← Back to all products
$19
Log Analyzer
Parse access logs, detect error patterns, and analyze traffic by hour, path, status code, and IP frequency.
MarkdownPythonNginx
📄 Product Preview
Try the interactive reader and demo tools below, or get the full product with all content unlocked.
📖 Interactive Reader (Free Preview) ⚙ Try Demo Tools 📦 Download Free Sample📁 File Structure 10 files
log-analyzer/
├── LICENSE
├── README.md
├── examples/
│ └── sample_access.log
├── free-sample.zip
├── guide/
│ ├── 01_features.md
│ ├── 02_quick-start.md
│ ├── 03_reports.md
│ └── 04_faq.md
├── index.html
└── src/
└── log_analyzer.py
📖 Documentation Preview README excerpt
Log Analyzer
Log analysis tool: parse access logs (Apache/Nginx Combined format), detect error patterns, analyze traffic by hour/path/status, and spot anomalies. Turn raw logs into insights.
Features
- Access log parsing — Handles Apache/Nginx Combined Log Format out of the box
- Traffic analysis — Requests by hour, top paths, top IPs, status code breakdown
- Error analysis — Error rates, top error paths, error trends over time
- Anomaly detection — Statistical spike detection for traffic, IPs, and error rates
- Pretty terminal output — Hourly traffic histograms, formatted tables
- JSON export — Machine-readable reports for automation
Requirements
- Python 3.10+
- No external dependencies (stdlib only)
Quick Start
# Full analysis (traffic + errors + anomalies)
python src/log_analyzer.py --log examples/sample_access.log --report all
# Traffic analysis only
python src/log_analyzer.py --log examples/sample_access.log --report traffic
# Error analysis with top 20 paths
python src/log_analyzer.py --log examples/sample_access.log --report errors --top 20
# Anomaly detection with custom threshold (3 standard deviations)
python src/log_analyzer.py --log access.log --report anomalies --threshold 3.0
# Export to JSON
python src/log_analyzer.py --log access.log --report all --output report.json
Log Format
Parses Apache/Nginx Combined Log Format:
192.168.1.100 - - [14/Mar/2026:10:00:00 +0000] "GET /index.html HTTP/1.1" 200 2326 "https://example.com/" "Mozilla/5.0"
Fields parsed: IP, timestamp, method, path, status code, response size, referrer, user agent.
Reports
| Report | Contents | Use Case |
|---|---|---|
traffic | Requests by hour, top paths, top IPs, status codes | Daily traffic overview |
errors | Error rates, error paths, error IPs, error trends | Debugging, alerting |
anomalies | Traffic spikes, high-frequency IPs, high-error paths | Security, monitoring |
all | All of the above | Full analysis |
Anomaly Detection
Uses z-score based detection:
- Traffic spikes: Hours with requests > mean + threshold × std_dev
... continues with setup instructions, usage examples, and more.
📄 Code Sample .py preview
src/log_analyzer.py
#!/usr/bin/env python3
"""
Log Analyzer — Analytics Hub (DataNest)
Log analysis tool: parse access logs (Common/Combined format), detect
error patterns, analyze traffic by hour/path/status, and spot anomalies.
Turn raw logs into insights.
Usage:
python log_analyzer.py --log access.log --report traffic
python log_analyzer.py --log access.log --report errors --top 20
python log_analyzer.py --log access.log --report all --output report.json
Dependencies: Python 3.10+ stdlib only (no pip packages)
License: MIT
"""
from __future__ import annotations
import argparse
import json
import logging
import re
import statistics
import sys
from collections import Counter, defaultdict
from dataclasses import dataclass, field
from datetime import datetime
from pathlib import Path
from typing import Any
logger = logging.getLogger("log_analyzer")
# ---------------------------------------------------------------------------
# Log parsing — handles Apache/Nginx Combined Log Format
# ---------------------------------------------------------------------------
# Combined Log Format:
# 127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET /index.html HTTP/1.0" 200 2326 "http://www.example.com/" "Mozilla/4.08"
LOG_PATTERN = re.compile(
r'(?P<ip>[\d.]+)\s+' # Client IP
r'(?P<ident>\S+)\s+' # Identd (usually -)
r'(?P<user>\S+)\s+' # Auth user (usually -)
r'\[(?P<timestamp>[^\]]+)\]\s+' # Timestamp in brackets
r'"(?P<method>\S+)\s+' # HTTP method
r'(?P<path>\S+)\s+' # Request path
r'(?P<protocol>[^"]+)"\s+' # Protocol
r'(?P<status>\d{3})\s+' # Status code
r'(?P<size>\S+)' # Response size (bytes or -)
r'(?:\s+"(?P<referrer>[^"]*)"\s+' # Referrer (optional)
r'"(?P<user_agent>[^"]*)")?' # User agent (optional)
# ... 481 more lines ...