IEEE Access (Jan 2024)

Landscape and Taxonomy of Online Parser-Supported Log Anomaly Detection Methods

  • Scott Lupton,
  • Hironori Washizaki,
  • Nobukazu Yoshioka,
  • Yoshiaki Fukazawa

DOI
https://doi.org/10.1109/ACCESS.2024.3387287
Journal volume & issue
Vol. 12
pp. 78193 – 78218

Abstract

Read online

As production system estates become larger and more complex, ensuring stability through traditional monitoring approaches becomes more challenging. Rule-based monitoring is common in industrial settings, but it has limitations. These include the difficulty of crafting rules capable of detecting unforeseen issues and the burden of manually maintaining rule sets. A potential solution to effectively manage complex system states is log anomaly detection. Workflows for log anomaly detection utilize several fundamental components. These include preprocessors for data cleansing, parsers to extract structured information from raw log data, encoding algorithms to convert extracted data into usable model input features, anomaly detection methods to isolate anomalous signals, and feedback mechanisms to incrementally improve model performance. This study explores the current state of research into online parser-supported log anomaly detection methods, investigates recent research trends, compares the performances of parser and anomaly detection methods using common public datasets and metrics, and assesses their performance evolution over time. Additionally, it classifies available methods using a newly introduced taxonomy, highlights current research gaps, and recommends future research directions.

Keywords