After you enable Log Analysis for your domain name in the Anti-DDoS Pro or Anti-DDoS Premium console, you can query and analyze logs on the Log Analysis page in real time. This topic describes how to query and analyze Anti-DDoS Pro or Anti-DDoS Premium logs.

Prerequisites

  • The domain name of your website is added to Anti-DDoS Pro or Anti-DDoS Premium. For more information, see Add a website.
  • The Log Analysis feature is enabled for the domain name. For more information, see Overview.

Procedure

  1. Log on to the Anti-DDoS Pro console.
  2. In the top navigation bar, select the region where your services are deployed.
    • Mainland China: Anti-DDoS Pro
    • Outside Mainland China: Anti-DDoS Premium
  3. In the left-side navigation pane, choose Investigation > Log Analysis.
  4. Select the target domain name.
    Note Make sure that the Status switch is turned on for the domain name.
    Log Analysis
  5. Click 15 Minutes(Relative) to specify a time range.
    You can specify a relative time range, time frame, or custom time range.
    Note
    • Anti-DDoS Pro and Anti-DDoS Premium logs are retained for 180 days. By default, you can query logs only over the last 180 days.
    • The query results may contain logs that are generated 1 minute earlier or later than the specified time range.
    Search & Analysis
  6. Enter a query and analysis statement in the search box.
    A query and analysis statement consists of a search clause and an analytics clause that are separated by a vertical bar (|). Format: Search clause|Analytics clause.
    Clause Required? Description
    Search clause No A search clause specifies search conditions, including keywords, wildcard characters, values, ranges, and combined conditions.
    If you leave the search clause empty or enter an asterisk (*), no conditions are specified. In this case, all logs are returned. For more information, see Search syntax.
    Note For more information about log fields, see Fields supported by full log.
    Analytics clause No You can use an analytics clause to analyze and aggregate the query results.

    If you leave the analytics clause empty, the query results are returned but not analyzed. For more information, see Real-time log analysis.

    Note
    • In an analytics clause, the from log part is similar to the from <table name> part in a standard SQL statement and can be omitted.
    • By default, the first 100 log entries are returned. You can modify the number of log entries to be returned by using the LIMIT syntax.
  7. Click Search & Analyze to view the query and analysis results.
    You can view the results in a log distribution histogram, on the Raw Logs tab, or on the Graph tab. You can also configure alerts and saved searches. For more information, see Manage the query results.