Logo
ScienceStack
Table of Contents
Fetching ...
Sign In

Lemur: Log Parsing with Entropy Sampling and Chain-of-Thought Merging

Wei Zhang, Xiangyuan Guan, Lu Yunhong, Jie Zhang, Shuangyong Song, Xianfu Cheng, Zhenhe Wu, Zhoujun Li

TL;DR

Log parsing faces brittleness of rule-based methods and semantic gaps in purely data-driven approaches. Lemur introduces a unified framework that merges information-entropy-based clustering with three-hop chain-of-thought merging of LLMs, enabling unsupervised, semantically aware template generation and merging. The approach yields state-of-the-art results on large-scale LogHub benchmarks, improving the $FGA$ and $GA$ metrics while maintaining efficient runtimes. Overall, Lemur provides a scalable, rule-free solution for accurate log parsing, with practical impact on downstream tasks such as anomaly detection and root-cause analysis.

Abstract

Logs produced by extensive software systems are integral to monitoring system behaviors. Advanced log analysis facilitates the detection, alerting, and diagnosis of system faults. Log parsing, which entails transforming raw log messages into structured templates, constitutes a critical phase in the automation of log analytics. Existing log parsers fail to identify the correct templates due to reliance on human-made rules. Besides, these methods focus on statistical features while ignoring semantic information in log messages. To address these challenges, we introduce a cutting-edge \textbf{L}og parsing framework with \textbf{E}ntropy sampling and chain-of-thought \textbf{M}erging (\model{}). Specifically, to discard the tedious manual rules, we propose a novel sampling method inspired by information entropy, which efficiently clusters typical logs. Furthermore, to enhance the merging of log templates, we design a chain-of-thought method for large language models (LLMs). LLMs exhibit exceptional semantic comprehension and deftly distinguish between parameters and invariant tokens. We have conducted experiments on large-scale public datasets. Extensive evaluation demonstrates that \model{} achieves state-of-the-art performance and impressive efficiency. The Code is available at https://github.com/zwpride/lemur.

Lemur: Log Parsing with Entropy Sampling and Chain-of-Thought Merging

TL;DR

Log parsing faces brittleness of rule-based methods and semantic gaps in purely data-driven approaches. Lemur introduces a unified framework that merges information-entropy-based clustering with three-hop chain-of-thought merging of LLMs, enabling unsupervised, semantically aware template generation and merging. The approach yields state-of-the-art results on large-scale LogHub benchmarks, improving the and metrics while maintaining efficient runtimes. Overall, Lemur provides a scalable, rule-free solution for accurate log parsing, with practical impact on downstream tasks such as anomaly detection and root-cause analysis.

Abstract

Logs produced by extensive software systems are integral to monitoring system behaviors. Advanced log analysis facilitates the detection, alerting, and diagnosis of system faults. Log parsing, which entails transforming raw log messages into structured templates, constitutes a critical phase in the automation of log analytics. Existing log parsers fail to identify the correct templates due to reliance on human-made rules. Besides, these methods focus on statistical features while ignoring semantic information in log messages. To address these challenges, we introduce a cutting-edge \textbf{L}og parsing framework with \textbf{E}ntropy sampling and chain-of-thought \textbf{M}erging (\model{}). Specifically, to discard the tedious manual rules, we propose a novel sampling method inspired by information entropy, which efficiently clusters typical logs. Furthermore, to enhance the merging of log templates, we design a chain-of-thought method for large language models (LLMs). LLMs exhibit exceptional semantic comprehension and deftly distinguish between parameters and invariant tokens. We have conducted experiments on large-scale public datasets. Extensive evaluation demonstrates that \model{} achieves state-of-the-art performance and impressive efficiency. The Code is available at https://github.com/zwpride/lemur.
Paper Structure (26 sections, 1 equation, 6 figures, 6 tables)

This paper contains 26 sections, 1 equation, 6 figures, 6 tables.

Table of Contents

  1. Introduction
  2. Methodology
  3. Information Entropy Clustering
  4. Bucket Generation
  5. Entropy-based Sampling
  6. Refinement with Jaccard Similarity
  7. Token-level Clustering
  8. Template Generation
  9. Three-S-hop Chain-of-Thought Merging
  10. Experiment
  11. Implement Details
  12. Datasets
  13. Implementation and Configuration
  14. Baselines and Metrics
  15. Baselines
  16. ...and 11 more sections

Figures (6)

  • Figure 1: An example of log parsing. Logging Statement cannot be accessed in most cases. Log Message is parsed into a static Template part containing fixed keywords and a Variable part that will vary between different log messages with the same template.
  • Figure 2: Overview of our log parsing framework.
  • Figure 3: Three-S-hop Chain-of-Thought Merging Method
  • Figure 4: Comparison of group accuracy and F1 score on 16 benchmark datasets.
  • Figure 5: Execution time for various datasets.
  • ...and 1 more figures