The problem

Logs are noisy and high-volume; finding anomalies (error bursts, new patterns, semantic outliers) without a clear pipeline is slow. Teams need a lightweight, library-style toolkit that handles parsing, template extraction, and several detection strategies in one place.

The solution

SignalGuard Logs (signalguard-aiops) is a modular Python toolkit: parse logs (regex or JSON), extract templates (Drain-style), build TF-IDF features, and run detectors for error bursts, new templates, and semantic anomalies (Isolation Forest). High-level β€œrecipes” combine these for ready-to-use log health checks.

Without SignalGuard Logs

Ad-hoc scripts or heavy platforms; no single library for parsing + templates + multiple anomaly detectors.

With SignalGuard Logs

One package: LogRecord/LogStream, parsers, template extraction, burst/new-pattern/semantic detectors, and recipes.

What it does

  • Log parsing – Regex and JSON parsers; unified LogRecord / LogStream.
  • Template extraction – Naive Drain-style; mask numbers, hex, IDs for pattern grouping.
  • Feature engineering – TF-IDF, template frequency, token masking.
  • Detectors – Error burst (volume spikes), new template (pattern drift), semantic Isolation Forest.
  • Recipes – ErrorBurstRecipe, NewErrorPatternRecipe, CombinedLogHealthRecipe.

Tech stack

Python, numpy, pandas, scikit-learn (TF-IDF, Isolation Forest). Installable package with examples and tests.

Next steps

Roadmap & ideas

  • BERT/sentence-transformers for semantic embeddings; Drain3 or IPLoM for templates.
  • Integration with Loki, Elastic, OpenSearch.
  • Correlate log anomalies with SignalGuard metrics (cross-signal AIOps).
GitHub – signalguard-aiops Documentation Back to projects