All Products
Search
Document Center

Simple Log Service:Monitor Simple Log Service

Last Updated:Aug 04, 2023

Simple Log Service provides the service log feature to record operations logs, consumption delay logs of consumer groups, Logtail alert logs, Logtail collection logs, and Logtail status logs. This feature allows you to view the service status of Simple Log Service in real time and improve O&M efficiency.

Prerequisites

The service log feature is enabled. For more information, see Enable the service log feature.

Monitor the Logtail heartbeat

After Logtail is installed, Simple Log Service stores Logtail status logs in a Logstore named internal-diagnostic_log. You can use Logtail status logs to check the running status of Logtail.

You can execute the __topic__: logtail_status query statement on the Search & Analysis page of the internal-diagnostic_log Logstore to query Logtail status logs. For more information, see Query and analyze logs. For example, you can execute the following statement to query Logtail status logs and obtain the number of servers that have normal heartbeats within a recent period of time, and then configure an alert. If the number of normally running servers is smaller than the number of servers in the server group, the alert is triggered.

  • The following query statement provides an example:

    __topic__: logtail_status | SELECT COUNT(DISTINCT ip) as ip_count
  • The following figure shows the alert rule configurations. In this example, the number of servers in the server group is 100.

    If an alert is triggered, you can view the status of servers in the server group in the Simple Log Service console and check for servers that have abnormal heartbeats.

    Create an alert

View the consumption delay of consumer groups

In Simple Log Service, in addition to querying and analyzing logs, you can also consume logs by using consumer groups. For more information, see Use consumer groups to consume data.

When you use consumer groups to consume log data, Simple Log Service stores the consumption delay logs in a Logstore named internal-diagnostic_log. You can view the consumption delay logs to check the consumption progress. If the delay is high, you can increase the consumption speed by increasing the number of consumers.

You can execute the __topic__: consumergroup_log query statement on the Search & Analysis page of the internal-diagnostic_log Logstore to query consumption delay logs of consumer groups. For more information, see Query and analyze logs. For example, you can execute the following statement to query the consumption delay of the test-consumer-group consumer group:

__topic__: consumergroup_log and consumer_group:  test-consumer-group | SELECT max_by(fallbehind, __time__) as fallbehind

Monitor Logtail exceptions

After Logtail is installed, Simple Log Service stores Logtail alert logs in a Logstore named internal-diagnostic_log. You can use Logtail alert logs to promptly detect Logtail exceptions and adjust Logtail configurations to ensure that no logs are lost.

You can execute the __topic__: logtail_alarm query statement on the Search & Analysis page of the internal-diagnostic_log Logstore to query Logtail alert logs. For more information, see Query and analyze logs. For example, you can execute the following statement to query and analyze the number of occurrences of various exception types within 15 minutes:

__topic__: logtail_alarm | select sum(alarm_count)as errorCount, alarm_type  GROUP BY alarm_type

Audit operations logs

The logs about operations on all resources in a project are stored in the internal-operation_log Logstore. An operations log entry contains the information about the related resources on which an operation is performed and the user who performs the operation. For example, when a user creates a server group, the name of the server group and the user information are logged. When a user performs operations on a Logstore, the name of the Logstore and the user information are logged. The following table lists the types of user information.

Type

Field

Alibaba Cloud account

  • InvokerUid: the unique ID of the Alibaba Cloud account.

  • CallerType: Parent.

RAM user

  • InvokerUid: the unique ID of the RAM user.

  • CallerType: Subuser.

Sts

  • InvokerUid: the unique ID of the Alibaba Cloud account.

  • CallerType: Sts.

  • RoleSessionName: the name of the session.