kcenon::logger::analysis::realtime_log_analyzer Class Reference

Real-time log analyzer with anomaly detection. More...

#include <realtime_log_analyzer.h>

Collaboration diagram for kcenon::logger::analysis::realtime_log_analyzer:

Classes
struct	statistics
	Get current statistics. More...
struct	timestamped_entry

Public Types
using	anomaly_callback = std::function<void(const anomaly_event&)>
	Callback type for anomaly notifications.

Public Member Functions
	realtime_log_analyzer ()=default
	Default constructor.
	realtime_log_analyzer (const realtime_analysis_config &config)
	Constructor with configuration.
void	set_anomaly_callback (anomaly_callback cb)
	Set the anomaly callback.
void	analyze (const analyzed_log_entry &entry)
	Analyze a log entry in real-time.
void	set_error_spike_threshold (size_t errors_per_minute)
	Set error spike threshold.
void	add_pattern_alert (const std::string &pattern, log_level min_level)
	Add a pattern-based alert.
bool	remove_pattern_alert (const std::string &pattern)
	Remove a pattern alert.
void	clear_pattern_alerts ()
	Clear all pattern alerts.
void	set_rate_thresholds (size_t high_threshold, size_t low_threshold=0)
	Set rate anomaly thresholds.
void	set_track_new_errors (bool enable)
	Enable or disable new error tracking.
double	get_error_rate () const
	Get current error rate (errors per minute)
double	get_log_rate () const
	Get current log rate (logs per minute)
statistics	get_statistics () const
void	reset ()
	Reset all statistics and tracked state.
const realtime_analysis_config &	get_config () const
	Get the configuration.
void	set_config (const realtime_analysis_config &config)
	Set the configuration.

Private Member Functions
void	add_to_window (const analyzed_log_entry &entry, std::chrono::system_clock::time_point now)
double	calculate_rate (const std::deque< timestamped_entry > &window) const
void	check_error_spike (const analyzed_log_entry &entry, std::chrono::system_clock::time_point now)
void	check_pattern_alerts (const analyzed_log_entry &entry, std::chrono::system_clock::time_point now)
void	check_rate_anomaly (std::chrono::system_clock::time_point now)
void	check_new_error_type (const analyzed_log_entry &entry, std::chrono::system_clock::time_point now)
void	collect_related_entries (anomaly_event &event, const std::deque< timestamped_entry > &window) const
void	notify_anomaly (const anomaly_event &event)

Static Private Member Functions
static void	cleanup_window (std::deque< timestamped_entry > &window, std::chrono::system_clock::time_point cutoff)
static std::string	normalize_error_message (const std::string &message)

Private Attributes
realtime_analysis_config	config_
anomaly_callback	callback_
std::shared_mutex	callback_mutex_
std::deque< timestamped_entry >	log_window_
std::deque< timestamped_entry >	error_window_
std::deque< double >	baseline_rates_
std::shared_mutex	window_mutex_
std::vector< pattern_alert >	patterns_
std::shared_mutex	patterns_mutex_
std::unordered_set< std::string >	known_errors_
std::shared_mutex	errors_mutex_
std::chrono::system_clock::time_point	last_rate_check_
std::chrono::system_clock::time_point	last_spike_alert_
std::shared_mutex	rate_limit_mutex_
std::atomic< size_t >	total_analyzed_ {0}
std::atomic< size_t >	total_errors_ {0}
std::atomic< size_t >	anomalies_detected_ {0}
std::atomic< size_t >	error_spikes_ {0}
std::atomic< size_t >	pattern_matches_ {0}
std::atomic< size_t >	rate_anomalies_ {0}
std::atomic< size_t >	new_error_types_ {0}
std::shared_mutex	stats_mutex_

Detailed Description

Real-time log analyzer with anomaly detection.

The realtime_log_analyzer class provides real-time analysis of log entries during the logging process. Unlike the post-hoc log_analyzer, this class is designed to detect anomalies as they occur and trigger callbacks for immediate alerting.

Key features:

• Sliding window for rate calculation
• Error spike detection
• Pattern-based alerting with regex support
• Rate anomaly detection (high/low rate alerts)
• New error type tracking
• Thread-safe for concurrent logging

Note

This class is designed to have minimal performance impact (< 5% overhead) on the logging pipeline.

Since

3.2.0

Definition at line 138 of file realtime_log_analyzer.h.

Member Typedef Documentation

anomaly_callback

using kcenon::logger::analysis::realtime_log_analyzer::anomaly_callback = std::function<void(const anomaly_event&)>

Callback type for anomaly notifications.

Examples

/home/runner/work/logger_system/logger_system/include/kcenon/logger/core/logger_builder.h.

Definition at line 143 of file realtime_log_analyzer.h.

Constructor & Destructor Documentation

realtime_log_analyzer() [1/2]

kcenon::logger::analysis::realtime_log_analyzer::realtime_log_analyzer ( )

default

Default constructor.

realtime_log_analyzer() [2/2]

kcenon::logger::analysis::realtime_log_analyzer::realtime_log_analyzer ( const realtime_analysis_config & config )

inlineexplicit

Constructor with configuration.

Parameters

config

Analysis configuration

Definition at line 154 of file realtime_log_analyzer.h.

        : config_(config) {}

Member Function Documentation

add_pattern_alert()

void kcenon::logger::analysis::realtime_log_analyzer::add_pattern_alert ( const std::string & pattern, log_level min_level )

inline

Add a pattern-based alert.

Parameters

pattern	Regex pattern to match against log messages
min_level	Minimum log level for this pattern to trigger

Definition at line 219 of file realtime_log_analyzer.h.

                                                                          {
        std::unique_lock lock(patterns_mutex_);
        patterns_.emplace_back(pattern, min_level);
    }

References patterns_, and patterns_mutex_.

add_to_window()

void kcenon::logger::analysis::realtime_log_analyzer::add_to_window ( const analyzed_log_entry & entry, std::chrono::system_clock::time_point now )

inlineprivate

Definition at line 367 of file realtime_log_analyzer.h.

                                                            {
        std::unique_lock lock(window_mutex_);
 
        // Add to log window
        log_window_.push_back({now, entry});
 
        // Add to error window if error/fatal
        if (entry.level == log_level::error ||
            entry.level == log_level::fatal) {
            error_window_.push_back({now, entry});
        }
 
        // Clean up old entries
        auto cutoff = now - config_.window_duration;
        cleanup_window(log_window_, cutoff);
        cleanup_window(error_window_, cutoff);
 
        // Update statistics
        total_analyzed_.fetch_add(1, std::memory_order_relaxed);
        if (entry.level == log_level::error ||
            entry.level == log_level::fatal) {
            total_errors_.fetch_add(1, std::memory_order_relaxed);
        }
    }

References cleanup_window(), config_, error_window_, kcenon::logger::analysis::analyzed_log_entry::level, log_window_, total_analyzed_, total_errors_, kcenon::logger::analysis::realtime_analysis_config::window_duration, and window_mutex_.

Referenced by analyze().

Here is the call graph for this function:

Here is the caller graph for this function:

analyze()

void kcenon::logger::analysis::realtime_log_analyzer::analyze ( const analyzed_log_entry & entry )

inline

Analyze a log entry in real-time.

Parameters

entry

The log entry to analyze

This method should be called for each log entry during logging. It performs all configured detection checks and may trigger the anomaly callback.

Thread-safe: Multiple threads can call this method concurrently.

Definition at line 178 of file realtime_log_analyzer.h.

                                                  {
        auto now = std::chrono::system_clock::now();
 
        // Add to sliding window
        add_to_window(entry, now);
 
        // Check for error spike
        if (entry.level == log_level::error ||
            entry.level == log_level::fatal) {
            check_error_spike(entry, now);
        }
 
        // Check pattern alerts
        check_pattern_alerts(entry, now);
 
        // Check rate anomaly
        if (config_.enable_rate_anomaly_detection) {
            check_rate_anomaly(now);
        }
 
        // Track new error types
        if (config_.track_new_errors &&
            (entry.level == log_level::error ||
             entry.level == log_level::fatal)) {
            check_new_error_type(entry, now);
        }
    }

References add_to_window(), check_error_spike(), check_new_error_type(), check_pattern_alerts(), check_rate_anomaly(), config_, kcenon::logger::analysis::realtime_analysis_config::enable_rate_anomaly_detection, kcenon::logger::analysis::analyzed_log_entry::level, and kcenon::logger::analysis::realtime_analysis_config::track_new_errors.

Here is the call graph for this function:

calculate_rate()

double kcenon::logger::analysis::realtime_log_analyzer::calculate_rate ( const std::deque< timestamped_entry > & window ) const

inlineprivate

Definition at line 400 of file realtime_log_analyzer.h.

                                                                           {
        if (window.empty()) return 0.0;
 
        auto duration = std::chrono::duration_cast<std::chrono::seconds>(
            config_.window_duration).count();
        if (duration == 0) duration = 60;
 
        return static_cast<double>(window.size()) * 60.0 / duration;
    }

References config_, and kcenon::logger::analysis::realtime_analysis_config::window_duration.

Referenced by check_error_spike(), check_rate_anomaly(), get_error_rate(), and get_log_rate().

Here is the caller graph for this function:

check_error_spike()

void kcenon::logger::analysis::realtime_log_analyzer::check_error_spike ( const analyzed_log_entry & entry, std::chrono::system_clock::time_point now )

inlineprivate

Definition at line 410 of file realtime_log_analyzer.h.

                                                               {
        std::shared_lock lock(window_mutex_);
 
        double current_rate = calculate_rate(error_window_);
 
        if (current_rate >= static_cast<double>(config_.error_spike_threshold)) {
            // Rate limit: don't alert more than once per minute
            {
                std::shared_lock rate_lock(rate_limit_mutex_);
                if (now - last_spike_alert_ < std::chrono::minutes(1)) {
                    return;
                }
            }
 
            lock.unlock();  // Release before callback
 
            // Update last alert time
            {
                std::unique_lock rate_lock(rate_limit_mutex_);
                last_spike_alert_ = now;
            }
 
            anomaly_event event;
            event.anomaly_type = anomaly_event::type::error_spike;
            event.detected_at = now;
            event.description = "Error spike detected: " +
                std::to_string(static_cast<size_t>(current_rate)) +
                " errors/minute (threshold: " +
                std::to_string(config_.error_spike_threshold) + ")";
            event.current_count = static_cast<size_t>(current_rate);
            event.threshold = config_.error_spike_threshold;
 
            // Collect related entries
            {
                std::shared_lock entries_lock(window_mutex_);
                collect_related_entries(event, error_window_);
            }
 
            notify_anomaly(event);
            error_spikes_.fetch_add(1, std::memory_order_relaxed);
        }
    }

References kcenon::logger::analysis::anomaly_event::anomaly_type, calculate_rate(), collect_related_entries(), config_, kcenon::logger::analysis::anomaly_event::error_spike, kcenon::logger::analysis::realtime_analysis_config::error_spike_threshold, error_spikes_, error_window_, last_spike_alert_, notify_anomaly(), rate_limit_mutex_, and window_mutex_.

Referenced by analyze().

Here is the call graph for this function:

Here is the caller graph for this function:

check_new_error_type()

void kcenon::logger::analysis::realtime_log_analyzer::check_new_error_type ( const analyzed_log_entry & entry, std::chrono::system_clock::time_point now )

inlineprivate

Definition at line 534 of file realtime_log_analyzer.h.

                                                                  {
        // Normalize error message (remove numbers, timestamps, etc.)
        std::string normalized = normalize_error_message(entry.message);
 
        {
            std::shared_lock lock(errors_mutex_);
            if (known_errors_.contains(normalized)) {
                return;  // Already seen this error type
            }
        }
 
        // New error type detected
        {
            std::unique_lock lock(errors_mutex_);
            known_errors_.insert(normalized);
        }
 
        anomaly_event event;
        event.anomaly_type = anomaly_event::type::new_error_type;
        event.detected_at = now;
        event.description = "New error type detected: " + entry.message;
        event.related_entries.push_back(entry);
 
        notify_anomaly(event);
        new_error_types_.fetch_add(1, std::memory_order_relaxed);
    }

References kcenon::logger::analysis::anomaly_event::anomaly_type, errors_mutex_, known_errors_, kcenon::logger::analysis::analyzed_log_entry::message, kcenon::logger::analysis::anomaly_event::new_error_type, new_error_types_, normalize_error_message(), and notify_anomaly().

Referenced by analyze().

Here is the call graph for this function:

Here is the caller graph for this function:

check_pattern_alerts()

void kcenon::logger::analysis::realtime_log_analyzer::check_pattern_alerts ( const analyzed_log_entry & entry, std::chrono::system_clock::time_point now )

inlineprivate

Definition at line 454 of file realtime_log_analyzer.h.

                                                                  {
        std::shared_lock lock(patterns_mutex_);
 
        for (const auto& alert : patterns_) {
            // Check level threshold
            if (static_cast<int>(entry.level) < static_cast<int>(alert.min_level)) {
                continue;
            }
 
            // Check pattern match
            if (std::regex_search(entry.message, alert.compiled_pattern)) {
                lock.unlock();  // Release before callback
 
                anomaly_event event;
                event.anomaly_type = anomaly_event::type::pattern_match;
                event.detected_at = now;
                event.pattern = alert.pattern;
                event.description = "Pattern '" + alert.pattern +
                    "' matched in log message: " + entry.message;
                event.related_entries.push_back(entry);
 
                notify_anomaly(event);
                pattern_matches_.fetch_add(1, std::memory_order_relaxed);
                return;  // Only report first match per entry
            }
        }
    }

References kcenon::logger::analysis::anomaly_event::anomaly_type, kcenon::logger::analysis::analyzed_log_entry::level, kcenon::logger::analysis::analyzed_log_entry::message, notify_anomaly(), kcenon::logger::analysis::anomaly_event::pattern_match, pattern_matches_, patterns_, and patterns_mutex_.

Referenced by analyze().

Here is the call graph for this function:

Here is the caller graph for this function:

check_rate_anomaly()

void kcenon::logger::analysis::realtime_log_analyzer::check_rate_anomaly ( std::chrono::system_clock::time_point now )

inlineprivate

Definition at line 483 of file realtime_log_analyzer.h.

                                                                 {
        // Rate limit rate anomaly checks to once per 10 seconds
        {
            std::shared_lock rate_lock(rate_limit_mutex_);
            if (now - last_rate_check_ < std::chrono::seconds(10)) {
                return;
            }
        }
        {
            std::unique_lock rate_lock(rate_limit_mutex_);
            last_rate_check_ = now;
        }
 
        std::shared_lock lock(window_mutex_);
        double current_rate = calculate_rate(log_window_);
        lock.unlock();
 
        // Check high rate
        if (current_rate >= static_cast<double>(config_.rate_anomaly_high_threshold)) {
            anomaly_event event;
            event.anomaly_type = anomaly_event::type::rate_anomaly;
            event.detected_at = now;
            event.description = "High log rate detected: " +
                std::to_string(static_cast<size_t>(current_rate)) +
                " logs/minute (threshold: " +
                std::to_string(config_.rate_anomaly_high_threshold) + ")";
            event.current_count = static_cast<size_t>(current_rate);
            event.threshold = config_.rate_anomaly_high_threshold;
 
            notify_anomaly(event);
            rate_anomalies_.fetch_add(1, std::memory_order_relaxed);
        }
        // Check low rate (if enabled)
        else if (config_.rate_anomaly_low_threshold > 0 &&
                 current_rate < static_cast<double>(config_.rate_anomaly_low_threshold) &&
                 total_analyzed_.load() > 100) {  // Only after enough data
            anomaly_event event;
            event.anomaly_type = anomaly_event::type::rate_anomaly;
            event.detected_at = now;
            event.description = "Low log rate detected: " +
                std::to_string(static_cast<size_t>(current_rate)) +
                " logs/minute (threshold: " +
                std::to_string(config_.rate_anomaly_low_threshold) + ")";
            event.current_count = static_cast<size_t>(current_rate);
            event.threshold = config_.rate_anomaly_low_threshold;
 
            notify_anomaly(event);
            rate_anomalies_.fetch_add(1, std::memory_order_relaxed);
        }
    }

References kcenon::logger::analysis::anomaly_event::anomaly_type, calculate_rate(), config_, last_rate_check_, log_window_, notify_anomaly(), rate_anomalies_, kcenon::logger::analysis::anomaly_event::rate_anomaly, kcenon::logger::analysis::realtime_analysis_config::rate_anomaly_high_threshold, kcenon::logger::analysis::realtime_analysis_config::rate_anomaly_low_threshold, rate_limit_mutex_, total_analyzed_, and window_mutex_.

Referenced by analyze().

Here is the call graph for this function:

Here is the caller graph for this function:

cleanup_window()

static void kcenon::logger::analysis::realtime_log_analyzer::cleanup_window ( std::deque< timestamped_entry > & window, std::chrono::system_clock::time_point cutoff )

inlinestaticprivate

Definition at line 393 of file realtime_log_analyzer.h.

                                                                       {
        while (!window.empty() && window.front().timestamp < cutoff) {
            window.pop_front();
        }
    }

Referenced by add_to_window().

Here is the caller graph for this function:

clear_pattern_alerts()

void kcenon::logger::analysis::realtime_log_analyzer::clear_pattern_alerts ( )

inline

Clear all pattern alerts.

Definition at line 245 of file realtime_log_analyzer.h.

                                {
        std::unique_lock lock(patterns_mutex_);
        patterns_.clear();
    }

References patterns_, and patterns_mutex_.

collect_related_entries()

void kcenon::logger::analysis::realtime_log_analyzer::collect_related_entries ( anomaly_event & event, const std::deque< timestamped_entry > & window ) const

inlineprivate

Definition at line 579 of file realtime_log_analyzer.h.

                                                                                 {
        size_t count = 0;
        for (auto it = window.rbegin();
             it != window.rend() && count < config_.max_related_entries;
             ++it, ++count) {
            event.related_entries.push_back(it->entry);
        }
    }

References config_, and kcenon::logger::analysis::realtime_analysis_config::max_related_entries.

Referenced by check_error_spike().

Here is the caller graph for this function:

get_config()

const realtime_analysis_config & kcenon::logger::analysis::realtime_log_analyzer::get_config ( ) const

inline

Get the configuration.

Returns

Current configuration

Definition at line 349 of file realtime_log_analyzer.h.

                                                       {
        return config_;
    }

References config_.

get_error_rate()

double kcenon::logger::analysis::realtime_log_analyzer::get_error_rate ( ) const

inline

Get current error rate (errors per minute)

Returns

Current error rate

Definition at line 272 of file realtime_log_analyzer.h.

                                  {
        std::shared_lock lock(window_mutex_);
        return calculate_rate(error_window_);
    }

References calculate_rate(), error_window_, and window_mutex_.

Referenced by get_statistics().

Here is the call graph for this function:

Here is the caller graph for this function:

get_log_rate()

double kcenon::logger::analysis::realtime_log_analyzer::get_log_rate ( ) const

inline

Get current log rate (logs per minute)

Returns

Current log rate

Definition at line 281 of file realtime_log_analyzer.h.

                                {
        std::shared_lock lock(window_mutex_);
        return calculate_rate(log_window_);
    }

References calculate_rate(), log_window_, and window_mutex_.

Referenced by get_statistics().

Here is the call graph for this function:

Here is the caller graph for this function:

get_statistics()

statistics kcenon::logger::analysis::realtime_log_analyzer::get_statistics ( ) const

inline

Definition at line 302 of file realtime_log_analyzer.h.

                                      {
        std::shared_lock lock(stats_mutex_);
        statistics stats;
        stats.total_analyzed = total_analyzed_.load();
        stats.total_errors = total_errors_.load();
        stats.anomalies_detected = anomalies_detected_.load();
        stats.error_spikes = error_spikes_.load();
        stats.pattern_matches = pattern_matches_.load();
        stats.rate_anomalies = rate_anomalies_.load();
        stats.new_error_types = new_error_types_.load();
        stats.current_log_rate = get_log_rate();
        stats.current_error_rate = get_error_rate();
        return stats;
    }

References kcenon::logger::analysis::realtime_log_analyzer::statistics::anomalies_detected, anomalies_detected_, kcenon::logger::analysis::realtime_log_analyzer::statistics::current_error_rate, kcenon::logger::analysis::realtime_log_analyzer::statistics::current_log_rate, kcenon::logger::analysis::realtime_log_analyzer::statistics::error_spikes, error_spikes_, get_error_rate(), get_log_rate(), kcenon::logger::analysis::realtime_log_analyzer::statistics::new_error_types, new_error_types_, kcenon::logger::analysis::realtime_log_analyzer::statistics::pattern_matches, pattern_matches_, kcenon::logger::analysis::realtime_log_analyzer::statistics::rate_anomalies, rate_anomalies_, stats_mutex_, kcenon::logger::analysis::realtime_log_analyzer::statistics::total_analyzed, total_analyzed_, kcenon::logger::analysis::realtime_log_analyzer::statistics::total_errors, and total_errors_.

Here is the call graph for this function:

normalize_error_message()

static std::string kcenon::logger::analysis::realtime_log_analyzer::normalize_error_message ( const std::string & message )

inlinestaticprivate

Definition at line 562 of file realtime_log_analyzer.h.

                                                                       {
        // Remove numbers (IDs, timestamps, etc.)
        std::string normalized = std::regex_replace(message,
            std::regex(R"(\d+)"), "N");
 
        // Remove hex values
        normalized = std::regex_replace(normalized,
            std::regex(R"(0x[0-9a-fA-F]+)"), "HEX");
 
        // Remove UUIDs
        normalized = std::regex_replace(normalized,
            std::regex(R"([0-9a-fA-F]{8}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{4}-[0-9a-fA-F]{12})"),
            "UUID");
 
        return normalized;
    }

Referenced by check_new_error_type().

Here is the caller graph for this function:

notify_anomaly()

void kcenon::logger::analysis::realtime_log_analyzer::notify_anomaly ( const anomaly_event & event )

inlineprivate

Definition at line 589 of file realtime_log_analyzer.h.

                                                    {
        anomalies_detected_.fetch_add(1, std::memory_order_relaxed);
 
        std::shared_lock lock(callback_mutex_);
        if (callback_) {
            callback_(event);
        }
    }

References anomalies_detected_, callback_, and callback_mutex_.

Referenced by check_error_spike(), check_new_error_type(), check_pattern_alerts(), and check_rate_anomaly().

Here is the caller graph for this function:

remove_pattern_alert()

bool kcenon::logger::analysis::realtime_log_analyzer::remove_pattern_alert ( const std::string & pattern )

inline

Remove a pattern alert.

Parameters

pattern

The pattern to remove

Returns

true if pattern was found and removed

Definition at line 229 of file realtime_log_analyzer.h.

                                                        {
        std::unique_lock lock(patterns_mutex_);
        auto it = std::remove_if(patterns_.begin(), patterns_.end(),
            [&pattern](const pattern_alert& alert) {
                return alert.pattern == pattern;
            });
        if (it != patterns_.end()) {
            patterns_.erase(it, patterns_.end());
            return true;
        }
        return false;
    }

References patterns_, and patterns_mutex_.

reset()

void kcenon::logger::analysis::realtime_log_analyzer::reset ( )

inline

Reset all statistics and tracked state.

Definition at line 320 of file realtime_log_analyzer.h.

                 {
        {
            std::unique_lock lock(window_mutex_);
            log_window_.clear();
            error_window_.clear();
            baseline_rates_.clear();
        }
        {
            std::unique_lock lock(errors_mutex_);
            known_errors_.clear();
        }
        {
            std::unique_lock lock(stats_mutex_);
            total_analyzed_ = 0;
            total_errors_ = 0;
            anomalies_detected_ = 0;
            error_spikes_ = 0;
            pattern_matches_ = 0;
            rate_anomalies_ = 0;
            new_error_types_ = 0;
        }
        last_rate_check_ = std::chrono::system_clock::time_point{};
        last_spike_alert_ = std::chrono::system_clock::time_point{};
    }

References anomalies_detected_, baseline_rates_, error_spikes_, error_window_, errors_mutex_, known_errors_, last_rate_check_, last_spike_alert_, log_window_, new_error_types_, pattern_matches_, rate_anomalies_, stats_mutex_, total_analyzed_, total_errors_, and window_mutex_.

set_anomaly_callback()

void kcenon::logger::analysis::realtime_log_analyzer::set_anomaly_callback ( anomaly_callback cb )

inline

Set the anomaly callback.

Parameters

cb	Callback function to invoke when anomaly is detected

The callback is invoked synchronously when an anomaly is detected. For non-blocking operation, the callback should dispatch to a separate thread.

Definition at line 164 of file realtime_log_analyzer.h.

                                                   {
        std::unique_lock lock(callback_mutex_);
        callback_ = std::move(cb);
    }

References callback_, and callback_mutex_.

set_config()

void kcenon::logger::analysis::realtime_log_analyzer::set_config ( const realtime_analysis_config & config )

inline

Set the configuration.

Parameters

config

New configuration

Definition at line 357 of file realtime_log_analyzer.h.

                                                            {
        config_ = config;
    }

References config_.

set_error_spike_threshold()

void kcenon::logger::analysis::realtime_log_analyzer::set_error_spike_threshold ( size_t errors_per_minute )

inline

Set error spike threshold.

Parameters

errors_per_minute

Number of errors per minute to trigger alert

Definition at line 210 of file realtime_log_analyzer.h.

                                                             {
        config_.error_spike_threshold = errors_per_minute;
    }

References config_, and kcenon::logger::analysis::realtime_analysis_config::error_spike_threshold.

set_rate_thresholds()

void kcenon::logger::analysis::realtime_log_analyzer::set_rate_thresholds ( size_t high_threshold, size_t low_threshold = 0 )

inline

Set rate anomaly thresholds.

Parameters

high_threshold	High rate threshold (logs per minute)
low_threshold	Low rate threshold (logs per minute), 0 to disable

Definition at line 255 of file realtime_log_analyzer.h.

                                                                              {
        config_.rate_anomaly_high_threshold = high_threshold;
        config_.rate_anomaly_low_threshold = low_threshold;
    }

References config_, kcenon::logger::analysis::realtime_analysis_config::rate_anomaly_high_threshold, and kcenon::logger::analysis::realtime_analysis_config::rate_anomaly_low_threshold.

set_track_new_errors()

void kcenon::logger::analysis::realtime_log_analyzer::set_track_new_errors ( bool enable )

inline

Enable or disable new error tracking.

Parameters

enable

true to enable, false to disable

Definition at line 264 of file realtime_log_analyzer.h.

                                           {
        config_.track_new_errors = enable;
    }

References config_, and kcenon::logger::analysis::realtime_analysis_config::track_new_errors.

Member Data Documentation

anomalies_detected_

std::atomic<size_t> kcenon::logger::analysis::realtime_log_analyzer::anomalies_detected_ {0}

private

Definition at line 627 of file realtime_log_analyzer.h.

{0};

Referenced by get_statistics(), notify_anomaly(), and reset().

baseline_rates_

std::deque<double> kcenon::logger::analysis::realtime_log_analyzer::baseline_rates_

private

Definition at line 608 of file realtime_log_analyzer.h.

Referenced by reset().

callback_

anomaly_callback kcenon::logger::analysis::realtime_log_analyzer::callback_

private

Definition at line 602 of file realtime_log_analyzer.h.

Referenced by notify_anomaly(), and set_anomaly_callback().

callback_mutex_

std::shared_mutex kcenon::logger::analysis::realtime_log_analyzer::callback_mutex_

mutableprivate

Definition at line 603 of file realtime_log_analyzer.h.

Referenced by notify_anomaly(), and set_anomaly_callback().

config_

realtime_analysis_config kcenon::logger::analysis::realtime_log_analyzer::config_

private

Definition at line 599 of file realtime_log_analyzer.h.

Referenced by add_to_window(), analyze(), calculate_rate(), check_error_spike(), check_rate_anomaly(), collect_related_entries(), get_config(), set_config(), set_error_spike_threshold(), set_rate_thresholds(), and set_track_new_errors().

error_spikes_

std::atomic<size_t> kcenon::logger::analysis::realtime_log_analyzer::error_spikes_ {0}

private

Definition at line 628 of file realtime_log_analyzer.h.

{0};

Referenced by check_error_spike(), get_statistics(), and reset().

error_window_

std::deque<timestamped_entry> kcenon::logger::analysis::realtime_log_analyzer::error_window_

private

Definition at line 607 of file realtime_log_analyzer.h.

Referenced by add_to_window(), check_error_spike(), get_error_rate(), and reset().

errors_mutex_

std::shared_mutex kcenon::logger::analysis::realtime_log_analyzer::errors_mutex_

mutableprivate

Definition at line 617 of file realtime_log_analyzer.h.

Referenced by check_new_error_type(), and reset().

known_errors_

std::unordered_set<std::string> kcenon::logger::analysis::realtime_log_analyzer::known_errors_

private

Definition at line 616 of file realtime_log_analyzer.h.

Referenced by check_new_error_type(), and reset().

last_rate_check_

std::chrono::system_clock::time_point kcenon::logger::analysis::realtime_log_analyzer::last_rate_check_

private

Definition at line 620 of file realtime_log_analyzer.h.

Referenced by check_rate_anomaly(), and reset().

last_spike_alert_

std::chrono::system_clock::time_point kcenon::logger::analysis::realtime_log_analyzer::last_spike_alert_

private

Definition at line 621 of file realtime_log_analyzer.h.

Referenced by check_error_spike(), and reset().

log_window_

std::deque<timestamped_entry> kcenon::logger::analysis::realtime_log_analyzer::log_window_

private

Definition at line 606 of file realtime_log_analyzer.h.

Referenced by add_to_window(), check_rate_anomaly(), get_log_rate(), and reset().

new_error_types_

std::atomic<size_t> kcenon::logger::analysis::realtime_log_analyzer::new_error_types_ {0}

private

Definition at line 631 of file realtime_log_analyzer.h.

{0};

Referenced by check_new_error_type(), get_statistics(), and reset().

pattern_matches_

std::atomic<size_t> kcenon::logger::analysis::realtime_log_analyzer::pattern_matches_ {0}

private

Definition at line 629 of file realtime_log_analyzer.h.

{0};

Referenced by check_pattern_alerts(), get_statistics(), and reset().

patterns_

std::vector<pattern_alert> kcenon::logger::analysis::realtime_log_analyzer::patterns_

private

Definition at line 612 of file realtime_log_analyzer.h.

Referenced by add_pattern_alert(), check_pattern_alerts(), clear_pattern_alerts(), and remove_pattern_alert().

patterns_mutex_

std::shared_mutex kcenon::logger::analysis::realtime_log_analyzer::patterns_mutex_

mutableprivate

Definition at line 613 of file realtime_log_analyzer.h.

Referenced by add_pattern_alert(), check_pattern_alerts(), clear_pattern_alerts(), and remove_pattern_alert().

rate_anomalies_

std::atomic<size_t> kcenon::logger::analysis::realtime_log_analyzer::rate_anomalies_ {0}

private

Definition at line 630 of file realtime_log_analyzer.h.

{0};

Referenced by check_rate_anomaly(), get_statistics(), and reset().

rate_limit_mutex_

std::shared_mutex kcenon::logger::analysis::realtime_log_analyzer::rate_limit_mutex_

mutableprivate

Definition at line 622 of file realtime_log_analyzer.h.

Referenced by check_error_spike(), and check_rate_anomaly().

stats_mutex_

std::shared_mutex kcenon::logger::analysis::realtime_log_analyzer::stats_mutex_

mutableprivate

Definition at line 632 of file realtime_log_analyzer.h.

Referenced by get_statistics(), and reset().

total_analyzed_

std::atomic<size_t> kcenon::logger::analysis::realtime_log_analyzer::total_analyzed_ {0}

private

Definition at line 625 of file realtime_log_analyzer.h.

{0};

Referenced by add_to_window(), check_rate_anomaly(), get_statistics(), and reset().

total_errors_

std::atomic<size_t> kcenon::logger::analysis::realtime_log_analyzer::total_errors_ {0}

private

Definition at line 626 of file realtime_log_analyzer.h.

{0};

Referenced by add_to_window(), get_statistics(), and reset().

window_mutex_

std::shared_mutex kcenon::logger::analysis::realtime_log_analyzer::window_mutex_

mutableprivate

Definition at line 609 of file realtime_log_analyzer.h.

Referenced by add_to_window(), check_error_spike(), check_rate_anomaly(), get_error_rate(), get_log_rate(), and reset().

---

The documentation for this class was generated from the following file:

• include/kcenon/logger/analysis/realtime_log_analyzer.h