Queries raw logs from a specified logstore in a project. The response contains raw logs from a specified time range and is compressed for transmission.
Operation description
The Simple Log Service SDK is available only for Go, Java, and Python. However, you can call all OpenAPI operations directly.
You must specify a compression method when you call this operation. The available compression algorithms vary by programming language. For more information, see the Accept-Encoding request parameter.
For more information, see GetLogs.
Permissions
The following table describes the authorization for this API operation. To grant a RAM user or RAM role permission to call this operation, add the action to a Resource Access Management (RAM) policy statement.
Action | Resource in an authorization policy |
|
|
Try it now
Test
RAM authorization
Request syntax
POST /logstores/{logstore}/logs HTTP/1.1Path Parameters
Parameter | Type | Required | Description | Example |
logstore | string | Yes | The name of the logstore. | test-logstore |
Request parameters
Parameter | Type | Required | Description | Example |
project | string | Yes | The name of the project. | ali-test-project |
Accept-Encoding | string | Yes | The compression method.
Valid values:
| lz4 |
| body | object | No | The request struct. | |
from | integer | Yes | The start of the time range to query. The value is the log time that was specified when the log was written. The time range is a left-closed, right-open interval. This means the range includes the start time but not the end time. If the from and to values are the same, the interval is invalid and an error is returned. The value is a UNIX timestamp that represents the number of seconds since 00:00:00 UTC on January 1, 1970. | 1627268185 |
to | integer | Yes | The end of the time range to query. The value is the log time that was specified when the log was written. The time range is a left-closed, right-open interval. This means the range includes the start time but not the end time. If the from and to values are the same, the interval is invalid and an error is returned. The value is a UNIX timestamp that represents the number of seconds since 00:00:00 UTC on January 1, 1970. | 1627268185 |
line | integer | No | The maximum number of logs to return. This parameter is valid only if the query parameter contains a search statement. The value must be an integer from 0 to 100. Default value: 100. | 100 |
offset | integer | No | The line number from which to start the query. This parameter is valid only if the query parameter contains a search statement. Default value: 0. | 0 |
reverse | boolean | No | Specifies whether to return logs in descending order of their timestamps. The precision is at the minute level. true: Returns logs in descending order of their timestamps. false (default): Returns logs in ascending order of their timestamps. Note If the query parameter contains a search statement, this parameter is valid and specifies the sorting order. If the query parameter contains an analytic statement, this parameter is invalid. The sorting order is specified by the ORDER BY clause in the analytic statement. ORDER BY asc (default) sorts logs in ascending order. ORDER BY desc sorts logs in descending order. | false |
powerSql | boolean | No | Specifies whether to enable enhanced SQL. Default value: false. | false |
session | string | No | The query parameter. | mode=scan |
topic | string | No | The log topic. The default value is double quotation marks (""). | "" |
query | string | No | The search statement or analytic statement. For more information, see Query overview and Analysis overview. To use the Exclusive SQL feature, add `set session parallel_sql=true;` to the analytic statement in the query parameter. Example: Note If the query parameter contains an analytic statement, the line and offset parameters are invalid. Set them to 0. Use the LIMIT clause in the SQL statement for paging. For more information, see Paginate query and analysis results. | status: 401 | SELECT remote_addr,COUNT(*) as pv GROUP by remote_addr ORDER by pv desc limit 5 |
forward | boolean | No | For a scan or phrase query, specifies whether to page forward or backward. | false |
highlight | boolean | No | Specifies whether to highlight the results. | false |
Response elements
Element | Type | Description | Example |
object | The data returned. | ||
| meta | object | The metadata of the returned data. | |
progress | string | The progress of the query. Valid values:
| Complete |
aggQuery | string | The SQL part of the query statement that follows the vertical bar (|). | select * |
whereQuery | string | The part of the query statement that precedes the vertical bar (|). | * |
hasSQL | boolean | Indicates whether the query is an SQL query. | false |
processedRows | integer | The number of rows processed in the query. | 10000 |
elapsedMillisecond | integer | The time consumed by the query, in milliseconds. | 5 |
cpuSec | number | The core-hours for the Exclusive SQL. | 0.002 |
cpuCores | integer | The number of CPU cores used. | 3 |
| keys | array | All keys in the query result. | |
string | The key. | key | |
| terms | array<object> | All terms in the query statement. | |
object | The term. | {term=*, key=} | |
limited | integer | The number of entries returned. This parameter is returned if the SQL statement does not contain a LIMIT clause. | 100 |
mode | integer | The query mode. Valid values: 0: Normal query, which includes SQL queries. 1: Phrase query. 2: SCAN query. 3: SCAN SQL query. | 0 |
| phraseQueryInfo | object | The information about the phrase query. | |
scanAll | boolean | Indicates whether all logs are scanned. | true |
beginOffset | integer | The starting offset of the scan result after index filtering. | 0 |
endOffset | integer | The end offset of the scan result after index filtering. | 0 |
endTime | integer | The end time of the scan result after index filtering. | 1 |
scanBytes | integer | The volume of data scanned in the scan query. Unit: bytes. | 1024 |
| highlights | array | The highlighted content. | |
array | The highlighted content. | ||
The highlighted log content. | |||
count | integer | The number of log entries returned in this query. | 1 |
processedBytes | integer | The volume of logs processed in the query. Unit: bytes. | 10000 |
isAccurate | boolean | Indicates whether the query is accurate to the second. | true |
| columnTypes | array | The column types. | |
string | The type. | long | |
telementryType | string | The type of observable data. | None |
| data | array<object> | The query results. | |
object | The returned data. | ||
string | The returned data. | {'remote_addr': '198.51.XXX.XXX', 'pv': '1', '__source__': '', '__time__': '1649902984'} |
Examples
Success response
JSON format
{
"meta": {
"progress": "Complete",
"aggQuery": "select *",
"whereQuery": "*",
"hasSQL": false,
"processedRows": 10000,
"elapsedMillisecond": 5,
"cpuSec": 0.002,
"cpuCores": 3,
"keys": [
"key"
],
"terms": [
{
"test": "test",
"test2": 1
}
],
"limited": 100,
"mode": 0,
"phraseQueryInfo": {
"scanAll": true,
"beginOffset": 0,
"endOffset": 0,
"endTime": 1
},
"scanBytes": 1024,
"highlights": [
[
{
"Key": "key-test",
"Value": "value-test"
}
]
],
"count": 1,
"processedBytes": 10000,
"isAccurate": true,
"columnTypes": [
"long"
],
"telementryType": "None"
},
"data": [
{
"key": "{'remote_addr': '198.51.XXX.XXX', 'pv': '1', '__source__': '', '__time__': '1649902984'}"
}
]
}Error codes
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.