System Log Anomaly Detection Platform Based on Microservice Architecture

Original Author/Maintainer: betieshet Source Platform: GitHub Original Title: systemlogs-anomaly-detection Original Link: https://github.com/betieshet/systemlogs-anomaly-detection Publication Date: May 23, 2026 Tech Stack: Spring Boot, Docker, Machine Learning

This project is a microservice platform that uses machine learning technology to detect system log anomalies. It provides easy access via Spring Boot REST API, supports real-time monitoring and cross-platform deployment, aiming to solve the problem of difficult manual review of large-scale system logs.

In modern IT infrastructure, system logs are important information sources for operation and maintenance monitoring and troubleshooting. However, the expansion of system scale leads to a surge in log volume, making manual review impractical. Anomalous logs indicate system failures, security intrusions, or performance degradation, so timely detection is crucial.

Traditional log monitoring relies on rule matching and threshold alerts, which are difficult to handle complex and changing anomaly patterns. Machine learning technology can automatically learn normal patterns and identify deviant behaviors, providing a new solution.

Adopts a microservice architecture to decouple modules such as log collection, anomaly detection, and result display, facilitating expansion and maintenance; Spring Boot provides RESTful API, and the front-end Web interface for interaction.

Uses Docker containerization encapsulation. Advantages include environmental consistency, rapid deployment (one-click startup with docker-compose), cross-platform support, and resource isolation.

Technical components: Backend Spring Boot framework, integrated ML model for anomaly detection, Docker + Docker Compose for containerization, Web interface for uploading and displaying.

Real-time monitoring: Notify users immediately when anomalies are detected to ensure quick response;

Machine learning-driven: Adaptively learn normal behaviors, identify complex anomaly patterns, reduce false positives, and continuously optimize;

User-friendly interface: Support batch log upload, visual display of anomalies, and flexible configuration management.

Environment requirements: Windows/macOS/Linux, Docker installed and running, network connection.

Installation steps:

1. Download the latest version of the compressed package and extract it;
2. Execute docker-compose up to start the service;
3. Visit http://localhost:8080.

Usage process: Log in to the system (check the documentation for default credentials), upload JSON/plain text logs, and monitor anomaly results and details in real time.

Application scenarios:

• Enterprise IT operation and maintenance: Monitor server/application/database logs;
• Security audit: Identify suspicious logins/permission changes;
• Performance monitoring: Prevent system overload;
• Compliance audit: Automated reporting.

Comparison with similar projects: Its features lie in microservice architecture (scalability), containerized deployment (simplified configuration), Spring Boot ecosystem (enterprise-level), and Web interface (low threshold).

Current limitations: Brief documentation, ML model algorithms not detailed, lack of performance benchmark data.

Improvement directions: Increase log format support, provide pre-trained model downloads, add alert notifications (email/Slack), implement distributed deployment, and add model interpretability output.

The systemlogs-anomaly-detection project combines microservices, machine learning, and containerization technologies, lowering the deployment and usage threshold for log anomaly detection. It is a practical open-source tool for operation and maintenance teams to monitor large volumes of system logs. With community contributions and continuous development, it is expected to become a strong choice in the field of log analysis.