This topic describes the configuration process and collection modes when you use Logtail to collect text logs from servers.
Configuration process
Simple Log Service provides a configuration wizard that you can use to configure log collection.
Before you create a Logtail configuration, we recommend that you take note of the limits of Logtail. For more information, see Logtail limits.
If the default settings of Logtail do not meet your collection requirements, you can modify the startup parameters of Logtail. For more information, see Configure the startup parameters of Logtail.
Collection modes
Logtail allows you to collect text logs in various modes. The following modes are supported: simple mode, full regex mode, delimiter mode, JSON mode, NGINX configuration mode, Apache configuration mode, and Internet Information Services (IIS) configuration mode. The following table describes the modes.
Collection mode | Description |
In simple mode, Logtail does not parse the content of raw logs. Each raw log is collected and then uploaded to the content field of Simple Log Service as one log. This way, the process of log collection is simplified. | |
In full regex mode, Logtail splits a raw log into multiple key-value pairs based on the regular expression that you specify. | |
In delimiter mode, Logtail splits a raw log into multiple values by using delimiters. You must specify keys for the values. In delimiter mode, you can collect only single-line logs. | |
In JSON mode, Logtail parses raw JSON logs of the object type and extracts key-value pairs from the first layer of each object. The extracted keys are used as field names, and the extracted values are used as field values. | |
In NGINX configuration mode, Logtail splits a raw log into multiple key-value pairs based on the log format that you specify in log_format. | |
In Apache configuration mode, Logtail splits a raw log into multiple key-value pairs based on the log format that you specify in your Apache configuration file. | |
In IIS configuration mode, Logtail splits a raw log into multiple key-value pairs based on the log format of IIS logs. |