← Back to all products

Log Analyzer

$19

Parse access logs, detect error patterns, and analyze traffic by hour, path, status code, and IP frequency.

📁 10 files
MarkdownPythonNginx

📄 Product Preview

Try the interactive reader and demo tools below, or get the full product with all content unlocked.

📖 Interactive Reader (Free Preview) ⚙ Try Demo Tools 📦 Download Free Sample

📁 File Structure 10 files

log-analyzer/ ├── LICENSE ├── README.md ├── examples/ │ └── sample_access.log ├── free-sample.zip ├── guide/ │ ├── 01_features.md │ ├── 02_quick-start.md │ ├── 03_reports.md │ └── 04_faq.md ├── index.html └── src/ └── log_analyzer.py

📖 Documentation Preview README excerpt

Log Analyzer

Log analysis tool: parse access logs (Apache/Nginx Combined format), detect error patterns, analyze traffic by hour/path/status, and spot anomalies. Turn raw logs into insights.

Features

  • Access log parsing — Handles Apache/Nginx Combined Log Format out of the box
  • Traffic analysis — Requests by hour, top paths, top IPs, status code breakdown
  • Error analysis — Error rates, top error paths, error trends over time
  • Anomaly detection — Statistical spike detection for traffic, IPs, and error rates
  • Pretty terminal output — Hourly traffic histograms, formatted tables
  • JSON export — Machine-readable reports for automation

Requirements

  • Python 3.10+
  • No external dependencies (stdlib only)

Quick Start


# Full analysis (traffic + errors + anomalies)
python src/log_analyzer.py --log examples/sample_access.log --report all

# Traffic analysis only
python src/log_analyzer.py --log examples/sample_access.log --report traffic

# Error analysis with top 20 paths
python src/log_analyzer.py --log examples/sample_access.log --report errors --top 20

# Anomaly detection with custom threshold (3 standard deviations)
python src/log_analyzer.py --log access.log --report anomalies --threshold 3.0

# Export to JSON
python src/log_analyzer.py --log access.log --report all --output report.json

Log Format

Parses Apache/Nginx Combined Log Format:


192.168.1.100 - - [14/Mar/2026:10:00:00 +0000] "GET /index.html HTTP/1.1" 200 2326 "https://example.com/" "Mozilla/5.0"

Fields parsed: IP, timestamp, method, path, status code, response size, referrer, user agent.

Reports

ReportContentsUse Case
trafficRequests by hour, top paths, top IPs, status codesDaily traffic overview
errorsError rates, error paths, error IPs, error trendsDebugging, alerting
anomaliesTraffic spikes, high-frequency IPs, high-error pathsSecurity, monitoring
allAll of the aboveFull analysis

Anomaly Detection

Uses z-score based detection:

  • Traffic spikes: Hours with requests > mean + threshold × std_dev

... continues with setup instructions, usage examples, and more.

📄 Code Sample .py preview

src/log_analyzer.py #!/usr/bin/env python3 """ Log Analyzer — Analytics Hub (DataNest) Log analysis tool: parse access logs (Common/Combined format), detect error patterns, analyze traffic by hour/path/status, and spot anomalies. Turn raw logs into insights. Usage: python log_analyzer.py --log access.log --report traffic python log_analyzer.py --log access.log --report errors --top 20 python log_analyzer.py --log access.log --report all --output report.json Dependencies: Python 3.10+ stdlib only (no pip packages) License: MIT """ from __future__ import annotations import argparse import json import logging import re import statistics import sys from collections import Counter, defaultdict from dataclasses import dataclass, field from datetime import datetime from pathlib import Path from typing import Any logger = logging.getLogger("log_analyzer") # --------------------------------------------------------------------------- # Log parsing — handles Apache/Nginx Combined Log Format # --------------------------------------------------------------------------- # Combined Log Format: # 127.0.0.1 - frank [10/Oct/2000:13:55:36 -0700] "GET /index.html HTTP/1.0" 200 2326 "http://www.example.com/" "Mozilla/4.08" LOG_PATTERN = re.compile( r'(?P<ip>[\d.]+)\s+' # Client IP r'(?P<ident>\S+)\s+' # Identd (usually -) r'(?P<user>\S+)\s+' # Auth user (usually -) r'\[(?P<timestamp>[^\]]+)\]\s+' # Timestamp in brackets r'"(?P<method>\S+)\s+' # HTTP method r'(?P<path>\S+)\s+' # Request path r'(?P<protocol>[^"]+)"\s+' # Protocol r'(?P<status>\d{3})\s+' # Status code r'(?P<size>\S+)' # Response size (bytes or -) r'(?:\s+"(?P<referrer>[^"]*)"\s+' # Referrer (optional) r'"(?P<user_agent>[^"]*)")?' # User agent (optional) # ... 481 more lines ...
Buy Now — $19 Back to Products