DivLog: Log parsing with prompt enhanced in-context learning

Author

Junjielong XU
Ruichun YANG
Yintong HUO, Singapore Management UniversityFollow
Chengyu ZHANG
Pinjia HE

Publication Type

Conference Proceeding Article

Version

publishedVersion

Publication Date

12-2024

Abstract

Log parsing, which involves log template extraction from semistructured logs to produce structured logs, is the first and the most critical step in automated log analysis. However, current log parsers suffer from limited effectiveness for two reasons. First, traditional data-driven log parsers solely rely on heuristics or handcrafted features designed by domain experts, which may not consistently perform well on logs from diverse systems. Second, existing supervised log parsers require model tuning, which is often limited to fixed training samples and causes sub-optimal performance across the entire log source. To address this limitation, we propose DivLog, an effective log parsing framework based on the in-context learning (ICL) ability of large language models (LLMs). Specifically, before log parsing, DivLog samples a small amount of offline logs as candidates by maximizing their diversity. Then, during log parsing, DivLog selects five appropriate labeled candidates as examples for each target log and constructs them into a prompt. By mining the semantics of examples in the prompt, DivLog generates a target log template in a training-free manner. In addition, we design a straightforward yet effective prompt format to extract the output and enhance the quality of the generated log templates. We conducted experiments on 16 widely-used public datasets. The results show that DivLog achieves (1) 98.1% Parsing Accuracy, (2) 92.1% Precision Template Accuracy, and (3) 92.9% Recall Template Accuracy on average, exhibiting state-of-the-art performance.

Keywords

Log Parsing, Large Language Model, In-Context Learning

Discipline

Programming Languages and Compilers | Software Engineering

Research Areas

Intelligent Systems and Optimization

Areas of Excellence

Digital transformation

Publication

ICSE '24: Proceedings of the IEEE/ACM 46th International Conference on Software Engineering, Lisbon, Portugal, 2024 April 14-20

First Page

1

Last Page

12

Identifier

10.1145/3597503.3639155

Publisher

ACM

City or Country

New York

Citation

XU, Junjielong; YANG, Ruichun; HUO, Yintong; ZHANG, Chengyu; and HE, Pinjia. DivLog: Log parsing with prompt enhanced in-context learning. (2024). ICSE '24: Proceedings of the IEEE/ACM 46th International Conference on Software Engineering, Lisbon, Portugal, 2024 April 14-20. 1-12.
Available at: https://ink.library.smu.edu.sg/sis_research/10674

Creative Commons License

This work is licensed under a Creative Commons Attribution-NonCommercial-No Derivative Works 4.0 International License.

Additional URL

https://doi.org/10.1145/3597503.3639155