This topic describes how to use LiveTail to monitor and analyze logs.
In online O&M scenarios, you may need to monitor log data in real time and extract key information from the latest log data to locate error causes. If you use a traditional O&M method, you must run the tail -f command on each server to query log data. If you need to narrow the result of the command, you must add the grep or grep -v command to filter the log data by keyword. To simplify the online O&M process, Log Service provides LiveTail in the console for you to monitor and analyze log data in real time.
- Log entries are monitored in real time and filtered by keyword.
- Log entries are collected and indexed based on log collection configurations.
- The contents of log fields are segmented into words. The word segmentation feature allows you to query contextual log entries that contain specific words.
- A log file can be queried based on a log entry in the log file. This allows you to monitor the log file in real time without the need to manually log on to the server.
Use LiveTail to monitor logs in real time
- Log on to the Log Service console.
- In the Projects section, click a project.
- On the tab, choose to the right of a Logstore.
- Optional:Start LiveTail.
You can use one of the following methods to start LiveTail:
After LiveTail is started, the matching log entries are displayed in the log list of LiveTail in real time. By default, the latest log data is displayed at the bottom of the list. You can view the latest log data without the need to drag the scroll bar. The list includes a maximum of 1,000 log entries. If more than 1,000 log entries are collected, the list is refreshed to display the latest 1,000 log entries.
- On the Raw Logs tab, choose to start LiveTail for the log entry.
- On the LiveTail tab, set the following parameters and click Start LiveTail.
Parameter Description Source Type The source of the log entries to query. Valid values:
- Common log
Machine Name The name of the server from which the log entries are collected. File Name The full path of the log file. Filter keyword A keyword. Only log entries that contain the keyword are displayed in the log list of LiveTail.
Use LiveTail to analyze logs
- Query the log entries that contain a certain field value.
If you find an unexpected value of a field, you can click the field value on the LiveTail tab to query the log entries that contain the field value. After you click the field value, the Raw Logs tab is displayed and the query results are displayed on the tab. You can then analyze the query result to troubleshoot the error. For example, you can perform a context query and view statistical charts.
- Narrow the time range of a query based on the log distribution histogram.
After LiveTail is started, the log distribution histogram is updated in real time. If you detect an abnormality in a period (for example, the number of log entries in the period increases significantly), you can click the green data block of the period to view the raw log entries and the detailed log distribution in the period.
- Highlight log fields.
You can display a log field in a separate column of the log list to highlight the log field. To highlight log fields, perform the following steps: On the LiveTail tab, click Column Settings in the upper-right corner of the log list. In the dialog box that appears, select the log fields and click Add.
- View quick analysis results.
Quick analysis is performed based on a set of predefined analysis rules. To view the quick analysis results, perform the following step: On the LiveTail tab, click the > icon in the upper-left corner of the log list. You can then view the quick analysis results in the Quick Analysis section. Quick analysis is performed on the log entries that are collected in the time range from the time when LiveTail is started to the time when LiveTail is stopped. For more information, see Quick analysis.