Queries the raw log data in a Logstore of a project. The returned result contains the raw log data within a specific time range. The returned result is compressed before transmission.
Operation description
- You can call this operation by using Alibaba Cloud SDK for Go, Java, TypeScript, or Python.
- You can call this operation by using Simple Log Service SDK for Go or Java.
- For more information, see GetLogs .
Debugging
Authorization information
Request syntax
POST /logstores/{logstore}/logs HTTP/1.1
Request parameters
| Parameter | Type | Required | Description | Example |
|---|---|---|---|---|
| project | string | Yes | The name of the project. | ali-test-project |
| logstore | string | Yes | The name of the Logstore. | test-logstore |
| Accept-Encoding | string | Yes | The compression format.
| lz4 |
| body | object | No | The body of the request. | |
| from | integer | Yes | The beginning of the time range to query. The value is the log time that is specified when log data is written. The time range that is specified in this operation is a left-closed, right-open interval. The interval includes the start time specified by the from parameter, but does not include the end time specified by the to parameter. If you specify the same value for the from and to parameters, the interval is invalid, and an error message is returned. The value is a timestamp that follows the UNIX time format. It is the number of seconds that have elapsed since January 1, 1970, 00:00:00 UTC. | 1627268185 |
| to | integer | Yes | The end of the time range to query. The value is the log time that is specified when log data is written. The time range that is specified in this operation is a left-closed, right-open interval. The interval includes the start time specified by the from parameter, but does not include the end time specified by the to parameter. If you specify the same value for the from and to parameters, the interval is invalid, and an error message is returned. The value is a timestamp that follows the UNIX time format. It is the number of seconds that have elapsed since January 1, 1970, 00:00:00 UTC. | 1627268185 |
| line | long | No | The maximum number of logs to return for the request. This parameter takes effect only when the query parameter is set to a search statement. Valid values: 0 to 100. Default value: 100. | 100 |
| offset | long | No | The line from which the query starts. This parameter takes effect only when the query parameter is set to a search statement. Default value: 0. | 0 |
| reverse | boolean | No | Specifies whether to return logs in reverse chronological order of log timestamps. The log timestamps are accurate to minutes. Valid values: true: Logs are returned in reverse chronological order of log timestamps. false (default): Logs are returned in chronological order of log timestamps. Note: The reverse parameter takes effect only when the query parameter is set to a search statement. The reverse parameter specifies the method used to sort returned logs. If the query parameter is set to a query statement, the reverse parameter does not take effect. The method used to sort returned logs is specified by the ORDER BY clause in the analytic statement. If you use the keyword asc in the ORDER BY clause, the logs are sorted in chronological order. If you use the keyword desc in the ORDER BY clause, the logs are sorted in reverse chronological order. By default, asc is used in the ORDER BY clause. | false |
| powerSql | boolean | No | Specifies whether to enable the SQL enhancement feature. By default, the feature is disabled. | false |
| session | string | No | The parameter that is used to query data. | mode=scan |
| topic | string | No | The topic of the logs. Default value: double quotation marks (""). | "" |
| query | string | No | The search statement or query statement. For more information, see the "Log search overview" and "Log analysis overview" topics. If you add set session parallel_sql=true; to the analytic statement in the query parameter, Dedicated SQL is used. Example: * | set session parallel_sql=true; select count(*) as pv. Note: If you specify an analytic statement in the query parameter, the line and offset parameters do not take effect in this operation. In this case, we recommend that you set the line and offset parameters to 0 and use the LIMIT clause to specify the number of logs to return on each page. For more information, see the "Perform paged queries" topic. | status: 401 | SELECT remote_addr,COUNT(*) as pv GROUP by remote_addr ORDER by pv desc limit 5 |
| forward | boolean | No | Specifies whether to page forward or backward for the scan-based query or phrase search. | false |
| highlight | boolean | No | Specifies whether to highlight the returned result. | false |
Response parameters
Examples
Sample success responses
JSONformat
{
"meta": {
"progress": "Complete",
"aggQuery": "select *",
"whereQuery": "*",
"hasSQL": false,
"processedRows": 10000,
"elapsedMillisecond": 5,
"cpuSec": 0.002,
"cpuCores": 3,
"keys": [
"key"
],
"terms": [
{
"test": "test",
"test2": 1
}
],
"limited": 100,
"mode": 0,
"phraseQueryInfo": {
"scanAll": true,
"beginOffset": 0,
"endOffset": 0,
"endTime": 1
},
"scanBytes": 1024,
"highlights": [
[
{
"Key": "key-test",
"Value": "value-test"
}
]
],
"count": 1,
"processedBytes": 10000,
"isAccurate": true,
"columnTypes": [
"long"
],
"telementryType": "None"
},
"data": [
{
"key": "{'remote_addr': '198.51.XXX.XXX', 'pv': '1', '__source__': '', '__time__': '1649902984'}"
}
]
}Error codes
For a list of error codes, visit the Service error codes.