Context query

Last Updated: Mar 26, 2018

When you expand a log file, each log records an event. Generally, logs are not independent from each other. Several consecutive logs allow you to view the process of a whole event in sequence.

Log context query specifies the log source (machine + files) and a log in the log source, and queries several logs before (the preceding part) and after (the following part) the log in the original log file. This provides an easy method for troubleshooting the problem under the DevOps scenario.

The Log Service console provides a specific page for query. You can view the context information in the original log file of a specified log in the console, which is similar to paging up or down in the original log file. By viewing the context information of a specified log, you can troubleshoot a business problem quickly.

Scenarios

For example, an O2O take-out website records the transaction track of an order in the program log on the server:

User logon > Browse products > Click items > Add to shopping cart > Place an order > Pay for the order > Deduct payment > Generate an order

If the order cannot be placed, the Operation & Maintenance (O&M) personnel must quickly locate the cause of the problem. In the conventional context query, the administrator grants the machine logon permission to related members, and then the investigator logs on to each machine where applications are deployed in turn, uses the order ID as the keyword to search application log files, and determines what causes the failure.

In Log Service, you can troubleshoot the problem by following these steps:

  1. Install the log collection client Logtail on the server, and add the machine group and log collection configuration in the console. Then, Logtail starts to upload the incremental logs.
  2. On the log query page in the Log Service console, specify the time range, and find the order failure log according to the order ID.
  3. Page up based on the found error log until other related logs are found (for example, the deduction failure of credit card).

1

Advantages

  • No intrusion into the application. No need to modify the log file format.
  • You can view the log context information of any machine or file in the Log Service console, without logging on to each machine to view the log file.
  • Combined with the time when the event occurred, you can specify the time range to quickly locate the suspicious log and then query its context information in the Log Service console to improve the efficiency.
  • No need to worry about the data loss caused by insufficient server storage space or log file rotation. You can view historical data in the Log Service console at any time.

Prerequisites

Note:

  • Currently, the context query function only applies to logs collected by Logtail and you must enable the index and query functions of logs.
  • Currently, you cannot query the context information of syslog data.
  • Currently, you cannot query the context information of logs written by using SDKs such as Java SDK, Producer Library, and Log4J Appender.

Procedure

  1. Log on to the Log Service console.

  2. On the Project List page, click the project name.

  3. On the Logstore List page, click Search at the right of the Logstore.

  4. Enter your query and analysis statement and select the time range. Click Search.

    In the query results, if the Context View link exists at the left of a log, it indicates the log supports the context query function.

    1

  5. Click Context View at the left of a log. View the context logs of this log on the right.

    Scroll up and down to view the context logs of the specified log. To view more context logs, click Earlier or Later.

Thank you! We've received your feedback.