Logs are records of changes that occur in a system during the running of the system. The records contain information about the operations that are performed on specific objects and the results of the operations. The records are ordered by time.
Format
Log data is stored in different forms, such as log files, log events, binary logs, and metric data. Log Service uses a semi-structured data model to define logs. A log entry consists of the following fields: topic, time, content, source, and tags. Log Service has different format requirements on different log fields. The following table describes the log fields and provides the format requirements.
Field | Description | Format |
---|---|---|
Topic | The custom field in a log entry. This field can be used to identify the log topic. For example, you can set different log topics (access_log and operation_log) for website logs based on log types. For more information, see Topic. | The field value can be a string of up to 128 bytes, including an empty string.
If the field is an empty string, it indicates that the log topic is not configured. |
Time | The time when the log entry is generated, or the system time of the host where Logtail resides when the log data is collected. This field is a reserved field. | The value is a UNIX timestamp. It is the number of seconds that have elapsed since 00:00:00 Thursday, 1 January 1970. |
Content | The content of the log entry. The content consists of one or more items. Each item is a key-value pair. | A key-value pair must comply with the following requirements:
|
Source | The source of the log entry. For example, the value of this field can be the IP address of the server where the log entry is generated. | The value of this field can be a string of up to 128 bytes. |
Tags | The tags of the log entry. The following log tags can be used:
|
The field value is in the dictionary format. The keys and the values are strings. The field name is prefixed by __tag__:. |
Examples
The following examples show a website access log that is collected to Log Service in different modes.
- Raw log entry
127.0.0.1 - - [01/Mar/2021:12:36:49 0800] "GET /index.html HTTP/1.1" 200 612 "-" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_13_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/68.0.3440.106 Safari/537.36
- Log entry collected to Log Service in simple mode
- Log entry collected to Log Service in full regex mode