Multidimensional data collection and processing
|
Category |
Feature |
Description |
References |
|
Data collection |
Collection from Alibaba Cloud services |
Simple Log Service can collect logs from multiple types of Alibaba Cloud services, such as elastic computing, storage, security, and database services. The logs record operational statistics, such as the user operations, running status, and business dynamics of Alibaba Cloud services. |
Collection of Alibaba Cloud service logs |
|
Logtail-based data collection |
Logtail is a log collection agent that is provided by Simple Log Service. You can use Logtail to collect logs from multiple data sources, including Alibaba Cloud Elastic Compute Service (ECS) instances, servers in data centers, and servers from third-party cloud service providers. |
Logtail-based data collection | |
|
SDK-based data collection |
Simple Log Service provides an SDK for different programming languages, such as .NET, Java, Python, PHP, and C. You can select Simple Log Service SDK for a specific programming language based on your business requirements. The SDK allows you to perform various operations, such as collecting, querying, and analyzing logs. |
Use SDKs to collect logs | |
|
Third-party tool-based data collection |
You can collect logs by using tools, such as Logstash, Flume, Beats, Fluentd, Telegraf, and Loggie, and use the Kafka protocol to upload the collected logs to Simple Log Service. |
Other collection methods | |
|
Global acceleration for data collection |
Simple Log Service provides the global acceleration feature. You can enable the feature and configure log collection acceleration for Logtail and SDKs. |
Enable the global acceleration feature | |
|
Data import |
You can import log data to Simple Log Service and perform operations on the log data. For example, you can query and analyze the log data. The log data includes Object Storage Service (OSS) data, MaxCompute data, MySQL data, MySQL binary log data, PostgreSQL data, SQL Server data, Elasticsearch data, Kafka data, CloudMonitor data, and Pub/Sub messages of Google Cloud. |
Data import | |
|
Data shipping |
Data shipping to OSS |
You can ship logs from Simple Log Service to OSS. |
|
|
Data shipping to MaxCompute |
You can ship logs from Simple Log Service or DataWorks to MaxCompute. |
||
|
Data shipping to AnalyticDB for MySQL |
You can ship logs from Simple Log Service to AnalyticDB for MySQL. |
Ship logs to AnalyticDB for MySQL | |
|
Data transformation |
Data transformation |
Simple Log Service provides the data transformation feature, which is managed, scalable, and highly available. You can use the feature to standardize, enrich, transfer, mask, and filter data. |
For more information, see Overview of data transformation. |
|
Real-time data consumption |
Real-time data consumption by applications in various programming languages |
Applications that are developed in programming languages such as Java, Python, and Go can consume data that is collected by Simple Log Service as consumers or consumer groups. |
Applications in various programming languages |
|
Real-time data consumption by third-party software |
Simple Log Service allows third-party software to consume data in real time. The third-party software includes Splunk, Logstash, Qradar, and Flume. |
Third party software | |
|
Real-time data consumption by Alibaba Cloud services |
Simple Log Service allows Alibaba Cloud services to consume data in real time. The cloud services include Function Compute, Realtime Compute for Apache Flink, and CloudMonitor. |
Alibaba Cloud services | |
|
Real-time data consumption by stream computing frameworks |
Simple Log Service allows stream computing frameworks to consume data in real time. The frameworks include Storm, Flink, and Spark. |
Stream processing | |
|
Data import |
OSS data import |
Import data from OSS to Simple Log Service | |
|
Data download |
Data download |
Download logs |
Unified observable data storage and analysis
|
Category |
Feature |
Description |
References |
|
Data storage |
Intelligent hot and cold-tiered storage |
Simple Log Service provides the hot and cold-tiered storage feature. Cold-tiered storage helps users reduce long-term storage costs without affecting log query, analysis, visualization, alerting, shipping, or transformation. |
Configure intelligent hot and cold-tiered storage |
|
Standard Logstores and Query Logstores |
Simple Log Service provides two types of Logstores: Standard Logstores and Query Logstores. Standard Logstore: This type of Logstore supports the log analysis feature and is suitable for scenarios such as real-time monitoring and interactive analysis. You can use this type of Logstore to build a comprehensive observability system. Query Logstore: This type of Logstore supports high-performance queries. The index traffic fee of a Query Logstore is lower than that of a Standard Logstore. |
Manage a Logstore | |
|
Query and analysis |
Log query and analysis in index mode |
After you create indexes for a Logstore, you can query and analyze the logs that are collected and stored in the Logstore on the query and analysis page in real time. |
Guide to log query and analysis |
|
Log query and analysis in scan mode |
Simple Log Service provides the scan feature. You can use the feature to scan logs based on specified fields to return query and analysis results. The feature allows you to query and analyze logs without the need to configure indexes for the logs. |
Scan logs | |
|
Scheduled SQL |
Simple Log Service provides the Scheduled SQL feature. You can use the feature to automatically analyze data at regular intervals and aggregate data for storage. You can also use the feature to project and filter data. |
Scheduled SQL | |
|
Log download |
You can download logs or query and analysis results in the Simple Log Service console, or by using Cloud Shell, Simple Log Service CLI, or Simple Log Service SDK. |
Download logs | |
|
Visualization |
Dashboards |
Simple Log Service allows you to create dashboards to analyze data in real time. You can view multiple charts that are generated based on query and analysis results on a dashboard. When you open or refresh a dashboard, a query operation is automatically performed for each chart on the dashboard. |
Dashboard |
|
Charts |
Simple Log Service renders the results of query statements to charts. Simple Log Service provides various types of charts, such as tables, line charts, and column charts. |
Charts | |
|
External visualization tools |
You can connect Simple Log Service to external visualization tools, such as DataV, Grafana, and Tableau, to display data on dashboards. |
||
|
Alerting |
Alerting and monitoring |
The alerting and monitoring system triggers alerts. The alerting and monitoring system contains alert rules and resource data. The alerting and monitoring system periodically monitors and evaluates query and analysis results based on alert rules. If an alert is triggered or cleared based on an alert rule, the alerting and monitoring system sends an alert or a recovery notification to the alert management system based on monitoring orchestration. |
Alerting and monitoring |
|
Alert management |
The alert management system is a subsystem of Simple Log Service that denoises alerts. |
Alert management | |
|
User management |
If you want to send alert notifications by using text messages, emails, or voice calls, you must specify users or user groups to whom the alert notifications are sent, create on-duty groups, integrate webhooks, configure dynamic recipients, import CloudMonitor contacts, and import Resource Access Management (RAM) contacts. |
User management | |
|
Notification management |
The notification management system manages the notification methods and recipients of alert notifications. The notification management system contains action policies, alert templates, calendars, users, user groups, on-duty groups, and notification method quotas. The notification management system sends notifications to specified recipients by using specified notification methods based on action policies. The recipients can be users, user groups, or on-duty groups. |
Notification management |
Out-of-the-box applications
|
Category |
Feature |
Description |
References |
|
Observability applications for cloud infrastructure |
CloudLens for OSS |
Simple Log Service and OSS jointly launch the CloudLens for OSS application. The application provides a bucket-level view for centralized management. You can use the application to analyze data such as resource usage, access, anomaly detection, and security data in a visualized manner. The application also provides scenario-based O&M management to achieve bucket asset observability. |
CloudLens for OSS |
|
CloudLens for EBS |
Simple Log Service and Elastic Block Storage (EBS) jointly launch the CloudLens for EBS application. You can use the application to monitor and manage EBS resources such as disks, snapshots, and asynchronous data replication between disks. |
CloudLens for EBS | |
|
CloudLens for SLS |
Simple Log Service provides the CloudLens for SLS application. You can use the application to monitor and manage your Simple Log Service assets, such as projects and Logstores, and obtain information about asset consumption in a more efficient manner. |
CloudLens for SLS | |
|
Flow Log Center |
Simple Log Service and Virtual Private Cloud (VPC) jointly launch the Flow Log Center application. You can use the application to query the policies of the VPC that is used, traffic of elastic network interfaces (ENIs), and traffic between CIDR blocks. This way, you can analyze the flow logs of your VPC in an efficient and effective manner. |
Flow Log Center | |
|
CloudLens for ALB |
Simple Log Service and Server Load Balancer (SLB) jointly launch the CloudLens for ALB application. You can use the application to analyze the Layer 7 access logs of Application Load Balancer (ALB), analyze the metrics that are aggregated at one-second intervals, and generate alerts in real time. The application also provides AIOps-based automated anomaly detection. You can also use the application to analyze the behavior, geographical distribution, request success rates, and response latency of clients. |
CloudLens for ALB | |
|
K8s Event Center |
K8s Event Center records the status changes of Kubernetes clusters. For example, K8s Event Center records a status change when you create, run, or delete a pod, or when a component exception occurs. K8s Event Center aggregates all events in Kubernetes clusters in real time. This allows you to perform various operations on the events. For example, you can store, query, analyze, and visualize event data and configure alerts for the events. |
K8s Event Center | |
|
CloudLens for Redis |
Simple Log Service and Tair (Redis OSS-compatible) jointly launch the CloudLens for Redis application. You can use the application to manage Tair (Redis OSS-compatible) instances in a centralized manner and collect the operational logs, slow query logs, and audit logs of the instances. |
CloudLens for Redis | |
|
CloudLens for PolarDB |
Simple Log Service and PolarDB for MySQL jointly launch the CloudLens for PolarDB application. You can use the application to manage PolarDB for MySQL clusters in a centralized manner and collect the slow query logs, error logs, audit logs, and performance metrics of the clusters. |
CloudLens for PolarDB | |
|
CloudLens for RDS |
Simple Log Service and ApsaraDB RDS jointly launch the CloudLens for RDS application. You can use the application to check the collection status of SQL audit logs, error logs, and slow query logs for ApsaraDB RDS instances in real time and manage collection configurations in a centralized manner. You can also audit and analyze the collected logs and configure alerts for the logs. |
CloudLens for RDS | |
|
Kubernetes Ingress Log Center |
Container Service for Kubernetes (ACK) allows you to configure the nginx-ingress-controller component for an ACK cluster. The component provides URLs that can be visited by servers outside the cluster, and supports server load balancing, SSL termination, and name-based virtual hosting. You can also use the component to write the log data of HTTP requests to stdout and stderr. Simple Log Service provides the Ingress Log Center application. You can use the application to monitor and analyze the status of backend services for Ingress. |
Kubernetes Ingress Log Center | |
|
CloudLens for CLB |
Simple Log Service and SLB jointly launch the CloudLens for CLB application. You can use the application to analyze Classic Load Balancer (CLB) access logs, Cloud Config logs, and CloudMonitor events, analyze the metrics that are aggregated at one-second intervals, and generate alerts in real time. The application also provides AIOps-based automated anomaly detection. |
CloudLens for CLB | |
|
ITOps applications |
ARMS RUM |
ARMS RUM is suitable for scenarios such as web page monitoring, Weex monitoring, and mini-program monitoring. ARMS RUM helps you monitor the health status of pages based on the following metrics: page loading speed (speed test), page stability (JavaScript errors), and success rate of external service calls (API calls). |
ARMS RUM |
|
Full-stack Monitoring |
Simple Log Service provides the Full-stack Monitoring application to monitor IT systems from end to end. The application can monitor various system components, such as hosts, Kubernetes clusters, databases, and middleware. |
Full-stack Monitoring | |
|
Trace |
Simple Log Service provides the Trace application based on the native OpenTelemetry protocol to implement distributed tracing. You can use the application to import, store, analyze, and visualize trace data. You can also use the application to configure alerts for trace data and manage trace data based on AIOps. |
Trace | |
|
Full-stack Observability |
Simple Log Service provides the Full-stack Observability application. You can use the application to enable end-to-end observability for IT systems. The application provides features such as IT system monitoring, end-to-end tracing, and intelligent alerting. |
Full-stack Observability | |
|
Intelligent Anomaly Analysis |
The Intelligent Anomaly Analysis application is a highly available service that can be hosted and scaled. The application provides the following capabilities: intelligent inspection, text analysis, and root cause diagnosis. |
Intelligent Anomaly Analysis | |
|
Alert OpsCenter |
Alert OpsCenter is a business-centric platform that provides alert management and O&M capabilities. You can add alerts that are generated by third-party monitoring platforms, such as Zabbix and Prometheus, and alerts that are generated by Simple Log Service resources to a business. This way, you can use the business to manage alerts and send alert notifications in a centralized manner and improve the O&M efficiency. |
Alert OpsCenter | |
|
SecOps applications |
Log Audit Service |
Log Audit Service supports all features of Simple Log Service. Log Audit Service also supports automated and centralized log collection from cloud services across Alibaba Cloud accounts in real time. Then, you can audit the collected logs. Log Audit Service also stores data required for audit and allows you to query and aggregate the data. |
Log Audit Service |
|
Cost observability applications |
Cost Manager |
Simple Log Service and Billing Management jointly launch the self-service analytics feature. After you enable the self-service analytics feature, bills are automatically imported and bill analysis reports are generated in a visualized manner. This improves the efficiency of bill analysis. |
Cost Manager |
