-
Notifications
You must be signed in to change notification settings - Fork 0
Home
Welcome to the log2seq documentation. log2seq is a customizable, ordered, regex-rule-based pipeline that parses syslog-like messages into word sequences. It splits each line into a header (timestamp, host and other metadata) and a statement (the message body), then tokenizes the body into a sequence of words and the symbols that separate them — output that is more suitable for downstream automated log analysis (for example template generation in amulog).
- Installation - install log2seq from PyPI
- Quick Start - parse a log line with the default parser and read back timestamp, host and words
The heart of log2seq is building a parser for your log format. These pages go from the whole to the parts, example first: start with how a parser is assembled and driven, then reach for the catalog of header Items and statement Actions to customize it.
-
Building a Parser - the whole picture: the two-stage flow, the role of each parser, a worked example that assembles the parts into a
LogParser, and the three ways to drive it (in code, a bundled preset, or an external parser script for the CLI) -
Header Rules - extract timestamp and host: the
Itemcatalog,separatorvsfull_formatplacement, ordered first-matchHeaderParsers, and the contract for writing your ownItem -
Statement Rules - tokenize the body: the
Actioncatalog, the(part, flag)model and why ordering matters, and the contract for writing your ownAction - Presets - the bundled parsers (default syslog/asctime, Apache error log): how to use them and what rules each applies, as worked examples of the pages above
-
Practical Patterns - authoring real parsers: choosing
separatorvsfull_format, anchoring free-form fields, multi-rule designs, full-data robustness, and using the CLI to debug a parser against sample data
-
Python API - the public surface:
LogParser,init_parser, the result-dict keys and the exceptions
For contributors working on log2seq itself (not for customizing a parser).
-
Architecture Overview - internal module responsibilities, the
LogParserorchestrator and the end-to-end data flow