All Products
Search
Document Center

Simple Log Service:Functions and features

Last Updated:Oct 25, 2023

This topic describes the features of Simple Log Service.

Data collection

Simple Log Service can collect the following types of data by using more than 50 methods:

  • Logs, time series data, and trace data from servers and applications

  • Logs from IoT devices

  • Logs from Alibaba Cloud services

  • Data from mobile devices

  • Data from open source software such as Logstash, Flume, Beats, FluentD, and Telegraf

  • Data transferred over protocols such as HTTP, HTTPS, Syslog, Kafka, and Prometheus

Data cleansing

For more information, see Data collection overview.

Query and analysis

Simple Log Service supports data query and analysis in real time.

  • Simple Log Service supports exact search, fuzzy search, full-text search, and field search.

  • Simple Log Service supports features such as contextual query, LogReduce, LiveTail, and reindexing.

  • Simple Log Service supports the SQL-92 syntax.

  • Simple Log Service provides the Dedicated SQL feature.

DevOps and online O&M

For more information, see Log search overview and Log analysis overview.

Data transformation

You can use the data transformation feature to standardize, enrich, transfer, mask, and filter data.

  • Data standardization: Simple Log Service can extract fields from logs in different formats and convert the log formats to obtain structured data for stream processing and computing in data warehouses.

  • Data enrichment: Simple Log Service can join the fields of logs and dimension tables to link logs with dimension information, which facilitates data analysis. For example, Simple Log Service can join the fields of order logs and a user information table.

  • Data transfer: Simple Log Service can transfer logs from regions outside China to the region of the central project by using the global acceleration feature. This way, global logs can be managed in a centralized manner.

  • Data masking: Simple Log Service can mask sensitive information that is contained in data. The sensitive information includes passwords, mobile phone numbers, and addresses.

  • Data filtering: Simple Log Service can filter logs for those of key services. This helps further analysis.

Data transformation

For more information, see Overview of data transformation.

Consumption and shipping

You can use the consumption and shipping feature to consume data in real time by using SDKs or API operations of Simple Log Service. You can also ship logs to other Alibaba Cloud services, such as Object Storage Service (OSS) and MaxCompute, in real time in the Simple Log Service console.

  • You can consume data by using third-party software, such as Splunk, QRadar, Logstash, and Flume.

  • You can consume data by using different programming languages, such as Java, Python, and GO.

  • You can consume data by using Alibaba Cloud services, such as Function Compute and Realtime Compute for Apache Flink.

  • You can consume data by using different stream processing platforms, such as Apache Flink, Apache Spark, and Apache Storm.

  • You can ship data to Alibaba Cloud services, such as OSS and MaxCompute.

Consumption and shipping

For more information, see Overview of real-time consumption and Data shipping overview.

Visualization

Simple Log Service supports the visualization of query and analysis results.

  • Built-in charts on dashboards: Simple Log Service provides various statistical charts, such as tables, line charts, and column charts. You can select chart types to visualize query and analysis results on a dashboard and save the results to the dashboard.

  • Third-party visualization tools: Simple Log Service is compatible with third-party visualization tools, such as Grafana and DataV.

Visualization

For more information, see Overview of visualization.

Alerting

You can use the alerting feature of Simple Log Service to configure alert monitoring, denoise alerts, manage alert incidents, and configure notification methods.

  • Alert monitoring: The alert monitoring system can regularly check and evaluate query and analysis results based on alert monitoring rules, trigger or clear alerts, and send alert or recovery notifications to the alert management system.

  • Alert management: The alert management system can process alerts based on alert policies. For example, the system can dispatch, suppress, deduplicate, silence, or merge alerts. After the alerts are processed, they are sent to the notification management system.

  • Notification management: The notification management system can send alert notifications to specified recipients by using specified notification methods based on action policies. Recipients can be users, user groups, or on-duty groups.

Alert architecture

For more information, see Alert overview.

Log audit

Log Audit Service provides all features of Simple Log Service and supports automated collection and third-party cloud services.

  • Log Audit Service supports automated collection for cloud service logs across Alibaba Cloud accounts. The logs can be stored in a central project. Log Audit Service also allows you to audit the logs in a centralized manner.

  • You can use Log Audit Service to audit the logs that are collected from the following Alibaba Cloud services: ActionTrail, Container Service for Kubernetes (ACK), OSS, Apsara File Storage NAS, Server Load Balancer (SLB), API Gateway, ApsaraDB RDS, Distributed Relational Database Service (DRDS), PolarDB for MySQL, Web Application Firewall (WAF), Anti-DDoS, Cloud Firewall, and Security Center.

  • You can also use Log Audit Service to audit the logs that are collected from third-party cloud services or self-managed security operations centers (SOCs).

  • Log Audit Service provides hundreds of built-in alert rules. You can enable the alert rules with only a few clicks. The alert rules help you monitor the compliance of hosts, databases, networks, and logs in account security and permission management.

Log audit

For more information, see Overview of Log Audit Service.