Queries raw logs from a specified Logstore in a project. The response contains raw logs within a specified time range and is compressed for transmission.
Operation description
-
The Simple Log Service software development kit (SDK) is available for Go, Java, and Python. You can also call all OpenAPI operations directly.
-
Specify a compression method when you call this operation. Available compression algorithms depend on your programming language. For more information, see the Accept-Encoding request parameter.
-
For more information, see GetLogs.
Permissions
The following table lists the permissions required to call this API operation. Add the action to a RAM policy statement to grant a RAM user or RAM role permission to call this operation.
| Action | Resource in an authorization policy |
log:GetLogStoreLogs | acs:log:{#regionId}:{#accountId}:project/{#ProjectName} |
Try it now
Test
RAM authorization
Request syntax
POST /logstores/{logstore}/logs HTTP/1.1Path Parameters
|
Parameter |
Type |
Required |
Description |
Example |
| logstore |
string |
Yes |
The name of the Logstore. |
test-logstore |
Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| project |
string |
Yes |
The name of the project. |
ali-test-project |
| Accept-Encoding |
string |
Yes |
The compression method.
Valid values:
|
lz4 |
| body |
object |
No |
The request struct. |
|
| from |
integer |
Yes |
The start of the time range to query. The value is the log time that was specified when the log was written. The time range is a left-closed right-open interval. This means the range includes the start time but not the end time. If the from and to values are the same, the interval is invalid and an error is returned. The value is a UNIX timestamp that represents the number of seconds since 00:00:00 UTC on January 1, 1970. |
1627268185 |
| to |
integer |
Yes |
The end of the time range to query. The value is the log time that was specified when the log was written. The time range is a left-closed right-open interval. This means the range includes the start time but not the end time. If the from and to values are the same, the interval is invalid and an error is returned. The value is a UNIX timestamp that represents the number of seconds since 00:00:00 UTC on January 1, 1970. |
1627268185 |
| line |
integer |
No |
The maximum number of logs to return. This parameter is valid only if the query parameter contains a query statement. The value must be an integer from 0 to 100. The default value is 100. |
100 |
| offset |
integer |
No |
The line number from which to start the query. This parameter is valid only if the query parameter contains a query statement. The default value is 0. |
0 |
| reverse |
boolean |
No |
Specifies whether to return logs in descending order of their timestamps. The precision is at the minute level. true: Returns logs in descending order of their timestamps. false (default): Returns logs in ascending order of their timestamps. Note: If the query parameter contains a query statement, the reverse parameter is valid and specifies the sorting order. If the query parameter contains a query and analysis statement, the reverse parameter is invalid. The sorting order is specified by the ORDER BY clause in the analytic statement. If ORDER BY is asc (default), logs are sorted in ascending order. If ORDER BY is desc, logs are sorted in descending order. |
false |
| powerSql |
boolean |
No |
Specifies whether to enable enhanced SQL. The default value is false. |
false |
| session |
string |
No |
The query parameter. |
mode=scan |
| topic |
string |
No |
The log topic. The default value is double quotation marks (""). |
"" |
| query |
string |
No |
The query statement or analytic statement. For more information, see Query overview and Analysis overview. To use the Exclusive SQL feature, add set session parallel_sql=true; to the analytic statement in the query parameter. Example: * | set session parallel_sql=true; select count(*) as pv. Note: If the query parameter contains an analytic statement (SQL statement), the line and offset parameters are invalid. Set them to 0. Use the LIMIT clause in the SQL statement for paging. For more information, see Paginate query and analysis results. |
status: 401 | SELECT remote_addr,COUNT(*) as pv GROUP by remote_addr ORDER by pv desc limit 5 |
| forward |
boolean |
No |
For a scan or phrase query, specifies whether to page forward or backward. |
false |
| highlight |
boolean |
No |
Specifies whether to highlight the results. |
false |
| isAccurate |
boolean |
No |
Specifies whether to enable nanosecond-level sorting. |
true |
Response elements
|
Element |
Type |
Description |
Example |
|
object |
The data returned. |
||
| meta |
object |
The metadata of the returned data. |
|
| progress |
string |
The progress of the query. Valid values:
|
Complete |
| aggQuery |
string |
The SQL part of the query statement that follows the pipe character (|). |
select * |
| whereQuery |
string |
The part of the query statement that precedes the pipe character (|). |
* |
| hasSQL |
boolean |
Indicates whether the query is an SQL query. |
false |
| processedRows |
integer |
The number of rows processed in the query. |
10000 |
| elapsedMillisecond |
integer |
The time consumed by the query, in milliseconds. |
5 |
| cpuSec |
number |
The core-hours for the Exclusive SQL. |
0.002 |
| cpuCores |
integer |
The number of CPU cores used. |
3 |
| keys |
array |
All keys in the query result. |
|
|
string |
The key. |
key |
|
| terms |
array<object> |
All terms in the query statement. |
|
|
object |
The term. |
{term=*, key=} |
|
| limited |
integer |
The number of entries returned. This parameter is returned if the SQL statement does not contain a LIMIT clause. |
100 |
| mode |
integer |
The query mode. Valid values: 0: Normal query, which includes SQL queries. 1: Phrase query. 2: SCAN query. 3: SCAN SQL query. |
0 |
| phraseQueryInfo |
object |
The information about the phrase query. |
|
| scanAll |
boolean |
Indicates whether all logs are scanned. |
true |
| beginOffset |
integer |
The starting offset of the scan result after index filtering. |
0 |
| endOffset |
integer |
The end offset of the scan result after index filtering. |
0 |
| endTime |
integer |
The end time of the scan result after index filtering. |
1 |
| scanBytes |
integer |
The volume of data scanned in the scan query, in bytes. |
1024 |
| highlights |
array |
The highlighted content. |
|
|
array |
The highlighted content. |
||
| LogContent |
The highlighted log content. |
||
| count |
integer |
The number of log entries returned in this query. |
1 |
| processedBytes |
integer |
The volume of logs processed in the query, in bytes. |
10000 |
| isAccurate |
boolean |
Indicates whether nanosecond-level sorting is enabled. |
true |
| columnTypes |
array |
The column types. |
|
|
string |
The type. |
long |
|
| telementryType |
string |
The type of observable data. |
None |
| data |
array<object> |
The query results. |
|
|
object |
The returned data. |
||
|
string |
The returned data. |
{'remote_addr': '198.51.XXX.XXX', 'pv': '1', '__source__': '', '__time__': '1649902984'} |
Examples
Success response
JSON format
{
"meta": {
"progress": "Complete",
"aggQuery": "select *",
"whereQuery": "*",
"hasSQL": false,
"processedRows": 10000,
"elapsedMillisecond": 5,
"cpuSec": 0.002,
"cpuCores": 3,
"keys": [
"key"
],
"terms": [
{
"test": "test",
"test2": 1
}
],
"limited": 100,
"mode": 0,
"phraseQueryInfo": {
"scanAll": true,
"beginOffset": 0,
"endOffset": 0,
"endTime": 1
},
"scanBytes": 1024,
"highlights": [
[
{
"Key": "key-test",
"Value": "value-test"
}
]
],
"count": 1,
"processedBytes": 10000,
"isAccurate": true,
"columnTypes": [
"long"
],
"telementryType": "None"
},
"data": [
{
"key": "{'remote_addr': '198.51.XXX.XXX', 'pv': '1', '__source__': '', '__time__': '1649902984'}"
}
]
}Error codes
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.