Smart Log Capture

Smart Log Capture & AI Analysis

The Smart Log Capture system provides a bridge between low-level eKuiper telemetry and high-level industrial insights. It allows users to perform time-bound captures of rule execution data (traces) which are then automatically analyzed by the AI Assistant to identify bottlenecks, data anomalies, and logic errors.

Overview

Unlike standard log streaming, Smart Log Capture utilizes eKuiper's Rule Tracing capabilities. It records the path of specific messages through the rule topology, including processing time at each node and the actual data payload.

Key capabilities include:

• Controlled Capture Windows: Execute precise captures from 5 to 60 seconds.
• Deep Attribute Inspection: The AI parses stringified JSON within trace spans to extract industrial metrics (e.g., sensor values, power readings).
• Anomaly Detection: Automatically identifies dropped messages, high-latency operators, and sink failures.

Capturing Logs

Capturing is initiated through the AI Assistant or via the internal API. A capture session targets specific Rule IDs and runs for a predefined duration to prevent resource exhaustion.

Capture Duration Levels

When initiating a capture, you can specify a durationLevel (0-4):

| Level | Duration | Best Use Case | | :--- | :--- | :--- | | 0 | 5 Seconds | Quick health check on high-frequency streams. | | 1 | 10 Seconds | Default baseline for general troubleshooting. | | 2 | 20 Seconds | Monitoring intermittent data spikes. | | 3 | 30 Seconds | Detailed performance profiling. | | 4 | 60 Seconds | Maximum window for low-frequency industrial events. |

AI-Driven Trace Analysis

Once a capture is complete, the data is fed into the Master AI Assistant. The assistant performs several specialized analysis steps:

1. Metric Extraction

The AI scans the "Attributes" of trace spans. If it finds industrial metrics buried in JSON strings (common in MQTT or EdgeX sources), it parses them to provide context-aware answers.

Example: "The AI identifies that the active_power attribute in the trace spans remained steady at 450W despite the rule firing an alert."

2. Bottleneck Identification

By comparing timestamps across the rule topology (Sources → Operators → Sinks), the AI identifies which specific step in your SQL logic is causing latency.

3. Error Logic Mapping

If a rule is "running" but not producing output, the AI compares the captured trace data against your WHERE clauses to explain why messages are being filtered out.

API Usage (Internal)

For developers extending the manager, the log capture functionality is exposed via the /api/ai/capture-logs endpoint.

Request Body:

{
  "ruleIds": ["rule_1", "rule_2"],
  "durationLevel": 1, // 10 seconds
  "serverUrl": "http://ekuiper-server:9081"
}

Successful Response:

{
  "captured": {
    "rule_1": [
      {
        "traceId": "...",
        "spans": [
          {
            "name": "operator_filter",
            "attributes": {
              "status": "success",
              "result": "{\"temp\": 25.5}"
            }
          }
        ]
      }
    ]
  },
  "message": "Captured logs from 1 rules"
}

Industrial Context for Technicians

The Smart Log Capture is designed to translate technical metrics into operational insights:

• Instead of "Exception in Sink": The AI reports "The rule failed to send data because the target MQTT broker at 192.168.1.50 was unreachable during the 10s capture window."
• Instead of "Late Arrival": The AI reports "Data from the Vibration Sensor is arriving 200ms slower than your windowing logic requires, causing dropped packets."