Log parsing transforms log messages into structured formats, serving as the prerequisite step for various log analysis tasks. Although a variety of log parsing approaches have been proposed, their performance on complicated log data remains compromised due to the use of human-crafted rules or learning-based models with limited training data. The recent emergence of powerful large language models (LLMs) demonstrates their vast pre-trained knowledge related to code and logging, making it promising to apply LLMs for log parsing. However, their lack of specialized log parsing capabilities currently hinders their accuracy in parsing. Moreover, the inherent inconsistent answers, as well as the substantial overhead, prevent the practical adoption of LLM-based log parsing. To address these challenges, we propose LILAC, the first practical log parsing framework using LLMs with adaptive parsing cache. To facilitate accurate and robust log parsing, LILAC leverages the in-context learning (ICL) capability of the LLM by performing a hierarchical candidate sampling algorithm and selecting high-quality demonstrations. Furthermore, LILAC incorporates a novel component, an adaptive parsing cache, to store and refine the templates generated by the LLM. It helps mitigate LLM's inefficiency issue by enabling rapid retrieval of previously processed log templates. In this process, LILAC adaptively updates the templates within the parsing cache to ensure the consistency of parsed results. The extensive evaluation on public large-scale datasets shows that LILAC outperforms state-of-the-art methods by 69.5% in terms of the average F1 score of template accuracy. In addition, LILAC reduces the query times to LLMs by several orders of magnitude, achieving a comparable efficiency to the fastest baseline.

翻译：日志解析将日志消息转换为结构化格式，是各类日志分析任务的必要前置步骤。尽管已有多种日志解析方法被提出，但由于依赖人工规则或基于有限训练数据的学习模型，这些方法在处理复杂日志数据时性能仍然有限。近期出现的强大大型语言模型（LLM）展示了其在代码和日志相关领域的丰富预训练知识，使得应用LLM进行日志解析具有前景。然而，当前LLM缺乏专门的日志解析能力，限制了其解析准确性。此外，LLM固有的答案不一致性以及高昂的开销阻碍了基于LLM的日志解析的实际应用。为应对这些挑战，我们提出LILAC——首个使用自适应解析缓存的实用LLM日志解析框架。为实现精确且鲁棒的日志解析，LILAC通过执行分层候选采样算法并选取高质量示范，充分利用LLM的上下文学习（ICL）能力。进一步地，LILAC引入创新组件——自适应解析缓存，用于存储和优化LLM生成的模板。该组件通过支持快速检索先前处理的日志模板，有效缓解LLM的低效问题。在此过程中，LILAC自适应更新解析缓存中的模板，确保解析结果的一致性。在公开大规模数据集上的广泛评估表明，LILAC在模板平均F1分数上比现有最优方法提升69.5%。此外，LILAC将LLM的查询次数降低数个数量级，达到与最快基线方法相当的效率。