Log Analyzer Node

Analyse any plain-text log with a single node. Five analysis modes let you filter, aggregate and detect anomalies without writing code or Regex by hand (unless you want to).

⚙ Inputs

Label	Type	Required	Description
Log File Path	text	✔	Absolute path to the log file (e.g. C:\Logs\vault.log).
Mode	picklist	✔	What kind of analysis to run. Extract Log Entries · Spike Detection · Top Talkers · Session Reconstruction · Error Rate Analysis

Mode-specific inputs

Mode	Input	Description
Extract Log Entries	Keyword – simple contains filter Regex Pattern – advanced match Max Results – stop after n lines	Returns a list of matched log lines.
Spike Detection	Event Keyword – required trigger Identifier Regex – capture group for the “actor” (user/IP/vault …) Time Window (min) Spike Threshold	Flags bursts of activity per actor.
Top Talkers	Event Keyword – counter filter Identifier Regex – capture actor Top N – how many to return	Ranks actors by event count.
Session Reconstruction	Identifier Regex – capture actor Session Start Keyword Session End Keyword	Outputs sessions with start/end/duration.
Error Rate Analysis	(no extra inputs)	Returns totalLines, errorLines, errorRate (0–1).

---

🗃 Outputs

Name	Type	Content
AnalysisResult	object	JSON structure varies by mode (examples below).
Task Status	internal	Completed, Fail, or custom error text.

---

💻 Examples

1 – Extract only ERROR lines

Mode:              Extract Log Entries
Keyword:           ERROR
Regex Pattern:     .*             # optional
Max Results:       100

Result

[
  "2025-06-17 12:52:53 PM Error: Soap Exception …",
  "2025-06-17 12:52:54 PM Error: Soap Exception …",
  …
]

2 – Detect duplicate-event spikes

(≥ 2 “DuplicateQueuedEvent” within 1 minute)

Mode:              Spike Detection
Event Keyword:     DuplicateQueuedEvent
Identifier Regex:  mesg-id = (\\d+)
Time Window:       1
Spike Threshold:   2

Result

[
  {
    "actor": "638857615732635387",
    "event": "DuplicateQueuedEvent",
    "count": 6,
    "windowStart": "2025-06-17T12:52:53Z",
    "windowEnd":   "2025-06-17T12:53:53Z"
  }
]

3 – Top 3 busiest vaults

Mode:              Top Talkers
Event Keyword:     Begin executing event
Identifier Regex:  vault '(.*?)'
Top N:             3

Result

[
  {"Actor":"Drawing Approval", "Count":8},
  {"Actor":"Drawing Approval2","Count":8},
  {"Actor":"Vault",            "Count":6}
]

4 – Reconstruct job runtimes

Mode:                     Session Reconstruction
Identifier Regex:         vault '(.*?)'
Session Start Keyword:    Begin executing event
Session End Keyword:      End executing event

Result

[
  {
    "actor":"Vault",
    "start":"2025-06-17T01:00:18Z",
    "end":"2025-06-17T01:00:18Z",
    "durationSeconds":0
  },
  …
]

5 – Overall error rate

Mode:  Error Rate Analysis

Result

{
  "totalLines": 68,
  "errorLines": 6,
  "errorRate": 0.088
}

📝 Regex quick tips

Capture group → wrap in ( … ); the first group is used as actor. Example : vault '(.*?)' ➜ captures Vault, Drawing Approval, …

Escape [ and ] → \[ \] in the UI (double back-slash).

⚠ Large files

The node currently loads the entire file into memory. For multi-GB logs, stream processing is recommended – coming in a future version.