Go to DBLP homepageLog Drift Impact on Online Anomaly Detection Workflows
Abstract: Traditional rule-based approaches to system monitoring have many areas for improvement. Rules are time-consuming to maintain, and their ability to detect unforeseen future incidents is limited. Online log anomaly detection workflows have the potential to improve upon rule-based methods by providing fine-grained, automated detection of abnormal behavior. However, system and process logs are not static. Code and configuration changes may alter the sequences of log entries produced by these processes, impacting the models trained on their previous behavior. These changes result in false positive signals that can overwhelm production services engineers and drown out alerts for real issues. For this reason, log drift is a significant obstacle to utilizing online log anomaly detection approaches for monitoring in industrial settings. This study explores the different types of log drift and classifies them using a newly introduced taxonomy. It then evaluates the impact these types of drift have on online anomaly detection workflows. Several potential mitigation methods are presented and evaluated based on synthetic and real-world log data. Finally, possible directions for future research are provided and discussed.
Loading