As the digital revolution propels the business landscape into new realms, the concept of personally identifiable information (PII) has gained crucial significance, especially for Software as a Service (SaaS) products. This blog post will examine the importance of PII, its relevance in SaaS, and how businesses can safeguard such information to build trust and enhance…

Maximizing Resilience in Azure: A Guide to Three-Tier Architecture with AKS and MongoDB

ByPrasad

In this guide, we’ll explore the process of designing and deploying a highly available, resilient three-tier application architecture on Azure. This architecture will use Azure Kubernetes Service (AKS), Azure Application Gateway, and MongoDB, with the entire structure distributed across three Availability Zones for maximum resilience and high availability.

|

An Example Statement of Work: ACME’s Proposal for KODIAK CORP

ByPrasad

The purpose of this Statement of Work (SOW) is to outline ACME Ventures LLC’s proposal to conduct third-party vendor assessments for KODIAK CORP. The document sets forth the objectives, scope, roles and responsibilities, deliverables, and the pricing model for the proposed project. This SOW is crucial as it ensures that ACME and KODIAK are aligned on all facets of the project, reducing potential conflicts, and setting a clear path towards successful project completion.