A sophisticated incident investigation platform that transforms raw logs into reusable operational intelligence using AI agents and vector-based organizational memory.
- 🔬 AI-Powered Log Analysis - Automatically detect anomalies, error patterns, and correlations
- 🧠 Organizational Incident Memory - Vector database that learns from every incident
- ⏱️ Automated Timeline Generation - Build chronological incident timelines automatically
- 🔗 Code Context Correlation - Link log errors to recent code changes
- 📊 Similar Incident Search - Find and learn from past incidents
- 📄 PIR Generation - Auto-generate Post-Incident Review documents
- 💡 AI Recommendations - Get actionable remediation suggestions
| Agent | Purpose |
|---|---|
| Log Analysis Agent | Detects anomalies, error patterns, and correlations |
| Code Context Agent | Links anomalies to recent code changes |
| Timeline Agent | Builds chronological incident timeline |
| Recommendation Agent | Suggests actions based on historical data |
| PIR Generator Agent | Creates Post-Incident Review documents |
# Clone and navigate to the project
cd log-analyzer
# Copy environment template and add your API keys
cp backend/.env.example backend/.env
# Edit backend/.env and add your API keys
# Start the application
chmod +x start.sh
./start.sh# Set your API keys
export OPENAI_API_KEY=your-openai-key
# OR
export ANTHROPIC_API_KEY=your-anthropic-key
# Start all services
docker-compose up -d
# View logs
docker-compose logs -f| Service | URL |
|---|---|
| Frontend | http://localhost:3000 |
| Backend API | http://localhost:8000 |
| API Documentation | http://localhost:8000/docs |
| VictoriaLogs | http://localhost:9428 |
Create a .env file in the backend/ directory:
# LLM Provider (choose one)
LLM_PROVIDER=openai # or "anthropic"
# OpenAI Configuration
OPENAI_API_KEY=sk-your-openai-key-here
OPENAI_MODEL=gpt-4-turbo-preview
# Anthropic Configuration
ANTHROPIC_API_KEY=your-anthropic-key-here
ANTHROPIC_MODEL=claude-3-opus-20240229
# VictoriaLogs (optional - for production log ingestion)
VICTORIALOGS_URL=http://localhost:9428
# Vector Database
CHROMA_PERSIST_DIR=./data/chromadbPOST /api/v1/analyze
{
"escalation": {
"service": "payment-service",
"severity": "P1",
"summary": "Payment gateway timeout",
"start_time": "2024-01-15T10:23:00Z"
},
"raw_logs": "... your logs here ...",
"include_similar": true,
"generate_pir": true
}POST /api/v1/search-similar
{
"query": "database connection timeout",
"top_k": 5,
"filter_service": "api-gateway"
}POST /api/v1/upload-logs
# Form data:
# - file: (log file)
# - service: payment-service
# - severity: P2
# - summary: Error investigationGET /api/v1/demo-logs
# Returns sample logs for testing┌─────────────────────────────────────────────────────────────┐
│ Frontend (React) │
│ http://localhost:3000 │
└─────────────────────────┬───────────────────────────────────┘
│
┌─────────────────────────▼───────────────────────────────────┐
│ Backend API (FastAPI) │
│ http://localhost:8000 │
│ ┌─────────────────────────────────────────────────────┐ │
│ │ Agent Orchestrator │ │
│ │ ┌──────────┐ ┌──────────┐ ┌──────────┐ │ │
│ │ │ Log │ │ Code │ │ Timeline │ │ │
│ │ │ Analysis │ │ Context │ │ Agent │ │ │
│ │ └──────────┘ └──────────┘ └──────────┘ │ │
│ │ ┌──────────┐ ┌──────────┐ │ │
│ │ │ Recom- │ │ PIR │ │ │
│ │ │ mendation│ │Generator │ │ │
│ │ └──────────┘ └──────────┘ │ │
│ └─────────────────────────────────────────────────────┘ │
└────────────┬──────────────────────────┬─────────────────────┘
│ │
┌────────────▼────────────┐ ┌──────────▼──────────────────────┐
│ VictoriaLogs │ │ ChromaDB │
│ (Log Storage/Query) │ │ (Incident Memory) │
│ http://localhost:9428 │ │ Vector Embeddings │
└─────────────────────────┘ └─────────────────────────────────┘
- Navigate to Analyze Logs in the sidebar
- Enter incident details (service, severity, summary)
- Paste your logs or use the demo data
- Click Analyze Incident
- Review results across tabs: Overview, Agents, Timeline, Similar Incidents, PIR
- Navigate to Incident Memory in the sidebar
- Enter a search query (e.g., "database connection pool exhausted")
- Review similar past incidents
- Learn from previous root causes and resolutions
- Navigate to Upload Logs in the sidebar
- Drag and drop your
.log,.txt, or.jsonfile - Fill in service details
- Click Analyze File
log-analyzer/
├── backend/
│ ├── main.py # FastAPI application & agents
│ ├── requirements.txt # Python dependencies
│ ├── Dockerfile # Backend container
│ └── .env.example # Environment template
├── frontend/
│ └── index.html # React SPA
├── docker-compose.yml # Full stack deployment
├── start.sh # Local development script
└── README.md # This file
- Create a new agent class extending
BaseAgent - Implement the
execute()method - Add to
AgentOrchestrator.agentsdictionary - Wire into the investigation pipeline
class MyCustomAgent(BaseAgent):
def __init__(self, llm: LLMClient):
super().__init__("My Custom Agent", llm)
async def execute(self, context: Dict[str, Any]) -> Dict[str, Any]:
# Your agent logic here
return {"result": "..."}- API keys are stored locally in
.envfiles - Never commit
.envfiles to version control - Use environment variables in production
- VictoriaLogs access should be restricted in production
- Slack / PagerDuty integration
- Real-time log streaming analysis
- Metrics + logs correlation (VictoriaMetrics)
- Automated blast radius prediction
- Feedback loop for recommendation improvement
- Multi-tenant support
- SSO integration
MIT License - See LICENSE file for details.
- Fork the repository
- Create a feature branch
- Commit your changes
- Push to the branch
- Open a Pull Request
Built with ❤️ using FastAPI, React, ChromaDB, and VictoriaLogs