Using AI Features

Master Gonzo's AI-powered capabilities to transform log analysis from manual investigation to intelligent, automated insights. This comprehensive guide covers all AI features, workflows, and advanced techniques for getting the most out of AI-assisted log analysis.

Prerequisites: Ensure you have AI configured - see Setup & Configuration if you haven't completed AI setup yet.

AI Features Overview

Gonzo integrates AI throughout the interface, providing intelligent assistance at every level:

Feature

Trigger

What It Does

Best For

Log Analysis

Press i on log entry

Analyzes individual log entries

Understanding specific errors

AI Chat

Press c in log details

Interactive conversation about logs

Complex investigation

Model Switching

Press m anywhere

Switch between available AI models

Optimizing cost vs quality

Pattern Insights

AI + Counts panel

Explains detected patterns

Understanding system behavior

Contextual Analysis

AI across multiple logs

Correlates events and trends

Root cause analysis

Basic AI Workflows

Single Log Analysis

Use Case: Understanding what a specific log entry means

# 1. Start Gonzo with AI enabled
gonzo -f application.log --ai-model="gpt-4"

# 2. Navigate to an interesting log entry
# Use ↑/↓ or mouse to select a log

# 3. Press 'i' for instant AI analysis
# Example log:
{"timestamp":"2024-01-15T10:30:05Z","level":"error","service":"payment","message":"Transaction failed: insufficient funds","user_id":"12345","amount":250.00,"account_balance":75.50}

# 4. AI provides analysis like:

Example AI Response:

This payment transaction failure is a business logic error, not a technical issue. 

Key details:
- User 12345 attempted a $250 transaction
- Account balance is only $75.50  
- System correctly prevented overdraft

This is normal application behavior - the user simply has insufficient funds. However, you should verify:

1. Balance calculation is accurate
2. User was notified of insufficient funds
3. No retry loops are occurring
4. Consider if this pattern indicates UI/UX issues (users not seeing balance before purchase)

Not a system error requiring technical intervention.

Interactive AI Conversation

Use Case: Deep investigation of complex issues

# 1. Select a log entry and press 'Enter' for details
# 2. Press 'c' to start AI chat
# 3. Have a natural conversation about the logs

# Example conversation:

Example AI Chat Session:

You: Why are we seeing so many payment failures?

AI: I see 47 payment failures in the last hour. The pattern breaks down as:
- 23 insufficient funds (normal user behavior)  
- 18 card declined (bank/card issues)
- 6 system timeouts (technical issue requiring attention)

The system timeouts are concerning and started 20 minutes ago.

You: What's causing the system timeouts?

AI: The timeout pattern correlates with database slow query warnings that started at the same time. I see:
- Payment queries taking 8-12 seconds (normally <1 second)
- Database connection pool showing high utilization
- No infrastructure alerts, suggesting query performance issue

Recommended investigation: Check for long-running queries, missing indexes, or table locks in the payment database.

You: Show me what to look for in the database

AI: Here's your investigation checklist:

1. Current active queries:
   SELECT * FROM pg_stat_activity WHERE state = 'active';

2. Slow queries in logs:
   Look for payment-related queries >5 seconds

3. Lock analysis:
   SELECT * FROM pg_locks WHERE NOT granted;

4. Recent schema changes:
   Check if indexes were dropped or tables altered

The timing suggests a recent change triggered this performance degradation.

Model Optimization Workflow

Use Case: Balancing cost, speed, and quality

# 1. Start with a fast, cost-effective model
gonzo -f logs.log --ai-model="gpt-3.5-turbo"

# 2. For basic questions, this model is sufficient
# Press 'i' on routine logs, get quick insights

# 3. When you encounter complex issues, switch models
# Press 'm' → Select "gpt-4" → Continue analysis

# 4. Use the better model for deeper investigation
# Press 'c' for complex conversations with gpt-4

# 5. Switch back to cheaper model for routine monitoring
# Press 'm' → Select "gpt-3.5-turbo" → Continue

Advanced AI Techniques

Multi-Log Correlation Analysis

Technique: Use AI to understand relationships across multiple log entries

# 1. Filter logs for a specific timeframe or issue
/2024-01-15.*14:[2-3][0-9]  # 2:20-2:39 PM timeframe

# 2. Use AI analysis on multiple entries
# Navigate through filtered logs, press 'i' on several entries

# 3. Start AI chat to correlate findings
# Press 'c' and ask: "What patterns do you see across these logs?"

# 4. AI will identify cross-log relationships:

Example Correlation Analysis:

You: What patterns do you see across these filtered logs?

AI: Analyzing the 2:20-2:39 PM timeframe, I see a clear cascade failure pattern:

Timeline of events:
2:22 PM - Database connection pool exhaustion begins
2:23 PM - API gateway starts returning 503 errors  
2:24 PM - Authentication service becomes unresponsive
2:25 PM - Load balancer fails health checks
2:26 PM - Auto-scaling triggers but fails to help

Root cause: Database connection pool exhaustion triggered a system-wide cascade failure. The auto-scaling didn't help because the bottleneck was database connections, not compute capacity.

Recovery actions taken:
- 2:35 PM - Database connections manually reset
- 2:37 PM - Services began recovering
- 2:39 PM - Full system recovery

Prevention: Implement circuit breakers and better connection pool monitoring.

AI-Enhanced Pattern Recognition

Technique: Combine Gonzo's pattern detection with AI interpretation

# 1. Open the Counts panel analysis modal
# Press Enter on Counts panel (bottom-right)

# 2. Review the pattern analysis
# Note the top patterns detected by drain3 algorithm

# 3. Use AI to interpret patterns
# Press 'i' on logs matching interesting patterns
# Ask AI: "Why is this pattern significant?"

# 4. Get intelligent pattern interpretation:

Example Pattern Interpretation:

Detected Pattern: "User <ID> authentication failed from IP <IP>"
Occurrences: 234 in last hour

AI Analysis: This pattern indicates a distributed brute force attack:

Attack characteristics:
- 234 failed attempts across 67 different IPs
- Targeting multiple user accounts (87 unique user IDs)
- Geographic distribution suggests botnet usage
- Rate: ~4 attempts per minute (automated, not human)

Immediate actions:
1. Implement rate limiting on authentication endpoint
2. Consider geographic IP blocking
3. Enable account lockout after N failed attempts
4. Alert security team about coordinated attack

This is not a system error - it's a security incident requiring immediate attention.

Predictive Analysis Workflow

Technique: Use AI to identify trends and predict future issues

# 1. Analyze trends over time
# Use time-series data from Counts panel
# Look for growing patterns in heatmap

# 2. Ask AI about trend implications
# Press 'c' and describe what you see:
# "I see increasing error rates over the last 2 hours"

# 3. Get predictive insights:

Example Predictive Analysis:

You: I see error rates increasing steadily over the last 2 hours. What should I expect?

AI: Based on the escalating pattern, you're heading toward a system overload scenario:

Current trend analysis:
- Error rate: 5/min → 15/min → 25/min (exponential growth)
- Memory warnings appearing more frequently
- Database query times increasing linearly
- Cache hit rate declining steadily

Projected timeline if no intervention:
- Next 30 minutes: Error rate will likely reach 40-50/min
- Within 1 hour: Expect system timeouts and user impact
- Critical threshold: ~60 errors/min (based on historical data)

Recommended immediate actions:
1. Scale database connections NOW (don't wait for critical threshold)
2. Implement circuit breakers to prevent cascade failures
3. Consider temporary rate limiting to reduce load
4. Alert on-call team - intervention needed within 30 minutes

The pattern suggests underlying capacity issues that will require architectural changes long-term.

AI Feature Deep Dive

Intelligent Log Analysis (`i` key)

What AI Analyzes:

Error significance - Is this a critical error or expected behavior?
Context understanding - What was happening when this occurred?
Impact assessment - How does this affect users/system?
Investigation guidance - What should you check next?
Pattern recognition - Is this part of a larger issue?

Optimizing AI Analysis:

# Provide context for better analysis
# Instead of analyzing isolated logs, filter for relevant timeframe:
/2024-01-15.*15:[1-2][0-9]  # Focus on incident timeframe

# Then use AI analysis on logs within that context
# AI will provide more relevant insights with proper context

AI Analysis Types:

For error-level logs, AI focuses on:

Technical Details:
- What specific error occurred
- Likely root causes
- System components involved
- Data/state that might be corrupted

Business Impact:
- User experience effects
- Revenue/functionality impact
- Urgency level assessment
- Customer communication needs

Investigation Steps:
- What to check first
- Related systems to examine
- Logs/metrics to correlate
- Tools/commands to run

Prevention:
- How to prevent recurrence
- Monitoring improvements
- Code/config changes needed
- Process improvements

For performance-related logs, AI examines:

Performance Metrics:
- Response time analysis
- Resource utilization patterns
- Throughput characteristics
- Bottleneck identification

Capacity Planning:
- Current vs optimal performance
- Scaling recommendations
- Resource allocation guidance
- Infrastructure optimization

Optimization Opportunities:
- Code efficiency improvements
- Database query optimization
- Caching strategies
- Architecture improvements

Monitoring Enhancements:
- Additional metrics to track
- Alert threshold recommendations
- Dashboard improvements
- SLA/SLO considerations

For security-related logs, AI identifies:

Security Events:
- Attack pattern recognition
- Threat level assessment
- Compromise indicators
- Data exposure risks

Response Actions:
- Immediate containment steps
- Investigation procedures
- Evidence preservation
- Communication requirements

Prevention Strategies:
- Security control improvements
- Policy/process enhancements
- Technology recommendations
- Training needs

Compliance Considerations:
- Regulatory requirements
- Audit trail preservation
- Notification obligations
- Documentation needs

Interactive AI Chat (`c` key)

Chat Best Practices:

# 1. Start with specific questions
"What caused this database timeout?"

# 2. Build on AI responses
"You mentioned connection pooling - how do I check pool status?"

# 3. Ask for actionable guidance
"What specific commands should I run to investigate this?"

# 4. Request prioritization
"Which of these issues should I fix first?"

# 5. Get prevention advice
"How can I prevent this type of issue in the future?"

Advanced Chat Techniques:

# Multi-turn investigation
You: "Analyze this error pattern"
AI: [Provides analysis]
You: "What's the business impact?"
AI: [Explains user/revenue impact]
You: "Give me a 5-minute action plan"
AI: [Provides prioritized steps]
You: "Draft an incident summary for stakeholders"
AI: [Creates stakeholder communication]

Model Switching (`m` key)

Strategic Model Usage:

Scenario

Recommended Model

Reasoning

Quick checks

gpt-3.5-turbo

Fast, cost-effective for simple questions

Complex debugging

gpt-4

Better reasoning for root cause analysis

Large context

gpt-4-turbo

Handles extensive log context

Privacy-sensitive

Local model

Keeps data on your infrastructure

High volume

Local model

No API costs for extensive analysis

Model Switching Workflow:

# 1. Start monitoring with fast model
gonzo -f logs.log --follow --ai-model="gpt-3.5-turbo"

# 2. When issues arise, upgrade model quality
# Press 'm' → Select "gpt-4"

# 3. Conduct deep analysis with better model
# Use AI chat for complex investigation

# 4. Return to monitoring mode
# Press 'm' → Select "gpt-3.5-turbo"

# 5. Save expensive model for critical issues only

Real-World AI Workflows

Production Incident Response

Scenario: Critical production issue requiring rapid resolution

# Phase 1: Rapid Assessment (2-3 minutes)
gonzo -f /var/log/prod/*.log --follow --ai-model="gpt-4"

# 1. Identify scope and timing
# Filter to incident timeframe: /2024-01-15.*14:[1-3][0-9]

# 2. Get AI overview of situation
# Press 'i' on error logs: "What's the severity and scope?"

# 3. Quick impact assessment
# Press 'c': "How many users are affected and what's broken?"

# Phase 2: Root Cause Analysis (5-10 minutes)
# 4. Deep dive with AI
# "Walk me through what happened step by step"

# 5. Get investigation plan
# "What should I check first to resolve this?"

# Phase 3: Resolution Guidance (ongoing)
# 6. Implementation assistance
# "How do I safely implement this fix?"

# 7. Validation guidance
# "How will I know if the fix worked?"

Development Debugging Session

Scenario: Complex bug investigation during development

# Setup: Development environment with detailed logging
gonzo -f logs/debug.log --follow --ai-model="gpt-3.5-turbo"

# 1. Reproduce issue while monitoring
# AI continuously analyzes logs as they appear

# 2. Focus on anomalies
# Press 'i' on unusual log entries during reproduction

# 3. Build understanding through conversation
# Press 'c': "What's different about this execution vs normal?"

# 4. Get debugging strategy
# "What's the most efficient way to isolate this bug?"

# 5. Validate hypotheses
# "Does this log pattern support the theory that...?"

# 6. Solution guidance
# "What's the safest way to implement this fix?"

Security Monitoring Workflow

Scenario: Continuous security monitoring with AI assistance

# Setup: Security-focused monitoring
gonzo -f /var/log/auth.log -f /var/log/nginx/access.log --follow --ai-model="gpt-4"

# 1. Filter for security events
/(fail|denied|blocked|suspicious|attack|breach)/i

# 2. AI assessment of security events
# Press 'i' on security-related logs for threat analysis

# 3. Pattern recognition
# Press 'c': "Are these isolated incidents or part of a campaign?"

# 4. Response prioritization
# "Which of these events requires immediate attention?"

# 5. Investigation guidance
# "What additional data should I collect for this incident?"

# 6. Prevention recommendations
# "How can I prevent this type of attack?"

AI Performance Optimization

Context Management

Optimize AI responses with better context:

# Instead of: Analyzing random individual logs
# Do this: Filter first, then analyze
/error.*database.*timeout  # Focus AI on specific issue type

# Instead of: Asking vague questions
# Do this: Provide specific context
"This database timeout started after the 2 PM deployment - what should I check?"

# Instead of: Single log analysis
# Do this: Multi-log correlation
"Compare these three error patterns and tell me if they're related"

Cost Optimization Strategies

Balance AI quality with cost:

# Development: Use cheaper models
export GONZO_DEV_MODEL="gpt-3.5-turbo"
alias gonzo-dev='gonzo --ai-model="$GONZO_DEV_MODEL"'

# Production monitoring: Balanced approach
export GONZO_MONITOR_MODEL="gpt-3.5-turbo"
alias gonzo-monitor='gonzo --ai-model="$GONZO_MONITOR_MODEL"'

# Incident response: Use premium models
export GONZO_INCIDENT_MODEL="gpt-4"
alias gonzo-incident='gonzo --ai-model="$GONZO_INCIDENT_MODEL"'

# High-volume analysis: Local models
export GONZO_LOCAL_MODEL="llama3"
alias gonzo-local='OPENAI_API_BASE="http://localhost:11434" gonzo --ai-model="$GONZO_LOCAL_MODEL"'

Quality Optimization

Get better AI insights:

# 1. Use specific, targeted questions
# Instead of: "What's wrong?"
# Ask: "Why did the authentication service start timing out at 2 PM?"

# 2. Provide business context
# "This is our payment system - what's the user impact of these errors?"

# 3. Ask for actionable guidance
# "Give me the top 3 investigation steps in priority order"

# 4. Request specific formats
# "Create a timeline of events from these logs"
# "Draft an incident report for stakeholders"
# "List the exact commands I should run"

Advanced AI Integration Patterns

AI + Pattern Detection

Combine Gonzo's algorithms with AI interpretation:

# 1. Use Counts panel for pattern detection
# Press Enter on Counts panel → Review drain3 patterns

# 2. Apply AI to interpret patterns
# Filter by pattern: /pattern.*from.*analysis
# Press 'i': "Why is this pattern significant?"

# 3. Get pattern evolution insights
# Press 'c': "Is this pattern getting worse over time?"

# 4. Predictive pattern analysis
# "Based on this pattern trend, what should I expect?"

AI + Time-Series Analysis

Enhance heatmap analysis with AI insights:

# 1. Review time-series heatmap in Counts modal
# Identify interesting time periods and intensity patterns

# 2. Filter logs to specific time periods
# /2024-01-15.*1[4-5]:[0-9]{2}  # Focus on 2-6 PM

# 3. Ask AI about timing correlations
# Press 'c': "What caused the error spike at 3 PM?"

# 4. Get predictive timeline analysis
# "Based on this trend, when will we hit critical thresholds?"

AI + Multi-Source Correlation

Use AI to understand relationships across log sources:

# 1. Monitor multiple related sources
gonzo -f api.log -f db.log -f cache.log --follow --ai-model="gpt-4"

# 2. Filter for specific incident timeframe
/2024-01-15.*15:[2-4][0-9]/

# 3. Ask AI to correlate across sources
# Press 'c': "How do these three services relate in this incident?"

# 4. Get cascade failure analysis
# "Which service failed first and how did it cascade?"

# 5. Architecture improvement recommendations
# "How can we prevent this type of cascade failure?"

Troubleshooting AI Features

Common AI Issues

AI Analysis Not Working:

# Check AI configuration
echo $OPENAI_API_KEY
echo $OPENAI_API_BASE

# Test AI connectivity
gonzo -f test.log --ai-model="gpt-3.5-turbo" --test-mode

# Verify model availability
# Press 'm' to see available models

Poor AI Response Quality:

# 1. Provide more context
# Filter logs first: /specific.*error.*pattern
# Then ask specific questions

# 2. Use better models for complex analysis
# Press 'm' → Switch to "gpt-4"

# 3. Ask follow-up questions
# "Can you be more specific about the root cause?"
# "What exact commands should I run?"

AI Responses Too Slow:

# 1. Use faster models
# Press 'm' → Switch to "gpt-3.5-turbo"

# 2. Reduce context size
# Filter logs to smaller timeframes
# Ask more focused questions

# 3. Check network connectivity (cloud models)
ping api.openai.com

# 4. Monitor local resources (local models)
htop  # Check CPU/memory usage

Optimizing AI Workflows

Best Practices:

# 1. Filter before analyzing
# Reduce noise with targeted filters: /error.*payment/

# 2. Start broad, then narrow
# "What types of errors do you see?" → "Focus on payment errors"

# 3. Ask for actionable outputs
# "Give me a runbook for this issue"
# "Create a timeline I can share with stakeholders"

# 4. Validate AI insights
# Cross-check AI conclusions with data
# Ask AI to explain its reasoning

What's Next?

You've now mastered AI-powered log analysis! Continue exploring:

Log Analysis - Combine AI with algorithmic pattern detection
Format Detection - Optimize log parsing for better AI analysis
Configuration - Set up AI-specific configurations
Integration Examples - Apply AI features to real-world scenarios

Or start using AI features immediately in your daily workflows:

# Start your AI-enhanced log analysis session
gonzo -f your-production-logs.log --follow --ai-model="gpt-4"

# Remember the key AI shortcuts:
# 'i' - Analyze any log entry
# 'c' - Start AI conversation
# 'm' - Switch AI models

You're now equipped with AI superpowers for log analysis! 🤖 From rapid incident response to deep debugging sessions, AI transforms complex log investigation into intelligent, guided analysis that helps you solve problems faster and more effectively.

Last updated 7 months ago

hashtagAI Features Overview

hashtagBasic AI Workflows

hashtagSingle Log Analysis

hashtagInteractive AI Conversation

hashtagModel Optimization Workflow

hashtagAdvanced AI Techniques

hashtagMulti-Log Correlation Analysis

hashtagAI-Enhanced Pattern Recognition

hashtagPredictive Analysis Workflow

hashtagAI Feature Deep Dive

hashtagIntelligent Log Analysis (i key)

hashtagInteractive AI Chat (c key)

hashtagModel Switching (m key)

hashtagReal-World AI Workflows

hashtagProduction Incident Response

hashtagDevelopment Debugging Session

hashtagSecurity Monitoring Workflow

hashtagAI Performance Optimization

hashtagContext Management

hashtagCost Optimization Strategies

hashtagQuality Optimization

hashtagAdvanced AI Integration Patterns

hashtagAI + Pattern Detection

hashtagAI + Time-Series Analysis

hashtagAI + Multi-Source Correlation

hashtagTroubleshooting AI Features

hashtagCommon AI Issues

hashtagOptimizing AI Workflows

hashtagWhat's Next?

AI Features Overview

Basic AI Workflows

Single Log Analysis

Interactive AI Conversation

Model Optimization Workflow

Advanced AI Techniques

Multi-Log Correlation Analysis

AI-Enhanced Pattern Recognition

Predictive Analysis Workflow

AI Feature Deep Dive

Intelligent Log Analysis (`i` key)

Interactive AI Chat (`c` key)

Model Switching (`m` key)

Real-World AI Workflows

Production Incident Response

Development Debugging Session

Security Monitoring Workflow

AI Performance Optimization

Context Management

Cost Optimization Strategies

Quality Optimization

Advanced AI Integration Patterns

AI + Pattern Detection

AI + Time-Series Analysis

AI + Multi-Source Correlation

Troubleshooting AI Features

Common AI Issues

Optimizing AI Workflows

What's Next?