A sophisticated incident investigation platform that transforms raw logs into reusable operational intelligence using AI agents and vector-based organizational memory.
- π¬ AI-Powered Log Analysis - Automatically detect anomalies, error patterns, and correlations
- π§ Organizational Incident Memory - Vector database that learns from every incident
- β±οΈ Automated Timeline Generation - Build chronological incident timelines automatically
- π Code Context Correlation - Link log errors to recent code changes
- π Similar Incident Search - Find and learn from past incidents
- π PIR Generation - Auto-generate Post-Incident Review documents
- π‘ AI Recommendations - Get actionable remediation suggestions
| Agent | Purpose |
|---|---|
| Log Analysis Agent | Detects anomalies, error patterns, and correlations |
| Code Context Agent | Links anomalies to recent code changes |
| Timeline Agent | Builds chronological incident timeline |
| Recommendation Agent | Suggests actions based on historical data |
| PIR Generator Agent | Creates Post-Incident Review documents |
# Clone and navigate to the project
cd log-analyzer
# Copy environment template and add your API keys
cp backend/.env.example backend/.env
# Edit backend/.env and add your API keys
# Start the application
chmod +x start.sh
./start.sh# Set your API keys
export OPENAI_API_KEY=your-openai-key
# OR
export ANTHROPIC_API_KEY=your-anthropic-key
# Start all services
docker-compose up -d
# View logs
docker-compose logs -f| Service | URL |
|---|---|
| Frontend | http://localhost:3000 |
| Backend API | http://localhost:8000 |
| API Documentation | http://localhost:8000/docs |
| VictoriaLogs | http://localhost:9428 |
Create a .env file in the backend/ directory:
# LLM Provider (choose one)
LLM_PROVIDER=openai # or "anthropic"
# OpenAI Configuration
OPENAI_API_KEY=sk-your-openai-key-here
OPENAI_MODEL=gpt-4-turbo-preview
# Anthropic Configuration
ANTHROPIC_API_KEY=your-anthropic-key-here
ANTHROPIC_MODEL=claude-3-opus-20240229
# VictoriaLogs (optional - for production log ingestion)
VICTORIALOGS_URL=http://localhost:9428
# Vector Database
CHROMA_PERSIST_DIR=./data/chromadbPOST /api/v1/analyze
{
"escalation": {
"service": "payment-service",
"severity": "P1",
"summary": "Payment gateway timeout",
"start_time": "2024-01-15T10:23:00Z"
},
"raw_logs": "... your logs here ...",
"include_similar": true,
"generate_pir": true
}POST /api/v1/search-similar
{
"query": "database connection timeout",
"top_k": 5,
"filter_service": "api-gateway"
}POST /api/v1/upload-logs
# Form data:
# - file: (log file)
# - service: payment-service
# - severity: P2
# - summary: Error investigationGET /api/v1/demo-logs
# Returns sample logs for testingβββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββββ
β Frontend (React) β
β http://localhost:3000 β
βββββββββββββββββββββββββββ¬ββββββββββββββββββββββββββββββββββββ
β
βββββββββββββββββββββββββββΌββββββββββββββββββββββββββββββββββββ
β Backend API (FastAPI) β
β http://localhost:8000 β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
β β Agent Orchestrator β β
β β ββββββββββββ ββββββββββββ ββββββββββββ β β
β β β Log β β Code β β Timeline β β β
β β β Analysis β β Context β β Agent β β β
β β ββββββββββββ ββββββββββββ ββββββββββββ β β
β β ββββββββββββ ββββββββββββ β β
β β β Recom- β β PIR β β β
β β β mendationβ βGenerator β β β
β β ββββββββββββ ββββββββββββ β β
β βββββββββββββββββββββββββββββββββββββββββββββββββββββββ β
ββββββββββββββ¬βββββββββββββββββββββββββββ¬ββββββββββββββββββββββ
β β
ββββββββββββββΌβββββββββββββ ββββββββββββΌβββββββββββββββββββββββ
β VictoriaLogs β β ChromaDB β
β (Log Storage/Query) β β (Incident Memory) β
β http://localhost:9428 β β Vector Embeddings β
βββββββββββββββββββββββββββ βββββββββββββββββββββββββββββββββββ
- Navigate to Analyze Logs in the sidebar
- Enter incident details (service, severity, summary)
- Paste your logs or use the demo data
- Click Analyze Incident
- Review results across tabs: Overview, Agents, Timeline, Similar Incidents, PIR
- Navigate to Incident Memory in the sidebar
- Enter a search query (e.g., "database connection pool exhausted")
- Review similar past incidents
- Learn from previous root causes and resolutions
- Navigate to Upload Logs in the sidebar
- Drag and drop your
.log,.txt, or.jsonfile - Fill in service details
- Click Analyze File
log-analyzer/
βββ backend/
β βββ main.py # FastAPI application & agents
β βββ requirements.txt # Python dependencies
β βββ Dockerfile # Backend container
β βββ .env.example # Environment template
βββ frontend/
β βββ index.html # React SPA
βββ docker-compose.yml # Full stack deployment
βββ start.sh # Local development script
βββ README.md # This file
- Create a new agent class extending
BaseAgent - Implement the
execute()method - Add to
AgentOrchestrator.agentsdictionary - Wire into the investigation pipeline
class MyCustomAgent(BaseAgent):
def __init__(self, llm: LLMClient):
super().__init__("My Custom Agent", llm)
async def execute(self, context: Dict[str, Any]) -> Dict[str, Any]:
# Your agent logic here
return {"result": "..."}- API keys are stored locally in
.envfiles - Never commit
.envfiles to version control - Use environment variables in production
- VictoriaLogs access should be restricted in production
- Slack / PagerDuty integration
- Real-time log streaming analysis
- Metrics + logs correlation (VictoriaMetrics)
- Automated blast radius prediction
- Feedback loop for recommendation improvement
- Multi-tenant support
- SSO integration
MIT License - See LICENSE file for details.
- Fork the repository
- Create a feature branch
- Commit your changes
- Push to the branch
- Open a Pull Request
Built with β€οΈ using FastAPI, React, ChromaDB, and VictoriaLogs