Basic

usage:

auto analyzer = std::make_unique<realtime_log_analyzer>();
 
// Configure detection rules
analyzer->set_error_spike_threshold(50);  // 50 errors/minute
analyzer->add_pattern_alert("Connection refused", log_level::error);
analyzer->add_pattern_alert("OOM", log_level::fatal);
 
// Set callback for anomaly notifications
analyzer->set_anomaly_callback([](const anomaly_event& event) {
    switch (event.anomaly_type) {
        case anomaly_event::type::error_spike:
            send_pagerduty_alert(event.description);
            break;
        case anomaly_event::type::pattern_match:
            send_slack_notification(event.description);
            break;
    }
});