Query logs - Index and query| Alibaba Cloud Documentation Center

Query logs

Edit in Github

Last Updated: Jan 14, 2019 Edit in Github

After enabling the index function and setting indexes, you can query and analyze the collected logs in the console.

Prerequisites

Logs have been collected.
You have enabled the index function and set indexes.

Procedure

Log on to the Log Service console and click the project name.
In the LogSearch column, click Search.
In the search box, enter a query analysis statement.

A query analysis statement consists of a query statement and an analysis statement in the format of query statement|analysis statement. For more information, see Overview.
In the upper-right corner, click 15 Minutes (Relative)to set the time range for queries.
You can choose between a relative time period and a time frame or customize a time range.

Note The query results may contain logs obtained one minute earlier or later than the specified time range.

Click Search & Analysis to view the query results.

You can view the query results through a log distribution histogram, raw logs, or various graphs.

Note By default, 100 query results are returned. If you need to view more results, see LIMIT syntax.

Log distribution histogram:
The log distribution histogram shows the log distribution in the time dimension.
- Rest the pointer on a green data block to view the time range indicated by the data block and the number of log query results within the time range.
- Click a data block to view finer-grained log distribution. Additionally, you can view the log query results on the Raw logs tab page.

Raw logs:

On the Raw logs tab page, you can view the logs that match your search conditions.

Use the quick analysis function to receive a quick analysis of the distribution of a field over a period of time. For more information, see Quick analysis.
Click the download icon in the upper-right corner to specify a download range, and then click OK.
In the upper-right corner, click Column Settings. In the displayed dialog box, select the target fields from the left area and click Add to add the fields to the right area. Then, columns indicated by the added fields appear on the tab page. The field names are also column names, and the columns list the field values.

Note To view the log content on the tab page, you must select Content.

Set the style of the content column. If the field contains more than 3,000 characters, then some content will be hidden and a message indicating this will be displayed before the field Key. Specifically, click Display Content Column. In the displayed dialog box, set Key-Value Pair Arrangement and Truncate Character String.

Note If the content limit is set to 10,000 characters, any character past this number will be downgraded. Further, none of these characters will be displayed, and no delimiter will be specified for these characters.


Parameter		Description
Key-Value Pair Arrangement		You can set this parameter to New Line or Full Line as needed.
Truncate Character String	Key	When a field value contains more than 3,000 characters, the value is truncated by default. However, this parameter remains empty if this value is not reached. The value of this parameter is the key of the truncated value.
	Status	You can determine whether to enable value truncation. It is enabled by default. Enable: When a value length exceeds the preset value of Truncate Step, the value is automatically truncated. You can click the button at the end of a value to perform incremental expansion. The number of incremental characters is the value of Truncate Step. Disable: A value will not be truncated even if its length exceeds the preset value of Truncate Step.
	Truncate Step	This parameter indicates the maximum number of a value as well as the number of incremental characters per time. The parameter value ranges from 500 to 10,000 characters. The default value is 3,000.

Graph:
If you have enabled the statistics function and used a query analysis statement for query, you can view the analysis results on the Graph tab page.
- Select an appropriate graph type to show analysis results based on your requirements. Several chart types are provided in Log Serve including tables, line charts, and bar charts.
- Add the graph to the dashboard for real-time data analysis results to be displayed. Click Add to dashboard to save common query statements as a graph saved on the dashboard.
- Set drill-down configurations to gain deeper insight into the analysis results. Then, click the values in the graph to view the analysis results from more dimensions. For more information, see Drill-down analysis.

Additionally, you can click Save Search and Save as Alarm in the upper-right corner. Then, you can use the saved search and alarm functions.