Log parsing transforms log messages into structured formats, serving as the prerequisite step for various log analysis tasks. Although a variety of log parsing approaches have been proposed, their performance on complicated log data remains compromised due to the use of human-crafted rules or learning-based models with limited training data. The recent emergence of powerful large language models (LLMs) demonstrates their vast pre-trained knowledge related to code and logging, making it promising to apply LLMs for log parsing. However, their lack of specialized log parsing capabilities currently hinders their accuracy in parsing. Moreover, the inherent inconsistent answers, as well as the substantial overhead, prevent the practical adoption of LLM-based log parsing. To address these challenges, we propose LILAC, the first practical log parsing framework using LLMs with adaptive parsing cache. To facilitate accurate and robust log parsing, LILAC leverages the in-context learning (ICL) capability of the LLM by performing a hierarchical candidate sampling algorithm and selecting high-quality demonstrations. Furthermore, LILAC incorporates a novel component, an adaptive parsing cache, to store and refine the templates generated by the LLM. It helps mitigate LLM's inefficiency issue by enabling rapid retrieval of previously processed log templates. In this process, LILAC adaptively updates the templates within the parsing cache to ensure the consistency of parsed results. The extensive evaluation on public large-scale datasets shows that LILAC outperforms state-of-the-art methods by 69.5% in terms of the average F1 score of template accuracy. In addition, LILAC reduces the query times to LLMs by several orders of magnitude, achieving a comparable efficiency to the fastest baseline.

翻译：日志解析将日志消息转换为结构化格式，是各类日志分析任务的前提步骤。尽管已有多种日志解析方法被提出，但由于依赖人工构建规则或基于有限训练数据的学习模型，它们在复杂日志数据上的性能仍显不足。近期涌现的强大大型语言模型（LLM）展示了其与代码和日志相关的海量预训练知识，使得应用LLM进行日志解析成为可能。然而，当前LLM缺乏专用的日志解析能力，限制了其解析准确性。此外，其固有的答案不一致性以及巨大的开销问题，阻碍了基于LLM的日志解析的实际应用。为解决这些挑战，我们提出LILAC——首个采用自适应解析缓存的实用LLM日志解析框架。为实现准确稳健的日志解析，LILAC利用LLM的上下文学习（ICL）能力，通过执行分层候选采样算法并选择高质量示范示例来实现。此外，LILAC还创新性地引入自适应解析缓存组件，用于存储和优化LLM生成的模板。该组件通过支持快速检索先前处理过的日志模板，有效缓解LLM的低效问题。在此过程中，LILAC自适应更新解析缓存中的模板以确保解析结果的一致性。在公开大规模数据集上的广泛评估表明，LILAC在模板准确率的平均F1分数上比当前最先进方法提升69.5%。同时，LILAC将LLM的查询次数降低数个数量级，实现了与最快基线方法相当的效率。