Each log entry in a log file records an event. Consecutive log entries are related to each other. They indicate a complete event in sequence.

A context query refers to searching for a specified number of log entries before and after a log entry in a specified log source (machine and files). This helps you locate errors in DevOps scenarios.

You can view contextual log entries of the specified log entry in the Log Service console. This helps you locate error messages during troubleshooting.

Scenarios

For example, an online-to-offline (O2O) website records the steps of an order into log entries on the server. These steps are as follows:

log on, browse products, click products, add products to cart, place an order, pay for the order, complete the payment, and generate an order

If the order cannot be placed, the O&M personnel must locate the cause at the earliest opportunity. In traditional context queries, the O&M personnel must be authorized by the administrator to log on to each machine where the O2O application is deployed. Then, the O&M personnel must use the order ID as a keyword to search application log files to locate the cause.

In Log Service, the O&M personnel can perform the following steps to locate the cause:

  1. Install Logtail on the server, and then add machine groups and log collection configurations in the Log Service console. Logtail starts to upload incremental log entries.
  2. On the log query page of the Log Service console, specify the time range and find the error log entry based on the order ID.
  3. Based on the error log entry, page up until other related log entries are found (for example, credit card payment failure).
Figure 1. Scenarios
Scenarios

Benefits

  • Intrusions into applications or changes to log file formats are avoided.
  • Contextual log entries of a specified log entry in a log file on any machine can be viewed in the Log Service console.
  • A time range can be specified in the Log Service console to locate suspicious log entries before a context query is performed. This improves troubleshooting efficiency.
  • Data loss caused by log file rotation or insufficient storage space are avoided. Historical log data can be viewed in the Log Service console at any time.

Prerequisites

  • Log data is collected by Logtail and uploaded to a Logstore. Machine groups are created and log collection configurations are complete. For more information, see Overview. Log data can also be uploaded by using producer-related SDKs, such as Producer Library, Log4J, LogBack, and C-Producer Library.
  • The index of the Logstore is enabled.
Note The context query feature does not support syslog.

Procedure

  1. Log on to the Log Service console, and then click the target project name.
  2. Click the Logstore management icon icon next to the name of the Logstore, and then select Search & Analysis.
  3. Enter a query statement, select a time range, and then click Search & Analytics.
    If the Context View button appears on the left side of a log entry on the query result page, the log entry supports the context query feature.
  4. Select a log entry and click Context View. On the page that appears, view the contextual log entries of the selected log entry.
    Figure 2. Query log entries
    Query log entries
  5. Scroll up and down to view more contextual log entries on the current page. To view earlier or later contextual log entries, click New or Old.