When you expand a log file, each log records an event. The log and its corresponding event do not exist independently. Several consecutive logs can then be used to review a specific process of a whole event sequence.
Log context query specifies the log source (machine + files) and the log in it, and searches a certain number of records before (the text preceding) and after (the text following) this log in the original file. This provides an easy method for clarifying the cause of a problem, and how to rectify it, under a DevOps scenario.
The Log Service console provides a specific page for query. You can use a browser to view the context information in the original file of the specified log, similar to turning the pages of the original log file.
For example, an O2O take-out website will record the transaction track of an order in the program log on the server:
User login > Browse articles > Click articles > Add to shopping cart > Place an order > Pay for the order > Deduct payment > Generate an order
If the order cannot be placed, the persons responsible for operation and customer service must quickly locate the cause of the problem. In a conventional context query, the administrator adds the machine login permission to related members, and then the investigator logs in to each machine where applications are deployed in turn and uses the order ID as the keyword to search application log files.
For Log Service context query, you can use Log Service to implement this function as follows.
- Install the log collection client Logtail on the server, and add the machine group and log collection configuration on the console. Then, Logtail will start to upload the incremental logs.
- Access the console log query page of Log Service, specify the time range, and find the order failure log according to the order ID.
- Page up with the found error log as a benchmark till other related log information is found (for example: credit card deduction fails).
- There is no intrusion into the application, and you do not need to change the log file format.
- The specified log context information of any machine and file can be viewed on the Log Service console, avoiding issues when logging in to each machine to view the log file.
- In combination with the time cue of event occurrence, if context query is performed after a suspicious log in the specified time segment of the Log Service console is located, you always get twice the results with half the effort.
- There is zero data loss as a result of insufficient server storage or log file rotation, and can view historical data on the Log Service console at any time.
- Use Logtail to collect logs. Upload data to the LogStore; only machine group creation and collection configuration is required.
- Activate the Log index query function.
For more information about how to query log context, refer to the introduction in Console context query.
Log on to the Log Service console.
Select the desired project and click the project name.
On the Logstore List page, select the desired Logstore and click Search in the LogSearch column.
If there is a Context View link to the left of a log returned on the query results page, this indicates that the log supports the context query function.
Select a log and click Context View.
This will switch the console from common search mode to context query mode.
Scroll to view the context information of the selected log. If you need to view an extended range of information, click Prev 20 or Next 20 for preceding and following results, respectively.