All Products
Search
Document Center

Simple Log Service:Analyze Layer 7 access logs of SLB

Last Updated:Aug 04, 2023

This topic provides examples on how to query and analyze the Layer 7 access logs of Server Load Balancer (SLB) based on the visualization feature and real-time query and analysis feature of Simple Log Service.

Prerequisites

Layer 7 access logs of SLB are collected. For more information, see Enable the access log management feature.

Background information

SLB is a basic component for most cloud services. In most cases, you need to continuously monitor, detect, diagnose, and configure alerts for SLB. Alibaba Cloud SLB distributes traffic to multiple servers to improve the service capabilities of applications. You can use SLB to prevent single point of failures (SPOFs) and a large number of concurrent web access requests.

Access logs can be generated for Layer 7 SLB based on HTTP or HTTPS. For more information about access logs, see Log fields. SLB has the following metrics:

  • Page Views (PVs): the total number of HTTP or HTTPS requests sent by the clients.

  • Unique Visitors (UVs): the total number of unique requests. Requests initiated by unique visitors from the same client are counted only once.

  • Request success rate: the percentage of the requests whose status code is 2XX to the total PVs.

  • Request traffic: the total number of bytes of request messages that are sent by the clients.

  • Response traffic: the total number of bytes of the HTTP message body that is sent to the clients.

  • PV heat map: indicates the density of PVs in the regions where the IP addresses of the clients reside.

Examples

  1. Log on to the Log Service console.
  2. In the Projects section, click the project that you want to manage.
  3. In the left-side navigation pane, click Dashboard.

  4. In the Dashboard list, click the dashboard that you want to manage.

    The following dedicated dashboards are provided for Layer 7 access logs of SLB: slb-user-log-slb_layer7_operation_center_en and slb-user-log-slb_layer7_access_center_en.

    Note

    To view the query statement of a chart, you can find the chart on the corresponding dashboard and choose Configure monitoring and alerting > Preview Query Statement.

    • Basic analysis

      Use the filter to specify an SLB instance and view the page view (PV) and unique visitor (UV) trends of the SLB instance. For information about how to manage a filter, see Add a filter. PV and UV trends

    • Traffic and latency analysis

      • View the trends of the request traffic and response traffic within a specific period of time. Traffic statistics

      • View the trends of the response time and upstream response time within a specific period of time. Response time

      • View the trend of high-latency requests within a specific period of time. Latency analysis

    • User request analysis

      • View the distributions of the request methods and request protocols within a specific period of time. PV trend analysis

      • View the PV trends of different request methods within a specific period of time. PV trend of different request methods

      • View the distribution of different status codes within a specific period of time.

        If a large number of status codes 500 are generated, internal errors occurred on the backend RealServer.

        Status code
      • View the PV trends of different status codes within a specific period of time. PV trends of different status codes

    • Request source analysis

      • View the distribution of Internet service providers (ISPs). Distribution of ISPs

      • View the geographic location such as country, province, and city by analyzing the IP addresses of the clients. Top client

      • View the information of a user agent.

        The user agent (http_user_agent) can be used to identify who is visiting the website or accessing the service. For example, a search engine uses web crawlers to scan or download website resources. In most cases, web crawlers allow the search engine to update website content in a timely manner and facilitates website promotion and search engine optimization (SEO). If all of the high PV requests are sent from the web crawlers, the service performance may be affected and server resources may be wasted. User agent

    • Business analysis

      You can use access logs to analyze service traffic and make business decisions. Analyze visitor behavior based on the host and URI information to optimize website content. Top host

Request scheduling analysis

Client traffic is first processed by SLB and then distributed to a RealServer for business logic processing. SLB can detect unhealthy servers and distribute traffic to healthy RealServers. After the unhealthy servers recover, traffic is distributed to them.

Add a listener to the SLB instance to listen to four servers. If a server (192.168.0.0) acts as a jump server, its performance is four times higher than that of the other three servers. Set the weight of the jumper server to 100 and set the weight of the other three servers to 20. Run the following query statement to analyze the distribution of request traffic:

* | select COALESCE(client_ip, vip_addr, upstream_addr) as source, COALESCE(upstream_addr, vip_addr, client_ip) as dest, sum(request_length) as inflow group by grouping sets( (client_ip, vip_addr), (vip_addr, upstream_addr))

The following Sankey diagram shows the load of each RealServer. After SLB receives traffic, the traffic is distributed to the four servers based on their respective weights (20, 20, 20, and 100).Sankey diagram