After you collect logs, you can call the GetLogs operation to query the collected logs. This topic provides examples to show how to query collected logs by calling the GetLogs operation.

Prerequisites

Raw log

body_bytes_sent:1750
host:www.example.com
http_referer:www.example.com
http_user_agent:Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; it-it) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27
http_x_forwarded_for:203.0.103.10
remote_addr:203.0.103.10
remote_user:p288
request_length:13741
request_method:GET
request_time:71
request_uri:/request/path-1/file-1
http_code:200
time_local:11/Aug/2021:06:52:27
upstream_response_time:0.66

Example 1: Query logs by using a keyword

In this example, a file named GetLogsTest.java is created. The file is used to query logs that contain the keyword path-0/file-5. The line parameter is set to 3 to limit the number of logs that can be returned. Example:

import com.aliyun.openservices.log.Client;
import com.aliyun.openservices.log.common.LogItem;
import com.aliyun.openservices.log.common.QueriedLog;
import com.aliyun.openservices.log.exception.LogException;
import com.aliyun.openservices.log.response.GetLogsResponse;

import java.util.Date;

public class GetLogsTest {

    public static void main(String[] args) throws LogException {
        // The AccessKey pair that is used to access Log Service. For more information, see AccessKey pair. An Alibaba Cloud account has permissions to call all API operations. If you use the AccessKey pair of an Alibaba Cloud account, security risks may occur. We recommend that you create and use a RAM user to call API operations or perform routine O&M. 
        String accessId = "your-access-id";
        String accessKey = "your-access-id";
        // The name of the project. 
        String project = "your-project-name";
        // The Log Service endpoint. For more information, see Endpoints. In this example, the Log Service endpoint for the China (Hangzhou) region is used. Replace the parameter value with the actual endpoint. 
        String host = "cn-hangzhou.log.aliyuncs.com";
        // The name of the Logstore. 
        String logStore = "your-logstore-name";

        // Create a Log Service client. 
        Client client = new Client(host, accessId, accessKey);

        // Execute a query statement in the specified Logstore. 
        try {
            // Use the keyword path-0/file-5 to query logs. 
            String query = "path-0/file-5";

            int from = (int) (new Date().getTime() / 1000 - 300);
            int to = (int) (new Date().getTime() / 1000);

            // In this example, the query parameter is set to a search statement. The line parameter is set to 3 to limit the number of logs that can be returned. 
            GetLogsResponse logsResponse = client.GetLogs(project, logStore, from, to, "", query, 3, 0,true);
            System.out.println("-------------Query is started.-------------");
            System.out.println("Returned query result count :" + logsResponse.GetCount());
            System.out.println("from time is :" + from);
            System.out.println("to time is :" + to);
            for (QueriedLog log : logsResponse.getLogs()) {
                LogItem item = log.GetLogItem();
                System.out.println("log time : " + item.mLogTime);
                System.out.println("Jsonstring : " + item.ToJsonString());
            }
            System.out.println("-------------Query is finished.-------------");

        } catch (LogException e) {
            System.out.println("LogException e :" + e.toString());
            System.out.println("error code :" + e.GetErrorCode());
            System.out.println("error message :" + e.GetErrorMessage());
            throw e;
        }
    }
}

Response:

-------------Query is started.-------------
Returned query result count :3
from time is :1644573549
to time is :1644573849
log time : 1644573808
Jsonstring : {"remote_addr":"203.0.113.10","__topic__":"nginx_access_log","request_uri":"/request/path-0/file-5"...}
log time : 1644573808
Jsonstring : {"remote_addr":"203.0.113.20","__topic__":"nginx_access_log","request_uri":"/request/path-0/file-5"...}
log time : 1644573788
Jsonstring : {"remote_addr":"203.0.113.30","__topic__":"nginx_access_log","request_uri":"/request/path-0/file-5"...}
-------------Query is finished.-------------

Process finished with exit code 0

Example 2: Query logs by specifying a field

In this example, a file named GetLogsTest.java is created. The file is used to query logs whose request method is POST. The line parameter is set to 3 to limit the number of logs that can be returned. Example:

import com.aliyun.openservices.log.Client;
import com.aliyun.openservices.log.common.LogItem;
import com.aliyun.openservices.log.common.QueriedLog;
import com.aliyun.openservices.log.exception.LogException;
import com.aliyun.openservices.log.response.GetLogsResponse;

import java.util.Date;

public class GetLogsTest {

    public static void main(String[] args) throws LogException {
        // The AccessKey pair that is used to access Log Service. For more information, see AccessKey pair. An Alibaba Cloud account has permissions to call all API operations. If you use the AccessKey pair of an Alibaba Cloud account, security risks may occur. We recommend that you create and use a RAM user to call API operations or perform routine O&M. 
        String accessId = "your-access-id";
        String accessKey = "your-access-id";
        // The name of the project. 
        String project = "your-project-name";
        // The Log Service endpoint. For more information, see Endpoints. In this example, the Log Service endpoint for the China (Hangzhou) region is used. Replace the parameter value with the actual endpoint. 
        String host = "cn-hangzhou.log.aliyuncs.com";
        // The name of the Logstore. 
        String logStore = "your-logstore-name";

        // Create a Log Service client. 
        Client client = new Client(host, accessId, accessKey);

        // Execute a query statement in the specified Logstore. 
        try {
            // The request_method field is used to record a request method. Query the logs whose request method is POST. 
            String query = "request_method:POST";

            int from = (int) (new Date().getTime() / 1000 - 300);
            int to = (int) (new Date().getTime() / 1000);

            // In this example, the query parameter is set to a search statement. The line parameter is set to 3 to limit the number of logs that can be returned. 
            GetLogsResponse logsResponse = client.GetLogs(project, logStore, from, to, "", query, 3, 0,true);
            System.out.println("-------------Query is started.-------------");
            System.out.println("Returned query result count :" + logsResponse.GetCount());
            System.out.println("from time is :" + from);
            System.out.println("to time is :" + to);
            for (QueriedLog log : logsResponse.getLogs()) {
                LogItem item = log.GetLogItem();
                System.out.println("log time : " + item.mLogTime);
                System.out.println("Jsonstring : " + item.ToJsonString());
            }
            System.out.println("-------------Query is finished.-------------");

        } catch (LogException e) {
            System.out.println("LogException e :" + e.toString());
            System.out.println("error code :" + e.GetErrorCode());
            System.out.println("error message :" + e.GetErrorMessage());
            throw e;
        }
    }
}

Response:

-------------Query is started.-------------
Returned query result count :3
from time is :1644574151
to time is :1644574451
log time : 1644574438
Jsonstring : {"remote_addr":"203.0.113.40","__topic__":"nginx_access_log","body_bytes_sent":"3604","request_method":"POST"...}
log time : 1644574438
Jsonstring : {"remote_addr":"203.0.113.50","__topic__":"nginx_access_log","body_bytes_sent":"3369","request_method":"POST"...}
log time : 1644574438
Jsonstring : {"remote_addr":"203.0.113.60","__topic__":"nginx_access_log","body_bytes_sent":"12714","request_method":"POST"...}
-------------Query is finished.-------------

Process finished with exit code 0

Example 3: Analyze logs by using an SQL statement

In this example, a file named GetLogsTest.java is created. The file is used to query logs whose request method is POST and count the number of page views (PVs) for POST requests. Example:

import com.aliyun.openservices.log.Client;
import com.aliyun.openservices.log.common.LogItem;
import com.aliyun.openservices.log.common.QueriedLog;
import com.aliyun.openservices.log.exception.LogException;
import com.aliyun.openservices.log.response.GetLogsResponse;

import java.util.Date;

public class GetLogsTest {

    public static void main(String[] args) throws LogException {
        // The AccessKey pair that is used to access Log Service. For more information, see AccessKey pair. An Alibaba Cloud account has permissions to call all API operations. If you use the AccessKey pair of an Alibaba Cloud account, security risks may occur. We recommend that you create and use a RAM user to call API operations or perform routine O&M. 
        String accessId = "your-access-id";
        String accessKey = "your-access-id";
        // The name of the project. 
        String project = "your-project-name";
        // The Log Service endpoint. For more information, see Endpoints. In this example, the Log Service endpoint for the China (Hangzhou) region is used. Replace the parameter value with the actual endpoint. 
        String host = "cn-hangzhou.log.aliyuncs.com";
        // The name of the Logstore. 
        String logStore = "your-logstore-name";

        // Create a Log Service client. 
        Client client = new Client(host, accessId, accessKey);

        // Execute a query statement in the specified Logstore. 
        try {
            // The request_method field is used to record a request method. Query the logs whose request method is POST and count the number of PVs for POST requests. 
            String query = "request_method:POST|select COUNT(*) as pv";

            int from = (int) (new Date().getTime() / 1000 - 300);
            int to = (int) (new Date().getTime() / 1000);

            // In this example, the query parameter is set to a query statement. The line parameter is invalid. The number of logs that can be returned is determined by the query parameter. Only one log can be returned. 
            GetLogsResponse logsResponse = client.GetLogs(project, logStore, from, to, "", query, 3, 0,true);
            System.out.println("-------------Query is started.-------------");
            System.out.println("Returned query result count :" + logsResponse.GetCount());
            System.out.println("from time is :" + from);
            System.out.println("to time is :" + to);
            for (QueriedLog log : logsResponse.getLogs()) {
                LogItem item = log.GetLogItem();
                System.out.println("log time : " + item.mLogTime);
                System.out.println("Jsonstring : " + item.ToJsonString());
            }
            System.out.println("-------------Query is finished.-------------");

        } catch (LogException e) {
            System.out.println("LogException e :" + e.toString());
            System.out.println("error code :" + e.GetErrorCode());
            System.out.println("error message :" + e.GetErrorMessage());
            throw e;
        }
    }
}

Response:

-------------Query is started.-------------
Returned query result count :1
from time is :1644574354
to time is :1644574654
log time : 1644574354
Jsonstring : {"pv":"162","logtime":1644574354}
-------------Query is finished.-------------

Process finished with exit code 0

Example 4: Analyze logs by using the GROUP BY clause

In this example, a file named GetLogsTest.java is created. The file is used to query logs whose request method is POST and group the obtained logs by host. Example:

import com.aliyun.openservices.log.Client;
import com.aliyun.openservices.log.common.LogItem;
import com.aliyun.openservices.log.common.QueriedLog;
import com.aliyun.openservices.log.exception.LogException;
import com.aliyun.openservices.log.response.GetLogsResponse;

import java.util.Date;

public class GetLogsTest {

    public static void main(String[] args) throws LogException {
        // The AccessKey pair that is used to access Log Service. For more information, see AccessKey pair. An Alibaba Cloud account has permissions to call all API operations. If you use the AccessKey pair of an Alibaba Cloud account, security risks may occur. We recommend that you create and use a RAM user to call API operations or perform routine O&M. 
        String accessId = "your-access-id";
        String accessKey = "your-access-id";
        // The name of the project. 
        String project = "your-project-name";
        // The Log Service endpoint. For more information, see Endpoints. In this example, the Log Service endpoint for the China (Hangzhou) region is used. Replace the parameter value with the actual endpoint. 
        String host = "cn-hangzhou.log.aliyuncs.com";
        // The name of the Logstore. 
        String logStore = "your-logstore-name";

        // Create a Log Service client. 
        Client client = new Client(host, accessId, accessKey);

        // Execute a query statement in the specified Logstore. 
        try {
            // The request_method field is used to record a request method. Query the logs whose request method is POST and group the returned logs by host. 
            // Use the LIMIT clause to limit the number of logs that can be returned to 5. For more information, see LIMIT clause. 
            String query = "request_method:POST|select host, COUNT(*) as pv group by host limit 5";

            int from = (int) (new Date().getTime() / 1000 - 300);
            int to = (int) (new Date().getTime() / 1000);

            // In this example, the query parameter is set to a query statement. The line parameter is invalid. The number of logs that can be returned is determined by the query parameter. Five logs can be returned. 
            GetLogsResponse logsResponse = client.GetLogs(project, logStore, from, to, "", query, 3, 0,true);
            System.out.println("-------------Query is started.-------------");
            System.out.println("Returned query result count :" + logsResponse.GetCount());
            System.out.println("from time is :" + from);
            System.out.println("to time is :" + to);
            for (QueriedLog log : logsResponse.getLogs()) {
                LogItem item = log.GetLogItem();
                System.out.println("log time : " + item.mLogTime);
                System.out.println("Jsonstring : " + item.ToJsonString());
            }
            System.out.println("-------------Query is finished.-------------");

        } catch (LogException e) {
            System.out.println("LogException e :" + e.toString());
            System.out.println("error code :" + e.GetErrorCode());
            System.out.println("error message :" + e.GetErrorMessage());
            throw e;
        }
    }
}

Response:

-------------Query is started.-------------
Returned query result count :5
from time is :1644574445
to time is :1644574745
log time : 1644574445
Jsonstring : {"pv":"1","host":"www.example1.com","logtime":1644574445}
log time : 1644574445
Jsonstring : {"pv":"1","host":"www.example.org","logtime":1644574445}
log time : 1644574445
Jsonstring : {"pv":"1","host":"www.example.net","logtime":1644574445}
log time : 1644574445
Jsonstring : {"pv":"1","host":"www.example.edu","logtime":1644574445}
log time : 1644574445
Jsonstring : {"pv":"1","host":"www.aliyundoc.com","logtime":1644574445}
-------------Query is finished.-------------

Process finished with exit code 0