Log entries and baseline log entries have timestamps, and can be structured over columns of respective data types. Temporal inconsistency can be identified by comparing a probability distribution of time differences between the timestamps of the log entries with a probability distribution of time differences between the timestamps of the baseline log entries. Data type inconsistency can be identified by comparing a data type of each column of the log entries with a data type of a corresponding column of the baseline log entries. Columnar inconsistency can be identified by comparing a number of the columns of the log entries with a number of the columns of the baseline log entries. In response to identification of temporal, data type, and/or columnar inconsistency, that an abnormality exists in collecting the log entries is detected.