LogAn is an intelligent log analysis tool that extracts key insights for SREs/Support Engineers/Developers, to identify and diagnose ongoing issues from logs. It generates two reports: (1) Summary Report presents a table of the representative log lines — each with its predicted golden signals and fault categories — along with the frequency of its occurrence. By using this approach, we've found that the tool can reduce the data volume by up to 90%, since most log lines are informational. (2) Diagnosis Report presents a chronologically ordered set of relevant log windows with user-configurable granularity (e.g., 30s, 1m).
container.sh contains wrapper for building and running the LogAn as container.
bash container.sh build ## You can change ENV=docker/podman in the file
-
Execute
container.shas follows:bash container.sh run OUTPUT_DIR LOG_FILE_PATH TIME_RANGE(OPTIONAL) -ProcessLogFiles(OPTIONAL) -ProcessTxtFiles(OPTIONAL) -DebugMode(OPTIONAL)
- OUTPUT_DIR - The directory where the tool's reports are stored
- LOG_FILE_PATH - Folders/files separated by colon(:).
- TIME_RANGE - Run analysis only on log lines that fall in the time range determined by the latest date in the data (Allowed values: [1-6]-day, [1-3]-week, 1-month, all-data)
-ProcessLogFiles- Enable this to process .LOG files (found in folders). This will not affect .LOG files that you have provided explicitly.-ProcessTxtFiles- Enable this to process .TXT files (found in folders). This will not affect .TXT files that you have provided explicitly.-DebugMode- Enable this flag to store metadata generated during a job for troubleshooting
Example:
bash container.sh run ./tmp/output ./examples/Linux_2k.log all-data
In the above example:
./examples/Linux_2k.log- File./tmp/output- Directory
# Setup venv
uv venv
source .venv/bin/activate
uv pip install torch==2.8.0 --index-url https://download.pytorch.org/whl/cpu
uv pip install -r requirements.txt
# Run Log Analysis
export OUTPUT_DIR="./tmp/output"
uv run python run_log_diagnosis.py \
--input_files "./examples/Linux_2k.log" \
--output_dir "$OUTPUT_DIR" \
--model-name "cross-encoder/nli-MiniLM2-L6-H768"
uv run python -m http.server 8000 --directory "${OUTPUT_DIR}"
# server should be available at http://localhost:8000/log_diagnosisIf you use LogAn for publication, please cite the following research papers:
-
Pranjal Gupta, Karan Bhukar, Harshit Kumar, Seema Nagar, Prateeti Mohapatra, and Debanjana Kar. 2025. Scalable and Efficient Large-Scale Log Analysis with LLMs: An IT Software Support Case Study. AAAI, 2026.
-
Pranjal Gupta, Karan Bhukar, Harshit Kumar, Seema Nagar, Prateeti Mohapatra, and Debanjana Kar. 2025. LogAn: An LLM-Based Log Analytics Tool with Causal Inferencing. ICPE, 2025.
This project was originally developed by IBM Research and is actively supported and maintained by Red Hat.
- Pranjal Gupta
- Harshit Kumar
- Prateeti Mohapatra
- Pradeep Surisetty
- Pravin Satpute
- Rahul Shetty
- Jan Hutar
- Nikhil Jain
We welcome contributions from the community!
