In [2]:
import sys
sys.path.insert(0, '..')
sys.path.insert(0, 'plots')

import os

from IPython.display import display
from IPython.display import clear_output
import ipywidgets as widgets


import json
from SplunkIntelOptimized import SplunkIntelOptimized
from sources.SplunkDatasetNew import SplunkDatasetNew
from sources.SplunkFileSource import SplunkFileSource

import plotly as py
import pandas as pd
import numpy as np
import plotNew as plot

py.offline.init_notebook_mode()
pd.set_option('display.notebook_repr_html', True)
    
data_sources_names = []

data_source_picker = None
time_range_picker = None
event_picker = None
event_text_area = None 
threshold_picker = None
new_time_range_picker = None


#create widgets
def create_widgets():
    global data_source_picker, time_range_picker, event_picker
    global event_text_area, threshold_picker, new_time_range_picker
    for file in os.listdir("../../data_prod"):
            if file.endswith(".json"):
                data_sources_names.append(file)

    data_source_picker = widgets.Dropdown(
            options=data_sources_names,
            description='Data Source:',
            disabled=False,
            button_style='' # 'success', 'info', 'warning', 'danger' or ''
        )    

    time_range_picker = widgets.IntRangeSlider(
                value=[1, 2],
                min=0,
                max=100,
                step=1,
                description='Time:',
                disabled=False,
                continuous_update=False,
                orientation='horizontal',
                readout=True,
                readout_format='i',
                slider_color='white',
                color='black'
        )
    
    threshold_picker = widgets.FloatSlider(
                value=0.8,
                min=0,
                max=1,
                step=0.1,
                description='Threshold:',
                disabled=False,
                continuous_update=False,
                orientation='horizontal',
                readout=True,
                readout_format='.1f',
                slider_color='white',
                color='black'
        )
    
    event_picker = widgets.Dropdown(
            options=[1,2,3],
            description='Event Number:',
            disabled=False,
            button_style='' # 'success', 'info', 'warning', 'danger' or ''
        )
    
    l = widgets.Layout(height='40px', width='800px')
    event_text_area = widgets.Textarea(value='TA: height=40px', layout=l)

    
def initialize(change):    
    # Just to set the widgets
    all_events = []
    all_events.extend(SplunkFileSource.load_prod_data('../../data_prod/' + data_source_picker.value))    
    minutes = 0
    for dict in all_events:
        if int(dict.get('logCollectionMinute')) > minutes:
            minutes = dict.get('logCollectionMinute')

    time_range_picker.value = [0,minutes]
    time_range_picker.min = 0
    time_range_picker.max = minutes

    
    change_event_handler(None)
    
    
splunkDataset = SplunkDatasetNew()
splunkIntelargs = []

def event_picker_change_handler(change):
    event_text_area.value = json.dumps(splunkDataset.get_all_events_for_notebook()[event_picker.value])

def split(input, length, size):
    input.replace('\n', ' ')
    input.replace('\tat', ' ')
    return '<br>'.join([input[start:start + size] for start in range(0, length, size)])

def get_tool_tips(all_events):
    tooltips = []
    for idx, event in enumerate(all_events):
        tooltips.append(
            split(event[0], min(100, len(event[0])), 100) + '<br> id = ' + str(idx) + '<br> cluster = ' + str(
            event[3]))
            
    return tooltips
    
# Handle data source change
def change_event_handler(change):
    global splunkDataset
    
    control_start = time_range_picker.value[0]
    test_start = time_range_picker.value[0]
    
    control_end = time_range_picker.value[1]
    test_end = time_range_picker.value[1]

    clear_output()

    prev_out_file = None
    while(control_start <= control_end or test_start < test_end):

        del splunkIntelargs[:]
        splunkDataset = SplunkDatasetNew() 

        print(control_start, control_start)
        print(test_start, test_start)
        splunkDataset.load_from_prod_file('../../data_prod/' + data_source_picker.value,
                                     [control_start, control_start],
                                     [test_start, test_start], 
                                     ['ip-172-31-12-78', 'ip-172-31-15-177', 'ip-172-31-2-144', 'ip-172-31-12-51'],
                                     ['ip-172-31-4-253'],     
                                          prev_out_file)
    
        splunkIntelargs.append('--sim_threshold')
        splunkIntelargs.append(str(float(threshold_picker.value)))
    
        print(splunkIntelargs)

        splunkIntel = SplunkIntelOptimized(splunkDataset, SplunkIntelOptimized.parse(splunkIntelargs))
        splunkDataset = splunkIntel.run()
    
        file_object  = open("result.json", "w")
        file_object.write(splunkDataset.get_output_as_json)
        file_object.close()
        
        prev_out_file = './result.json'
        
        control_start = control_start + 1
        test_start = test_start + 1

    xy_matrix, tooltips, labels,sizes = splunkDataset.control_scatter_plot()
    plot.scatter_plot_groups(xy_matrix, labels, tooltips, ['control', 'test', 'test-anomaly', 'test-unx-freq'], ['blue','green','red', 'orange'])
    
    #xy_matrix, tooltips, labels, sizes = splunkDataset.count_scatter_plot()
    
    #new_sizes = []
    #for size in sizes:
     #   new_sizes.append((3 + len(str(size)))**2)
        
    #print(new_sizes)    
    
    #plot.scatter_plot_groups(xy_matrix, labels, tooltips, ['test', 'test-anomaly'], ['green','red'], new_sizes)


    #for key,data in splunkDataset.get_anom_clusters().items():
     #   for host,anom in data.items():
     #       print(host, anom.get('text'))
    
    xy_matrix, tooltips, labels, clusters = splunkDataset.control_scatter_plot_4d()
    plot.scatter_plot_groups_4d(xy_matrix, labels, clusters, tooltips, ['blue','orange','red'])
            
    event_picker.options = [ x for x in range(len(splunkDataset.get_all_events_for_notebook()))] 
     

create_widgets()

#intialize
initialize(None)
    
#setup even handlers    
data_source_picker.observe(initialize, names="value")
time_range_picker.observe(change_event_handler, names="value")
event_picker.observe(event_picker_change_handler, names="value")
threshold_picker.observe(change_event_handler, names="value")



# show widgets
display(widgets.HBox([data_source_picker]))
display(widgets.HBox([time_range_picker, threshold_picker]))
display(widgets.HBox([event_picker, event_text_area]))

2017-07-10 10:16:06,873 INFO loading file ../../data_prod/splunkLogs.json
2017-07-10 10:16:06,930 INFO Running using file source
2017-07-10 10:16:06,931 INFO Start vectorization....
2017-07-10 10:16:06,933 INFO setting min_df = 1 and max_df = 1.0
2017-07-10 10:16:07,040 INFO Running kemans with k = 8


(0, 0)
(0, 0)
([0, 0], [0, 0], ['ip-172-31-12-78', 'ip-172-31-15-177', 'ip-172-31-2-144', 'ip-172-31-12-51'], ['ip-172-31-4-253'])
['--sim_threshold', '0.8']


2017-07-10 10:16:07,126 INFO Running kemans with k = 12
2017-07-10 10:16:07,307 INFO Running kemans with k = 14
2017-07-10 10:16:07,472 INFO Running kemans with k = 15
2017-07-10 10:16:07,628 INFO found k = 15
2017-07-10 10:16:07,755 INFO Detect Count Anomalies....
2017-07-10 10:16:07,756 INFO Using ThreeSigmaClassifier for cluster 5
2017-07-10 10:16:07,757 INFO done
2017-07-10 10:16:07,762 INFO loading file ../../data_prod/splunkLogs.json
2017-07-10 10:16:07,807 INFO loading file ./result.json
2017-07-10 10:16:07,815 INFO Running using file source
2017-07-10 10:16:07,816 INFO Start vectorization....
2017-07-10 10:16:07,817 INFO setting min_df = 1 and max_df = 1.0


('test count = ', 1)
[31, 31, 31, 30]
[3]
[-1]
(1, 1)
(1, 1)
([1, 1], [1, 1], ['ip-172-31-12-78', 'ip-172-31-15-177', 'ip-172-31-2-144', 'ip-172-31-12-51'], ['ip-172-31-4-253'])
['--sim_threshold', '0.8']


2017-07-10 10:16:08,003 INFO Running kemans with k = 15
2017-07-10 10:16:08,172 INFO found k = 15
2017-07-10 10:16:08,172 INFO Running kemans with k = 7
2017-07-10 10:16:08,251 INFO Running kemans with k = 11
2017-07-10 10:16:08,373 INFO Running kemans with k = 13
2017-07-10 10:16:08,515 INFO Running kemans with k = 14
2017-07-10 10:16:08,908 INFO Detect Count Anomalies....
2017-07-10 10:16:08,909 INFO Using ThreeSigmaClassifier for cluster 4
2017-07-10 10:16:08,910 INFO done


('test count = ', 1)


2017-07-10 10:16:08,914 INFO loading file ../../data_prod/splunkLogs.json
2017-07-10 10:16:08,961 INFO loading file ./result.json
2017-07-10 10:16:08,971 INFO Running using file source
2017-07-10 10:16:08,972 INFO Start vectorization....
2017-07-10 10:16:08,973 INFO setting min_df = 1 and max_df = 1.0


(2, 2)
(2, 2)
([2, 2], [2, 2], ['ip-172-31-12-78', 'ip-172-31-15-177', 'ip-172-31-2-144', 'ip-172-31-12-51'], ['ip-172-31-4-253'])
['--sim_threshold', '0.8']


2017-07-10 10:16:09,164 INFO Running kemans with k = 15
2017-07-10 10:16:09,325 INFO found k = 15
2017-07-10 10:16:09,325 INFO Running kemans with k = 7
2017-07-10 10:16:09,409 INFO Running kemans with k = 11
2017-07-10 10:16:09,528 INFO Running kemans with k = 13
2017-07-10 10:16:09,675 INFO Running kemans with k = 14


('test count = ', 1)


2017-07-10 10:16:10,042 INFO Detect Count Anomalies....
2017-07-10 10:16:10,043 INFO Using ThreeSigmaClassifier for cluster 3
2017-07-10 10:16:10,044 INFO done
2017-07-10 10:16:10,050 INFO loading file ../../data_prod/splunkLogs.json
2017-07-10 10:16:10,095 INFO loading file ./result.json
2017-07-10 10:16:10,107 INFO Running using file source
2017-07-10 10:16:10,108 INFO Start vectorization....
2017-07-10 10:16:10,109 INFO setting min_df = 1 and max_df = 1.0


[31, 64, 64, 31, 64, 64, 31, 64, 64, 30, 64, 63]
[3]
[-1]
(3, 3)
(3, 3)
([3, 3], [3, 3], ['ip-172-31-12-78', 'ip-172-31-15-177', 'ip-172-31-2-144', 'ip-172-31-12-51'], ['ip-172-31-4-253'])
['--sim_threshold', '0.8']


2017-07-10 10:16:10,300 INFO Running kemans with k = 15
2017-07-10 10:16:10,461 INFO found k = 15
2017-07-10 10:16:10,462 INFO Running kemans with k = 7
2017-07-10 10:16:10,544 INFO Running kemans with k = 11
2017-07-10 10:16:10,664 INFO Running kemans with k = 13
2017-07-10 10:16:10,869 INFO Running kemans with k = 14


('test count = ', 1)


2017-07-10 10:16:11,378 INFO Detect Count Anomalies....
2017-07-10 10:16:11,379 INFO Using ThreeSigmaClassifier for cluster 5
2017-07-10 10:16:11,380 INFO done
2017-07-10 10:16:11,386 INFO loading file ../../data_prod/splunkLogs.json
2017-07-10 10:16:11,434 INFO loading file ./result.json
2017-07-10 10:16:11,448 INFO Running using file source
2017-07-10 10:16:11,449 INFO Start vectorization....
2017-07-10 10:16:11,450 INFO setting min_df = 1 and max_df = 1.0


[31, 64, 64, 65, 31, 64, 64, 65, 31, 64, 64, 65, 30, 64, 63, 65]
[3]
[-1]
(4, 4)
(4, 4)
([4, 4], [4, 4], ['ip-172-31-12-78', 'ip-172-31-15-177', 'ip-172-31-2-144', 'ip-172-31-12-51'], ['ip-172-31-4-253'])
['--sim_threshold', '0.8']


2017-07-10 10:16:11,646 INFO Running kemans with k = 15
2017-07-10 10:16:11,839 INFO found k = 15
2017-07-10 10:16:11,840 INFO Running kemans with k = 7
2017-07-10 10:16:11,979 INFO Running kemans with k = 11
2017-07-10 10:16:12,161 INFO Running kemans with k = 13
2017-07-10 10:16:12,313 INFO Running kemans with k = 14


('test count = ', 1)


2017-07-10 10:16:12,794 INFO Detect Count Anomalies....
2017-07-10 10:16:12,796 INFO Using ThreeSigmaClassifier for cluster 12
2017-07-10 10:16:12,799 INFO done
2017-07-10 10:16:12,811 INFO loading file ../../data_prod/splunkLogs.json
2017-07-10 10:16:12,874 INFO loading file ./result.json
2017-07-10 10:16:12,897 INFO Running using file source
2017-07-10 10:16:12,899 INFO Start vectorization....
2017-07-10 10:16:12,901 INFO setting min_df = 1 and max_df = 1.0


[31, 64, 64, 65, 64, 31, 64, 64, 65, 64, 31, 64, 64, 65, 64, 30, 64, 63, 65, 64]
[3]
[-1]
(5, 5)
(5, 5)
([5, 5], [5, 5], ['ip-172-31-12-78', 'ip-172-31-15-177', 'ip-172-31-2-144', 'ip-172-31-12-51'], ['ip-172-31-4-253'])
['--sim_threshold', '0.8']


2017-07-10 10:16:13,108 INFO Running kemans with k = 15
2017-07-10 10:16:13,265 INFO found k = 15
2017-07-10 10:16:13,266 INFO Running kemans with k = 7
2017-07-10 10:16:13,350 INFO Running kemans with k = 11
2017-07-10 10:16:13,541 INFO Running kemans with k = 13
2017-07-10 10:16:13,746 INFO Running kemans with k = 14


('test count = ', 18)


2017-07-10 10:16:14,383 INFO Running kemans with k = 1
2017-07-10 10:16:14,394 INFO Running kemans with k = 2
2017-07-10 10:16:14,417 INFO found k = 2
2017-07-10 10:16:14,418 INFO Detect Count Anomalies....
2017-07-10 10:16:14,419 INFO Using ThreeSigmaClassifier for cluster 0
2017-07-10 10:16:14,420 INFO Using ThreeSigmaClassifier for cluster 1
2017-07-10 10:16:14,421 INFO Using ThreeSigmaClassifier for cluster 2
2017-07-10 10:16:14,424 INFO Using ThreeSigmaClassifier for cluster 3
2017-07-10 10:16:14,426 INFO Using ThreeSigmaClassifier for cluster 4
2017-07-10 10:16:14,428 INFO Using ThreeSigmaClassifier for cluster 5
2017-07-10 10:16:14,431 INFO Using ThreeSigmaClassifier for cluster 6
2017-07-10 10:16:14,432 INFO Using ThreeSigmaClassifier for cluster 7
2017-07-10 10:16:14,433 INFO Using ThreeSigmaClassifier for cluster 8
2017-07-10 10:16:14,435 INFO Using ThreeSigmaClassifier for cluster 9
2017-07-10 10:16:14,436 INFO Using ThreeSigmaClassifier for cluster 10
2017-07-10 10:16:14,43

[64, 64, 31, 65, 64, 52, 64, 64, 31, 65, 64, 52, 64, 64, 31, 65, 64, 52, 63, 64, 31, 65, 64, 52]
[96]
[-1]
[64, 30, 63, 63, 65, 51, 64, 30, 64, 63, 65, 52, 64, 30, 64, 63, 66, 52, 65, 31, 64, 64, 65, 51]
[96]
[-1]
[31, 64, 64, 65, 64, 52, 31, 64, 64, 65, 64, 52, 31, 64, 64, 65, 64, 52, 30, 64, 63, 65, 64, 52]
[96  3]
[-1, -1]
(6, 6)
(6, 6)
([6, 6], [6, 6], ['ip-172-31-12-78', 'ip-172-31-15-177', 'ip-172-31-2-144', 'ip-172-31-12-51'], ['ip-172-31-4-253'])
['--sim_threshold', '0.8']


2017-07-10 10:16:14,739 INFO Running kemans with k = 15
2017-07-10 10:16:14,911 INFO found k = 15
2017-07-10 10:16:14,912 INFO Running kemans with k = 7
2017-07-10 10:16:14,993 INFO Running kemans with k = 11
2017-07-10 10:16:15,113 INFO Running kemans with k = 13
2017-07-10 10:16:15,255 INFO Running kemans with k = 14


('test count = ', 34)


2017-07-10 10:16:16,219 INFO Running kemans with k = 2
2017-07-10 10:16:16,237 INFO found k = 2
2017-07-10 10:16:16,237 INFO Running kemans with k = 1
2017-07-10 10:16:16,249 INFO Detect Count Anomalies....
2017-07-10 10:16:16,250 INFO Using ThreeSigmaClassifier for cluster 0
2017-07-10 10:16:16,252 INFO Using ThreeSigmaClassifier for cluster 1
2017-07-10 10:16:16,253 INFO Using ThreeSigmaClassifier for cluster 2
2017-07-10 10:16:16,255 INFO Using ThreeSigmaClassifier for cluster 3
2017-07-10 10:16:16,256 INFO Using ThreeSigmaClassifier for cluster 4
2017-07-10 10:16:16,258 INFO Using ThreeSigmaClassifier for cluster 5
2017-07-10 10:16:16,259 INFO Using ThreeSigmaClassifier for cluster 6
2017-07-10 10:16:16,261 INFO Using ThreeSigmaClassifier for cluster 7
2017-07-10 10:16:16,263 INFO Using ThreeSigmaClassifier for cluster 8
2017-07-10 10:16:16,265 INFO Using ThreeSigmaClassifier for cluster 9
2017-07-10 10:16:16,268 INFO Using ThreeSigmaClassifier for cluster 10
2017-07-10 10:16:16,26

[64, 30, 63, 63, 65, 51, 51, 64, 30, 64, 63, 65, 52, 50, 64, 30, 64, 63, 66, 52, 50, 65, 31, 64, 64, 65, 51, 51]
[ 96 135]
[-1, -1]
[52, 31, 64, 64, 65, 64, 50, 52, 31, 64, 64, 65, 64, 51, 52, 31, 64, 64, 65, 64, 51, 52, 30, 64, 63, 65, 64, 50]
[ 96   3 135]
[-1, -1, -1]
[64, 64, 31, 65, 64, 52, 50, 64, 64, 31, 65, 64, 52, 51, 64, 64, 31, 65, 64, 52, 51, 63, 64, 31, 65, 64, 52, 50]
[ 96 132]
[-1, -1]
(7, 7)
(7, 7)
([7, 7], [7, 7], ['ip-172-31-12-78', 'ip-172-31-15-177', 'ip-172-31-2-144', 'ip-172-31-12-51'], ['ip-172-31-4-253'])
['--sim_threshold', '0.8']


2017-07-10 10:16:16,552 INFO Running kemans with k = 15
2017-07-10 10:16:16,721 INFO found k = 15
2017-07-10 10:16:16,722 INFO Running kemans with k = 7
2017-07-10 10:16:16,805 INFO Running kemans with k = 11
2017-07-10 10:16:16,929 INFO Running kemans with k = 13
2017-07-10 10:16:17,069 INFO Running kemans with k = 14


('test count = ', 36)


2017-07-10 10:16:18,098 INFO Running kemans with k = 3
2017-07-10 10:16:18,135 INFO found k = 3
2017-07-10 10:16:18,136 INFO Running kemans with k = 1
2017-07-10 10:16:18,149 INFO Running kemans with k = 2
2017-07-10 10:16:18,171 INFO found k = 2
2017-07-10 10:16:18,172 INFO Detect Count Anomalies....
2017-07-10 10:16:18,173 INFO Using ThreeSigmaClassifier for cluster 0
2017-07-10 10:16:18,174 INFO Using ThreeSigmaClassifier for cluster 1
2017-07-10 10:16:18,176 INFO Using ThreeSigmaClassifier for cluster 2
2017-07-10 10:16:18,179 INFO Using ThreeSigmaClassifier for cluster 3
2017-07-10 10:16:18,182 INFO Using ThreeSigmaClassifier for cluster 4
2017-07-10 10:16:18,183 INFO Using ThreeSigmaClassifier for cluster 5
2017-07-10 10:16:18,184 INFO Using ThreeSigmaClassifier for cluster 6
2017-07-10 10:16:18,186 INFO Using ThreeSigmaClassifier for cluster 7
2017-07-10 10:16:18,187 INFO Using ThreeSigmaClassifier for cluster 8
2017-07-10 10:16:18,188 INFO Using ThreeSigmaClassifier for cluster

[64, 64, 31, 65, 64, 52, 50, 49, 64, 64, 31, 65, 64, 52, 51, 48, 64, 64, 31, 65, 64, 52, 51, 48, 63, 64, 31, 65, 64, 52, 50, 49]
[ 96 132 129]
[-1, -1, -1]
[52, 31, 64, 64, 65, 64, 50, 48, 52, 31, 64, 64, 65, 64, 51, 49, 52, 31, 64, 64, 65, 64, 51, 49, 52, 30, 64, 63, 65, 64, 50, 48]
[ 96   3 135 126]
[-1, -1, -1, -1]
[64, 30, 63, 63, 65, 51, 51, 48, 64, 30, 64, 63, 65, 52, 50, 48, 64, 30, 64, 63, 66, 52, 50, 48, 65, 31, 64, 64, 65, 51, 51, 48]
[ 96 135 129]
[-1, -1, -1]
(8, 8)
(8, 8)
([8, 8], [8, 8], ['ip-172-31-12-78', 'ip-172-31-15-177', 'ip-172-31-2-144', 'ip-172-31-12-51'], ['ip-172-31-4-253'])
['--sim_threshold', '0.8']


2017-07-10 10:16:18,480 INFO Running kemans with k = 15
2017-07-10 10:16:18,670 INFO found k = 15
2017-07-10 10:16:18,671 INFO Running kemans with k = 7
2017-07-10 10:16:18,797 INFO Running kemans with k = 11
2017-07-10 10:16:19,015 INFO Running kemans with k = 13
2017-07-10 10:16:19,229 INFO Running kemans with k = 14


('test count = ', 38)


2017-07-10 10:16:20,284 INFO Running kemans with k = 4
2017-07-10 10:16:20,331 INFO found k = 4
2017-07-10 10:16:20,332 INFO Running kemans with k = 2
2017-07-10 10:16:20,353 INFO found k = 2
2017-07-10 10:16:20,354 INFO Running kemans with k = 1
2017-07-10 10:16:20,366 INFO Detect Count Anomalies....
2017-07-10 10:16:20,367 INFO Using ThreeSigmaClassifier for cluster 0
2017-07-10 10:16:20,368 INFO Using ThreeSigmaClassifier for cluster 1
2017-07-10 10:16:20,369 INFO Using ThreeSigmaClassifier for cluster 2
2017-07-10 10:16:20,370 INFO Using ThreeSigmaClassifier for cluster 3
2017-07-10 10:16:20,371 INFO Using ThreeSigmaClassifier for cluster 4
2017-07-10 10:16:20,372 INFO Using ThreeSigmaClassifier for cluster 5
2017-07-10 10:16:20,374 INFO Using ThreeSigmaClassifier for cluster 6
2017-07-10 10:16:20,375 INFO Using ThreeSigmaClassifier for cluster 7
2017-07-10 10:16:20,377 INFO Using ThreeSigmaClassifier for cluster 8
2017-07-10 10:16:20,380 INFO Using ThreeSigmaClassifier for cluster

[64, 30, 63, 63, 65, 51, 51, 48, 52, 64, 30, 64, 63, 65, 52, 50, 48, 52, 64, 30, 64, 63, 66, 52, 50, 48, 52, 65, 31, 64, 64, 65, 51, 51, 48, 52]
[ 96 135 129 138]
[-1, -1, -1, -1]
[52, 31, 64, 64, 65, 64, 50, 48, 52, 52, 31, 64, 64, 65, 64, 51, 49, 51, 52, 31, 64, 64, 65, 64, 51, 49, 51, 52, 30, 64, 63, 65, 64, 50, 48, 52]
[ 96   3 135 126 138]
[-1, -1, -1, -1, -1]
[64, 64, 31, 65, 64, 52, 50, 49, 51, 64, 64, 31, 65, 64, 52, 51, 48, 51, 64, 64, 31, 65, 64, 52, 51, 48, 51, 63, 64, 31, 65, 64, 52, 50, 49, 51]
[ 96 132 129 138]
[-1, -1, -1, -1]
(9, 9)
(9, 9)
([9, 9], [9, 9], ['ip-172-31-12-78', 'ip-172-31-15-177', 'ip-172-31-2-144', 'ip-172-31-12-51'], ['ip-172-31-4-253'])
['--sim_threshold', '0.8']


2017-07-10 10:16:20,670 INFO Running kemans with k = 15
2017-07-10 10:16:20,828 INFO found k = 15
2017-07-10 10:16:20,828 INFO Running kemans with k = 7
2017-07-10 10:16:20,907 INFO Running kemans with k = 11
2017-07-10 10:16:21,065 INFO Running kemans with k = 13
2017-07-10 10:16:21,317 INFO Running kemans with k = 14


('test count = ', 40)


2017-07-10 10:16:22,475 INFO Running kemans with k = 5
2017-07-10 10:16:22,523 INFO found k = 5
2017-07-10 10:16:22,524 INFO Running kemans with k = 2
2017-07-10 10:16:22,543 INFO found k = 2
2017-07-10 10:16:22,544 INFO Running kemans with k = 1
2017-07-10 10:16:22,558 INFO Detect Count Anomalies....
2017-07-10 10:16:22,559 INFO Using ThreeSigmaClassifier for cluster 0
2017-07-10 10:16:22,561 INFO Using ThreeSigmaClassifier for cluster 1
2017-07-10 10:16:22,563 INFO Using ThreeSigmaClassifier for cluster 2
2017-07-10 10:16:22,566 INFO Using ThreeSigmaClassifier for cluster 3
2017-07-10 10:16:22,567 INFO Using ThreeSigmaClassifier for cluster 4
2017-07-10 10:16:22,570 INFO Using ThreeSigmaClassifier for cluster 5
2017-07-10 10:16:22,571 INFO Using ThreeSigmaClassifier for cluster 6
2017-07-10 10:16:22,573 INFO Using ThreeSigmaClassifier for cluster 7
2017-07-10 10:16:22,574 INFO Using ThreeSigmaClassifier for cluster 8
2017-07-10 10:16:22,575 INFO Using ThreeSigmaClassifier for cluster

[64, 64, 31, 65, 64, 52, 50, 49, 51, 51, 64, 64, 31, 65, 64, 52, 51, 48, 51, 52, 64, 64, 31, 65, 64, 52, 51, 48, 51, 52, 63, 64, 31, 65, 64, 52, 50, 49, 51, 51]
[ 96 132 129 138 135]
[-1, -1, -1, -1, -1]
[52, 31, 64, 64, 65, 64, 50, 48, 52, 51, 52, 31, 64, 64, 65, 64, 51, 49, 51, 51, 52, 31, 64, 64, 65, 64, 51, 49, 51, 52, 52, 30, 64, 63, 65, 64, 50, 48, 52, 51]
[ 96   3 135 126 138 135]
[-1, -1, -1, -1, -1, -1]
[52, 64, 30, 63, 63, 65, 51, 51, 48, 52, 52, 64, 30, 64, 63, 65, 52, 50, 48, 51, 52, 64, 30, 64, 63, 66, 52, 50, 48, 51, 52, 65, 31, 64, 64, 65, 51, 51, 48, 51]
[138  96 135 129 138]
[-1, -1, -1, -1, -1]
(10, 10)
(10, 10)
([10, 10], [10, 10], ['ip-172-31-12-78', 'ip-172-31-15-177', 'ip-172-31-2-144', 'ip-172-31-12-51'], ['ip-172-31-4-253'])
['--sim_threshold', '0.8']


2017-07-10 10:16:22,939 INFO Running kemans with k = 15
2017-07-10 10:16:23,095 INFO found k = 15
2017-07-10 10:16:23,096 INFO Running kemans with k = 7
2017-07-10 10:16:23,171 INFO Running kemans with k = 11
2017-07-10 10:16:23,285 INFO Running kemans with k = 13
2017-07-10 10:16:23,431 INFO Running kemans with k = 14


('test count = ', 42)


2017-07-10 10:16:24,611 INFO Running kemans with k = 6
2017-07-10 10:16:24,673 INFO found k = 6
2017-07-10 10:16:24,674 INFO Running kemans with k = 3
2017-07-10 10:16:24,704 INFO found k = 3
2017-07-10 10:16:24,705 INFO Running kemans with k = 1
2017-07-10 10:16:24,717 INFO Running kemans with k = 2
2017-07-10 10:16:24,740 INFO found k = 2
2017-07-10 10:16:24,741 INFO Detect Count Anomalies....
2017-07-10 10:16:24,742 INFO Using ThreeSigmaClassifier for cluster 0
2017-07-10 10:16:24,743 INFO Using ThreeSigmaClassifier for cluster 1
2017-07-10 10:16:24,745 INFO Using ThreeSigmaClassifier for cluster 2
2017-07-10 10:16:24,749 INFO Using ThreeSigmaClassifier for cluster 3
2017-07-10 10:16:24,751 INFO Using ThreeSigmaClassifier for cluster 4
2017-07-10 10:16:24,752 INFO Using ThreeSigmaClassifier for cluster 5
2017-07-10 10:16:24,753 INFO Using ThreeSigmaClassifier for cluster 6
2017-07-10 10:16:24,755 INFO Using ThreeSigmaClassifier for cluster 7
2017-07-10 10:16:24,756 INFO Using ThreeS

[51, 64, 64, 31, 65, 64, 52, 50, 49, 51, 52, 52, 64, 64, 31, 65, 64, 52, 51, 48, 51, 51, 52, 64, 64, 31, 65, 64, 52, 51, 48, 51, 51, 51, 63, 64, 31, 65, 64, 52, 50, 49, 51, 52]
[135  96 132 129 138 135]
[-1, -1, -1, -1, -1, -1]
[52, 31, 64, 64, 65, 64, 50, 48, 52, 51, 52, 52, 31, 64, 64, 65, 64, 51, 49, 51, 51, 52, 52, 31, 64, 64, 65, 64, 51, 49, 51, 52, 51, 52, 30, 64, 63, 65, 64, 50, 48, 52, 51, 52]
[ 96   3 135 126 138 135 135]
[-1, -1, -1, -1, -1, -1, -1]
[52, 64, 30, 63, 63, 65, 51, 51, 48, 52, 51, 52, 64, 30, 64, 63, 65, 52, 50, 48, 51, 51, 52, 64, 30, 64, 63, 66, 52, 50, 48, 51, 52, 52, 65, 31, 64, 64, 65, 51, 51, 48, 51, 51]
[138  96 135 129 138 138]
[-1, -1, -1, -1, -1, -1]
(11, 11)
(11, 11)
([11, 11], [11, 11], ['ip-172-31-12-78', 'ip-172-31-15-177', 'ip-172-31-2-144', 'ip-172-31-12-51'], ['ip-172-31-4-253'])
['--sim_threshold', '0.8']


2017-07-10 10:16:25,084 INFO Running kemans with k = 15
2017-07-10 10:16:25,251 INFO found k = 15
2017-07-10 10:16:25,252 INFO Running kemans with k = 7
2017-07-10 10:16:25,331 INFO Running kemans with k = 11
2017-07-10 10:16:25,455 INFO Running kemans with k = 13
2017-07-10 10:16:25,593 INFO Running kemans with k = 14


('test count = ', 44)


2017-07-10 10:16:26,758 INFO Running kemans with k = 7
2017-07-10 10:16:26,825 INFO found k = 7
2017-07-10 10:16:26,825 INFO Running kemans with k = 3
2017-07-10 10:16:26,857 INFO found k = 3
2017-07-10 10:16:26,857 INFO Running kemans with k = 1
2017-07-10 10:16:26,870 INFO Running kemans with k = 2
2017-07-10 10:16:26,892 INFO found k = 2
2017-07-10 10:16:26,893 INFO Detect Count Anomalies....
2017-07-10 10:16:26,894 INFO Using ThreeSigmaClassifier for cluster 0
2017-07-10 10:16:26,896 INFO Using ThreeSigmaClassifier for cluster 1
2017-07-10 10:16:26,898 INFO Using ThreeSigmaClassifier for cluster 2
2017-07-10 10:16:26,901 INFO Using ThreeSigmaClassifier for cluster 3
2017-07-10 10:16:26,903 INFO Using ThreeSigmaClassifier for cluster 4
2017-07-10 10:16:26,904 INFO Using ThreeSigmaClassifier for cluster 5
2017-07-10 10:16:26,905 INFO Using ThreeSigmaClassifier for cluster 6
2017-07-10 10:16:26,906 INFO Using ThreeSigmaClassifier for cluster 7
2017-07-10 10:16:26,907 INFO Using ThreeS

[52, 31, 64, 64, 65, 64, 50, 48, 52, 51, 52, 50, 52, 31, 64, 64, 65, 64, 51, 49, 51, 51, 52, 50, 52, 31, 64, 64, 65, 64, 51, 49, 51, 52, 51, 50, 52, 30, 64, 63, 65, 64, 50, 48, 52, 51, 52, 50]
[ 96   3 135 126 138 135 135 135]
[-1, -1, -1, -1, -1, -1, -1, -1]
[52, 64, 30, 63, 63, 65, 51, 51, 48, 52, 51, 51, 52, 64, 30, 64, 63, 65, 52, 50, 48, 51, 51, 51, 52, 64, 30, 64, 63, 66, 52, 50, 48, 51, 52, 51, 52, 65, 31, 64, 64, 65, 51, 51, 48, 51, 51, 51]
[138  96 135 129 138 138 132]
[-1, -1, -1, -1, -1, -1, -1]
[51, 64, 64, 31, 65, 64, 52, 50, 49, 51, 52, 50, 52, 64, 64, 31, 65, 64, 52, 51, 48, 51, 51, 51, 52, 64, 64, 31, 65, 64, 52, 51, 48, 51, 51, 51, 51, 63, 64, 31, 65, 64, 52, 50, 49, 51, 52, 50]
[135  96 132 129 138 135 135]
[-1, -1, -1, -1, -1, -1, -1]
(12, 12)
(12, 12)
([12, 12], [12, 12], ['ip-172-31-12-78', 'ip-172-31-15-177', 'ip-172-31-2-144', 'ip-172-31-12-51'], ['ip-172-31-4-253'])
['--sim_threshold', '0.8']


2017-07-10 10:16:27,230 INFO Running kemans with k = 15
2017-07-10 10:16:27,395 INFO found k = 15
2017-07-10 10:16:27,396 INFO Running kemans with k = 7
2017-07-10 10:16:27,476 INFO Running kemans with k = 11
2017-07-10 10:16:27,599 INFO Running kemans with k = 13
2017-07-10 10:16:27,750 INFO Running kemans with k = 14


('test count = ', 46)


2017-07-10 10:16:29,148 INFO Running kemans with k = 8
2017-07-10 10:16:29,254 INFO found k = 8
2017-07-10 10:16:29,255 INFO Running kemans with k = 4
2017-07-10 10:16:29,310 INFO found k = 4
2017-07-10 10:16:29,312 INFO Running kemans with k = 2
2017-07-10 10:16:29,344 INFO found k = 2
2017-07-10 10:16:29,346 INFO Running kemans with k = 1
2017-07-10 10:16:29,367 INFO Detect Count Anomalies....
2017-07-10 10:16:29,368 INFO Using ThreeSigmaClassifier for cluster 0
2017-07-10 10:16:29,370 INFO Using ThreeSigmaClassifier for cluster 1
2017-07-10 10:16:29,372 INFO Using ThreeSigmaClassifier for cluster 2
2017-07-10 10:16:29,376 INFO Using ThreeSigmaClassifier for cluster 3
2017-07-10 10:16:29,379 INFO Using ThreeSigmaClassifier for cluster 4
2017-07-10 10:16:29,381 INFO Using ThreeSigmaClassifier for cluster 5
2017-07-10 10:16:29,383 INFO Using ThreeSigmaClassifier for cluster 6
2017-07-10 10:16:29,385 INFO Using ThreeSigmaClassifier for cluster 7
2017-07-10 10:16:29,386 INFO Using ThreeS

[52, 64, 30, 63, 63, 65, 51, 51, 48, 52, 51, 51, 51, 52, 64, 30, 64, 63, 65, 52, 50, 48, 51, 51, 51, 51, 52, 64, 30, 64, 63, 66, 52, 50, 48, 51, 52, 51, 51, 52, 65, 31, 64, 64, 65, 51, 51, 48, 51, 51, 51, 51]
[138  96 135 129 138 138 132 135]
[-1, -1, -1, -1, -1, -1, -1, -1]
[52, 31, 64, 64, 65, 64, 50, 48, 52, 51, 52, 50, 52, 52, 31, 64, 64, 65, 64, 51, 49, 51, 51, 52, 50, 52, 52, 31, 64, 64, 65, 64, 51, 49, 51, 52, 51, 50, 52, 52, 30, 64, 63, 65, 64, 50, 48, 52, 51, 52, 50, 52]
[ 96   3 135 126 138 135 135 135 138]
[-1, -1, -1, -1, -1, -1, -1, -1, -1]
[51, 64, 64, 31, 65, 64, 52, 50, 49, 51, 52, 50, 52, 52, 64, 64, 31, 65, 64, 52, 51, 48, 51, 51, 51, 52, 52, 64, 64, 31, 65, 64, 52, 51, 48, 51, 51, 51, 52, 51, 63, 64, 31, 65, 64, 52, 50, 49, 51, 52, 50, 52]
[135  96 132 129 138 135 135 138]
[-1, -1, -1, -1, -1, -1, -1, -1]
(13, 13)
(13, 13)
([13, 13], [13, 13], ['ip-172-31-12-78', 'ip-172-31-15-177', 'ip-172-31-2-144', 'ip-172-31-12-51'], ['ip-172-31-4-253'])
['--sim_threshold', '0.8'

2017-07-10 10:16:29,714 INFO Running kemans with k = 15
2017-07-10 10:16:29,878 INFO found k = 15
2017-07-10 10:16:29,879 INFO Running kemans with k = 7
2017-07-10 10:16:30,027 INFO Running kemans with k = 11
2017-07-10 10:16:30,214 INFO Running kemans with k = 13
2017-07-10 10:16:30,410 INFO Running kemans with k = 14


('test count = ', 48)


2017-07-10 10:16:31,719 INFO Running kemans with k = 9
2017-07-10 10:16:31,807 INFO found k = 9
2017-07-10 10:16:31,808 INFO Running kemans with k = 4
2017-07-10 10:16:31,857 INFO found k = 4
2017-07-10 10:16:31,858 INFO Running kemans with k = 2
2017-07-10 10:16:31,883 INFO found k = 2
2017-07-10 10:16:31,884 INFO Running kemans with k = 1
2017-07-10 10:16:31,900 INFO Detect Count Anomalies....
2017-07-10 10:16:31,902 INFO Using ThreeSigmaClassifier for cluster 0
2017-07-10 10:16:31,903 INFO Using ThreeSigmaClassifier for cluster 1
2017-07-10 10:16:31,904 INFO Using ThreeSigmaClassifier for cluster 2
2017-07-10 10:16:31,905 INFO Using ThreeSigmaClassifier for cluster 3
2017-07-10 10:16:31,907 INFO Using ThreeSigmaClassifier for cluster 4
2017-07-10 10:16:31,908 INFO Using ThreeSigmaClassifier for cluster 5
2017-07-10 10:16:31,910 INFO Using ThreeSigmaClassifier for cluster 6
2017-07-10 10:16:31,912 INFO Using ThreeSigmaClassifier for cluster 7
2017-07-10 10:16:31,915 INFO Using ThreeS

[52, 51, 64, 64, 31, 65, 64, 52, 50, 49, 51, 52, 50, 51, 52, 52, 64, 64, 31, 65, 64, 52, 51, 48, 51, 51, 51, 50, 52, 52, 64, 64, 31, 65, 64, 52, 51, 48, 51, 51, 51, 50, 52, 51, 63, 64, 31, 65, 64, 52, 50, 49, 51, 52, 50, 50]
[138 135  96 132 129 138 135 135 132]
[-1, -1, -1, -1, -1, -1, -1, -1, -1]
[52, 64, 30, 63, 63, 65, 51, 51, 48, 52, 51, 51, 51, 50, 52, 64, 30, 64, 63, 65, 52, 50, 48, 51, 51, 51, 51, 51, 52, 64, 30, 64, 63, 66, 52, 50, 48, 51, 52, 51, 51, 51, 52, 65, 31, 64, 64, 65, 51, 51, 48, 51, 51, 51, 51, 51]
[138  96 135 129 138 138 132 135 135]
[-1, -1, -1, -1, -1, -1, -1, -1, -1]
[52, 31, 64, 64, 65, 64, 50, 48, 52, 51, 52, 50, 52, 51, 52, 31, 64, 64, 65, 64, 51, 49, 51, 51, 52, 50, 52, 50, 52, 31, 64, 64, 65, 64, 51, 49, 51, 52, 51, 50, 52, 50, 52, 30, 64, 63, 65, 64, 50, 48, 52, 51, 52, 50, 52, 51]
[ 96   3 135 126 138 135 135 135 138 135]
[-1, -1, -1, -1, -1, -1, -1, -1, -1, -1]
(14, 14)
(14, 14)
([14, 14], [14, 14], ['ip-172-31-12-78', 'ip-172-31-15-177', 'ip-172-31-2-

2017-07-10 10:16:32,237 INFO Running kemans with k = 15
2017-07-10 10:16:32,399 INFO found k = 15
2017-07-10 10:16:32,400 INFO Running kemans with k = 7
2017-07-10 10:16:32,480 INFO Running kemans with k = 11
2017-07-10 10:16:32,600 INFO Running kemans with k = 13
2017-07-10 10:16:32,770 INFO Running kemans with k = 14


('test count = ', 50)


2017-07-10 10:16:33,983 INFO Running kemans with k = 10
2017-07-10 10:16:34,085 INFO found k = 10
2017-07-10 10:16:34,086 INFO Running kemans with k = 5
2017-07-10 10:16:34,140 INFO found k = 5
2017-07-10 10:16:34,141 INFO Running kemans with k = 2
2017-07-10 10:16:34,163 INFO found k = 2
2017-07-10 10:16:34,164 INFO Running kemans with k = 1
2017-07-10 10:16:34,179 INFO Detect Count Anomalies....
2017-07-10 10:16:34,180 INFO Using ThreeSigmaClassifier for cluster 0
2017-07-10 10:16:34,180 INFO Using ThreeSigmaClassifier for cluster 1
2017-07-10 10:16:34,182 INFO Using ThreeSigmaClassifier for cluster 2
2017-07-10 10:16:34,184 INFO Using ThreeSigmaClassifier for cluster 3
2017-07-10 10:16:34,185 INFO Using ThreeSigmaClassifier for cluster 4
2017-07-10 10:16:34,187 INFO Using ThreeSigmaClassifier for cluster 5
2017-07-10 10:16:34,188 INFO Using ThreeSigmaClassifier for cluster 6
2017-07-10 10:16:34,189 INFO Using ThreeSigmaClassifier for cluster 7
2017-07-10 10:16:34,190 INFO Using Thre

[52, 64, 30, 63, 63, 65, 51, 51, 48, 52, 51, 51, 51, 50, 52, 52, 64, 30, 64, 63, 65, 52, 50, 48, 51, 51, 51, 51, 51, 52, 52, 64, 30, 64, 63, 66, 52, 50, 48, 51, 52, 51, 51, 51, 52, 52, 65, 31, 64, 64, 65, 51, 51, 48, 51, 51, 51, 51, 51, 52]
[138  96 135 129 138 138 132 135 135 138]
[-1, -1, -1, -1, -1, -1, -1, -1, -1, -1]
[52, 31, 64, 64, 65, 64, 50, 48, 52, 51, 52, 50, 52, 51, 52, 52, 31, 64, 64, 65, 64, 51, 49, 51, 51, 52, 50, 52, 50, 51, 52, 31, 64, 64, 65, 64, 51, 49, 51, 52, 51, 50, 52, 50, 51, 52, 30, 64, 63, 65, 64, 50, 48, 52, 51, 52, 50, 52, 51, 52]
[ 96   3 135 126 138 135 135 135 138 135 135]
[-1, -1, -1, -1, -1, -1, -1, -1, -1, -1, -1]
[52, 51, 64, 64, 31, 65, 64, 52, 50, 49, 51, 52, 50, 51, 51, 52, 52, 64, 64, 31, 65, 64, 52, 51, 48, 51, 51, 51, 50, 52, 52, 52, 64, 64, 31, 65, 64, 52, 51, 48, 51, 51, 51, 50, 52, 52, 51, 63, 64, 31, 65, 64, 52, 50, 49, 51, 52, 50, 50, 51]
[138 135  96 132 129 138 135 135 132 135]
[-1, -1, -1, -1, -1, -1, -1, -1, -1, -1]
