Search and analysis functions help you to query various statements in logs, query raw logs, view graphs, query context, perform quick analysis, perform quick queries, create a dashboard, and save a graph as an alarm.

Query raw logs

After the index is enabled, enter the keywords in the search box and select the search time range. Then, click Search to view the histogram of the log quantity, the raw logs, and the statistical graph.

The histogram of the log quantity displays the time-based distribution of log search hit counts. With the histogram, you can view the log quantity changes over a certain period of time. By clicking the rectangular area to narrow down the time range, you can view the information about the log hits within the specified time range to refine the display of the log search results.

On the Raw Data tab, you can view the hit logs in chronological order.

  • By clicking the triangle symbol next to Time, you can switch between the chronological and reverse chronological orders.
  • By clicking Display Content Column, you can switch between Display with Line Breaks and Display in One Line, or you can set Truncate Character String.
  • By clicking the value keyword in the log content, you can view all logs containing this keyword.
  • By clicking the Downloadbutton in the upper-right corner of the Raw Data tab, you can download the query results in CSV format. By clicking the Configbutton, you can add fields as displayed columns in the display results of raw logs so that you can view the target field content of each raw log in the new columns in a more intuitive way.
  • By clicking Context, you can view 15 logs before and after the current log entry. For more information, see Perform a context query.
    Note Currently, the context query function supports only the data uploaded with Logtail.
Figure 1. Raw logs

View graphs

After enabling the index and entering a statement for query and analysis, you can view the statistics of logs under the Graph tab.

  • Data can be displayed in tables, line charts, or other types of graphs.

    You can choose an appropriate statistical graph and custom graph settings as needed.

  • You can add a graph to the Dashboard. For more information, see Create and delete a dashboard.
  • You can set the drill-down analysis action for a graph. Then, after a graph is added to the dashboard, any click to a data point on the graph will trigger the drill-down analysis action, allowing you to review queries in more details.
Figure 2. Statistical graphs

Query context

The Log Service console provides a query page, you can view the context information of the specified log in the original file in the console. It is similar to paging up and down in the original log file. By viewing the context information of the specified log, you can quickly locate the failure information during the business troubleshooting. For more information, see Perform a context query.

Perform quick analysis

The quick analysis function of Log Service supports an interactive query with only one click, allowing you to quickly analyze the distribution of a field over a period of time and reduce the cost of indexing key data. For more information, see Quick analysis.

Perform quick queries

You can save the current query condition as a saved search. To perform this query again, you simply need to go to the saved search page. For more information, see Save a query statement as a search.

You can also apply the saved search condition to alarm rules. After you set an alarm rule, Log Service will automatically run the saved search on a regular basis. If query results meet the preset threshold, Log Service will send an alarm message.

Create a dashboard

Log Service provides the dashboard function, which can visualize the query and analysis statements. For more information, see Create and delete a dashboard.

Figure 3. Dashboard

Save a graph as an alarm

Log Service can generate an alarm based on your LogSearch Results. You can configure the alarm rules so that specific alarm content can be sent to you by using in-site notifications or DingTalk messages.

For more information, see Configure an alert.