All Products
Document Center

Simple Log Service:Terms

Last Updated:Dec 08, 2023

This topic introduces the terms that are used in Simple Log Service.

Basic resources




A project in Simple Log Service is used to isolate the resources of different users and control access to specific resources. For more information, see Project.


A Logstore in Simple Log Service is used to collect, store, and query logs. For more information, see Logstore.


A Metricstore in Simple Log Service is used to collect, store, and query metrics. For more information, see Metricstore.


Logs are records of changes that occur in a system during the runtime of the system. The records contain information about the operations that are performed on specified objects and the results of the operations. The records are ordered by time. For more information, see Log.

log group

A log group is a collection of logs. A log group is the basic unit that is used to write and read logs. Logs in a log group contain the same metadata, such as the IP address and log source. For more information, see Log group.


Metrics are stored as time series. For more information, see Metric.


Traces indicate the execution process of an event or a procedure in a distributed system. For more information, see Trace.


A shard is used to control the read and write capacities of a Logstore. In Simple Log Service, data is stored in shards. Each shard has an MD5 hash range, and each range is a left-closed, right-open interval. The ranges do not overlap with each other. Each range must be within the entire MD5 hash range [00000000000000000000000000000000,ffffffffffffffffffffffffffffffff). For more information, see Shard.


A topic is a basic management unit in Simple Log Service. You can specify topics when you collect logs. This way, Simple Log Service can classify logs by topic. For more information, see Topic.


An endpoint of Simple Log Service is a URL that is used to access a project and the data of the project. To access the projects in different regions, you must use different endpoints. To access the projects in the same region over an internal network or the Internet, you must also use different endpoints. For more information, see Endpoints.

AccessKey pair

An AccessKey pair is an identity credential that consists of an AccessKey ID and an AccessKey secret. The AccessKey ID and AccessKey secret are used for symmetric encryption and identity authentication. The AccessKey ID is used to identify a user. The AccessKey secret is used to encrypt and verify a signature string. The AccessKey secret must be kept confidential. For more information, see AccessKey pair.


A region is a physical location where a data center of Simple Log Service is deployed. You can specify a region when you create a project. After the project is created, you cannot change the region. For more information, see Supported regions.

Data collection




Logtail is used by Simple Log Service to collect logs. For more information, see Use Logtail to collect data.

Logtail configuration

A Logtail configuration is a set of policies that are used by Logtail to collect logs. The configuration includes the log source and collection method. For more information, see Logtail configurations.

machine group

A machine group is a virtual group that contains multiple servers. Simple Log Service uses machine groups to manage the servers from which you want to collect logs by using Logtail. For more information, see Introduction.

Data query and analysis




You can specify filter conditions in search statements to obtain specific logs. For more information, see Log search overview.


You can invoke SQL functions on query results to perform statistical and analytical operations. Then, you can obtain analysis results.

query statement

A query statement is in the Search statement|Analytic statement format. A search statement can be executed alone. However, an analytic statement must be executed together with a search statement. The log analysis feature is used to analyze search results or all data in a Logstore. For more information, see Query and analysis.


An index is an inverted storage structure that consists of keywords and logical pointers that can refer to actual data. You can use an index to quickly locate data rows based on keywords. An index is similar to a data catalog. You can query data only after you configure indexes for the data. Simple Log Service provides the following types of indexes:

  • Full-text index: Simple Log Service splits an entire log into multiple words based on specified delimiters to create indexes. In a search statement, the field names (keys) and field values (values) are plain text.

  • Field index: After you configure field indexes, you can specify field names and field values in the Key:Value format to search for logs.

For more information, see Create indexes.

Standard SQL

The Standard SQL feature allows you to analyze data by using SQL statements. You can use this feature free of charge. The Standard SQL feature provides fewer resources than the Dedicated SQL feature.

Dedicated SQL

Dedicated SQL is a paid feature that is provided by Simple Log Service. You can use the Dedicated SQL feature to analyze data by using SQL statements. If you want to analyze large amounts of data, such as tens of billions to hundreds of billions of data records, you can use the Dedicated SQL feature. For more information, see Enable Dedicated SQL.

Data transformation



domain-specific language (DSL)

DSL is a Python-compatible scripting language that is used for data transformation in Simple Log Service. For more information, see Language introduction.

transformation rule

A transformation rule is a data transformation script that is orchestrated by using the DSL for Simple Log Service. For more information, see Syntax overview.

Data consumption and shipping



consumer group

You can use consumer groups to consume data in Simple Log Service. A consumer group consists of multiple consumers. Each consumer consumes different logs that are stored in a Logstore. For more information, see Use consumer groups to consume data.





An alert indicates an alert event. If an alert is triggered based on a specific alert monitoring rule, the alert management system sends the alert event to the notification management system.

Simple Log Service also provides alert-related subsystems, features, entities, and modules, such as the alert monitoring system and alert monitoring rules.

For more information, see The alerting feature of Log Service.

alert monitoring system

The alert monitoring system is a subsystem that triggers alerts. The alert monitoring system contains alert monitoring rules and resource data.

The alert monitoring system periodically monitors and evaluates query and analysis results based on alert monitoring rules. If an alert is triggered or cleared based on an alert monitoring rule, the alert monitoring system sends an alert or recovery notification to the alert management system based on monitoring orchestration.

alert management system

The alert management system is a subsystem that denoises alerts and manages alert status. The alert management system contains alert policies, alert incidents, and alert dashboards.

The alert management system processes alerts based on alert policies. For example, the system can dispatch, suppress, deduplicate, silence, or merge alerts. After the alerts are processed, the alerts are sent to the notification management system. The alert management system allows you to switch incident phases and specify handlers for incidents.

notification management system

The notification management system is a subsystem that manages notification methods and recipients. The notification management system contains action policies, alert templates, calendars, users, user groups, on-duty groups, and notification quotas.

The notification management system sends notifications to specified recipients by using specified notification methods based on action policies. The recipients can be users, user groups, or on-duty groups. The notification management system allows you to escalate alerts and customize the content of alert notifications.