This research explores how Large Language Models can transform the labor-intensive process of log parsing into an automated, scalable solution without manual configuration requirements.

• Automated Parsing: LLMs can process semi-structured log messages into structured formats without predefined templates
• Reduced Manual Effort: Eliminates need for manual log format definitions or labeled training data
• Enhanced Security Analysis: Enables more efficient monitoring, anomaly detection, and incident response
• Practical Implementation: Provides frameworks for implementing LLM-based log parsing in security operations

For security teams, this advancement means faster threat detection, more comprehensive monitoring capabilities, and reduced time spent on log preprocessing—allowing analysts to focus on addressing actual security incidents rather than data preparation.

SoK: LLM-based Log Parsing