Queries logs. This command is suitable for scenarios in which you need to query a specified number of logs.
Request syntax
aliyunlog log get_log --project=<value> --logstore=<value> --from_time=<value> --to_time=<value> [--topic=<value>] [--query=<value>] [--reverse=<value>] [--offset=<value>] [--size=<value>] [--power_sql=<value>] [--access-id=<value>] [--access-key=<value>] [--sts-token=<value>] [--region-endpoint=<value>] [--client-name=<value>] [--jmes-filter=<value>] [--format-output=<value>] [--decode-output=<value>] [--profile=<value>]Request parameters
The following table describes the required and unique parameters of this command.
For more information about the global parameters of this command, see Global parameters.
| Parameter | Type | Required | Example | Description |
|---|---|---|---|---|
| --project | String | Yes | aliyun-test-project | The name of the project. |
| --logstore | String | Yes | logstore-a | The name of the Logstore. |
| --from_time | String | Yes | 2021-05-28 15:33:00+8:00 | The beginning of the time range to query. Specify the value as a UNIX timestamp or
in the "%Y-%m-%d %H:%M:%S<time_zone>" format. Example: “2018-01-02 12:12:10+8:00“.
|
| --to_time | String | Yes | 2021-05-28 15:40:00+8:00 | The end of the time range to query. Specify the value as a UNIX timestamp or in the
"%Y-%m-%d %H:%M:%S<time_zone>" format. Example: “2018-01-02 12:12:10+8:00“.
|
| --topic | String | No | "" | The topic of the logs to query. The default value is double quotation marks (""). For more information, see Topic. |
| --query | String | No | level:Information|select event_id as Key1,COUNT(*) as Key2 group by Key1 |
The search statement or query statement. For more information, see Log search overview and Log analysis overview.
If you add Note If you specify an analytic statement in the value of the query parameter, you must set the line and offset parameters to 0 and use the LIMIT clause to perform a paged query. An analytic statement
is an SQL statement. For more information, see Paging of analysis results.
|
| --reverse | Boolean | No | true |
Specifies whether to return logs in descending order of log timestamp. The log timestamps are accurate to minutes.
Important
|
| --offset | Integer | No | 0 | The row from which the query starts. This parameter only takes effect when the query parameter is set to a search statement. Default value: 0. |
| --size | Integer | No | 10 | The maximum number of logs to return. This parameter only takes effect when the query parameter is set to a search statement. Minimum value: 0. Maximum value: 100. Default value: 100. |
| --power_sql | Boolean | No | false |
Specifies whether to use the Dedicated SQL feature. For more information, see Enable Dedicated SQL.
You can use the powerSql or query parameter to specify whether to use the Dedicated SQL feature. |
Examples
- Sample requests
Use the default account to query five event logs whose level is Information. Command example:
aliyunlog log get_log --project="aliyun-test-project" --logstore="logstore-a" --from_time="2021-05-28 15:33:00+8:00" --to_time="2021-05-28 15:40:00+8:00" --query="level:Information|select event_id as Key1,COUNT(*) as Key2 group by Key1 limit 5" --reverse=true - Sample responses
[ { "Key1": "16394", "Key2": "1", "__source__": "", "__time__": "1622186400" }, { "Key1": "44", "Key2": "1", "__source__": "", "__time__": "1622186400" }, { "Key1": "7036", "Key2": "7", "__source__": "", "__time__": "1622186400" }, { "Key1": "16384", "Key2": "1", "__source__": "", "__time__": "1622186400" }, { "Key1": "43", "Key2": "1", "__source__": "", "__time__": "1622186400" } ]
Related commands
| Command | Description |
|---|---|
| get_logs | Queries logs in exact match mode by using a JSON configuration file. |
| get_log_all | Queries a large number of logs. |