Modern systems produce a large volume of logs to record run-time status and events. System operators use these raw logs to track a system in order to obtain some useful information to diagnose system anomalies. One of the most important problems in this area is to help operators find the answers to log-based questions efficiently and user-friendly. In this work, we propose LogQA, which aims at answering log-based questions in the form of natural language based on large-scale unstructured log corpora. Our system presents the answer to a question directly instead of returning a list of relevant snippets, thus offering better user-friendliness and efficiency. LogQA represents the first approach to solve question answering in lod domain. LogQA has two key components: Log Retriever and Log Reader. Log Retriever aims at retrieving relevant logs w.r.t. a given question, while Log Reader is responsible for inferring the final answer. Given the lack of a public dataset for log questing answering, we manually labelled a QA dataset of three open-source log corpus and will make them publicly available. We evaluated our proposed model on these datasets by comparing its performance with 6 other baseline methods. Our experimental results demonstrate that LogQA has outperformed other baseline methods.

翻译：现代系统会产生大量日志，用于记录运行时状态和事件。系统运维人员利用这些原始日志追踪系统，以获取诊断系统异常的有用信息。该领域的关键问题之一，是帮助运维人员高效且用户友好地找到基于日志的问题的答案。本文提出了LogQA，旨在基于大规模非结构化日志语料库，以自然语言形式回答日志相关问题。我们的系统直接给出问题的答案，而非返回相关片段列表，从而提升了用户友好性和效率。LogQA是首个解决日志领域问答问题的方法。其包含两个核心组件：日志检索器（Log Retriever）与日志阅读器（Log Reader）。日志检索器负责检索给定问题相关的日志，而日志阅读器则负责推断最终答案。鉴于缺乏公开的日志问答数据集，我们手动标注了三个开源日志语料库的问答数据集，并将其公开。我们在这些数据集上评估了所提模型，并将其性能与6种基线方法进行了比较。实验结果表明，LogQA优于其他基线方法。