The AI Anomaly Logs feature in Ceburu helps users identify, analyze, and investigate unusual log patterns detected by the AI model. Any log entry identified as anomalous is surfaced in this along with contextual insights, root cause analysis, and configuration controls.
Purpose of AI Anomaly Logs
Automatically detect abnormal or unusual log behavior
Visualize anomaly trends over time
Drill down into individual anomalous log events
Provide AI-generated root cause analysis
Allow users to configure model behavior using keywords
Navigate to: Log Management - AI Anomaly Logs
This page displays:
A time-series graph of log activity
A detailed anomaly table
An anomaly details panel
Model configuration options
Log Activity Graph
The graph at the top provides a visual comparison of:
Total Logs
Anomaly Count (red line)
Each data point represents a specific timestamp.
What this shows:
Spikes in total logs
Corresponding increases in anomalies
Time periods with unusual behavior
Hovering over a data point displays:
Timestamp
Total log count
Number of detected anomalies
You can filter anomalies using Identifier tags, such as:
Folder
Source
Custom identifiers
This helps isolate anomalies related to specific services, folders, or sources.
Anomalies Table
The Anomalies table lists all detected anomalous log entries.
Table Columns
Timestamp - When the anomaly occurred
Summary - A preview of the log message
View Anomaly Details
Clicking the View icon on any anomaly opens the Anomaly Details panel on the right.
This panel provides three tabs:
1. Root Cause Analysis
The Root Cause Analysis tab explains why the log was classified as anomalous.
What it includes:
AI-generated explanation of the anomaly
Possible causes (e.g., missing fields, logging changes, abnormal patterns)
Contextual interpretation of the log deviation
Remediation Steps
The system also provides recommended remediation actions, such as:
Reviewing logging configuration
Verifying required fields
Checking recent code or framework changes
Monitoring logging behavior in real time
2. Document JSON
The Document JSON tab displays the raw log document in JSON format.
Features:
Full structured log payload
Searchable fields and values
Copy JSON option for external analysis
Useful for debugging, exports, and integrations
3. Document Table
The Document Table tab converts the JSON into a readable field-value table.
Benefits:
Easier inspection of log attributes
Clear visibility into key fields
Model Overview & Configuration
Click Model Overview to open the AI model configuration panel.
Configuration Model:
This section allows you to control how the anomaly detection model behaves.
Keyword Selection
Select specific log fields (keywords) that the model should consider
Examples:
request_info.user_agent@timestamp_ceburu_hostIP_ceburu_custID
Actions
Add or remove keywords
Save keyword configuration
Clear all selections if needed
These keywords directly influence how anomalies are detected and evaluated. The Training section shows the current training status of the anomaly model.
Was this article helpful?
That’s Great!
Thank you for your feedback
Sorry! We couldn't be helpful
Thank you for your feedback
Feedback sent
We appreciate your effort and will try to fix the article