After you enable the mitigation analysis feature, you can query and analyze mitigation logs that record the events of an Anti-DDoS Origin Enterprise instance. The events cover traffic scrubbing, blackhole filtering, and traffic rerouting.
Query and analyze mitigation logs
- Log on to the Anti-DDoS console.
- In the upper-left corner of the top navigation bar, select a region.
- In the left-side navigation pane, choose .
- On the Mitigation Analysis (Beta) page, select an Anti-DDoS Origin Enterprise instance.
- In the upper-right corner of the page, click Please Select and set a time range for the query.
You can specify a relative time range, time frame, or custom time range.Note The query results contain logs that are generated 1 minute earlier or later than the specified time range.
- Click Search & Analyze to view the query results.
Manage the query results
- Log distribution histogram
The log distribution histogram shows the distribution of query results in different time ranges.
- Move the pointer over a green rectangle to view the time range that is represented by the rectangle. You can also view the number of log entries that are obtained within the time range.
- Click a rectangle to view a more fine-grained log distribution. You can also view the query results on the Raw Logs tab.
- Raw Logs tab
On the Raw Logs tab, you can view the query results. You can perform the following operations:
- Quick analysis: analyzes the distribution of a field within a period of time. For more information, see Quick analysis.
- Contextual query: queries the contextual data of the specified log entries in the raw log file. Choose Context query. . A contextual query is performed. For more information, see
- LiveTail: monitors log data in real time and extracts key information. Choose LiveTail.
Note LiveTail can monitor and extract the log data that is collected by Logtail.
. Log monitoring and extraction are performed. For more information, see
- Key-value pair arrangement: displays log entries in key-value pairs. Choose . Log entries are displayed in key-value pairs.
- Log download: downloads logs. In the upper-right corner of the Raw Logs tab, click the icon. In the Log Download dialog box, select a download range and tool, and then click OK. Logs are downloaded. For more information, see Download logs.
- Column settings: sets fields. In the upper-right corner of the Raw Logs tab, click Column Settings. Select fields from the section on the left. Click Add to add the fields to the section on the right. The columns that correspond to the added fields appear on the Raw Logs tab. The field names are column names. The columns list the field values.
Note To view the log content on the Raw Logs tab, you must select Content.
- Content column settings: If the content of a field exceeds 3,000 characters, the excess characters are hidden. In this case, the message The character string is too long and has been truncated is displayed in front of the key value. You can click Display Content Column to modify the configurations.
Note If the content display limit is set to 10,000 characters, excess characters are not delimited.
The following table describes the parameters in the Display Content Column dialog box.
Parameter Description Key-Value Pair Arrangement Valid values: New Line and Full Line. Hide Default Key-value Pairs If you turn on this switch, the reserved fields of Log Service are hidden. Default JSON Data Level The level of JSON expansion. Truncate Character String Key The key of the truncated value. By default, a field value is truncated if it contains more than 3,000 characters. The value of this parameter is null if no field values exceed 3,000 characters. Status Specifies whether to enable the value truncation feature. By default, the feature is enabled.
- Enable: If the value length exceeds the specified truncate step, the excess characters are truncated.
- Disable: If the value length exceeds the specified truncate step, the excess characters are not truncated.
Truncate Step Specifies the maximum number of characters that can be displayed for a value. This parameter also specifies the number of incremental characters that are displayed each time you click Show.
Valid values: 500 to 10000. Default value: 3000.
If you enable analytics when you configure indexes for fields and use query statements to query logs, you can view the analysis results on the Graph tab.
- Multiple chart types are provided in Log Service, including tables, line charts, and bar charts. You can select a chart type to display the analysis results. For more information, see Chart overview.
- Log Service allows you to create dashboards for real-time data analysis. You can click Add to New Dashboard to save your query statements as a chart to a specified dashboard. For more information, see Create and delete a dashboard.
- Drill-down analysis allows you to view deeper analysis results, which reveal more details. You can set the drill-down parameters and add the chart to a dashboard. Click a chart value to trigger a drill-down event. You can view deeper analysis results. For more information, see Configure a drill-down event for a chart.
You can click Save as Alert on the Search & Analysis page to create an alert for the query results. For more information, see Create an alert rule.
- Saved search
You can also click Save Search on the Search & Analysis page to create a saved search. For more information, see Saved search.