To address context bias and imprecise anomaly localization caused by conventional sliding-window approaches in discrete-event log anomaly detection, this paper proposes TempoLog—the first window-free, continuous-time dynamic graph modeling framework. TempoLog models log templates as nodes and temporal dependencies as edges, constructing a multi-scale continuous-time dynamic graph; it incorporates a semantic-aware mechanism to jointly capture local and global temporal relationships; and it designs template-level semantic embeddings alongside event-level anomaly scoring. Evaluated on multiple public benchmark datasets, TempoLog achieves state-of-the-art performance in event-level anomaly detection, with significantly improved accuracy and superior inference efficiency compared to existing methods.

Detecting anomalies in discrete event logs is critical for ensuring system reliability, security, and efficiency. Traditional window-based methods for log anomaly detection often suffer from context bias and fuzzy localization, which hinder their ability to precisely and efficiently identify anomalies. To address these challenges, we propose a graph-centric framework, TempoLog, which leverages multi-scale temporal graph networks for discrete log anomaly detection. Unlike conventional methods, TempoLog constructs continuous-time dynamic graphs directly from event logs, eliminating the need for fixed-size window grouping. By representing log templates as nodes and their temporal relationships as edges, the framework dynamically captures both local and global dependencies across multiple temporal scales. Additionally, a semantic-aware model enhances detection by incorporating rich contextual information. Extensive experiments on public datasets demonstrate that our method achieves state-of-the-art performance in event-level anomaly detection, significantly outperforming existing approaches in both accuracy and efficiency.