Demonstration-Free: Towards More Practical Log Parsing with Large Language Models

• Published in: IEEE/ACM International Conference on Automated Software Engineering : [proceedings] pp. 153 - 165
• Main Authors: Xiao, Yi, Le, Van-Hoang, Zhang, Hongyu
• Format: Conference Proceeding
• Language: English
• Published: ACM 27.10.2024
• Subjects: Batch Prompting; Data models; Large language models; Log Parsing; Software engineering; Software systems; Source coding; Training; Tuning
• ISSN: 2643-1572
• DOI: 10.1145/3691620.3694994

Log parsing, the process of converting raw log messages into structured formats, is an important initial step for automated analysis of logs of large-scale software systems. Traditional log parsers often rely on heuristics or handcrafted features, which may not generalize well across diverse log sources or require extensive model tuning. Recently, some log parsers have utilized powerful generative capabilities of large language models (LLMs). However, they heavily rely on demonstration examples, resulting in substantial overhead in LLM invocations. To address these issues, we propose LogBatcher, a cost-effective LLM-based log parser that requires no training process or labeled data. To leverage latent characteristics of log data and reduce the overhead, we divide logs into several partitions through clustering. Then we perform a cache matching process to match logs with previously parsed log templates. Finally, we provide LLMs with better prompt context specialized for log parsing by batching a group of logs from each partition. We have conducted experiments on 16 public log datasets and the results show that LogBatcher is effective and efficient for log parsing.