log-analysis
Analyze application logs to identify errors, performance issues, and security anomalies. Use when debugging issues, monitoring system health, or investigating incidents. Handles various log formats including Apache, Nginx, application logs, and JSON logs.
Best use case
log-analysis is best used when you need a repeatable AI agent workflow instead of a one-off prompt. It is especially useful for teams working in multi. Analyze application logs to identify errors, performance issues, and security anomalies. Use when debugging issues, monitoring system health, or investigating incidents. Handles various log formats including Apache, Nginx, application logs, and JSON logs.
Analyze application logs to identify errors, performance issues, and security anomalies. Use when debugging issues, monitoring system health, or investigating incidents. Handles various log formats including Apache, Nginx, application logs, and JSON logs.
Users should expect a more consistent workflow output, faster repeated execution, and less time spent rewriting prompts from scratch.
Practical example
Example input
Use the "log-analysis" skill to help with this workflow task. Context: Analyze application logs to identify errors, performance issues, and security anomalies. Use when debugging issues, monitoring system health, or investigating incidents. Handles various log formats including Apache, Nginx, application logs, and JSON logs.
Example output
A structured workflow result with clearer steps, more consistent formatting, and an output that is easier to reuse in the next run.
When to use this skill
- Use this skill when you want a reusable workflow rather than writing the same prompt again and again.
When not to use this skill
- Do not use this when you only need a one-off answer and do not need a reusable workflow.
- Do not use it if you cannot install or maintain the related files, repository context, or supporting tools.
Installation
Claude Code / Cursor / Codex
Manual Installation
- Download SKILL.md from GitHub
- Place it in
.claude/skills/log-analysis/SKILL.mdinside your project - Restart your AI agent — it will auto-discover the skill
How log-analysis Compares
| Feature / Agent | log-analysis | Standard Approach |
|---|---|---|
| Platform Support | Not specified | Limited / Varies |
| Context Awareness | High | Baseline |
| Installation Complexity | Unknown | N/A |
Frequently Asked Questions
What does this skill do?
Analyze application logs to identify errors, performance issues, and security anomalies. Use when debugging issues, monitoring system health, or investigating incidents. Handles various log formats including Apache, Nginx, application logs, and JSON logs.
Where can I find the source code?
You can find the source code on GitHub using the link provided at the top of the page.
Related Guides
AI Agent for Product Research
Browse AI agent skills for product research, competitive analysis, customer discovery, and structured product decision support.
AI Agent for SaaS Idea Validation
Use AI agent skills for SaaS idea validation, market research, customer discovery, competitor analysis, and documenting startup hypotheses.
SKILL.md Source
# Log Analysis
## When to use this skill
- **Error debugging**: analyze the root cause of application errors
- **Performance analysis**: analyze response times and throughput
- **Security audit**: detect anomalous access patterns
- **Incident response**: investigate the root cause during an outage
## Instructions
### Step 1: Locate Log Files
```bash
# Common log locations
/var/log/ # System logs
/var/log/nginx/ # Nginx logs
/var/log/apache2/ # Apache logs
./logs/ # Application logs
```
### Step 2: Search for Error Patterns
**Common error search**:
```bash
# Search ERROR-level logs
grep -i "error\|exception\|fail" application.log
# Recent errors (last 100 lines)
tail -100 application.log | grep -i error
# Errors with timestamps
grep -E "^\[.*ERROR" application.log
```
**HTTP error codes**:
```bash
# 5xx server errors
grep -E "HTTP/[0-9.]+ 5[0-9]{2}" access.log
# 4xx client errors
grep -E "HTTP/[0-9.]+ 4[0-9]{2}" access.log
# Specific error code
grep "HTTP/1.1\" 500" access.log
```
### Step 3: Pattern Analysis
**Time-based analysis**:
```bash
# Error count by time window
grep -i error application.log | cut -d' ' -f1,2 | sort | uniq -c | sort -rn
# Logs for a specific time window
grep "2025-01-05 14:" application.log
```
**IP-based analysis**:
```bash
# Request count by IP
awk '{print $1}' access.log | sort | uniq -c | sort -rn | head -20
# Activity for a specific IP
grep "192.168.1.100" access.log
```
### Step 4: Performance Analysis
**Response time analysis**:
```bash
# Extract response times from Nginx logs
awk '{print $NF}' access.log | sort -n | tail -20
# Slow requests (>= 1 second)
awk '$NF > 1.0 {print $0}' access.log
```
**Traffic volume analysis**:
```bash
# Requests per minute
awk '{print $4}' access.log | cut -d: -f1,2,3 | uniq -c
# Requests per endpoint
awk '{print $7}' access.log | sort | uniq -c | sort -rn | head -20
```
### Step 5: Security Analysis
**Suspicious patterns**:
```bash
# SQL injection attempts
grep -iE "(union|select|insert|update|delete|drop).*--" access.log
# XSS attempts
grep -iE "<script|javascript:|onerror=" access.log
# Directory traversal
grep -E "\.\./" access.log
# Brute force attack
grep -E "POST.*/login" access.log | awk '{print $1}' | sort | uniq -c | sort -rn
```
## Output format
### Analysis report structure
```markdown
# Log analysis report
## Summary
- Analysis window: YYYY-MM-DD HH:MM ~ YYYY-MM-DD HH:MM
- Total log lines: X,XXX
- Error count: XXX
- Warning count: XXX
## Error analysis
| Error type | Occurrences | Last seen |
|----------|-----------|----------|
| Error A | 150 | 2025-01-05 14:30 |
| Error B | 45 | 2025-01-05 14:25 |
## Recommended actions
1. [Action 1]
2. [Action 2]
```
## Best practices
1. **Set time range**: clearly define the time window to analyze
2. **Save patterns**: script common grep patterns
3. **Check context**: review logs around the error too (`-A`, `-B` options)
4. **Log rotation**: search compressed logs with zgrep as well
## Constraints
### Required Rules (MUST)
1. Perform read-only operations only
2. Mask sensitive information (passwords, tokens)
### Prohibited (MUST NOT)
1. Do not modify log files
2. Do not expose sensitive information externally
## References
- [grep manual](https://www.gnu.org/software/grep/manual/)
- [awk guide](https://www.gnu.org/software/gawk/manual/)
- [Log analysis best practices](https://www.loggly.com/ultimate-guide/)
## Examples
### Example 1: Basic usage
<!-- Add example content here -->
### Example 2: Advanced usage
<!-- Add advanced example content here -->Related Skills
wireshark-network-traffic-analysis
This skill should be used when the user asks to "analyze network traffic with Wireshark", "capture packets for troubleshooting", "filter PCAP files", "follow TCP/UDP streams", "detect network anomalies", "investigate suspicious traffic", or "perform protocol analysis". It provides comprehensive techniques for network packet capture, filtering, and analysis using Wireshark.
wireshark-analysis
This skill should be used when the user asks to "analyze network traffic with Wireshark", "capture packets for troubleshooting", "filter PCAP files", "follow TCP/UDP streams", "dete...
team-composition-analysis
This skill should be used when the user asks to "plan team structure", "determine hiring needs", "design org chart", "calculate compensation", "plan equity allocation", or requests organizational design and headcount planning for a startup.
stride-analysis-patterns
Apply STRIDE methodology to systematically identify threats. Use when analyzing system security, conducting threat modeling sessions, or creating security documentation.
market-sizing-analysis
This skill should be used when the user asks to "calculate TAM", "determine SAM", "estimate SOM", "size the market", "calculate market opportunity", "what's the total addressable market", or requests market sizing analysis for a startup or business opportunity.
error-diagnostics-error-analysis
You are an expert error analysis specialist with deep expertise in debugging distributed systems, analyzing production incidents, and implementing comprehensive observability solutions.
error-debugging-error-analysis
You are an expert error analysis specialist with deep expertise in debugging distributed systems, analyzing production incidents, and implementing comprehensive observability solutions.
binary-analysis-patterns
Master binary analysis patterns including disassembly, decompilation, control flow analysis, and code pattern recognition. Use when analyzing executables, understanding compiled code, or performing static analysis on binaries.
azure-ai-vision-imageanalysis-py
Azure AI Vision Image Analysis SDK for captions, tags, objects, OCR, people detection, and smart cropping. Use for computer vision and image understanding tasks. Triggers: "image analysis", "computer vision", "OCR", "object detection", "ImageAnalysisClient", "image caption".
azure-ai-vision-imageanalysis-java
Build image analysis applications with Azure AI Vision SDK for Java. Use when implementing image captioning, OCR text extraction, object detection, tagging, or smart cropping.
vision-analysis
Analyze, describe, and extract information from images using the MiniMax vision MCP tool. Use when: user shares an image file path or URL (any message containing .jpg, .jpeg, .png, .gif, .webp, .bmp, or .svg file extension) or uses any of these words/phrases near an image: "analyze", "analyse", "describe", "explain", "understand", "look at", "review", "extract text", "OCR", "what is in", "what's in", "read this image", "see this image", "tell me about", "explain this", "interpret this", in connection with an image, screenshot, diagram, chart, mockup, wireframe, or photo. Also triggers for: UI mockup review, wireframe analysis, design critique, data extraction from charts, object detection, person/animal/activity identification. Triggers: any message with an image file extension (jpg, jpeg, png, gif, webp, bmp, svg), or any request to analyze/describ/understand/review/extract text from an image, screenshot, diagram, chart, photo, mockup, or wireframe.
gate-exchange-marketanalysis
The market analysis function of Gate Exchange — liquidity, momentum, liquidation, funding arbitrage, basis, manipulation risk, order book explainer, slippage simulation. Use when the user asks about liquidity, depth, slippage, buy/sell pressure, liquidation, funding rate arbitrage, basis/premium, manipulation risk, order book explanation, or slippage simulation (e.g. market buy $X slippage). Trigger phrases: liquidity, depth, slippage, momentum, buy/sell pressure, liquidation, squeeze, funding rate, arbitrage, basis, premium, manipulation, order book, spread, slippage simulation.