Project overview
LogSense
From 10,000 logs to 1 actionable insight.
LogSense is an LLM-assisted incident triage tool for engineers buried in unstructured log output. Users paste logs or upload a file; the system parses them, sends them through a controlled AI pipeline powered by Google Gemini, and returns a structured diagnosis: summary, likely root cause, severity-style scoring, and prioritized action items.
- Role
- AI Engineer & Product Lead
- Timeline
- 2026
Request path
Problem & solution
Why it exists
Problem
On-call and platform engineers often spend a large share of incident time reading and correlating raw logs instead of fixing the underlying issue. Large dumps hide the signal: repeated errors, cascading failures, and the real “first break” are easy to miss under pressure.
Solution
LogSense turns noisy log text into a small set of decisions:
- What happened (concise narrative)
- What probably broke first (root-cause hypothesis)
- What to do next (ranked suggestions)
- How serious it looks (normalized severity the UI can visualize)
The design goal is not “chat with logs,” but operator-grade triage: fast, bounded, and suitable for paste-from-terminal or CI/build log workflows.
Architecture
High level
Expand each layer — same content as before, easier to scan.
Client (web app)Paste, upload, trigger, read the diagnosis.
Paste, upload, trigger, read the diagnosis.
A modern single-page UI for log input (paste + file upload), analysis trigger, and results visualization (summary, root cause, recommendations, severity gauge).
API layer (backend)Normalize payloads, orchestrate the model call, return typed JSON.
Normalize payloads, orchestrate the model call, return typed JSON.
A REST API that accepts log payloads, normalizes input, orchestrates the AI call, and returns a typed JSON response suitable for the dashboard.
AI engineVersioned prompts + chunk/merge for very long streams.
Versioned prompts + chunk/merge for very long streams.
A dedicated service layer that:
- Builds versioned prompts (system instructions + user payload) so outputs stay structured (JSON-shaped results for reliable parsing).
- Handles large inputs with a map–reduce style strategy: chunk very long log streams, summarize chunks, then merge into one final diagnosis — so token limits do not become a hard ceiling for big incidents.
Ingestion / parsingLines, timestamps, severities — original text preserved.
Lines, timestamps, severities — original text preserved.
Lightweight log normalization: line splitting, basic timestamp and severity heuristics, and preservation of the original line text for model context.
Platform servicesCompose-ready Postgres + Redis for the full product shape.
Compose-ready Postgres + Redis for the full product shape.
The project is structured to run alongside PostgreSQL (for durable log and analysis records) and Redis (for queues / future async jobs). In the current MVP trajectory, the emphasis is on the analyze path and UI; persistence and async workers are part of the intended production shape.
ContainerizationOne command to spin up the stack locally.
One command to spin up the stack locally.
Docker Compose defines backend, frontend, database, and cache services for repeatable local and demo deployments.
Capabilities
What it does today
Log input
- Paste arbitrary multi-line log text.
- Upload common text formats (e.g. .log, .txt, JSON-ish dumps).
Analysis
- Calls Gemini with a strict “return JSON” contract.
- Produces: summary, root cause, suggestions (with priority labels), and severity score.
Operator UX
- Dark, dashboard-oriented UI with clear separation between input and diagnosis.
- Visual emphasis on severity and actionable follow-ups.
API
Surface (conceptual)
Public HTTP endpoints include the following. Interactive API documentation is available via the backend’s OpenAPI docs in development.
- Health — service readiness.
- Log ingest — accept structured batches or raw blocks (for pipeline-style expansion).
- File upload — server-side parsing of uploaded log files.
- Analyze — end-to-end “logs in → structured insight out.”
POST /analyze
Content-Type: application/json
{
"source": "paste" | "upload",
"raw": "…log lines…",
"options": { "strict_json": true }
}
// Response shape (conceptual): summary, root_cause,
// severity_score, suggestions: [{ text, priority }] Tech stack
Frontend
Backend
Data & cache
Infra
Principles
Design choices
- Structured AI outputs over free-form chat, so results stay machine-parseable and UI-friendly.
- Chunking strategy for long incidents, so “big logs” remain a first-class scenario.
- Separation of concerns: ingestion, orchestration, prompting, and presentation stay distinct so the product can evolve (auth, orgs, async jobs, integrations) without rewriting the core analysis flow.
Roadmap
Natural next steps
- Persist sessions, analyses, and uploaded artifacts in the database.
- Background jobs + status polling for long analyses.
- Integrations (Slack / PagerDuty / webhooks) for “insight delivered where on-call already lives.”
- Stronger auth, quotas, and observability for production rollout.
Demo & repository
Built for on-call and platform engineers who need a fast read on messy logs — not another open-ended chat window.
Live demo and source are not linked from this portfolio page; if you are evaluating something similar for your team, reach out and we can walk through the product shape and constraints.