Use GetLogs to query log data - Simple Log Service

Operation description

Note

Simple Log Service supports scheduled SQL jobs. For details, see Create a scheduled SQL job.

The Host in the request syntax consists of the project name and the Simple Log Service endpoint. Specify the project name in the Host.
Create and obtain an AccessKey pair. For details, see AccessKey pair.

Create and use a RAM user to make API calls or perform routine O&M. Using an Alibaba Cloud account AccessKey pair grants access to all APIs and poses a high security risk. Ensure the RAM user has the required permissions for Simple Log Service resources. For details, see Create and authorize a RAM user.

Obtain the project name, region, and Logstore name for the logs to query. See Manage a project and Manage a Logstore.
Simple Log Service imposes limits on log queries. Design appropriate query and analytic statements and set a reasonable time range. See Log query limits and Log analysis limits.
Configure indexes before querying logs. See Create indexes.
When the number of matching logs varies significantly, the API cannot predict how many calls are needed to retrieve the complete result. Check the x-log-progress header in each response to determine whether to repeat the call. Each repeated call consumes the same number of query capacity units (CUs).
After a log is written to a Logstore, the latency before it becomes queryable through the GetHistograms and GetLogs operations depends on the log type. Simple Log Service classifies logs into two types based on their timestamps:
- Real-time data: The log timestamp falls within (-180 seconds, 900 seconds] relative to the current server time. For example, if a log is generated at UTC 2014-09-25 12:03:00 and is received by the server at UTC 2014-09-25 12:05:00, the log is classified as real-time data. This is typical in normal scenarios. Real-time data becomes queryable in about 3 seconds.
- Historical data: The log timestamp falls within [-7 x 86,400 seconds, -180 seconds) relative to the current server time. For example, if a log is generated at UTC 2014-09-25 12:00:00 and is received by the server at UTC 2014-09-25 12:05:00, the log is classified as historical data. This is typical in data backfill scenarios.

Note

Simple Log Service calculates the difference between the log time (the __time__ field) and the server receipt time (the __tag__: receive_time field). If the difference falls within (-180 seconds, 900 seconds], the log is real-time data. If the difference falls within [-7 x 86,400 seconds, -180 seconds), the log is historical data.

Simple Log Service provides Java and Python SDK examples for the GetLogs operation. See GetLogs examples for Java and GetLogs examples for Python.

Authorization

The following table describes the authorization information required for this operation. Add this information to the Action element of a RAM access policy statement to grant RAM users or RAM roles the permission to call this operation.

Action	Resource
`log:GetLogStoreLogs`	`acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logstore/{#LogstoreName}`

Try it now

Try this API in OpenAPI Explorer, no manual signing needed. Successful calls auto-generate SDK code matching your parameters. Download it with built-in credential security for local usage.

Test

RAM authorization

No authorization for this operation. If you encounter issues with this operation, contact technical support.

Request syntax

GET /logstores/{logstore}?type=log HTTP/1.1

Path Parameters

Parameter	Type	Required	Description	Example
logstore	string	Yes	The Logstore to query.	example-logstore

Request parameters

Parameter	Type	Required	Description	Example
project	string	Yes	The project name.	ali-test-project
from	integer	Yes	The start of the query time range, based on the log time specified when the log data was written. The from and to parameters define a left-closed, right-open interval [from, to). If from equals to, the interval is invalid and the system returns an error. Value: a UNIX timestamp representing the number of seconds elapsed since January 1, 1970, 00:00:00 UTC. Note To avoid missing data, align the query time to the minute level. If a time range is specified in the analytic statement, that time range takes precedence. To specify a time in seconds within an analytic statement, use the from_unixtime function or the to_unixtime function to convert the time format. Examples: `* \| SELECT * FROM log WHERE from_unixtime(__time__) > from_unixtime(1664186624) AND from_unixtime(__time__) < now()` `* \| SELECT * FROM log WHERE __time__ > to_unixtime(date_parse('2022-10-19 15:46:05', '%Y-%m-%d %H:%i:%s')) AND __time__ < to_unixtime(now())`	1627268185
to	integer	Yes	The end of the query time range, based on the log time specified when the log data was written. The from and to parameters define a left-closed, right-open interval [from, to). If from equals to, the interval is invalid and the system returns an error. Value: a UNIX timestamp representing the number of seconds elapsed since January 1, 1970, 00:00:00 UTC. Note To avoid missing data, align the query time to the minute level. If a time range is specified in the analytic statement, that time range takes precedence. To specify a time in seconds within an analytic statement, use the from_unixtime function or the to_unixtime function to convert the time format. Examples: `* \| SELECT * FROM log WHERE from_unixtime(__time__) > from_unixtime(1664186624) AND from_unixtime(__time__) < now()` `* \| SELECT * FROM log WHERE __time__ > to_unixtime(date_parse('2022-10-19 15:46:05', '%Y-%m-%d %H:%i:%s')) AND __time__ < to_unixtime(now())`	1627269085
query	string	No	The search statement or analytic statement. See Query overview and Analysis overview. To enable the Exclusive SQL feature, add `set session parallel_sql=true;` to the analytic statement. Example: `* \| set session parallel_sql=true; select count() as pv`. For common query and analysis issues, see Common errors that occur when you query and analyze logs. Note* When the query parameter contains an analytic statement (SQL statement), the `line` and `offset` parameters are ignored. Set both to 0 and use the LIMIT clause in the SQL statement for pagination. See Page through query and analysis results.	status: 401 \| SELECT remote_addr,COUNT(*) as pv GROUP by remote_addr ORDER by pv desc limit 5
topic	string	No	The log topic. Default value: an empty string. See Topic.	topic
line	integer	No	Valid only when the query parameter is a search statement. Maximum number of logs to return. Valid values: 0 to 100. Default value: 100. See Page through query and analysis results.	100
offset	integer	No	Valid only when the query parameter is a search statement. The starting row for the query. Default value: 0. See Page through query and analysis results.	0
reverse	boolean	No	Whether to return logs in descending order of timestamp, with minute-level precision. true: Descending order (newest first). false (default): Ascending order (oldest first). Important When the query parameter is a search statement, the reverse parameter controls the sort order. When the query parameter includes an analytic statement, the reverse parameter is ignored. Use the ORDER BY clause in the SQL statement instead. ORDER BY defaults to ascending (asc). Specify desc for descending order.	false
powerSql	boolean	No	Whether to enable the Exclusive SQL feature. See Enable the Exclusive SQL feature. true: Enable Exclusive SQL. false (default): Use standard SQL. Alternatively, add `set session parallel_sql=true;` to the analytic statement in the query parameter to enable Exclusive SQL.	false

Response elements

Element	Type	Description	Example
	array	The log array. Each element is a log entry.
	object	The log array. Each element is a log entry.	[{'remote_addr': '198.51.XXX.XXX', 'pv': '1', '__source__': '', '__time__': '1649902984'}, {'remote_addr': '198.51.XXX.XXX', 'pv': '1', '__source__': '', '__time__': '1649902984'}, {'remote_addr': '198.51.XXX.XXX', 'pv': '1', '__source__': '', '__time__': '1649902984'}, {'remote_addr': '198.51.XXX.XXX', 'pv': '1', '__source__': '', '__time__': '1649902984'}, {'remote_addr': '198.51.100.XXX', 'pv': '1', '__source__': '', '__time__': '1649902984'}]

Examples

Success response

JSON format

[
  {
    "test": "test",
    "test2": 1
  }
]

Error codes

See Error Codes for a complete list.

Release notes

See Release Notes for a complete list.