Traditional security log analysis methods suffer from low efficiency, high false-positive rates, and poor interpretability. Method: This paper presents the first systematic meta-analysis of large language model (LLM)-driven log analysis, synthesizing insights from 127 state-of-the-art studies through bibliometric analysis, methodological comparison, and cross-modal representation evaluation. Contribution/Results: We propose the first holistic taxonomy framework for LLM-based log analysis; identify critical gaps—including insufficient log format robustness and lack of causal reasoning—and derive design principles for scalable, standardized evaluation benchmarks. We categorize six mainstream technical paradigms (e.g., fine-tuning, retrieval-augmented generation, in-context learning), distill four persistent bottlenecks, and outline seven concrete future research directions. Our work delivers a theoretical roadmap and practical guidelines for automated threat detection and interpretable log auditing.

Event log analysis is an important task that security professionals undertake. Event logs record key information on activities that occur on computing devices, and due to the substantial number of events generated, they consume a large amount of time and resources to analyse. This demanding and repetitive task is also prone to errors. To address these concerns, researchers have developed automated techniques to improve the event log analysis process. Large Language Models (LLMs) have recently demonstrated the ability to successfully perform a wide range of tasks that individuals would usually partake in, to high standards, and at a pace and degree of complexity that outperform humans. Due to this, researchers are rapidly investigating the use of LLMs for event log analysis. This includes fine-tuning, Retrieval-Augmented Generation (RAG) and in-context learning, which affect performance. These works demonstrate good progress, yet there is a need to understand the developing body of knowledge, identify commonalities between works, and identify key challenges and potential solutions to further developments in this domain. This paper aims to survey LLM-based event log analysis techniques, providing readers with an in-depth overview of the domain, gaps identified in previous research, and concluding with potential avenues to explore in future.