Research

Overview

In today's digital landscape, effectively managing and analyzing log data is crucial for maintaining system performance and security. While numerous log viewing applications exist, integrating advanced features such as predefined filters and AI assistance, especially in web-based platforms, remains a challenge. This project aims to address this gap by developing a comprehensive web-based log viewer with enhanced functionalities.

Technology Review

In developing a suite of tools to enhance Cisco engineers' ability to efficiently search and analyze Webex logs, we undertook a comprehensive evaluation of various technologies to ensure optimal performance, seamless integration, and minimal system bloat. Below is a detailed review of the choices made across different technological facets:

Monolithic vs Microservices [4]

- Monolithic Approach: Integrates all functionalities into a single codebase, simplifying deployment but potentially complicating scalability and maintenance.

- Microservices Approach: Breaks down functionalities into independent services, enhancing scalability and fault isolation but introducing complexity in communication and deployment.

Choice and Justification: We opted for a microservices architecture. We want our project to be highly extensible, so Cisco’s engineers can add new functionality with ease. Our aim is to make each component of our project work independently, without much reliance on each other. This would allow for independent testing of our software, and easy integration of new tooling.

Device Comparison [5]

As our tools are designed to be integrated into Cisco's existing web-based platforms, the primary "device" consideration pertains to server environments:

- On-Premises Servers: Offer control over hardware and security but require significant maintenance and upfront costs.

- Cloud-Based Servers: Provide scalability and reduced maintenance but may raise concerns regarding data sovereignty and recurring costs.

Choice and Justification: We chose to develop our solution for on-premises deployment within Cisco's infrastructure. This ensures compliance with internal security protocols and leverages existing hardware, aligning with Cisco's operational preferences.

Algorithm Comparison [6]

In developing our log analysis tools, we prioritized efficient string-searching mechanisms to enhance performance during log parsing and filtering operations. We evaluated various algorithms to identify the most suitable approaches:

- Naive String Search: Compares the pattern to every possible substring in the text sequentially. Exhibits a time complexity of O(mn), where m is the length of the pattern and n is the length of the text, leading to inefficiencies, especially with large datasets.

- Boyer–Moore–Horspool (BMH) Algorithm: A simplification of the Boyer–Moore algorithm, BMH preprocesses the pattern to create a shift table, allowing the algorithm to skip sections of the text, thereby reducing the number of comparisons. Offers an average-case complexity of O(n) and is particularly efficient for longer patterns.

Choice and Justification: For Plain Text Searches we utilized JavaScript's .includes() method, which is optimized for substring searches. While the exact implementation details of .includes() can vary across JavaScript engines, it is generally optimized for performance, often employing the Boyer–Moore algorithm [7]. For Regular Expression Searches we leveraged JavaScript's native RegExp [8] capabilities, which are highly optimized for pattern matching tasks, generally employing an NFA (Non-deterministic Finite Automata) building and NFA matching algorithm.

Front-End Library & Language Comparison

Adhering to Cisco's guidelines and aiming for seamless integration, we evaluated the following technologies:

JavaScript & jQuery: Vanilla JS does not require a build system or additional dependencies. It is ideal for small projects like this as it does not involve complex state management like user authentication. However, its simplicity comes at the cost of not having reusable components, which can lead to slow development.

React: React is a component based JS library. One core feature is that updates to the components only re-render the changed parts of the UI rather than the entire page leading to improved responsiveness. However, React evolves frequently, and due to build processes, introduces a lot of new dependencies into the project. This may cause issues in compatibility with Cisco’s existing codebase.

Choice and Justification: We utilized jQuery, vanilla JavaScript, Sass, and Bootstrap. This combination ensures compatibility with Cisco's existing systems, minimizes additional dependencies, and provides a balance between functionality and performance.

NoSQL vs SQL Comparison

Our first consideration for the backend design was between a SQL database and a NoSQL database.

SQL: A SQL database works well for highly structured data. Due to the predefined schema of SQL databases, they are easy to maintain, and queries can be highly optimised based on the schema due to features like column indexing. Moreover, SQL databases maintain the ACID properties, which ensures that the data always remains in a consistent state, and transactions are executed in their entirety or none at all.

NoSQL: A NoSQL database on the other hand offers a lot more flexibility than a SQL database. The data is unstructured/semi-structured. While they may not have the powerful query capabilities of SQL databases, NoSQL has lower latency for simple, repetitive queries. NoSQL databases also have high horizontal scalability, making it easier to distribute data across multiple servers or databases.

Choice and Justification: We opted to go with a NoSQL database as our project is focused on data analytics. By nature, this tool has a high read rate, and the queries that are executed are simple but frequent. We felt the performance of a NoSQL database in fetch queries is essential as the website must be responsive. Furthermore, our platform should work for all log files regardless of their format, and this is where NoSQL databases shine as a predefined schema is not needed. Finally, should the scale of data grow extensively, NoSQL databases tend to automatically manage horizontal scaling, whereas this can be difficult to implement in SQL databases.

Database Options

Since we have decided to go with a NoSQL database, we considered several NoSQL options.

Google Firebase: This is a cloud hosted NoSQL database. It offers several built in tools such as real time notifications to the users, and easy authentication. Firebase offers real time databases, which has enhanced fetch speeds than other NoSQL databases, thus ensuring high performance for the log-viewer. However, since this is cloud hosted, and this log viewer app will be handling internal data, this option was immediately ruled out. Furthermore, Firebase is predominantly used for small scale web apps, where the size of the data is limited. The 50GB storage requirement further drives Firebase away from our goals for the project.

ElasticSearch: This is a RESTful search engine used to store and retrieve data in nearly real time. ElasticSearch holds data in JSON format which is the primary format of the log files. Furthermore, ElasticSearch is highly scalable - it automatically creates and distributes the workload across multiple nodes as data size grows. However, ElasticSearch is resource intensive due to the vast range of functionalities it offers, which can result in high costs.

MongoDB: MongoDB excels in storing structured, semi-structured, and unstructured data in flexible JSON-like documents. Similar to ElasticSearch, MongoDB automatically shards large documents to multiple servers. However, MongoDB does have memory limitations, where each document can only take up a maximum of 16MB.

Choice and Justification: We decided to go with ElasticSearch database because it is primarily used for log file and data analytics. In summary, our technology choices were guided by the principles of compatibility, performance, and minimalism. Since ElasticSearch is already used within Cisco we aligned with Cisco's existing infrastructure.

Backend Framwork Comparison

Django: Django offers a very comprehensive and extensive backend framework. Django has a higher versatility than other python backend frameworks as it allows you to build websites using HTML templates or build a JSON API. Django has a strong emphasis on security.

FastAPI: FastAPI is a more limited framework that allows users to quickly create an internal endpoint. It has the highest performance due to async processing.

Flask: Flask offers a middle ground between the 2. It is used heavily for building small scale applications like the log-viewer app, and has moderate response times.

Choice and Justification: We selected FastAPI due to its high performance, ease of setup, and asynchronous capabilities, which are advantageous for handling concurrent log processing tasks. FastAPI's design facilitates rapid development and integrates seamlessly with Python's rich ecosystem of AI and data processing libraries.

AI Integration

In developing our suite of tools to enhance Cisco engineers' efficiency in searching and analyzing Webex logs, we conducted a comprehensive evaluation of various AI integration strategies to ensure optimal performance, seamless integration, and minimal system bloat. Below is a detailed review of the choices made in this context:

Custom Developement vs Frameworks

Custom AI Agent Development:

+ Tailored Functionality: Allows for the creation of features specifically designed to meet the unique requirements of Cisco engineers, ensuring precise alignment with user needs.
+ Optimised Performance: Enables fine-tuning of the agent's operations for efficiency, potentially reducing latency and resource consumption
+ Enhanced Security: Offers greater control over data handling processes, which is crucial for maintaining confidentiality and compliance with internal policies

AI Agent Frameworks (e.g., LangChain):

+ Rapid Development: Provides pre-built components that can accelerate the development process.
+ Standardization: Ensures adherence to best practices through established structures and protocols.
- Reduced Flexibility: May impose constraints that limit customization, making it challenging to implement specialized functionalities.
- Potential Overhead: Could introduce unnecessary features that consume resources without adding value to the specific application.

Choice and Justification: We opted for a custom AI agent implementation to achieve a solution precisely tailored to the operational workflows of Cisco engineers. This approach provides full control over the agent's behavior, ensuring it aligns with our specific requirements without the constraints and potential overhead associated with generic frameworks.

Deployment Strategies: Local Deployment vs. OpenAI API

Local Deployment:

+ Data Privacy and Security: Processing data locally ensures that sensitive information remains within the organization's infrastructure, mitigating risks associated with transmitting data over external networks.
+ Cost Efficiency: After initial setup, local deployment can reduce ongoing costs associated with API usage fees, especially under heavy workloads
+ Customization and Control: Running models locally allows for tailored configurations and optimizations specific to organizational needs.

OpenAI API:

+ Access to Advanced Models: Provides immediate integration with powerful models like GPT-4, offering high performance without the need for extensive local resources
+ Reduced Maintenance: Offloads the complexities of model management and updates to OpenAI, simplifying operational requirements.
- Recurring Costs: Usage-based pricing can lead to significant expenses over time, particularly with high-frequency API calls.
- Data Transmission Risks: Sending data to external servers may raise security and compliance concerns, especially with sensitive information.

Choice and Justification: We implemented a hybrid approach, deploying AI models locally to maintain data privacy and control, while retaining the option to utilize OpenAI's API for tasks requiring advanced capabilities beyond local resources.

Model Selection

After evaluating various AI models such as the Llama series, we selected IBM's Granite series [9] for our application. The Granite models are designed specifically for business applications, offering features tailored to enterprise needs. They are trained on curated datasets, potentially enhancing reliability and performance in professional contexts. Additionally, the open-source nature of Granite models under the Apache 2.0 license fosters innovation and collaboration within the AI community, potentially accelerating advancements in enterprise AI applications.

Choice and Justification: We chose IBM's Granite models due to their enterprise optimization, high-quality training data, and open-source flexibility, aligning with our goals of delivering a responsive, efficient, and secure log analysis tool tailored to the specific needs of Cisco engineers.

Deployment Strategies: Local Deployment vs. OpenAI API

Unquantized Models:

+ High Precision: Maintain full numerical precision, which can lead to marginally better performance on certain tasks.
- Resource Intensive: Require substantial memory and computational power, leading to increased latency and operational costs.

Quantized Models:

+ Reduced Resource Consumption: Lower memory usage and computational demands, facilitating faster inference and cost-effective deployment.
+ Comparable Performance: Studies have shown that quantized models can retain up to 99.9% of the accuracy of their unquantized counterparts, making them suitable for real-world applications.
- Potential Accuracy Loss: Some quantization methods may introduce minor reductions in model accuracy, depending on the precision level and task complexity.

Choice and Justification: We implemented quantized models to achieve significant performance gains, with inference speeds up to 200 times faster than unquantized models, while maintaining minimal loss in accuracy. This approach ensures efficient resource utilization and responsiveness, which are critical for real-time log analysis.

Summary of Research

In developing our suite of tools to enhance Cisco engineers' efficiency in searching and analyzing Webex logs, we made several key technical decisions:

Frontend Developement: We utilized jQuery, vanilla JavaScript, Sass, and Bootstrap to ensure compatibility with Cisco's existing systems. This minimalistic tech stack provides the necessary functionality while minimizing bloat, thereby enhancing user experience and maintaining system efficiency.

Backend Development: We selected FastAPI as our backend framework due to its high performance, ease of setup, and asynchronous capabilities, which are advantageous for handling concurrent log processing tasks. FastAPI's design facilitates rapid development and integrates seamlessly with Python's rich ecosystem of AI and data processing libraries.

AI Integration: To automate bug detection processes, we implemented a custom AI agent using OpenAI models. Additionally, we explored running models locally to enhance data privacy and reduce latency. Utilizing quantized models from Hugging Face, we achieved performance improvements of up to 200 times faster than non-quantized versions, with minimal loss of quality. We also experimented with IBM's Granite 3.2 Instruct 8B model, designed for business applications with high-quality data, and leveraged llama.cpp [10] to compile models for even greater performance.

Data Storage and Search: We chose Elasticsearch for its robust capabilities in indexing and searching large volumes of log data. Its distributed nature and real-time search functionalities make it particularly suitable for our application's requirements.

These decisions were guided by principles of compatibility, performance, and minimalism, aiming to deliver tools that significantly enhance the log analysis capabilities of Cisco engineers while ensuring seamless integration into existing systems.

References

[1] Variar, "Klogg – Open Source Log Viewer." [Online]. Available: https://github.com/variar/klogg. [Accessed: Mar. 2025].
[2] Splunk, "Splunk Observability Cloud: AI Assistant." [Online]. Available: https://www.splunk.com/en_us/products/splunk-ai-assistant-in-observability-cloud.html. [Accessed: Mar. 2025].
[3] Logdy, "Logdy: Real-Time Web-Based Log Viewer." [Online]. Available: https://logdy.dev/. [Accessed: Mar. 2025].
[4] M. Fowler, "Microservices." MartinFowler.com. [Online]. Available: https://martinfowler.com/articles/microservices.html. [Accessed: Mar. 2025].
[5] IBM, "What Is Cloud Computing?" [Online]. Available: https://www.ibm.com/think/topics/cloud-computing. [Accessed: Mar. 25, 2025].
[6] GeeksforGeeks, "Searching Algorithms." [Online]. Available: https://www.geeksforgeeks.org/searching-algorithms/. [Accessed: Mar. 2025].
[7] V8, "String.prototype.includes() – JavaScript." [Online]. Available: https://github.com/v8/v8/blob/e51323de5c6cf20c1153c2afc097867d9a8a8649/src/string-search.h#L424. [Accessed: Mar. 2025].
[8] Mozilla Developer Network, "Regular Expressions – JavaScript Guide." [Online]. Available: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Regular_Expressions. [Accessed: Mar. 2025].
[9] IBM, "Foundation Models - IBM watsonx.ai." [Online]. Available: https://www.ibm.com/products/watsonx-ai/foundation-models. [Accessed: Mar. 25, 2025].
[10] G. Gerganov, "llama.cpp – C/C++ Implementation of LLaMA." GitHub. [Online]. Available: https://github.com/ggerganov/llama.cpp. [Accessed: Mar. 2025].

Webex Log Viewer

Research

Overview

Klogg [1]

Main Features:

Key Takeaways:

Splunk's AI Assistant in Observability Cloud [2]

Main Features:

Key Takeaways:

Logdy [3]

Main Features:

Key Takeaways:

Technology Review

Monolithic vs Microservices [4]

Device Comparison [5]

Algorithm Comparison [6]

Front-End Library & Language Comparison

NoSQL vs SQL Comparison

Database Options

Backend Framwork Comparison

AI Integration

Custom Developement vs Frameworks

Custom AI Agent Development:

AI Agent Frameworks (e.g., LangChain):

Deployment Strategies: Local Deployment vs. OpenAI API

Local Deployment:

OpenAI API:

Model Selection

Deployment Strategies: Local Deployment vs. OpenAI API

Unquantized Models:

Quantized Models:

Summary of Research

References

Research

Overview

Related Projects

Technology Review

AI Integration

Related Projects Overview

Klogg [1]

Main Features:

Key Takeaways:

Splunk's AI Assistant in Observability Cloud [2]

Main Features:

Key Takeaways:

Logdy [3]

Main Features:

Key Takeaways:

Technology Review

Monolithic vs Microservices [4]

Device Comparison [5]

Algorithm Comparison [6]

Front-End Library & Language Comparison

NoSQL vs SQL Comparison

Database Options

Backend Framwork Comparison

AI Integration

Custom Developement vs Frameworks

Custom AI Agent Development:

AI Agent Frameworks (e.g., LangChain):

Deployment Strategies: Local Deployment vs. OpenAI API

Local Deployment:

OpenAI API:

Model Selection

Deployment Strategies: Local Deployment vs. OpenAI API

Unquantized Models:

Quantized Models:

Summary of Research

References