AgentSkillsCN

Log Analyzer

解析并分析应用日志——提取错误模式、频率、时间线,以及可付诸行动的洞察。

SKILL.md
--- frontmatter
description: Parse and analyze application logs — extract error patterns, frequency, timelines, and actionable insights.

Log Analyzer

Parse and summarize application logs to find errors, patterns, and anomalies.

Use when analyzing log files, debugging errors, or summarizing system events.

Requirements

  • Standard Unix tools: grep, awk, sort, uniq
  • Optional: jq (for JSON logs)
  • No API keys needed

Instructions

  1. Get log source — common locations:

    bash
    # System logs
    /var/log/syslog
    /var/log/auth.log
    journalctl -u <service> --since "1 hour ago" --no-pager
    
    # Web servers
    /var/log/nginx/error.log
    /var/log/nginx/access.log
    
    # Docker
    docker logs --since 1h <container> 2>&1
    
    # Application logs
    # Ask user for path
    
  2. Quick analysis — run these in sequence:

    bash
    # File overview
    wc -l logfile
    head -1 logfile && tail -1 logfile   # time range
    
    # Error counts by level
    grep -ciE '(error|fatal|critical)' logfile
    grep -ciE '(warn|warning)' logfile
    
    # Top error patterns (deduplicated)
    grep -iE '(error|exception|fatal)' logfile | \
      sed 's/[0-9]\{4\}-[0-9]\{2\}-[0-9]\{2\}[T ][0-9:.]*//g' | \
      sed 's/\[.*\]//g' | sort | uniq -c | sort -rn | head -20
    
    # Error timeline (per hour)
    grep -iE '(error|fatal)' logfile | \
      grep -oE '[0-9]{4}-[0-9]{2}-[0-9]{2}[T ][0-9]{2}' | \
      sort | uniq -c
    
    # Recent errors with context
    grep -iE '(error|exception|fatal)' logfile | tail -30
    
  3. JSON logs (structured logging):

    bash
    cat logfile | jq -r 'select(.level == "error") | .message' | sort | uniq -c | sort -rn
    cat logfile | jq -r 'select(.level == "error") | .timestamp' | head -5  # first errors
    
  4. Output format:

    code
    📊 Log Analysis — filename.log (42,531 lines)
    Time range: 2025-01-15 00:00 → 2025-01-15 14:30
    
    ## Summary
    | Level | Count | % |
    |-------|-------|---|
    | ERROR | 67 | 0.16% |
    | WARN | 234 | 0.55% |
    | INFO | 42,230 | 99.3% |
    
    ## Top Errors
    | Count | Error Pattern |
    |-------|--------------|
    | 42 | Connection refused to db:5432 |
    | 18 | TimeoutError: request exceeded 30s |
    | 7 | OutOfMemoryError: heap space |
    
    ## Error Timeline
    | Hour | Errors | |
    |------|--------|-|
    | 14:00 | 3 | ▪ |
    | 15:00 | 47 | ▪▪▪▪▪▪▪▪▪▪▪▪▪ ⚠️ Spike |
    | 16:00 | 5 | ▪▪ |
    
    ## 🔍 Recommendations
    - [ ] Check database connectivity (42 connection refused errors)
    - [ ] Review timeout settings (18 timeouts at 30s)
    - [ ] Increase JVM heap size (7 OOM errors)
    

Edge Cases

  • Large files (>100MB): Use tail -n 10000 or --since filtering first. Never read entire file into memory.
  • Non-standard log format: Ask user about the timestamp and level format, then adapt grep patterns.
  • Binary/compressed logs: zgrep for .gz files, journalctl for systemd binary logs.
  • Multi-line stack traces: Use grep -A 5 to capture context lines after errors.
  • No timestamps: Fall back to line-number-based analysis.

Real-time Monitoring

For live monitoring, suggest:

bash
tail -f logfile | grep --line-buffered -iE '(error|fatal)'

Security Considerations

  • Log files may contain sensitive data (IPs, emails, tokens). Redact before sharing analysis.
  • Don't pipe log contents to external services.