Skip to content
sat edited this page Jun 26, 2026 · 3 revisions

log2seq Wiki

Welcome to the log2seq documentation. log2seq is a customizable, ordered, regex-rule-based pipeline that parses syslog-like messages into word sequences. It splits each line into a header (timestamp, host and other metadata) and a statement (the message body), then tokenizes the body into a sequence of words and the symbols that separate them — output that is more suitable for downstream automated log analysis (for example template generation in amulog).

Getting Started

  • Installation - install log2seq from PyPI
  • Quick Start - parse a log line with the default parser and read back timestamp, host and words

Guide

The heart of log2seq is building a parser for your log format. These pages go from the whole to the parts, example first: start with how a parser is assembled and driven, then reach for the catalog of header Items and statement Actions to customize it.

  • Building a Parser - the whole picture: the two-stage flow, the role of each parser, a worked example that assembles the parts into a LogParser, and the three ways to drive it (in code, a bundled preset, or an external parser script for the CLI)
  • Header Rules - extract timestamp and host: the Item catalog, separator vs full_format placement, ordered first-match HeaderParsers, and the contract for writing your own Item
  • Statement Rules - tokenize the body: the Action catalog, the (part, flag) model and why ordering matters, and the contract for writing your own Action
  • Presets - the bundled parsers (default syslog/asctime, Apache error log): how to use them and what rules each applies, as worked examples of the pages above
  • Practical Patterns - authoring real parsers: choosing separator vs full_format, anchoring free-form fields, multi-rule designs, full-data robustness, and using the CLI to debug a parser against sample data

Reference

  • Python API - the public surface: LogParser, init_parser, the result-dict keys and the exceptions

Developer Documentation

For contributors working on log2seq itself (not for customizing a parser).

  • Architecture Overview - internal module responsibilities, the LogParser orchestrator and the end-to-end data flow

Clone this wiki locally