This topic describes the features of Log Service.

Data collection

Log Service can collect the following types of data by using more than 50 methods:
  • Logs, time series data, and trace data from servers and applications
  • Logs from IoT devices
  • Logs from Alibaba Cloud services
  • Data from mobile devices
  • Data from open source software such as Logstash, Flume, Beats, FluentD, and Telegraph
  • Data transferred over protocols such as HTTP, HTTPS, Syslog, Kafka, and Prometheus
Data cleansing

For more information, see Log collection methods.

Query and analysis

Log Service supports data query and analysis in real time.
  • Log Service supports exact search, fuzzy search, full-text search, and field search.
  • Log Service supports features such as contextual query, LogReduce, LiveTail, and reindexing.
  • Log Service supports the SQL-92 syntax.
  • Log Service provides the Dedicated SQL feature.
DevOps and online O&M

For more information, see Log search overview and Log analysis overview.

Data transformation

You can use the data transformation feature to standardize, enrich, transfer, mask, and filter data.
  • Data standardization: Log Service can extract fields from logs in different formats and convert the log formats to obtain structured data for stream processing and computing in data warehouses.
  • Data enrichment: Log Service can join the fields of logs and dimension tables to link logs with dimension information, which facilitates data analysis. For example, Log Service can join the fields of order logs and a user information table.
  • Data transfer: Log Service can transfer logs from regions outside China to the region of the central project by using the global acceleration feature. This way, global logs can be managed in a centralized manner.
  • Data masking: Log Service can mask sensitive information that is contained in data. The sensitive information includes passwords, mobile phone numbers, and addresses.
  • Data filtering: Log Service can filter logs for those of key services. This helps further analysis.
Data transformation

For more information, see Data transformation overview.

Consumption and shipping

You can use the consumption and shipping feature to consume data in real time by using SDKs or API operations of Log Service. You can also ship logs to other Alibaba Cloud services, such as Object Storage Service (OSS) and MaxCompute, in real time in the Log Service console.
  • You can consume data by using third-party software, such as Splunk, QRadar, Logstash, and Flume.
  • You can consume data by using different programming languages, such as Java, Python, and GO.
  • You can consume data by using Alibaba Cloud services, such as Function Compute and Realtime Compute for Apache Flink.
  • You can consume data by using different stream processing platforms, such as Apache Flink, Apache Spark, and Apache Storm.
  • You can ship data to Alibaba Cloud services, such as OSS and MaxCompute.
Consumption and shipping

For more information, see Overview and Overview.

Visualization

Log Service supports the visualization of query and analysis results.

  • Built-in charts on dashboards: Log Service provides various statistical charts, such as tables, line charts, and column charts. You can select chart types to visualize query and analysis results on a dashboard and save the results to the dashboard.
  • Third-party visualization tools: Log Service is compatible with third-party visualization tools, such as Grafana and DataV.
Visualization

For more information, see Overview.

Alerting

You can use the alerting feature of Log Service to configure alert monitoring, denoise alerts, manage alert incidents, and configure notification methods.
  • Alert monitoring: The alert monitoring system can regularly check and evaluate query and analysis results based on alert monitoring rules, trigger or clear alerts, and send alert or recovery notifications to the alert management system.
  • Alert management: The alert management system can process alerts based on alert policies. For example, the system can dispatch, suppress, deduplicate, silence, or merge alerts. After the alerts are processed, they are sent to the notification management system.
  • Notification management: The notification management system can send alert notifications to specified recipients by using specified notification methods based on action policies. Recipients can be users, user groups, or on-duty groups.
  • Alert ingestion: The alert ingestion system can ingest alerts from external monitoring systems such as Grafana and Prometheus by using webhooks. After the alerts are ingested, the alert ingestion system can manage the alerts and send alert notifications.
Alert architecture

For more information, see Alert overview.

Log audit

Log Audit Service provides all features of Log Service and supports automated collection and third-party cloud services.

  • Log Audit Service supports automated collection for cloud service logs across Alibaba Cloud accounts. The logs can be stored in a central project. Log Audit Service also allows you to audit the logs in a centralized manner.
  • You can use Log Audit Service to audit the logs that are collected from the following Alibaba Cloud services: ActionTrail, Container Service for Kubernetes (ACK), OSS, Apsara File Storage NAS, Server Load Balancer (SLB), API Gateway, ApsaraDB RDS, Distributed Relational Database Service (DRDS), PolarDB for MySQL, Web Application Firewall (WAF), Anti-DDoS, Cloud Firewall, and Security Center.
  • You can also use Log Audit Service to audit the logs that are collected from third-party cloud services or self-managed security operations centers (SOCs).
  • Log Audit Service provides hundreds of built-in alert rules. You can enable the alert rules with only a few clicks. The alert rules help you monitor the compliance of hosts, databases, networks, and logs in account security and permission management.
Log audit

For more information, see Overview of Log Audit Service.