Log Analyzer Skill

Parse and analyze log files for patterns, errors, trends, and statistics.

When to Use

Γ£à USE this skill when:

"Analyze this log file"
"Find errors in logs"
"Extract patterns from logs"
"Statistics from log file"
"Count log entries by type"

When NOT to Use

Γ¥î DON'T use this skill when:

Real-time log streaming ΓåÆ use file-watcher + tail
Structured data analysis ΓåÆ use json-yaml-query
Log shipping ΓåÆ use log forwarders

Commands

Basic Analysis

{baseDir}/analyze.sh <logfile>
{baseDir}/analyze.sh /var/log/app.log
{baseDir}/analyze.sh app.log --summary

Error Analysis

{baseDir}/analyze.sh app.log --errors
{baseDir}/analyze.sh app.log --errors-only
{baseDir}/analyze.sh app.log --error-count
{baseDir}/analyze.sh app.log --error-pattern "Failed|Error|Exception"

Pattern Matching

{baseDir}/analyze.sh app.log --pattern "user: \d+"
{baseDir}/analyze.sh app.log --pattern "error|warning" --count
{baseDir}/analyze.sh app.log --pattern "Exception" --context 3

Time-based Analysis

{baseDir}/analyze.sh app.log --time-range "2024-01-01" "2024-01-02"
{baseDir}/analyze.sh app.log --last 1h
{baseDir}/analyze.sh app.log --last 24h
{baseDir}/analyze.sh app.log --hourly
{baseDir}/analyze.sh app.log --timeline

Log Formats

{baseDir}/analyze.sh access.log --format apache
{baseDir}/analyze.sh nginx.log --format nginx
{baseDir}/analyze.sh app.log --format json
{baseDir}/analyze.sh syslog --format syslog
{baseDir}/analyze.sh app.log --format custom --regex '\[(.*?)\] (\w+): (.*)'

Statistics

{baseDir}/analyze.sh app.log --stats
{baseDir}/analyze.sh app.log --count-by level
{baseDir}/analyze.sh app.log --count-by hour
{baseDir}/analyze.sh app.log --unique "ip"
{baseDir}/analyze.sh app.log --top 10 error

Options

Option	Description	Default
`--summary`	Show summary overview	false
`--errors`	Show error entries	false
`--errors-only`	Only show errors (hide others)	false
`--error-pattern REGEX`	Custom error pattern	built-in
`--pattern REGEX`	Search for pattern	None
`--count`	Count pattern matches	false
`--context N`	Show N lines of context	0
`--time-range START END`	Filter by time range	None
`--last DURATION`	Last N duration (e.g., 1h, 24h, 7d)	None
`--hourly`	Group by hour	false
`--timeline`	Show events timeline	false
`--stats`	Show statistics	false
`--count-by FIELD`	Count by field	None
`--unique FIELD`	Unique values in field	None
`--top N FIELD`	Top N values by field	None
`--format FORMAT`	Log format: apache, nginx, json, syslog, custom	auto-detect
`--regex REGEX`	Custom regex for format	None
`--output FORMAT`	Output format: text, json, csv	text

Log Formats

Apache Combined Log

127.0.0.1 - - [10/Oct/2000:13:55:36 -0700] "GET /apache_pb.gif HTTP/1.0" 200 2326

Auto-detected. Use --format apache.

Nginx Log

127.0.0.1 - - [10/Oct/2000:13:55:36 +0000] "GET / HTTP/1.1" 200 612 "-" "Mozilla/5.0"

Auto-detected. Use --format nginx.

JSON Log

{"timestamp": "2024-01-01T00:00:00Z", "level": "INFO", "message": "Started"}

Auto-detected. Use --format json.

Syslog

Jan  1 00:00:00 hostname process[pid]: message

Auto-detected. Use --format syslog.

Custom Format

Use --regex to define custom format with capture groups:

{baseDir}/analyze.sh app.log --format custom --regex '\[(.*?)\] (\w+): (.*)'

Output Examples

Summary

Log Analysis Summary: app.log
================================
Total lines:     10,000
Date range:     2024-01-01 to 2024-01-02
Log levels:     
  INFO:          8,500 (85%)
  WARNING:       1,000 (10%)
  ERROR:         500 (5%)
Top errors:      
  Connection refused: 200
  Timeout: 150
  Not found: 150

Error Analysis

ERROR [2024-01-01 10:23:45] Connection refused to database
  at Database.connect (db.js:45)
  at Application.start (app.js:23)

ERROR [2024-01-01 10:24:01] Failed to process request
  ...

Statistics (JSON)

{
  "file": "app.log",
  "total_lines": 10000,
  "date_range": {
    "start": "2024-01-01T00:00:00Z",
    "end": "2024-01-02T00:00:00Z"
  },
  "levels": {
    "INFO": 8500,
    "WARNING": 1000,
    "ERROR": 500
  },
  "top_errors": [
    {"message": "Connection refused", "count": 200},
    {"message": "Timeout", "count": 150}
  ]
}

Timeline

00:00 ΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöü 500
04:00 ΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöü 400
08:00 ΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöü 700
12:00 ΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöü 300
16:00 ΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöü 600
20:00 ΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöüΓöü 250

Examples

Quick summary:

{baseDir}/analyze.sh /var/log/app.log --summary

Find all errors:

{baseDir}/analyze.sh app.log --errors

Count log levels:

{baseDir}/analyze.sh app.log --count-by level

Top 10 IPs:

{baseDir}/analyze.sh access.log --top 10 ip

Last hour of errors:

{baseDir}/analyze.sh app.log --errors --last 1h

Extract JSON field:

{baseDir}/analyze.sh app.log --format json --unique userId

Custom pattern:

{baseDir}/analyze.sh app.log --pattern "user:\s*(\d+)" --count

Notes

Auto-detects common log formats
Handles both compressed (.gz) and uncompressed files
Can process multiple files with wildcards
Memory-efficient for large files (streaming)
Supports date filtering for most formats

log-analyzer

Log Analyzer Skill

When to Use

When NOT to Use

Commands

Basic Analysis

Error Analysis

Pattern Matching

Time-based Analysis

Log Formats

Statistics

Options

Log Formats

Apache Combined Log

Nginx Log

JSON Log

Syslog

Custom Format

Output Examples

Summary

Error Analysis

Statistics (JSON)

Timeline

Examples

Notes