FAQs about log query

Last Updated: Apr 19, 2018

Question list

  1. How to query an IP address in logs?
  2. How to query a keyword containing a space in logs?
  3. How to query logs based on two query conditions?
  4. What methods does Log Service provide to query collected logs?
  5. What query capabilities does Log Service provide?
  6. What are the limits of log query?

Solutions

1. How to query an IP address in logs?

Log Service supports querying IP addresses in logs in the full match way. You can directly query logs related to an IP address, such as the logs containing or excluding the specified IP address. However, partial match is not supported, that is, you cannot query a part of an IP address directly because a dot (.) is not the default token of Log Service. You can filter the IP addresses on your own if needed. For example, download data by using SDKs first and then use a regular expression or string.indexof in the codes to determine the IP addresses.

For example, the query condition in a Log Service project is not ip:121.42.0 not status:200 not 360jk not DNSPod-Monitor not status:302 not jiankongbao not 301 and status:403.

The 121.42.0 Classless Inter-Domain Routing (CIDR) block addresses are still in the query results. This is because Log Service considers 121.42.0.x as a word and only queries the correct results if the query condition is 121.42.0.x. Therefore, the IP address 121.42.0 is not filtered in the query results if the query condition is not 121.42.0.

2. How to query a keyword containing a space in logs?

Logs containing the keyword at the left or right of the space can also be queried if you directly enter the keyword containing a space as the query condition. Therefore, we recommend that you enclose the keyword containing a space in quotation marks (“”) and use the contents in the quotation marks (“”) as a keyword to query the logs. Then, only logs with the keyword containing a space can be queried.

For example, query the logs containing the keyword POS version in the following logs:

  1. post():351]: device_id: BTAddr : B6:xF:xx:65:xx:A1 IMEI : 35847xx22xx81x9 WifiAddr : 4c:xx:0e:xx:4e:xx | user_id: bb07263xxd2axx43xx9exxea26e39e5f POS version:903

Logs containing POS or version are also included in the query results if you directly use POS version as the query condition, which does not meet the query requirement. Use "POS version" as the query condition and then all the logs containing the keyword POS version can be queried.

3. How to query logs based on two query conditions?

Enter two statements at the same time if you have two query conditions.

For example, to query logs whose status is not OK or Unknown in a Logstore, directly use not OK not Unknown as the query condition to query the logs.

4. What methods does Log Service provide to query collected logs?

Log Service provides three methods to query logs:

  1. Query logs in the Log Service console. For more information, see Query logs.
  2. Use SDKs to query logs. For more information, see SDK.
  3. Use RESTful APIs to query logs. For more information, see API.

5. What query capabilities does Log Service provide?

  • Supports filtering and querying logs by using a combined condition. For more information about the query syntax, see Query syntax.
  • Supports querying one billion logs in one second for a single query. You can query logs based on specified query conditions, read the time-based distribution of the query results, and obtain the raw logs.
  • Supports caching logs, allowing you to obtain more complete query results for a second query with the same query condition.

6. What are the limits of log query?

  • Supports querying logs based on a combined condition composed of at most 30 words.
  • Supports obtaining at most 100 lines of raw logs for a single query. You can download more logs by turning the page.
  • Supports processing one billion lines of logs within one second for a single query.
Thank you! We've received your feedback.