You can analyze query logs to view the execution status of queries and identify slow queries. This helps you improve system performance and resolve potential issues. This topic describes how to use SQL statements to view the query logs of ApsaraDB for ClickHouse.
Prerequisites
The query logging feature is enabled.
By default, query logging is enabled for ApsaraDB for ClickHouse.
You can execute the
SHOW settings like 'log_queries';statement to query the value of the log_queries parameter to check whether query logging is enabled. If the value is 1, query logging is enabled. If the value is 0, query logging is disabled. You can execute the following SQL statement to enable query logging:SET GLOBAL ON CLUSTER default log_queries = 1;
Usage notes
Query logs may contain sensitive information. You must properly manage query logs.
You need to regularly clean up and archive query logs to avoid excessive log files.
NoteBy default, the query_log table in ApsaraDB for ClickHouse is configured with a time-to-live (TTL) period of 15 days. This indicates that query logs are automatically deleted 15 days after the logs are generated.
If you want to reduce the disk space occupied by the query_log table, you can modify the TTL period of the query_log table on the Parameter Configuration page in the ApsaraDB for ClickHouse console. To facilitate the identification of cluster issues, we recommend that you set the TTL value to at least seven days. For more information about how to modify parameters, see Configure parameters in the config.xml file.
Sample environment
In this topic, the s-2-r-0 node is used as the basic environment. In actual use, modify the parameters based on your business requirements. If you do not know your node name, you can use one of the following ways to obtain the node name:
You can obtain the node name on the Cluster Monitoring tab in the ApsaraDB for ClickHouse console. For more information about how to go to the Cluster Monitoring tab page, see View cluster monitoring information.
You can execute the following SQL statement to obtain the names of all nodes in your cluster:
SELECT * FROM system.clusters;
View the recent queries for which errors are reported
Viewing error logs helps you improve system stability and security by offering the following benefits:
Quick issue identification: Error messages help you directly identify the causes of issues and troubleshoot the issues in a timely manner.
Trend analysis: You can know the time and patterns of errors by analyzing error logs. This allows you to implement proactive code optimization and configuration modification.
Security issue prevention: You can identify potential security vulnerabilities, such as SQL injection and unauthorized access, by analyzing error logs.
Query template
SELECT
written_rows,
written_bytes,
query_duration_ms,
event_time,
exception
FROM clusterAllReplicas('default',system.query_log) ql
WHERE ((event_time >= '<startTime>')
AND
(event_time <= '<endTime>')) AND (lowerUTF8(query) LIKE '%insert into sdk_event_record_local%')
AND (type != 'QueryStart')
AND (exception_code != 0)
[AND substring(hostname(),38,8) = '<nodeName>']
ORDER BY event_time DESC
[LIMIT <x>]Parameters
Parameter | Description | Example |
startTime | The beginning of the time range to query. Specify the time in the yyyy-mm-dd hh:mm:ss format. | 2021-11-22 22:00:00 |
endTime | The end of the time range to query. Specify the time in the yyyy-mm-dd hh:mm:ss format. | 2021-11-22 23:00:00 |
nodeName | The name of the cluster node. | s-2-r-0 |
x | The number of rows to return from the start of the query result. | 30 |
Example
View the error logs of queries executed on the s-2-r-0 node during the period from 22:00:00 on November 22, 2021 to 23:00:00 on November 22, 2021, and specify that the first 30 rows in the query result are returned.
SELECT
written_rows,
written_bytes,
query_duration_ms,
event_time,
exception
FROM clusterAllReplicas('default',system.query_log) ql
WHERE (lowerUTF8(query) LIKE '%insert into sdk_event_record_local%') AND
((event_time >= '2021-11-22 22:00:00')
AND
(event_time <= '2021-11-22 23:00:00'))
AND (type != 'QueryStart')
AND (exception_code != 0)
AND substring(hostname(),38,8) = 's-2-r-0'
ORDER BY event_time DESC
LIMIT 30View recent SQL queries
Write-type SQL queries
Query template
--View the recent write-type SQL queries, including the number of rows and the size of bytes for each batch.
SELECT
written_rows,
written_bytes,
query_duration_ms,
event_time
FROM clusterAllReplicas('default',system.query_log) ql
WHERE ((event_time >= '<startTime>')
AND (event_time <= '<endTime>'))
AND (lowerUTF8(query) ILIKE '%insert into%') AND (type != 'QueryStart')
[AND substring(hostname(),38,8) = '<nodeName>']
ORDER BY event_time DESC
[LIMIT x]Parameters
Parameter | Description | Example |
startTime | The beginning of the time range to query. Specify the time in the yyyy-mm-dd hh:mm:ss format. | 2021-11-22 22:00:00 |
endTime | The end of the time range to query. Specify the time in the yyyy-mm-dd hh:mm:ss format. | 2021-11-22 23:00:00 |
nodeName | The name of the cluster node. | s-2-r-0 |
x | The number of rows to return from the start of the query result. | 30 |
Example
View the logs of write-type SQL queries executed on the s-2-r-0 node during the period from 22:00:00 on November 22, 2021 to 23:00:00 on November 22, 2021, and specify that the first 30 rows in the query result are returned.
--View the recent write-type SQL queries, including the number of rows and the size of bytes for each batch.
SELECT
written_rows,
written_bytes,
query_duration_ms,
event_time
FROM clusterAllReplicas('default',system.query_log) ql
WHERE ((event_time >= '2021-11-22 22:00:00')
AND (event_time <= '2021-11-22 23:00:00'))
AND (lowerUTF8(query) LIKE '%insert into sdk_event_record_local%')
AND (type != 'QueryStart')
AND substring(hostname(),38,8) = 's-2-r-0'
ORDER BY event_time DESC
LIMIT 30Non-write SQL queries
Query template
SELECT
event_time,
user,
query_id AS query,
read_rows,
read_bytes,
result_rows,
result_bytes,
memory_usage,
exception
FROM clusterAllReplicas('default', system.query_log)
WHERE (event_date = today()) AND (event_time >= (now() - <time>)) AND (is_initial_query = 1) AND (query NOT ILIKE 'INSERT INTO%' [AND substring(hostname(),38,8) = '<nodeName>'])
ORDER BY event_time DESC
[LIMIT x]Parameters
Parameter | Description | Example |
time | The time range to look back from the current time for data querying. Unit: minutes. | 60 |
nodeName | The name of the cluster node. | s-2-r-0 |
x | The number of rows to return from the start of the query result. | 100 |
Example
View the non-write SQL queries executed on the s-2-r-0 node within the last 60 minutes, and specify that the first 100 rows in the query result are returned.
SELECT
event_time,
user,
query_id AS query,
read_rows,
read_bytes,
result_rows,
result_bytes,
memory_usage,
exception
FROM clusterAllReplicas('default', system, query_log)
WHERE (event_date = today()) AND (event_time >= (now() - 60)) AND (is_initial_query = 1) AND (query NOT LIKE 'INSERT INTO%')
AND substring(hostname(),38,8) = 's-2-r-0'
ORDER BY event_time DESC
LIMIT 100View non-write statements that are executed more than N times within a specific period of time
Query template
SELECT *
FROM
(SELECT LEFT(query, 100) AS SQL,
count() AS queryNum,
sum(query_duration_ms) AS totalTime,
totalTime/queryNum AS avgTime
FROM clusterAllReplicas('default', system.query_log) ql
WHERE event_time > toDateTime('<startTime>')
AND event_time < toDateTime('<endTime>')
AND query not like '%INSERT INTO%'
AND substring(hostname(), 38, 8) = '<nodeName>'
GROUP BY SQL
ORDER BY avgTime DESC)
WHERE queryNum > <queryNum>
[LIMIT <x>]Parameters
Parameter | Description | Example |
startTime | The beginning of the time range to query. Specify the time in the yyyy-mm-dd hh:mm:ss format. | 2022-09-23 12:00:00 |
endTime | The end of the time range to query. Specify the time in the yyyy-mm-dd hh:mm:ss format. | 2022-09-23 17:00:00 |
queryNum | The minimum threshold for the number of statement executions. | 1000 |
nodeName | The name of the cluster node. | s-2-r-0 |
x | The number of rows to return from the start of the query result. | 50 |
Example
View the non-write SQL statements that are executed more than 1,000 times on the s-2-r-0 node during the period from 12:00:00 on September 23, 2022 to 17:00:00 on September 23, 2022.
SELECT *
FROM
(SELECT LEFT(query, 100) AS SQL,
count() AS queryNum,
sum(query_duration_ms) AS totalTime,
totalTime/queryNum AS avgTime
FROM clusterAllReplicas('default', system.query_log) ql
WHERE event_time > toDateTime('2022-09-23 12:00:00')
AND event_time < toDateTime('2022-09-23 17:00:00')
AND query not like '%INSERT INTO%'
AND substring(hostname(), 38, 8) = 's-2-r-0'
GROUP BY SQL
ORDER BY avgTime DESC)
WHERE queryNum > 1000
LIMIT 50View the execution statistics of queries by hour or minute within a specific period of time
View execution statistics by hour
View the statistics on the number and the average duration of queries by hour within a specific period of time.
Query template
--View execution statistics by hour
SELECT toHour(event_time) AS t,
count() AS queryNum,
sum(query_duration_ms) AS totalTime,
totalTime/queryNum AS avgTime
FROM clusterAllReplicas('default', system.query_log) ql
WHERE event_time > toDateTime('<startTime>')
AND event_time < toDateTime('<endTime>')
AND query not like '%INSERT INTO%'
AND query like '%Faulty container%'
AND read_rows != 0
AND substring(hostname(), 38, 8) = '<nodeName>'
GROUP BY t
[LIMIT x]Parameters
Parameter | Description | Example |
startTime | The beginning of the time range to query. Specify the time in the yyyy-mm-dd hh:mm:ss format. | 2022-09-23 12:00:00 |
endTime | The end of the time range to query. Specify the time in the yyyy-mm-dd hh:mm:ss format. | 2022-09-23 17:00:00 |
nodeName | The name of the cluster node. | s-2-r-0 |
x | The number of rows to return from the start of the query result. | 50 |
Example
View the statistics on the number and the average duration of queries executed on the s-2-r-0 node by hour during the period from 08:00:00 on September 23, 2022 to 17:00:00 on September 23, 2022.
--View execution statistics by hour
SELECT toHour(event_time) AS t,
count() AS queryNum,
sum(query_duration_ms) AS totalTime,
totalTime/queryNum AS avgTime
FROM clusterAllReplicas('default', system.query_log) ql
WHERE event_time > toDateTime('2022-09-23 08:00:00')
AND event_time < toDateTime('2022-09-23 17:00:00')
AND query not like '%INSERT INTO%'
AND query like '%Faulty container%'
AND read_rows != 0
AND substring(hostname(), 38, 8) = 's-2-r-0'
GROUP BY t
LIMIT 50View execution statistics by minute
View the statistics on the number and the average duration of queries by minute within a specific period of time.
Query template
--View execution statistics by minute
SELECT toMinute(event_time) AS t,
count() AS queryNum,
sum(query_duration_ms) AS totalTime,
totalTime/queryNum AS avgTime
FROM clusterAllReplicas('default', system.query_log) ql
WHERE event_time > toDateTime('<startTime>')
AND event_time < toDateTime('<endTime>')
AND query not like '%INSERT INTO%'
AND query like '%Faulty container%'
AND substring(hostname(), 38, 8) = '<nodeName>'
AND read_rows != 0
GROUP BY t
[LIMIT x]Parameters
Parameter | Description | Example |
startTime | The beginning of the time range to query. Specify the time in the yyyy-mm-dd hh:mm:ss format. | 2022-09-23 12:00:00 |
endTime | The end of the time range to query. Specify the time in the yyyy-mm-dd hh:mm:ss format. | 2022-09-23 17:00:00 |
nodeName | The name of the cluster node. | s-2-r-0 |
x | The number of rows to return from the start of the query result. | 50 |
Example
View the statistics on the number and the average duration of queries executed on the s-2-r-0 node by minute during the period from 08:00:00 on September 23, 2022 to 17:00:00 on September 23, 2022.
--View execution statistics by minute
SELECT toMinute(event_time) AS t,
count() AS queryNum,
sum(query_duration_ms) AS totalTime,
totalTime/queryNum AS avgTime
FROM clusterAllReplicas('default', system.query_log) ql
WHERE event_time > toDateTime('2022-09-23 12:00:00')
AND event_time < toDateTime('2022-09-23 13:00:00')
AND query not like '%INSERT INTO%'
AND query like '%Faulty container%'
AND substring(hostname(), 38, 8) = 's-2-r-0'
AND read_rows != 0
GROUP BY t
LIMIT 50View the number of LEFT JOIN queries
View the number of LEFT JOIN queries within a specific period of time.
Query template
SELECT *
FROM
(SELECT LEFT(query, 100) AS SQL,
count() AS queryNum,
sum(query_duration_ms) AS totalTime,
totalTime/queryNum AS avgTime
FROM clusterAllReplicas('default', system.query_log) ql
WHERE query like '%JOIN%'
AND read_rows != 0
AND event_time > toDateTime('<startTime>')
AND event_time < toDateTime('<endTime>')
AND query not like '%INSERT INTO%'
AND substring(hostname(), 38, 8) = '<nodeName>'
GROUP BY SQL
ORDER BY queryNum DESC)Parameters
Parameter | Description | Example |
startTime | The beginning of the time range to query. Specify the time in the yyyy-mm-dd hh:mm:ss format. | 2022-09-23 12:00:00 |
endTime | The end of the time range to query. Specify the time in the yyyy-mm-dd hh:mm:ss format. | 2022-09-23 21:00:00 |
nodeName | The name of the cluster node. | s-2-r-0 |
Example
View the number of LEFT JOIN queries executed on the s-2-r-0 node during the period from 12:00:00 on June 25, 2024 to 15:00:00 on June 25, 2024.
SELECT *
FROM
(SELECT LEFT(query, 100) AS SQL,
count() AS queryNum,
sum(query_duration_ms) AS totalTime,
totalTime/queryNum AS avgTime
FROM clusterAllReplicas('default', system.query_log) ql
WHERE query like '%JOIN%'
AND read_rows != 0
AND event_time > toDateTime('2024-06-25 12:00:00')
AND event_time < toDateTime('2024-06-25 15:00:00')
AND query not like '%INSERT INTO%'
AND substring(hostname(), 38, 8) = 's-2-r-0'
GROUP BY SQL
ORDER BY queryNum DESC)View the ranking of users based on the number of non-write SQL queries they executed
Query template
SELECT
user,
count(1) AS query_times,
sum(read_bytes) AS query_bytes,
sum(read_rows) AS query_rows
FROM clusterAllReplicas('default', system, query_log)
WHERE (event_date = yesterday()) AND (is_initial_query = 1) AND (query NOT LIKE 'INSERT INTO%' AND substring(hostname(),38,8) = '<nodeName>')
GROUP BY user
ORDER BY query_times DESC
[LIMIT x]Parameters
Parameter | Description | Example |
nodeName | The name of the cluster node. | s-2-r-0 |
x | The number of users to return. | 10 |
Example
View the top 10 users who execute the most non-write queries on the s-2-r-0 node.
SELECT
user,
count(1) AS query_times,
sum(read_bytes) AS query_bytes,
sum(read_rows) AS query_rows
FROM clusterAllReplicas('default', system, query_log)
WHERE (event_date = yesterday()) AND (is_initial_query = 1) AND (query NOT LIKE 'INSERT INTO%' AND substring(hostname(),38,8) = 's-2-r-0')
GROUP BY user
ORDER BY query_times DESC
LIMIT 10