## Tutorial: Use Log Anomaly Detection Application

LogAI supports configuration files in `.json` or `.yaml`.
Below is a sample `log_anomaly_detection_config.json` configruation for anomaly detection application.

In [24]:
json_config = """{
      "open_set_data_loader_config": {
        "dataset_name": "HDFS",
        "filepath": "../datasets/HDFS_5000.log"
      },
      "preprocessor_config": {
          "custom_delimiters_regex":[]
      },
      "log_parser_config": {
        "parsing_algorithm": "drain",
        "parsing_algo_params": {
          "sim_th": 0.5,
          "depth": 5
        }
      },
      "feature_extractor_config": {
          "group_by_category": ["Level"],
          "group_by_time": "1s"
      },
      "log_vectorizer_config": {
          "algo_name": "word2vec"
      },
      "categorical_encoder_config": {
          "name": "label_encoder"
      },
      "anomaly_detection_config": {
          "algo_name": "one_class_svm"
      }
}
"""

json_file = './log_anomaly_detection_config.json'
with open(json_file, 'w') as f:
    f.write(json_config)


Then to run log anomaly detection. You can simply create below python script:

In [25]:
import os

from logai.applications.log_anomaly_detection import LogAnomalyDetection
from logai.applications.application_interfaces import WorkFlowConfig
import json

# path to json configuration file
json_config = os.path.join(".", "log_anomaly_detection_config.json")

# Create log anomaly detection application workflow configuration
with open(json_config, 'r') as f:
    config = json.load(f)

workflow_config = WorkFlowConfig.from_dict(config)

# Create LogAnomalyDetection Application for given workflow_config
app = LogAnomalyDetection(workflow_config)

# Execute App
app.execute()

Then you can check anomaly detection results by calling `app.anomaly_results`.

In [19]:
app.anomaly_results.head(5)

Unnamed: 0,logline,_id,is_anomaly,Level,timestamp,group_id
2,dfs.DataNode$DataXceiver: Receiving block blk_...,2,True,INFO,2008-11-09 20:35:19,1
3,dfs.DataNode$DataXceiver: Receiving block blk_...,3,True,INFO,2008-11-09 20:35:19,1
4,dfs.DataNode$PacketResponder: PacketResponder ...,4,True,INFO,2008-11-09 20:35:19,1
5,dfs.DataNode$PacketResponder: PacketResponder ...,5,True,INFO,2008-11-09 20:35:19,1
6,dfs.DataNode$PacketResponder: Received block b...,6,True,INFO,2008-11-09 20:35:19,1
