Aggregate Logs
Computes metrics, patterns, and trends from normalized log events.Overview
This skill transforms individual log events into aggregated statistics. It computes counts, rates, distributions, and trend summaries from parsed log events. These metrics are essential for anomaly detection and reporting.When to Use
Use this skill when:- Preparing data for anomaly detection
- Generating reports or summaries
- Analyzing system trends
- Comparing current metrics to baselines
Directory Structure
Instructions
-
Receive normalized events: Accept output from
parse_logs -
Load baseline data: Read
config/baseline_metrics.jsonif available - Run aggregator: Execute aggregation script
- Outputs: Return aggregated metrics
-
Save metrics: Write to
output/metrics.json -
Pass to detector: Provide metrics to
detect_anomalies
Input
Output
Computed Metrics
| Metric | Description |
|---|---|
total_events | Total number of log events |
error_count | Number of error-level events |
error_rate | Percentage of errors (errors/total) |
top_signatures | Most frequent error signatures |
service_stats | Per-service statistics |
hourly_trends | Event distribution over time |
baseline_comparison | Comparison to historical data |
Related Skills
- Parse Logs - Provides parsed events
- Detect Anomalies - Uses aggregated metrics