Comment by SpicyLemonZest
5 days ago
I sometimes find myself with thousands of log lines from a problematic execution and a known good reference, wondering nonspecifically if "something weird" happened in the first one. I don't think there's any matching-based solution there; you need a scan process that understands variations in execution time, object identifiers, etc. aren't meaningful.
You would need specific domain knowledge and a very clever parser, I've done one for a ridiculously over engineered system but a pain. That's fair but how often would you need it? Certainly not token maxing amounts!
It's a spectrum. Could it be worth it to run that as a first pass on every report of anything going wrong, just in case it produces a useful insight? Depends on how much engineering time it saves!
In practice, I've found the answer seems to be "not much", because human triage is still required to understand whether the insight is correct and useful. But I'm not sure that was obvious in retrospect.