System Log Parsing: A Survey

TL;DR

This survey comprehensively reviews log parsing techniques, categorizing existing solutions and empirically analyzing 17 open-source parsers to aid practitioners in selecting suitable tools for managing complex system logs.

Contribution

It provides an exhaustive taxonomy and empirical evaluation of 17 open-source log parsers, addressing the lack of systematic comparison in the field.

Findings

Analyzed 17 open-source log parsers both quantitatively and qualitatively.

Identified key performance and operational features of log parsers.

Discussed future challenges and research directions in log parsing.

Abstract

Modern information and communication systems have become increasingly challenging to manage. The ubiquitous system logs contain plentiful information and are thus widely exploited as an alternative source for system management. As log files usually encompass large amounts of raw data, manually analyzing them is laborious and error-prone. Consequently, many research endeavors have been devoted to automatic log analysis. However, these works typically expect structured input and struggle with the heterogeneous nature of raw system logs. Log parsing closes this gap by converting the unstructured system logs to structured records. Many parsers were proposed during the last decades to accommodate various log analysis applications. However, due to the ample solution space and lack of systematic evaluation, it is not easy for practitioners to find ready-made solutions that fit their needs. This paper aims to provide a comprehensive survey on log parsing. We begin with an exhaustive taxonomy of existing log parsers. Then we empirically analyze the critical performance and operational features for 17 open-source solutions both quantitatively and qualitatively, and whenever applicable discuss the merits of alternative approaches. We also elaborate on future challenges and discuss the relevant research directions. We envision this survey as a helpful resource for system administrators and domain experts to choose the most desirable open-source solution or implement new ones based on application-specific requirements.