Documentation
Everything runs from one pip install. No agent, no server, no account - detection happens on your machine.
Installation
Install from PyPI. Python 3.9+.
Deep (AI semantic) mode pulls a transformer backbone. Install the extra when you want it:
Docker
Prefer containers? Pull the official multi-arch image (loglensai/loglens) - runs non-root, air-gap friendly, $0/GB.
Available tags:
| tag | image |
|---|---|
| latest | Slim image, current release. |
| 0.3 | Slim, pinned to the minor version. |
| 0.3.x | Slim, pinned to an exact patch. |
| deep | Adds the neural (semantic) mode backbone. |
Quickstart
Point it at any log file - the format is auto-detected. Add --deep for the best precision.
Commands
loglens analyze
The core command. Scans a log, detects anomalies, groups them into incident families.
| flag | what it does |
|---|---|
| --source PATH | Log file (or stdin) to analyze. |
| --deep | AI semantic embeddings - best precision. |
| --turbo | Optimized statistical engine - fastest throughput. |
| --rca | Attach an AI root-cause narrative (BYO key). |
| --html FILE | Write a self-contained offline HTML report. |
| --limit N | Cap the number of lines scanned. |
| --explain | Show the full reason breakdown per anomaly. |
ask · benchmark · bench
Live watch
Wrap any log-producing command. LogLens tails the stream and surfaces only the anomalies as they happen.
Python SDK
Call detection directly from your code. Results carry the anomalies, and can enrich or export in one line.
A logging handler and a streaming detector are included too:
Always-on monitoring
One line in your main.py turns LogLens into a Sentry-style watcher - it alerts you on serious events, including crashes.
Channels are configured through environment variables (a .env works):
Anti-spam is built in: repeated anomalies are collapsed into incident families and rate-limited, so you get one alert per problem - not one per line. LOGLENS_MIN_ALERT_LEVEL sets the severity floor.
AI (LLM) configuration
Root-cause narratives and ask use your own LLM key. Providers: OpenAI, Azure, Groq.
Privacy: only grouped incident summaries are sent to the LLM - never your full logs. Detection itself is always 100% local. Skip the key entirely and everything except the AI narrative still works.