An Empirical Investigation of Practical Log Anomaly Detection for Online Service Systems (ESEC/FSE 2021 - Industry Papers)

Who

Nengwen Zhao, Honglin Wang, Zeyan Li, Xiao Peng, Gang Wang, Zhu Pan, Yong Wu, Zhen Feng, Xidao Wen, Wenchi Zhang, Kaixin Sui, Dan Pei

Track

ESEC/FSE 2021 Industry Papers

Time Zone

The program is currently displayed in (GMT+03:00) Athens.

Use conference time zone: (GMT+03:00) AthensSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

By setting a time band, the program will dim events that are outside this time window. This is useful for (virtual) conferences with a continuous program (with repeated sessions).
The time band will also limit the events that are included in the personal iCalendar subscription service.

Display full programSpecify a time band

Save

When

Fri 27 Aug 2021 16:10 - 16:20 - Architectures & Design—Cloud Computing 1 Chair(s): Luciano Baresi, Yu Kang
Sat 28 Aug 2021 04:10 - 04:20 - Architectures & Design—Cloud Computing 1 Chair(s): Yu Kang

Abstract

Log data is an essential and valuable resource of online service systems, which records detailed information of system running status and user behavior. Log anomaly detection is vital for service reliability engineering, which has been extensively studied. However, we find that existing approaches suffer from several limitations when deploying them into practice, including 1) inability to deal with various logs and complex log abnormal patterns; 2) poor interpretability; 3) lack of domain knowledge. To help understand these practical challenges and investigate the practical performance of existing work quantitatively, we conduct the first empirical study and an experimental study based on large-scale real-world data. We find that logs with rich information indeed exhibit diverse abnormal patterns (e.g., keywords, template count, template sequence, variable value, and variable distribution). However, existing approaches fail to tackle such complex abnormal patterns, producing unsatisfactory performance. Motivated by obtained findings, we propose a generic log anomaly detection system named LogAD based on ensemble learning, which integrates multiple anomaly detection approaches and domain knowledge, so as to handle complex situations in practice. About the effectiveness of LogAD, the average F1-score achieves 0.83, outperforming all baselines. Besides, we also share some success cases and lessons learned during our study. To our best knowledge, we are the first to investigate practical log anomaly detection in the real world deeply. Our work is helpful for practitioners and researchers to apply log anomaly detection to practice to enhance service reliability.

DOI

https://doi.org/10.1145/3468264.3473933

Nengwen Zhao

Tsinghua University

China

Honglin Wang

BizSeer

n.n.

Zeyan Li

Tsinghua University

China

Xiao Peng

China Everbright Bank

China

Gang Wang

China Everbright Bank

China

Zhu Pan

China Everbright Bank

China

Yong Wu

China Everbright Bank

China

Zhen Feng

China Everbright Bank

China

Xidao Wen

Tsinghua University

China

Wenchi Zhang

BizSeer

n.n.

Kaixin Sui

BizSeer

n.n.

Dan Pei

Tsinghua University

China

Time Zone

The program is currently displayed in (GMT+03:00) Athens.

Use conference time zone: (GMT+03:00) AthensSelect other time zone

The GMT offsets shown reflect the offsets at the moment of the conference.

Time Band

Display full programSpecify a time band

Save

Session Program

Fri 27 Aug
Displayed time zone: Athens change

16:00 - 17:00	Architectures & Design—Cloud Computing 1Research Papers / Industry Papers +12h Chair(s): Luciano Baresi Politecnico di Milano, Yu Kang Microsoft Research, Beijing, China

16:00 10m Paper		An Empirical Study on Challenges of Application Development in Serverless Computing Research Papers Jinfeng Wen Peking University, Zhenpeng Chen Peking University, Yi Liu Peking University, Yiling Lou Purdue University, Yun Ma Peking University, Gang Huang Peking University, Xin Jin Peking University, Xuanzhe Liu Peking University DOI
16:10 10m Paper		An Empirical Investigation of Practical Log Anomaly Detection for Online Service Systems Industry Papers Nengwen Zhao Tsinghua University, Honglin Wang BizSeer, Zeyan Li Tsinghua University, Xiao Peng China Everbright Bank, Gang Wang China Everbright Bank, Zhu Pan China Everbright Bank, Yong Wu China Everbright Bank, Zhen Feng China Everbright Bank, Xidao Wen Tsinghua University, Wenchi Zhang BizSeer, Kaixin Sui BizSeer, Dan Pei Tsinghua University DOI
16:20 5m Paper		Effective Low Capacity Status Prediction for Cloud Systems Industry Papers Hang Dong Microsoft Research, Si Qin Microsoft Research, Yong Xu Microsoft Research, Bo Qiao Microsoft Research, Shandan Zhou Microsoft Azure, Xian Yang Hong Kong Baptist University, Chuan Luo Microsoft Research, Pu Zhao Microsoft Research, Qingwei Lin Microsoft Research, Hongyu Zhang University of Newcastle, Abulikemu Abuduweili Peking University, Sanjay Ramanujan Microsoft Azure, Karthikeyan Subramanian Microsoft Azure, Andrew Zhou Microsoft 365, Saravanakumar Rajmohan Microsoft 365, Dongmei Zhang Microsoft Research, Thomas Moscibroda Microsoft Azure DOI
16:25 5m Paper		Intelligent Container Reallocation at Microsoft 365 Industry Papers Bo Qiao Microsoft Research, Fangkai Yang Microsoft Research, Chuan Luo Microsoft Research, Yanan Wang Microsoft 365, Johnny Li Microsoft 365, Qingwei Lin Microsoft Research, Hongyu Zhang University of Newcastle, Mohit Datta Microsoft 365, Andrew Zhou Microsoft 365, Thomas Moscibroda Microsoft Azure, Saravanakumar Rajmohan Microsoft 365, Dongmei Zhang Microsoft Research DOI
16:30 30m Live Q&A		Q&A (Architectures & Design—Cloud Computing 1) Research Papers

Sat 28 Aug
Displayed time zone: Athens change

04:00 - 05:00	Architectures & Design—Cloud Computing 1Industry Papers / Research Papers Chair(s): Yu Kang Microsoft Research, Beijing, China

04:00 10m Paper		An Empirical Study on Challenges of Application Development in Serverless Computing Research Papers Jinfeng Wen Peking University, Zhenpeng Chen Peking University, Yi Liu Peking University, Yiling Lou Purdue University, Yun Ma Peking University, Gang Huang Peking University, Xin Jin Peking University, Xuanzhe Liu Peking University DOI
04:10 10m Paper		An Empirical Investigation of Practical Log Anomaly Detection for Online Service Systems Industry Papers Nengwen Zhao Tsinghua University, Honglin Wang BizSeer, Zeyan Li Tsinghua University, Xiao Peng China Everbright Bank, Gang Wang China Everbright Bank, Zhu Pan China Everbright Bank, Yong Wu China Everbright Bank, Zhen Feng China Everbright Bank, Xidao Wen Tsinghua University, Wenchi Zhang BizSeer, Kaixin Sui BizSeer, Dan Pei Tsinghua University DOI
04:20 5m Paper		Effective Low Capacity Status Prediction for Cloud Systems Industry Papers Hang Dong Microsoft Research, Si Qin Microsoft Research, Yong Xu Microsoft Research, Bo Qiao Microsoft Research, Shandan Zhou Microsoft Azure, Xian Yang Hong Kong Baptist University, Chuan Luo Microsoft Research, Pu Zhao Microsoft Research, Qingwei Lin Microsoft Research, Hongyu Zhang University of Newcastle, Abulikemu Abuduweili Peking University, Sanjay Ramanujan Microsoft Azure, Karthikeyan Subramanian Microsoft Azure, Andrew Zhou Microsoft 365, Saravanakumar Rajmohan Microsoft 365, Dongmei Zhang Microsoft Research, Thomas Moscibroda Microsoft Azure DOI
04:25 5m Paper		Intelligent Container Reallocation at Microsoft 365 Industry Papers Bo Qiao Microsoft Research, Fangkai Yang Microsoft Research, Chuan Luo Microsoft Research, Yanan Wang Microsoft 365, Johnny Li Microsoft 365, Qingwei Lin Microsoft Research, Hongyu Zhang University of Newcastle, Mohit Datta Microsoft 365, Andrew Zhou Microsoft 365, Thomas Moscibroda Microsoft Azure, Saravanakumar Rajmohan Microsoft 365, Dongmei Zhang Microsoft Research DOI
04:30 30m Live Q&A		Q&A (Architectures & Design—Cloud Computing 1) Research Papers