L2 Support Engineer · Fintech · Week 5
Week 5 Day 5
Week 5 · Day 5

AI Log Analysis

Instead of manually reading through hundreds of log lines, you use AI to summarize, detect patterns, and generate an RCA in seconds. Today you learn exactly how to do that.

Log Summarization Pattern Detection RCA Generation Prompt Engineering
01 The Simple Idea First
Real-life Analogy

Think of a very long CCTV recording — 8 hours of footage. You need to find what happened at a specific time. You could watch all 8 hours manually. Or you could hand it to an analyst who watches it at 100x speed, spots the incident, and gives you a 2-minute summary.

AI is that analyst for your log files. You paste the log in, ask the right question, and get back a clear summary with the root cause — in seconds instead of 20 minutes.

What does AI Log Analysis actually mean?

It means using a large language model (like Claude, ChatGPT, or Gemini) to read your log file and answer questions about it. The AI reads every line, groups related errors, spots repeating patterns, and writes you a summary in plain English — exactly what you need for an RCA in a Jira ticket.

Important: AI is a first-pass tool. It speeds up your investigation. You still verify the findings, run the DB queries, and make the final call. Never paste production logs with sensitive customer data into a public AI tool — use only sample or anonymized logs for this.

02 4 Things AI Does That Save You Time
📋
Summarization

Turns 500 lines into 5 sentences

AI reads the whole log and gives you a plain English summary of what happened, when it started, and what the system was doing at the time.

🔍
Pattern Detection

Spots what repeats and what changed

AI identifies patterns like "this error appears every 15 minutes" or "warnings always appear 2 minutes before the crash" — things easy to miss when manually scrolling.

🎯
Root Cause

Points to what likely caused the problem

Based on the sequence of events, AI suggests the most likely root cause — e.g. "DB connection pool exhausted, causing all subsequent transactions to fail."

📝
RCA Draft

Writes the Jira ticket text for you

AI can generate the RCA paragraph you paste straight into Jira — structured with what happened, when, why, and what was done. You review and adjust.

03 Good Prompt vs Bad Prompt

The quality of your output depends on the quality of your prompt

Pasting a log with no context gives a generic response. Giving context and asking specific questions gives you exactly what you need.

❌ Weak Prompt

"Here is my log. What's wrong?"

Too vague. AI doesn't know the system, the time range, or what you actually need. You will get a generic response.
✅ Strong Prompt

"This is a payment service log covering 09:00–14:00. Please: 1) summarize what happened, 2) list all ERROR lines with counts, 3) identify the root cause, 4) write a 3-line RCA for a Jira ticket."

Specific context + specific questions = structured, usable output you can act on immediately.
04 Ready-to-Use Prompts for L2
📋

Prompt 1 — General Log Summary

Copy & Use
This is a payment service log from our fintech system. Time period: [start time] to [end time]. Please summarize: what happened, what errors appeared and how many times each, what warnings appeared, and what the system was doing normally. Keep it simple and clear.
AI Response will look like this
Summary: The payment service ran normally from 08:00–09:14. At 09:15, DB connection pool began filling up (82% → 91% → 97%). At 09:15:04 the pool was exhausted and 2 transactions failed with DB_CONNECTION_TIMEOUT.
Errors: DB_CONNECTION_TIMEOUT × 2, TXN FAILED × 2
Warnings: Connection pool warnings × 3
Normal activity: 2 transactions processed successfully
🎯

Prompt 2 — Root Cause Analysis

Copy & Use
Based on this log, what is the most likely root cause of the failures? What sequence of events led to the errors? Which error appeared first and what followed? Give me a concise root cause statement I can use in a Jira ticket.
AI Response will look like this
Root Cause: The database connection pool became exhausted. Three consecutive warnings show the pool climbing from 82% to 97% within 2 seconds. Once at capacity, new transactions could not acquire a connection and failed with DB_CONNECTION_TIMEOUT.
Jira RCA: At 09:15, the DB connection pool was exhausted due to unreleased connections. This caused 2 transactions (TXN-002, TXN-004) to fail. Root cause is likely a connection leak in the application. Escalated to DBA team for investigation.
🔍

Prompt 3 — Pattern Detection

Copy & Use
Look at this log and tell me: are there any repeating patterns? Do the same errors appear at regular intervals? Does any warning always appear before an error? Is there anything unusual you notice that I should investigate?
AI Response will look like this
Pattern 1: WARN messages about DB connection pool always appear in a sequence (82% → 91% → 97%) before every ERROR. This is a build-up pattern — the crash is predictable.
Pattern 2: Failures occur in clusters — multiple errors within seconds — then a quiet period, suggesting intermittent spikes rather than a constant problem.
Unusual: TXN-003 succeeded between two failure clusters — suggests the pool partially recovered, then failed again.
05 Common Patterns AI Detects
🔍 Patterns to Ask AI About
Pattern TypeWhat to ask AIWhy it matters
Error frequency "How many times does each error type appear?" Tells you which error is the most common — focus there first
Timing pattern "Do errors appear at regular intervals or all at once?" Regular = likely a scheduled job failing. Burst = spike or overload.
Warning before error "Do warnings always appear before the errors?" Confirms the build-up — the warning was the early sign that was missed
Recovery pattern "Did the system recover between errors or stay broken?" Intermittent = partial fix needed. Constant = complete outage.
Single vs multiple TXNs "Are all failures for one transaction ID or many?" One ID = specific transaction issue. Many = system-wide problem.
06 Hands-on Lab — Summarize Logs & Generate RCA

🔬 Lab: Use AI to Analyse Your Payment Log

Claude / ChatGPT · Kali Linux
01
Open your log file on Kali and copy its contents
Use cat to print the full log to screen, then copy it all.
terminal
cat ~/payment-service.log
→ Full log contents printed. Select all and copy.
02
Open Claude (claude.ai) in your browser
No account needed for basic use. Open a new conversation.
💡 You can use Claude, ChatGPT, or any AI assistant. Claude works well for structured log analysis.
03
Paste this prompt followed by your log
Copy this prompt exactly, then paste your log below it.
Full prompt to paste into Claude
This is a payment service log from a fintech system.

Please do the following:
1. Summarize what happened in plain English (3-5 sentences)
2. List all ERROR lines with a count of each type
3. List all WARN lines with a count of each type
4. Identify the root cause of the failures
5. Detect any repeating patterns you notice
6. Write a short RCA I can paste into a Jira ticket

Here is the log:
[PASTE YOUR LOG HERE]
→ Paste your log where it says [PASTE YOUR LOG HERE] and send
04
Review the AI output against the actual log
Check that the error counts match, the root cause makes sense, and the RCA is accurate. Adjust if needed.
Verify in terminal
# Verify the error count AI gave you
grep -c "ERROR" ~/payment-service.log

# Verify the specific errors AI mentioned
grep "ERROR" ~/payment-service.log | awk '{print $4}' | sort | uniq -c
→ Numbers should match what AI reported. If they differ — trust the grep output.
05
Take the AI-generated RCA and format it for Jira
The AI gives you a draft. You clean it up and paste it into your Jira ticket.
Example final RCA for Jira
Root Cause Analysis — TXN-002 & TXN-004 Failures

At 09:15, the database connection pool was exhausted.
Warning signs appeared at 82%, 91%, and 97% before
the first failure at 09:15:04. Two transactions failed
with DB_CONNECTION_TIMEOUT. System partially recovered
but failed again at 11:30 and 13:00 — same root cause.

Action: Escalated to DBA. Suspected connection leak.
Pool limit to be increased as short-term fix.
→ Clean, professional RCA ready to paste into Jira. Job done in minutes. ✅
07 What AI Can Do vs What It Cannot
⚖️ AI Strengths and Limits for L2 Work
TaskAI Can Do This?Note
Summarize a log fileYes — very wellBest use case. Fast, accurate, saves 15+ minutes.
Detect error patternsYes — wellGood at spotting repeating sequences and timings.
Write RCA draftYes — good draftAlways review before submitting. You add the final verification.
Query the live databaseNoAI has no access to your DB. You run the SQL queries yourself.
Restart a serviceNoAI only reads and writes text. All actions are done by you.
Access real-time logsNoYou paste the log into AI. It cannot connect to your server.
Handle sensitive dataWith cautionNever paste real customer data, IBANs, or card numbers into public AI tools.
08 Real L2 Scenarios
01

During an S1, your manager asks for a quick summary of what happened. You paste the last hour of logs into Claude — 30 seconds later you have a 5-sentence summary. You paste it into the bridge chat. Everyone is informed without you spending 20 minutes reading line by line.

02

A client asks why their transactions were failing yesterday. You pull the log, paste it with the RCA prompt. AI gives you a structured explanation — you verify it with SQL, adjust one detail, and send a clear response to the client. What used to take 30 minutes takes 5.

03

You notice a pattern that keeps repeating but can't figure out what triggers it. You ask AI: "Do errors appear at regular intervals?" — AI spots they happen every 30 minutes. You check crontab — a scheduled job is failing every 30 minutes. Root cause found that you might have missed manually.

04

You need to write the Jira post-incident report but it's late and the log is 400 lines. AI reads it all, writes the timeline, lists affected transactions, states the root cause. You review in 2 minutes, make small corrections, submit. Report done.

✅ Week 5 · Day 5 Outcomes