Alibaba Cloud log analysis includes six modules: basic information, data distribution and trends, top data, error information, performance indicators, and customer profiles. It is divided into 16 dimensions to provide summary information to help you understand business information in all aspects.

Background information

Before you use this service, make sure that you have activated Log Service.

Log classification

Note The timeliness of all logs is 3 minutes.
The log analysis are classified as follows:
  • Basic information: Total number of PVs, Total number of UVs, and Request Error Percentage.
  • Data distribution and trend: PV distribution and PV trend.
  • TOP Data: Top10 URI and Top10 IP
  • Error message: Error code trend, Error domain name top 10, Error URI top 10, and Error IP address top 10.
  • Performance metrics: cache hit ratio and response latency (5 minutes).
  • Customer profile: UV distribution, Referer source distribution, and UA distribution.
  1. Log on to the DCDN console.
  2. In the left-side navigation pane, choose Logs > Real-time Logs. In the Project Name section, click Analysis and Alerts.
  3. Click Select Time to select the log time that you want to query.
  4. Click Refresh, select Only Once or click Auto Refresh as needed, and select a refresh time based on your business needs.
  5. Select a domain name, URI, or IP through the drop-down menu as needed. Different combinations will present different analysis reports.
    Note A log is accessed once.
    Module Dimension Filter condition Show results
    Basic information Total PVs
    • Time selection
    • Domain Name
    • URI
    • access IP
    The total number of queries.
    • Select Domain Name: the total number of visits to the domain name within the specified date.
    • Select URI: The total number of visits to the URI within the selected date.
    • Select IP: the total number of visits from the IP address on the selected date.
    Note Domain names, URI and IP can be selected in multiple or in combination.
    UVs The total number of IP addresses accessed.
    • Select Domain Name: the total number of IP addresses in the specified date.
    • Select URI: the total number of access IP addresses for this URI in the selected date.
    Note Domain names and URI can be selected in multiple or in combination.
    Request error percentage The percentage of error requests.
    Data distribution and trends PV distribution
    • Time selection
    • Domain Name
    • URI
    • access IP
    Note You can select exact match or directory query for the URI. Example:
    • Accurate Matching: www.example.com/index/image_01.png
    • Directory query: www.example.com/index/*

    According to the China /World map display.

    When you move the pointer over a specific region, the small window displays the region name and the number of visits during the period.

    PV Trend (5 minutes)
    • Time selection
    • Domain Name
    • URI
    • access IP
    Note You can select exact match or directory query for the URI. Example:
    • Accurate Matching: www.example.com/index/image_01.png
    • Directory query: www.example.com/index/*
    The trend chart is displayed.
    Note If you do not select a URI, all logs are displayed by default.
    Top Rankings Top10 URI
    • Time selection
    • Domain Name
    • URI
    • access IP
    The chart shows the domain name, URI, and number of visits.
    Top10 IP The chart shows the IP address and the number of visits.
    Error message Error code trend
    • Time selection
    • Domain Name
    • URI
    • access IP
    Note You can select exact match or directory query for the URI. Example:
    • Accurate Matching: www.example.com/index/image_01.png
    • Directory query: www.example.com/index/*
    The two-line trend chart displays the trend chart of all status code whose numbers are greater than or equal to 400.
    Error domain name Top10
    • Time selection
    • Domain Name
    • URI
    • access IP
    The table shows the top 10 domain names.
    Error URI Top 10 The table shows the URI of the TOP10.
    Error IP address Top10 The table shows the top 10 IP addresses.
    Performance metrics cache hit rate
    • Time selection
    • Domain Name
    • URI
    • access IP
    The trend chart shows changes in the cache hit rate.
    Response latency (5 minutes) The trend chart shows the response latency.
    Customer portrait UV distribution
    • Time selection
    • Domain Name
    • URI
    • access IP

    According to the China /World map display.

    When you move the pointer over a specific region, the small window displays the region name and the number of visits during the period.

    Referer source distribution The table shows the distribution of Referer sources, including the fields refer_domain and total.
    UA distribution The table shows the UA distribution, including the fields user_agent and total.

Examples

  • Scenario 1: Analyze the delivery effect (specific URI) of a specific advertisement.
    • Filter Scheme: Select a specific domain name and a specific URI.
    • Analysis method:
      • View the PV distribution to obtain the access effect of advertisements in each region, and finally obtain the geographic distribution of PVs and UVs.
      • View PV Trend (5 Minutes) to obtain the trend chart of ad access.
      • View the Referer source distribution, and view the top information of Referer to view the channels from which users access advertisements.
  • Scenario 2: Optimize and improve the design of business API interfaces based on data analysis.
    • Filter Scheme: Select the time.
    • Analysis method: View the Top10 URI and analyze the call status and response performance of each API to optimize the API design of the website, such as optimization, deletion, and merging.
  • Scenario 3: How to detect potential threats.
    • View the Top10 URI and Top10 IP to help you quickly identify whether your business may be attacked. For example, the normal number of requests for a user of a website is 0 to 20 times per second, but the analysis finds that there are users who access more than 100 times per second, the user may be an attack user. If the user is determined to be an attack user, you can use the "black and white list" function to block.
    • Check the Referer source distribution and analyze the Referer information to determine whether the business is stolen. If a certain proportion of users are from unknown channels (specific domain names), focus on whether the resources of the website are stolen by the domain name.