完成日志采集后,您可以调用GetLogs接口查询采集到的日志。本文介绍GetLogs接口的典型使用示例。

前提条件

  • 已安装日志服务Java SDK。具体操作,请参见安装Java SDK
  • 已创建项目Project和日志库Logstore,并完成日志采集。具体操作,请参见创建Project创建Logstore日志采集
  • 已了解GetLogs接口的各参数说明。更多信息,请参考GetLogs
  • 该文档中示例代码基于aliyun-log-0.6.69版本。若您在调试中出现没有对应方法的报错(例如无getLogs方法),请升级到该版本及以上版本后重试。

原始日志样例

body_bytes_sent:1750
host:www.example.com
http_referer:www.example.com
http_user_agent:Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_6; it-it) AppleWebKit/533.20.25 (KHTML, like Gecko) Version/5.0.4 Safari/533.20.27
http_x_forwarded_for:203.0.103.10
remote_addr:203.0.103.10
remote_user:p288
request_length:13741
request_method:GET
request_time:71
request_uri:/request/path-1/file-1
http_code:200
time_local:11/Aug/2021:06:52:27
upstream_response_time:0.66

查询和分析日志示例

您可以参考以下代码示例,对日志进行查询和分析。

示例1:使用关键字查询日志

本示例中将展示如何创建一个GetLogsTest.java文件,并使用关键字path-0/file-5查询日志。为控制返回日志条数,接口中line参数取值为3。示例如下:

import com.aliyun.openservices.log.Client;
import com.aliyun.openservices.log.common.LogItem;
import com.aliyun.openservices.log.common.QueriedLog;
import com.aliyun.openservices.log.exception.LogException;
import com.aliyun.openservices.log.response.GetLogsResponse;

import java.util.Date;

public class GetLogsTest {

    public static void main(String[] args) throws LogException {
        //阿里云访问密钥AccessKey。更多信息,请参见访问密钥。阿里云账号AccessKey拥有所有API的访问权限,风险很高。强烈建议您创建并使用RAM用户进行API访问或日常运维。
        String accessId = "your-access-id";
        String accessKey = "your-access-id";
        //Project名称。
        String project = "your-project-name";
        //日志服务的服务入口。更多信息,请参见服务入口。此处以杭州为例,其它地域请根据实际情况填写。
        String host = "cn-hangzhou.log.aliyuncs.com";
        //Logstore名称。
        String logStore = "your-logstore-name";

        //创建日志服务Client。
        Client client = new Client(host, accessId, accessKey);

        //在指定的Logstore内执行query分析。
        try {
            //使用关键字path-0/file-5查询日志。
            String query = "path-0/file-5";

            int from = (int) (new Date().getTime() / 1000 - 300);
            int to = (int) (new Date().getTime() / 1000);

            //该示例中,query为查询语句,接口中line参数控制返回日志条数,line取值为3,最大值为100。
            GetLogsResponse logsResponse = client.GetLogs(project, logStore, from, to, "", query, 3, 0,true);
            System.out.println("-------------Query is started.-------------");
            System.out.println("Returned query result count :" + logsResponse.GetCount());
            System.out.println("from time is :" + from);
            System.out.println("to time is :" + to);
            for (QueriedLog log : logsResponse.getLogs()) {
                LogItem item = log.GetLogItem();
                System.out.println("log time : " + item.mLogTime);
                System.out.println("Jsonstring : " + item.ToJsonString());
            }
            System.out.println("-------------Query is finished.-------------");

        } catch (LogException e) {
            System.out.println("LogException e :" + e.toString());
            System.out.println("error code :" + e.GetErrorCode());
            System.out.println("error message :" + e.GetErrorMessage());
            throw e;
        }
    }
}

返回结果示例如下:

-------------Query is started.-------------
Returned query result count :3
from time is :1644573549
to time is :1644573849
log time : 1644573808
Jsonstring : {"remote_addr":"203.0.113.10","__topic__":"nginx_access_log","request_uri":"/request/path-0/file-5"...}
log time : 1644573808
Jsonstring : {"remote_addr":"203.0.113.20","__topic__":"nginx_access_log","request_uri":"/request/path-0/file-5"...}
log time : 1644573788
Jsonstring : {"remote_addr":"203.0.113.30","__topic__":"nginx_access_log","request_uri":"/request/path-0/file-5"...}
-------------Query is finished.-------------

Process finished with exit code 0

示例2:指定特定字段查询日志

本示例中将展示如何创建一个GetLogsTest.java文件,并查询请求方法为POST的日志。为控制返回日志条数,接口中line参数取值为3。示例如下:

import com.aliyun.openservices.log.Client;
import com.aliyun.openservices.log.common.LogItem;
import com.aliyun.openservices.log.common.QueriedLog;
import com.aliyun.openservices.log.exception.LogException;
import com.aliyun.openservices.log.response.GetLogsResponse;

import java.util.Date;

public class GetLogsTest {

    public static void main(String[] args) throws LogException {
        //阿里云访问密钥AccessKey。更多信息,请参见访问密钥。阿里云账号AccessKey拥有所有API的访问权限,风险很高。强烈建议您创建并使用RAM用户进行API访问或日常运维。
        String accessId = "your-access-id";
        String accessKey = "your-access-id";
        //Project名称。
        String project = "your-project-name";
        //日志服务的服务入口。更多信息,请参见服务入口。此处以杭州为例,其它地域请根据实际情况填写。
        String host = "cn-hangzhou.log.aliyuncs.com";
        //Logstore名称。
        String logStore = "your-logstore-name";

        //创建日志服务Client。
        Client client = new Client(host, accessId, accessKey);

        //在指定的Logstore内执行SQL分析。
        try {
            //request_method字段用于记录请求的方法。统计请求方法为POST的日志。
            String query = "request_method:POST";

            int from = (int) (new Date().getTime() / 1000 - 300);
            int to = (int) (new Date().getTime() / 1000);

            //该示例中,query为查询语句,接口中line参数控制返回日志条数,line取值为3,最大值为100。
            GetLogsResponse logsResponse = client.GetLogs(project, logStore, from, to, "", query, 3, 0,true);
            System.out.println("-------------Query is started.-------------");
            System.out.println("Returned query result count :" + logsResponse.GetCount());
            System.out.println("from time is :" + from);
            System.out.println("to time is :" + to);
            for (QueriedLog log : logsResponse.getLogs()) {
                LogItem item = log.GetLogItem();
                System.out.println("log time : " + item.mLogTime);
                System.out.println("Jsonstring : " + item.ToJsonString());
            }
            System.out.println("-------------Query is finished.-------------");

        } catch (LogException e) {
            System.out.println("LogException e :" + e.toString());
            System.out.println("error code :" + e.GetErrorCode());
            System.out.println("error message :" + e.GetErrorMessage());
            throw e;
        }
    }
}

返回结果示例如下:

-------------Query is started.-------------
Returned query result count :3
from time is :1644574151
to time is :1644574451
log time : 1644574438
Jsonstring : {"remote_addr":"203.0.113.40","__topic__":"nginx_access_log","body_bytes_sent":"3604","request_method":"POST"...}
log time : 1644574438
Jsonstring : {"remote_addr":"203.0.113.50","__topic__":"nginx_access_log","body_bytes_sent":"3369","request_method":"POST"...}
log time : 1644574438
Jsonstring : {"remote_addr":"203.0.113.60","__topic__":"nginx_access_log","body_bytes_sent":"12714","request_method":"POST"...}
-------------Query is finished.-------------

Process finished with exit code 0

示例3:使用SQL语句分析日志

本示例中将展示如何创建一个GetLogsTest.java文件,查询请求方法为POST的日志,并统计POST请求的PV数量。示例如下:

import com.aliyun.openservices.log.Client;
import com.aliyun.openservices.log.common.LogItem;
import com.aliyun.openservices.log.common.QueriedLog;
import com.aliyun.openservices.log.exception.LogException;
import com.aliyun.openservices.log.response.GetLogsResponse;

import java.util.Date;

public class GetLogsTest {

    public static void main(String[] args) throws LogException {
        //阿里云访问密钥AccessKey。更多信息,请参见访问密钥。阿里云账号AccessKey拥有所有API的访问权限,风险很高。强烈建议您创建并使用RAM用户进行API访问或日常运维。
        String accessId = "your-access-id";
        String accessKey = "your-access-id";
        //Project名称。
        String project = "your-project-name";
        //日志服务的服务入口。更多信息,请参见服务入口。此处以杭州为例,其它地域请根据实际情况填写。
        String host = "cn-hangzhou.log.aliyuncs.com";
        //Logstore名称。
        String logStore = "your-logstore-name";

        //创建日志服务Client。
        Client client = new Client(host, accessId, accessKey);

        //在指定的Logstore内执行SQL分析。
        try {
            //request_method字段用于记录请求的方法。查询请求方法为POST的日志,并统计POST请求的PV数量。
            String query = "request_method:POST|select COUNT(*) as pv";

            int from = (int) (new Date().getTime() / 1000 - 300);
            int to = (int) (new Date().getTime() / 1000);

            //该示例中,query为查询和分析语句,接口中line参数无效,返回条数以query为准,返回1条。
            GetLogsResponse logsResponse = client.GetLogs(project, logStore, from, to, "", query, 3, 0,true);
            System.out.println("-------------Query is started.-------------");
            System.out.println("Returned query result count :" + logsResponse.GetCount());
            System.out.println("from time is :" + from);
            System.out.println("to time is :" + to);
            for (QueriedLog log : logsResponse.getLogs()) {
                LogItem item = log.GetLogItem();
                System.out.println("log time : " + item.mLogTime);
                System.out.println("Jsonstring : " + item.ToJsonString());
            }
            System.out.println("-------------Query is finished.-------------");

        } catch (LogException e) {
            System.out.println("LogException e :" + e.toString());
            System.out.println("error code :" + e.GetErrorCode());
            System.out.println("error message :" + e.GetErrorMessage());
            throw e;
        }
    }
}

返回结果示例如下:

-------------Query is started.-------------
Returned query result count :1
from time is :1644574354
to time is :1644574654
log time : 1644574354
Jsonstring : {"pv":"162","logtime":1644574354}
-------------Query is finished.-------------

Process finished with exit code 0

示例4:使用SQL分组分析日志

本示例中将展示如何创建一个GetLogsTest.java文件,查询请求方法为POST的日志并且按照host进行分组。示例如下:

import com.aliyun.openservices.log.Client;
import com.aliyun.openservices.log.common.LogItem;
import com.aliyun.openservices.log.common.QueriedLog;
import com.aliyun.openservices.log.exception.LogException;
import com.aliyun.openservices.log.response.GetLogsResponse;

import java.util.Date;

public class GetLogsTest {

    public static void main(String[] args) throws LogException {
        //阿里云访问密钥AccessKey。更多信息,请参见访问密钥。阿里云账号AccessKey拥有所有API的访问权限,风险很高。强烈建议您创建并使用RAM用户进行API访问或日常运维。
        String accessId = "your-access-id";
        String accessKey = "your-access-id";
        //Project名称。
        String project = "your-project-name";
        //日志服务的服务入口。更多信息,请参见服务入口。此处以杭州为例,其它地域请根据实际情况填写。
        String host = "cn-hangzhou.log.aliyuncs.com";
        //Logstore名称。
        String logStore = "your-logstore-name";

        //创建日志服务Client。
        Client client = new Client(host, accessId, accessKey);

        //在指定的Logstore内执行SQL分析。
        try {
            //request_method字段用于记录请求的方法。统计请求方法为POST的日志并且按照host进行分组。
            //使用SQL语法中的limit限制条数为5。更多信息,请参见LIMIT子句。
            String query = "request_method:POST|select host, COUNT(*) as pv group by host limit 5";

            int from = (int) (new Date().getTime() / 1000 - 300);
            int to = (int) (new Date().getTime() / 1000);

            //该示例中,query为查询和分析语句,接口中line参数无效,返回条数以query为准,返回5条。
            GetLogsResponse logsResponse = client.GetLogs(project, logStore, from, to, "", query, 3, 0,true);
            System.out.println("-------------Query is started.-------------");
            System.out.println("Returned query result count :" + logsResponse.GetCount());
            System.out.println("from time is :" + from);
            System.out.println("to time is :" + to);
            for (QueriedLog log : logsResponse.getLogs()) {
                LogItem item = log.GetLogItem();
                System.out.println("log time : " + item.mLogTime);
                System.out.println("Jsonstring : " + item.ToJsonString());
            }
            System.out.println("-------------Query is finished.-------------");

        } catch (LogException e) {
            System.out.println("LogException e :" + e.toString());
            System.out.println("error code :" + e.GetErrorCode());
            System.out.println("error message :" + e.GetErrorMessage());
            throw e;
        }
    }
}

返回结果示例如下:

-------------Query is started.-------------
Returned query result count :5
from time is :1644574445
to time is :1644574745
log time : 1644574445
Jsonstring : {"pv":"1","host":"www.example1.com","logtime":1644574445}
log time : 1644574445
Jsonstring : {"pv":"1","host":"www.example.org","logtime":1644574445}
log time : 1644574445
Jsonstring : {"pv":"1","host":"www.example.net","logtime":1644574445}
log time : 1644574445
Jsonstring : {"pv":"1","host":"www.example.edu","logtime":1644574445}
log time : 1644574445
Jsonstring : {"pv":"1","host":"www.aliyundoc.com","logtime":1644574445}
-------------Query is finished.-------------

Process finished with exit code 0

示例5:使用SQL分组分析日志(返回200条)

本示例中将展示如何创建一个GetLogsTest.java文件,查询请求方法为POST的日志并且按照host进行分组,返回200条日志。示例如下:

import com.aliyun.openservices.log.Client;
import com.aliyun.openservices.log.common.LogItem;
import com.aliyun.openservices.log.common.QueriedLog;
import com.aliyun.openservices.log.exception.LogException;
import com.aliyun.openservices.log.response.GetLogsResponse;

import java.util.Date;

public class GetLogsTest {

    public static void main(String[] args) throws LogException {
        //阿里云访问密钥AccessKey。更多信息,请参见访问密钥。阿里云账号AccessKey拥有所有API的访问权限,风险很高。强烈建议您创建并使用RAM用户进行API访问或日常运维。
        String accessId = "your-access-id";
        String accessKey = "your-access-id";
        //Project名称。
        String project = "your-project-name";
        //日志服务的服务入口。更多信息,请参见服务入口。此处以杭州为例,其它地域请根据实际情况填写。
        String host = "cn-hangzhou.log.aliyuncs.com";
        //Logstore名称。
        String logStore = "your-logstore-name";

        //创建日志服务Client。
        Client client = new Client(host, accessId, accessKey);

        //在指定的Logstore内执行SQL分析。
        try {
            //request_method字段用于记录请求的方法。统计请求方法为POST的日志并且按照host进行分组。
            //使用SQL语法中的limit控制返回条数。更多信息,请参见LIMIT子句。
            String old_query = "request_method:POST|select host, COUNT(*) as pv group by host limit ";

            int from = (int) (new Date().getTime() / 1000 - 300);
            int to = (int) (new Date().getTime() / 1000);
            int log_offset = 0;
            int log_line = 200;
            
            String query = old_query + log_offset + "," + log_line;

            //该示例中,query为查询和分析语句,接口中line参数无效,返回条数以query为准。
            GetLogsResponse logsResponse = client.GetLogs(project, logStore, from, to, "", query, 10, 0 ,true);
            System.out.println("-------------Query is started.-------------");
            System.out.println("Returned query result count :" + logsResponse.GetCount());
            System.out.println("from time is :" + from);
            System.out.println("to time is :" + to);
            for (QueriedLog log : logsResponse.getLogs()) {
                LogItem item = log.GetLogItem();
                System.out.println("log time : " + item.mLogTime);
                System.out.println("Jsonstring : " + item.ToJsonString());
            }
            System.out.println("-------------Query is finished.-------------");

        } catch (LogException e) {
            System.out.println("LogException e :" + e.toString());
            System.out.println("error code :" + e.GetErrorCode());
            System.out.println("error message :" + e.GetErrorMessage());
            throw e;
        }
    }
}

返回结果示例如下:

-------------Query is started.-------------
Returned query result count :200
from time is :1644574445
to time is :1644574745
log time : 1644574445
Jsonstring : {"pv":"1","host":"www.example1.com","logtime":1644574445}
log time : 1644574445
Jsonstring : {"pv":"1","host":"www.example.org","logtime":1644574445}
log time : 1644574445
Jsonstring : {"pv":"1","host":"www.example.net","logtime":1644574445}
log time : 1644574445
Jsonstring : {"pv":"1","host":"www.example.edu","logtime":1644574445}
log time : 1644574445
Jsonstring : {"pv":"1","host":"www.aliyundoc.com","logtime":1644574445}
......
-------------Query is finished.-------------

Process finished with exit code 0

示例6:使用SQL统计过去一小时内的日志总条数

本示例中将展示如何创建一个GetLogsTest.java文件,并使用SQL语句*|select count(*) as count查询过去一小时内的日志总条数。示例如下:

import com.aliyun.openservices.log.Client;
import com.aliyun.openservices.log.common.LogItem;
import com.aliyun.openservices.log.common.QueriedLog;
import com.aliyun.openservices.log.exception.LogException;
import com.aliyun.openservices.log.response.GetLogsResponse;

import java.util.Date;

public class GetLogsTest {

    public static void main(String[] args) throws LogException {
        //阿里云访问密钥AccessKey。更多信息,请参见访问密钥。阿里云账号AccessKey拥有所有API的访问权限,风险很高。强烈建议您创建并使用RAM用户进行API访问或日常运维。
        String accessId = "your-access-id";
        String accessKey = "your-access-id";
        //Project名称。
        String project = "your-project-name";
        //日志服务的服务入口。更多信息,请参见服务入口。此处以杭州为例,其它地域请根据实际情况填写。
        String host = "cn-hangzhou.log.aliyuncs.com";
        //Logstore名称。
        String logStore = "your-logstore-name";

        //创建日志服务Client。
        Client client = new Client(host, accessId, accessKey);

        //在指定的Logstore内执行SQL分析。
        try {
            //查询日志总条数。
            String query = "*|select count(*) as count";
            //查询时间区间为1小时(3600秒)。
            int from = (int) (new Date().getTime() / 1000 - 3600);
            int to = (int) (new Date().getTime() / 1000);
            int log_offset = 0;
            int log_line = 200;

            //该示例中,query中SQL语句用于查询该时间区间中日志总条数。
            GetLogsResponse logsResponse = client.GetLogs(project, logStore, from, to, "", query, log_line, log_offset,true);
            System.out.println("-------------Query is started.-------------");
            System.out.println("from time is :" + from);
            System.out.println("to time is :" + to);
            System.out.println("Returned query result count :" + logsResponse.GetCount());

            for (QueriedLog log : logsResponse.getLogs()) {
                LogItem item = log.GetLogItem();
                System.out.println("Jsonstring : " + item.ToJsonString());
            }
            System.out.println("-------------Query is finished.-------------");

        } catch (LogException e) {
            System.out.println("LogException e :" + e.toString());
            System.out.println("error code :" + e.GetErrorCode());
            System.out.println("error message :" + e.GetErrorMessage());
            throw e;
        }
    }
}

从返回结果可以看出,过去一小时内的日志总条数为19051条。返回结果示例如下:

from time is :1675041679
to time is :1675045279
Returned sql result count :1
Jsonstring : {"count":"19051","logtime":1675041679}
-------------Query is finished.-------------