LogAI is a free library for log analytics and intelligence that supports various log analytics and intelligence tasks. It’s compatible with multiple log formats and has an interactive graphical user interface. LogAI provides a unified model interface for popular statistical, time-series, and deep-learning models, making it easy to benchmark deep-learning algorithms for log anomaly detection.
Logs generated by computer systems contain essential information that helps developers understand system behavior and identify issues. Traditionally, log analysis was done manually, but AI-based log analysis automates tasks such as log parsing, summarization, clustering, and anomaly detection, making the process more efficient. Different roles in academia and industry have varying requirements for log analysis. For example, machine learning researchers must quickly benchmark experiments against public log datasets and reproduce results from other research groups to develop new log analysis algorithms. Industrial data scientists need to run existing log analysis algorithms on their log data and select the best algorithm and configuration combination as their log analysis solution. Unfortunately, no existing open-source libraries can meet all of these requirements. Therefore, LogAI is introduced to address these needs and better conduct log analysis for various academic and industrial use cases.
The absence of comprehensive AI-based log analysis in log management platforms creates challenges for unified analysis due to the need for a unified log data model, redundancy in preprocessing, and a workflow management mechanism. Reproducing experimental results is difficult, requiring customized analysis tools for different log formats and schemas. Different log analysis algorithms are implemented in separate pipelines, adding to the complexity of managing experiments and benchmarking.
LogAI comprises two main components, namely LogAI core library and LogAI GUI. The LogAI GUI module allows users to connect to log analysis applications in the core library and interactively visualize analysis results through a graphical user interface. On the other hand, the LogAI core library comprises four distinct layers:
The Data Layer in LogAI consists of data loaders and a unified log data model defined by OpenTelemetry. It also offers various data loaders to convert raw log data into LogRecordObjects in a standardized format.
The Preprocessing Layer of LogAI cleans and partitions logs using preprocessors and partitioners. Preprocessors extract entities and separate records into unstructured loglines and structured log attributes while partitioners group logs into events for machine learning models. Customized preprocessors and partitioners are available for specific open-log datasets and can be extended to support other log formats.
The Information Extraction Layer of LogAI converts log records into vectors for machine learning. It has four components: log parser, log vectorizer, categorical encoder, and feature extractor.
The Analysis Layer contains modules for conducting analysis tasks, with a unified interface for multiple algorithms.
LogAI uses deep learning models like CNN, LSTM, and Transformer for log anomaly detection and can benchmark them on popular log datasets. Results show it performs equally or better than deep-loglizer, with a supervised bidirectional LSTM model providing the best performance.