Gravwell 5.7.0 introduces Logbot, a Gravwell assistant to help understand logs. Log analysis can feel like deciphering a foreign language–tedious, time-consuming, and frustrating. While we don't have a choice on how any given vendor formats their logs, we don't have to go it alone. Logbot is here to help reduce time reading technical documentation and get right into analysis
WHAT IS LOGBOT
Logbot is Gravwell's AI offering designed to understand log entries and generate human-like text. Logbot provides natural language explanations and summarizations of log entries, making technical information better accessible to all users regardless of their technical expertise.
HOW IT WORKS
To interact with Logbot, visit Query Studio and launch a search without a renderer (which is the default output; table and chart aren't supported yet). You’ll notice a new context menu option for log entries as well as a new Logbot icon in the Query Studio toolbar.
When choosing entries to send to Logbot, you’ll have the option to either “explain” or “summarize” the entries, then your conversation with Logbot will begin. At this point, you can free-form send messages to Logbot much like you would conversational LLM assistants.
Although the conversational user experience of Logbot is similar to other assistants, Logbot is private and no information provided to Logbot is shared with third parties. See https://www.gravwell.io/privacy-policy.
REAL-WORLD USE CASE
Next, we’ll look at a real world example. Say I’m interested in what a particular user has done on a Gravwell deployment today. I launch a search like…
tag=gravwell
I find a log entry mentioning the user I’m interested in, Lain. Using data exploring features (see https://www.gravwell.io/blog/click-to-victory-in-gravwell-v-5-1) and manually writing an eval module, I refine my search query to…
tag=gravwell syslog Structured[gw@1].user == lain Structured[gw@1].url | eval !has(url)
Meaning, I filter the syslog entries in the Gravwell tag to entries associated with the user Lain. Further, I filter out entries that have a `url` field. These filtered out entries are mostly API requests Gravwell’s UI makes on behalf of the user. I’m not interested in those right now. At this point, I have five rows as a result of my search query. I enable the Logbot selection view and choose all five log entries for summarization.
I’m told Lain logged in, launched two searches, created a `windows` extractor, and logged out as well as information common between all five of the log entries.
The next time you're unsure of the contents within a log entry, give Logbot a try. You might find the exchange much faster than your usual flow of reading documentation or a secondary source. See a UDP port of 27015 in a log entry and don’t know what makes use of that port? Logbot does!
Interested in putting Logbot to work for you?
Logbot is available for Gravwell customers. Please contact your customer service rep to set up a full demo.
Logbot isn't available for Community Edition users by default. If you think this feature is amazing and you'd like to participate in beta testing for CE, please email us at info@gravwell.io and mention Logbot in the subject line.
