The structure algorithm applies best to an ecosystem where semantic logs are used, i.e. the application outputs logs every here and there throughout its process where the application uses somewhat free text to describe what it's doing. That's where the structural anomalies, i.e. never before seens, new in system and parameter changes have the highest value.
In practice, this applies to logs from almost any system. Some examples listed below:
- Linux system logs
- Windows event logs
- Operational and error logs from almost any application (including your home-brewed ones!)
- Logs from physical infrastructure devices
- Logs from hypervisors