How AI Transforms Log Management: Building an Intelligent Log Center for AIOps

Abstract: Operational data contains massive log information; as big‑data analytics advance, more precise extraction of insights is needed. How can artificial intelligence address problems unsolvable by traditional automated operations?

Speaker: Rao Chenlin, Product Director of LogEasy.

The discussion focuses on three parts: an introduction to the intelligent log center, AIOps scenarios and implementations, and industry case studies of LogEasy.

1. Intelligent Log Center Overview

AI‑ops capabilities can be divided into five levels.

Level 1: Those who have ideas about AIOps and want to try it.

Level 2: Single‑point applications, such as adding algorithms to a monitoring system to replace fixed thresholds, achieving accurate AI‑driven alerts without manual labor.

Level 3: Integrated applications, where AI is embedded throughout the monitoring workflow—alert generation, routing, and contextual information—enabling AI‑driven execution and moving toward capacity scheduling.

Level 5: Fully automated operations, still under development.

Data is the primary object for AI. LogEasy aims to provide a log platform that focuses on data collection, selection, and processing to deliver value to higher‑level applications.

The timestamp is a key log attribute; it often represents monitoring metrics. More broadly, any event change—such as a business deployment—can be treated as a log event. A comprehensive log platform must provide complete log information for effective AIOps.

LogEasy supports hundreds of built‑in rules for various infrastructure, hardware, and industry‑specific logs. Incoming data undergoes ETL processing, enabling statistical analysis and AI‑driven insights.

2. AIOps Scenarios and Implementation

LogEasy focuses on quality assurance, particularly fault detection and localization.

In collaboration with Alibaba AIOps, rapid fault localization is achieved by correlating KPI metrics, applying machine learning to narrow down the fault scope, and then using business topology to make final decisions.

From logs to alerts, the platform extracts numerous monitoring indicators (e.g., 404 error counts, response times) and generates precise, algorithm‑driven alerts without manual thresholds. These alerts are then mapped onto the business topology.

Each business’s actual state is influenced by many weighted indicators. By grading KPI anomalies and assigning weights, the system can infer the impact on user experience, allowing operators to prioritize issues based on severity.

3. LogEasy Industry Cases

Financial and internet sectors share many similarities.

In financial applications, LogEasy provides real‑time transaction statistics (volume, success rate, failure dimensions). When a module fails, users can click through to a dashboard that drills down step by step, building a knowledge base of fault patterns.

When a transaction anomaly occurs, the system displays a timeline diagram showing the flow through modules, repeated transactions, and problematic transactions—useful for banking and similar industries.

After alerts are generated, the system performs advanced operations such as automatic alert aggregation, manual handling records, and efficiency monitoring.

For telecom operators, LogEasy handles complex backend logic like mobile recharge, aggregating step‑by‑step differences every five minutes. It offers two views: a concise view for customer service staff (hiding intermediate steps) and a detailed view for in‑depth troubleshooting.

In branch‑office teller analysis, the platform can drill down to individual teller performance, display distribution across branches, and rank request numbers.

LogEasy also supports GSLB, CDN, and DNS log analysis for operators, converting DNS request anomalies into monitoring metrics for real‑time observation.

Beyond internet services, operators’ set‑top boxes generate data during channel changes or video on demand. When playback stalls, LogEasy analyzes this data to pinpoint user impact, bitrate, and program details, improving operational availability and user experience.