[P] I trained a Mamba-3 log anomaly detector that hit 0.9975 F1 on HDFS — and I’m curious how far this can go

An independent developer has achieved a breakthrough in log anomaly detection by implementing the new Mamba-3 state-space model (SSM) architecture. The system scored an impressive 0.9975 F1 on the standard HDFS benchmark, missing only 9 anomalies out of 3,368 while generating just 3 false alarms across 112,000 normal sessions. What makes this particularly notable is that it's likely the first log anomaly detection model built on Mamba-3, which was only published weeks ago.

The key innovation wasn't just the architecture choice but a fundamental shift in approach. Instead of treating logs as natural language with BPE tokenization, the developer switched to template-based tokenization where each log template becomes a single token. This reduced vocabulary from 8,000 to just 50 tokens, shrunk model size by 10x to 4.9M parameters, and cut training time from 20 hours to 36 minutes on an RTX 4090. The model now processes over 500 log events per second with sub-2ms inference latency.

This breakthrough demonstrates how matching the right architectural choices with domain-specific preprocessing can yield dramatic improvements. The developer's approach of pretraining on normal logs for next-token prediction, then fine-tuning for classification, proved highly effective. The results suggest that Mamba-3's efficient sequence modeling capabilities are particularly well-suited for log analysis tasks where patterns emerge over time.