Log File Analysis Tool

A batch log analysis tool for developers, SRE/ops, SecOps, and data teams. The frontend supports drag-and-drop or file selection for .log/.txt files, while the backend parses and returns structured statistics: IP, device type, operating system, browser, HTTP method, HTTP version, plus key metrics like per-minute request volume.

The backend exposes a stable POST API (multipart/form-data with field name file). It returns Top 100 lists by default, and you can limit the time-series resolution with by_minute_limit. The frontend provides charts and tables, showing the top 10 by default, with “Show more” to expand to 100—balancing readability and performance.

• Automatically recognizes common access/error log formats; one-click per-minute traffic visualization
• Core dimensions: IP / Device / OS / Browser / HTTP Method / HTTP Version / Status Codes / Path
• Top lists show the first 10 by default; expand each card individually up to 100
• Response includes file metadata and summary stats; raw JSON is viewable inline
• Lightweight UI, mobile-friendly, supports paste and drag-and-drop uploads

Typical use cases: abnormal traffic investigation, API stability tracking, crawler/attack pinpointing, peak capacity assessment, and user environment profiling. If you need more fields (e.g. Referer, raw User-Agent, latency/bytes distribution, URI parameter aggregation, geolocation), they can be added as needed.

• Security & Origin: The backend only accepts requests from *.ipin.io. Use HTTPS; same-origin policy blocks unauthorized origins.
• Size Limits: Very large files may trigger 413 Content Too Large. Consider splitting or uploading focused time windows.
• Response Structure: Includes file (file metadata), limits (e.g., top_n_fixed, by_minute_limit), and stats (distributions and the by_minute time series). The frontend includes a built-in raw JSON viewer with copy.
• Visualization & Readability: The per-minute curve helps reveal spikes and bursts; top lists show 10 by default and expand per card to 100 to avoid overload.
• Troubleshooting: TypeError: Failed to fetch often indicates CORS/cert/origin issues; 500 suggests backend parsing errors; 400 usually means the file field or parameters are missing.
• Privacy & Compliance: For technical diagnostics and security analysis only. Ensure uploaded logs follow your organization’s data policies; anonymize sensitive fields when necessary.

Tips

• For high-traffic services, periodically upload samples; watch minute-level spikes and 4xx/5xx ratios
• Cross-check Top IP with Path and Status to quickly locate anomalies and affected endpoints
• For long-term trends, archive the result JSON and feed it into a TSDB/reporting system

Note: The frontend defaults to top_n=10 and by_minute_limit=200 (the backend may still return Top 100). You can also extend backend dimensions (e.g., UA families, geo, latency & body-size percentiles) to fit specific analysis scenarios.