Search K
Appearance
Log Analyzer
Analyse any plain-text log with a single node.
Nine analysis modes let you filter, summarize, trend, and detect anomalies — without needing to know Regex (unless you want to 😄).
Works with multi-line log formats — common in Autodesk Vault, IIS, job processors, Windows Event exports, etc.
⚙ Inputs
| Label | Type | Required | Description |
|---|---|---|---|
| Log File Path | text | ✔ | Absolute path to the log file (e.g. C:\Logs\vault.log). |
| Mode | picklist | ✔ | Select analysis function.Extract Log Entries · Spike Detection · Top Talkers · Session Reconstruction · Error Rate Analysis · Event Classification Summary · Field Frequency Analysis · Trend Analysis · Event Co-Occurrence |
Mode-specific inputs
| Mode | Input | Description |
|---|---|---|
| Extract Log Entries | Keyword – contains filterRegex Pattern – advanced filterMax Results – limit results | Return a filtered list of individual lines. |
| Spike Detection | Event Keyword – triggersIdentifier Regex – capture group for the “actor” (user, IP, vault, app …)Time Window (min)Spike Threshold | Detects bursts per actor. |
| Top Talkers | Event Keyword – filterIdentifier Regex – capture actorTop N | Ranks actors by count. |
| Session Reconstruction | Identifier Regex – capture actorSession Start KeywordSession End Keyword | Builds sessions (start, end, duration). |
| Error Rate Analysis | (no inputs) | Returns error rate across all lines. |
Multi-line Event Analysis Modes (NEW)
These operate on log events, not individual lines. A new engine groups lines together by timestamp.
| Mode | Input | Description |
|---|---|---|
| Event Classification Summary | (optional) Timestamp Regex PatternInclude Flattened Output | Counts event types (auto-detected classification). |
| Field Frequency Analysis | Field Name – property key e.g. User, IP, AppTop NTimestamp Regex PatternInclude Flattened Output | Ranks values extracted from events (e.g., top users). |
| Trend Analysis | Time Bucket (minutes)Timestamp Regex PatternInclude Flattened Output | Shows event volume over time (e.g. every 1, 5, 60 minutes). |
| Event Co-Occurrence | Timestamp Regex PatternInclude Flattened Output | Shows which fields frequently appear together (relationship mapping). |
🗃 Outputs
| Name | Type | Content |
|---|---|---|
| AnalysisResult | object | Structured JSON (tables, summaries, or charts depending on mode). |
| Metadata (NEW) | object | Always includes totalEvents; includes time range if timestamps exist. |
| FlattenedEvents (NEW, optional) | array | UI-friendly rows combining message + properties (works with tables/charts). |
All existing outputs remain unchanged — backward compatible.
💻 Examples
1 — Classify Vault activity (multi-line mode)
text
Mode: Event Classification Summary
Timestamp Regex Pattern: ^\d{1,2}\/\d{1,2}\/\d{4}
Include Flattened Output: true📌 Result (grouped by first keywords)
json
[
{"eventType":"A user has signed", "count":24},
{"eventType":"File download tickets", "count":6}
]2 — Who is signing in the most?
text
Mode: Field Frequency Analysis
Field Name: User
Top N: 10
Timestamp Regex Pattern: ^\d{1,2}\/\d{1,2}\/\d{4}
Include Flattened Output: trueExample output:
json
[
{ "value":"PQ_JP_SvcAccount", "count":20 },
{ "value":"Administrator", "count":3 },
{ "value":"PQ_MV_SvcAccount","count":2 }
]3 — Trend by minute
text
Mode: Trend Analysis
Time Bucket (minutes): 1
Timestamp Regex Pattern: ^\d{1,2}\/\d{1,2}\/\d{4}Output: events per minute (chart-ready)
4 — Who does what?
text
Mode: Event Co-Occurrence
Timestamp Regex Pattern: ^\d{1,2}\/\d{1,2}\/\d{4}Result example:
json
[
{ "fieldPair":"User + IP", "count":22 },
{ "fieldPair":"User + App", "count":20 }
]5 — Top Talkers (single-line mode)
(Existing feature)
text
Event Keyword: signed into the vault
Identifier Regex: User:'(.*?)'
Top N: 3🧠 How multi-line events work (NEW)
A timestamp line begins a new event. Following lines (details, XML paths, metadata) are attached to the same event.
Automatically extracted properties include:
UserIPApp(fromApp code)FilePath- Standard key/value patterns (
key=value,key:'value')
📝 Regex quick tips
| Goal | Pattern |
|---|---|
| Capture user name | User:'(.*?)' |
| Capture IPv4 | \b(?:\d{1,3}\.){3}\d{1,3}\b |
| Detect timestamps | Use default or override |
You only need custom regex if logs use exotic timestamp formats.
⚠ Large files
This version loads the file into memory. For multi-GB logs, stream parsing mode is planned in a future update.