Simple Log Service supports soft deletion - Simple Log Service

Simple Log Service supports soft deletion, which marks log data for deletion instead of immediately and permanently removing it.

Background information

In a data-driven environment, logs and observability data are key enterprise assets, but they also present challenges in data management, compliance, and security. To address these issues, Simple Log Service (SLS) offers soft deletion — a traceable deletion mechanism that adds a safety net to your data security and compliance framework.

How it works

Soft deletion marks data for deletion instead of erasing it, logically removing the data while keeping it physically stored. The workflow is as follows:

Initiate a deletion task: Start an asynchronous deletion task by using an SDK or the console. Specify a time range and query conditions.
Precise marking: The SLS backend service locates all matching log entries based on your query conditions. Instead of physically deleting the data, the service adds an internal, invisible deletion marker to each entry.
Query transparency: After data is marked, all regular query requests, such asGetLogs, GetHistograms, and SQL analysis queries, automatically filter out this data. This makes the data appear deleted to your applications and users.
Retention and recovery: Marked data remains physically stored but is inaccessible for queries. Data recovery is not currently supported.
Permanent deletion: After the Logstore's retention period expires, an SLS cleanup mechanism performs an irreversible physical deletion of the data to free up storage space.

Use cases

By marking data for deletion rather than immediately erasing it, soft deletion helps address the following data management challenges:

Compliance and audit requirements
- Scenario: Regulations such as financial regulations or GDPR require businesses to delete data on demand and retain audit records of deletion operations.
- Implementation: Soft deletion operations generate system logs that record the deletion time, operator, and data scope to meet audit and compliance requirements.
Data management in development and test environments
- Scenario: A testing team needs to regularly clean up old test data to prepare for new stress tests.
- Implementation: You can soft delete specified data in batches. This approach retains the Logstore structure and configuration, avoiding the cost of recreating them.
Dirty data cleanup
- Scenario: An online failure causes the collection of abnormal data, which affects analysis accuracy.
- Implementation: Quickly isolate and mark dirty data to ensure that business views contain only high-quality data. The raw data is retained for later troubleshooting.

Soft deletion works alongside other Simple Log Service security and compliance capabilities, such as server-side encryption and fine-grained permission control, to meet enterprise-level data governance needs.

Precautions

Storage costs: Soft-deleted data continues to occupy storage space and incur fees during the retention period. The data is not physically deleted until the Logstore's retention period expires.
Query accuracy: Query before you delete. Before you delete, run a query using the exact same time range and query statement. Preview the data to be deleted to confirm it is correct.
You cannot query or analyze soft-deleted logs. This restriction applies to features such as querying, SQL analysis, ScheduledSQL, and alerting. Stream processing operations, including consumption, data transformation, and shipping, are not affected.
Soft deletion is irreversible. Deleted logs cannot be recovered.

Supported regions

You can find the service endpoint for your Project's region on its overview page. For the ID of each region, see Endpoints.

Permissions

If you use your Alibaba Cloud account, you have all permissions by default and can directly manage Projects.
If you use a RAM user, you must ask the Alibaba Cloud account owner for the required permissions. Simple Log Service provides the following two types of system policies:
- System policies: These policies grant broad permissions. You cannot modify the content of system policies, but they are simple to configure.
  - AliyunLogFullAccess: Grants full management permissions for Simple Log Service.
  - AliyunLogReadOnlyAccess: Grants read-only permissions for Simple Log Service.
- Custom policies: We recommend that you follow the principle of least privilege. Grant only the minimum required permissions to trusted personnel or automated services.
  
  The following code provides a sample custom policy:
  - In the script, replace Project name and Logstore name with your actual values.
  - For more information about how to configure permissions for a RAM user, see Configure RAM permissions for Simple Log Service and Authorization information.
```
{
  "Version": "1",
  "Statement": [
    {
      "Action": [
        "log:DeleteLogStoreLogs",
        "log:GetDeleteLogStoreLogsTask",
        "log:ListDeleteLogStoreLogsTasks"
      ],
      "Resource": [
        "acs:log:*:*:project/ProjectName/logstore/LogstoreName"
      ],
      "Effect": "Allow"
    }
  ]
}
```

Console operations

Log on to the Simple Log Service console. In the Projects section, click the one you want.
On the Log Storage > Logstores tab, click the logstore you want.
On the Search & Analysis page of the Logstore, enter a query statement and select a time range. On the Raw Log tab, click > Soft Delete Log.
In the Soft Delete Log dialog box, carefully read the information and click Confirm. After the logs are deleted, they are no longer visible.
After the deletion is complete, on the Raw Log tab, click > Soft Delete Task. In the Soft Delete Task list, you can view the history of deletion tasks.

SDK operations

Python

Use pip show aliyun-log-python-sdk to check the version of aliyun-log-python-sdk.

The aliyun-log-python-sdk version must be 0.9.28 or later. If your version is earlier, use the pip install -U aliyun-log-python-sdk command to upgrade the SDK version.

Submit a soft deletion task.

DeleteLogsRequest has the following parameters:

Parameter

Example

# Import necessary libraries
import time
from aliyun.log import LogClient, DeleteLogsRequest, DeleteLogsResponse

def execute_soft_delete(client: LogClient, project: str, logstore: str, from_time: int, to_time: int, query: str) -> str:
    """
    Executes an asynchronous soft deletion task.

    :param client: An initialized Simple Log Service client instance.
    :param project: Your Simple Log Service Project name.
    :param logstore: Your Logstore name.
    :param from_time: The start timestamp of the deletion range (in seconds).
    :param to_time: The end timestamp of the deletion range (in seconds).
    :param query: The index-only search statement used to filter logs for deletion. SQL, scan, and phrase queries are not supported.
    :return: The task ID of the asynchronous deletion task, used to query the task status later.
    """
    print(f"Preparing to perform a soft deletion in Logstore '{logstore}' of Project '{project}'...")
    print(f"Time range: {time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(from_time))} -> {time.strftime('%Y-%m-%d %H:%M:%S', time.localtime(to_time))}")
    print(f"Deletion condition (Query): {query}")

    # 1. Construct the deletion request object.
    request = DeleteLogsRequest(project, logstore, from_time, to_time, query=query)

    # 2. Initiate the asynchronous deletion request.
    try:
        res: DeleteLogsResponse = client.delete_logs(request)
        
        # 3. Print the request information and the returned task ID.
        print("\n--- Request Receipt ---")
        res.log_print()
        task_id = res.get_taskid()
        print(f"✅ Soft deletion task submitted successfully! Request ID: {res.get_request_id()}, Task ID: {task_id}")
        return task_id
    except Exception as e:
        print(f"❌ Failed to submit soft deletion task: {e}")
        return ""

# --- How to call ---
# client = LogClient(...) # Client initialization process is omitted here.

# project_name = "my-prod-app"
# logstore_name = "nginx-access-log"
# # Scenario: Delete access logs from the last 24 hours with a status code of 500 from a specific IP address.
# start_time = int(time.time()) - 86400 
# end_time = int(time.time())
# delete_query = "__source__: 123.123.XXX.XXX and status: 500"

# task_id = execute_soft_delete(client, project_name, logstore_name, start_time, end_time, delete_query)
# if task_id:
#     print(f"\nPlease use Task ID '{task_id}' to query the task execution status.")

project String (Required)

The name of the project. The project in Simple Log Service is used to isolate the resources of different users and control access to specific resources. See Manage projects.

LogStore String (Required)

The name of the logstore. The logstore in Simple Log Service is used to collect, store, and query logs. See Manage Logstores.

fromTime int Required

The start of the query time range, specified as a Unix timestamp.

toTime int (Required)

The end of the query time range, specified as a Unix timestamp.

query String (Required)

The search or analytic statement. For more information, see Query and analysis overview.

Use caution when setting "*" or "level: ERROR". These settings may cause the accidental deletion of a large amount of data.

Poll the task status.

This code block continuously checks the task progress until it is complete or times out. This is a key step to ensure that the deletion operation is successfully executed.

delete_logs is an asynchronous API. A successful call only indicates that the task is accepted. You must use the returned task_id to poll the final status of the task.

from aliyun.log import GetDeleteLogsStatusRequest, GetDeleteLogsStatusResponse
def wait_for_task_completion(client: LogClient, project: str, logstore: str, task_id: str, timeout_seconds: int = 300):
    """Waits for the soft deletion task to complete by polling."""
    start_time = time.time()
    while time.time() - start_time < timeout_seconds:
        request = GetDeleteLogsStatusRequest(project, logstore, task_id)
        try:
            res: GetDeleteLogsStatusResponse = client.get_delete_logs_status(request)
            progress = res.get_process()
            print(f"Querying status of task '{task_id}'... Progress: {progress:.2f}%")
            if progress >= 100.0:
                print("✅ Task completed!")
                return True
            time.sleep(2)  # Avoid polling too frequently.
        except Exception as e:
            print(f"❌ Failed to query task status: {e}")
            return False
    print(f"⌛️ Task timed out (exceeded {timeout_seconds} seconds). Please retry later or check the task status.")
    return False
# --- How to call ---
# task_id = execute_soft_delete(...)
# if task_id:
#     wait_for_task_completion(client, project_name, logstore_name, task_id)

Audit and manage tasks (view historical tasks).

This feature is crucial for security audits and operations management as it provides a complete history of all deletion operations.

from aliyun.log import ListDeleteLogsTasksRequest
def list_all_delete_tasks(client: LogClient, project: str, logstore: str):
    """Lists the history of all soft deletion tasks for a specified Logstore."""
    print(f"\nListing the history of soft deletion tasks for Logstore '{logstore}' in Project '{project}'...")
    request = ListDeleteLogsTasksRequest(project=project, logstore=logstore)
    try:
        res = client.list_delete_logs_tasks(request)
        print("✅ Task list retrieved successfully!")
        res.log_print() # log_print() prints all task details in a readable format.
    except Exception as e:
        print(f"❌ Failed to retrieve task list: {e}")