Context query - Index and query| Alibaba Cloud Documentation Center

This topic describes how to query the contextual log entries of a specified log entry in the Log Service console.

Prerequisites

Logs are collected by Logtail. For more information, see Logtail overview.

Note The context query feature is supported only for log data that is collected by Logtail.
The index feature is enabled and configured. For more information, see Enable and configure the index feature for a Logstore.

Background information

To perform a context query, you must specify a source server, source file, a log entry whose context you want to query, and the number of contextual log entries that you want to query. By performing the context query, you can obtain the number of log entries before or after the log entry that is collected from the log file of the server. The context query feature allows you to locate errors with ease during troubleshooting.

Scenarios

For example, an online-to-offline (O2O) website records the following user behaviors and system operations for order transactions in application log files on multiple servers: logging on to the website, browsing products, selecting a product, adding the product to the shopping cart, placing an order, paying for the order, deducting the order amount, and generating the order.

If an order fails, O&M engineers must locate the cause at the earliest opportunity. If a traditional context query method is used, the O&M engineers must be authorized by an administrator to log on to each server where the O2O application is deployed. After authorization is complete, the O&M engineers must search the servers one after one for the related application log entries based on the order ID. Then, the O&M engineers locate the cause of the failure based on the application log entries.

In Log Service, the O&M engineers can perform the following steps to locate the cause of the failure:

Install Logtail on the server. Create a machine group and log collection configurations in the Log Service console. Then, enable Logtail to upload incremental log entries to Log Service.
On the search and analysis page in the Log Service console, specify a time range and find the log entry that records the failure based on the order ID.
After you locate the log entry, page up until other related log entries (for example, a log entry that records a credit card payment failure) are found.

Benefits

You do not need to change the format of application log entries.
You can query the context of a log entry from any log file that is collected from any server in the Log Service console, without the need to log on to the server.
You can specify a time range to locate suspicious log entries before you perform context query in the Log Service console. This improves troubleshooting efficiency.
You do not need to worry about data loss that is caused by insufficient server storage or log file rotation. You can view historical log data in the Log Service console at any time.

Procedure

Log on to the Log Service console.
In the Projects section, click a project.
On the Log Management > Logstores tab, choose > Search & Analysis.
Enter a query statement, select a time range, and then click Search & Analyze.
On the Raw Logs tab, find the log entry whose context you want to query and choose > Context View.
In the pane that appears, scroll up and down to view the contextual log entries.
- To highlight a keyword in red, enter the keyword in the text box.
- To page up, click Old.
- To page down, click New.
- To filter out fields, click Filter Field. In the dialog box that appears, select the fields in the right pane and click Delete. After the fields are filtered out, the fields are removed from the log entries that are displayed in the Context View pane.