All Products
Search

This Product

    Simple Log Service:Contextual query

    Document Center

    Simple Log Service:Contextual query

    Last Updated:Oct 30, 2024

    Simple Log Service allows developers to retrieve logs among a large number of logs by keyword and query the context of a log in a raw log file in the Simple Log Service console. This way, developers can retrieve logs and perform contextual query operations without the need to log on to servers.

    Prerequisites

    • Logs are collected by using Logtail. For more information, see Use Logtail to collect logs.

      Important

      If you use a Logtail plug-in to process text logs or collect the stdout and stderr of a container, you must add the aggregators configuration to the Logtail plug-in configuration. For more information, see Overview.

    • Indexes are created. For more information, see Create indexes.

    Background information

    When you use the contextual query feature, you must specify a server, a log file, and a log whose context you want to query. The feature returns the logs that are generated before or after the specified log and are collected from the log file on the server. You can use the context information to identify and troubleshoot errors in an efficient manner.

    Scenarios

    For example, a transaction on an online-to-offline (O2O) takeout app is recorded in an application log file on a server. A successful transaction involves the following operations: user logon, product browsing, product selection, product addition to the shopping cart, order placement, order payment, payment deduction, and order generation.

    If the order placement fails, O&M engineers must identify the cause of the failure at the earliest opportunity. In traditional contextual query solutions, O&M engineers must be granted the required permissions by an administrator before the engineers can log on to each server on which the O2O takeout app is deployed. After the permissions are granted, the O&M engineers can search application log files by order ID to identify the cause of the failure.

    In Simple Log Service, the O&M engineers can perform the following steps to identify the cause of the failure:

    1. Install Logtail on each server, create a machine group and a Logtail configuration in the Simple Log Service console, and then enable Logtail to upload incremental logs to Simple Log Service.

    2. On the query and analysis page in the Simple Log Service console, specify a time range and find the log that records the failure by order ID.

    3. After you find the log, scroll up until you find other related logs, such as a log that records a failure in payment deduction from a credit card.

    image

    Benefits

    • You can identify the causes of failures without the need to modify applications or change the formats of log files.

    • You can query the context of a log from a log file on a server in the Simple Log Service console. You can query the context of a log without the need to log on to the related server.

    • You can specify a time range to obtain suspicious logs before you perform a contextual query operation in the Simple Log Service console. This helps improve the efficiency of troubleshooting.

    • You do not need to worry about data loss that is caused by insufficient server storage or log file rotation. You can view historical log data in the Simple Log Service console at any time.

    Procedure

    Important

    The server associates the log context with the PackId. PackId can be automatically generated by using the Logtail for log collection or the Producer SDK for log writing. PackId can also be manually generated and uploaded by using the PutLogs interface.

    1. Log on to the Simple Log Service console.

    2. In the Projects section, click the project you want.

      image

    3. In the left-side navigation pane, click Log Storage. In the Logstores list, click the logstore you want.

      image

    4. Optional. Enter a query statement and select a query time range.

    5. On the Raw Logs > Raw Data tab, find the log whose context you want to query and click the 查询日志-004 icon.

      上下文

    6. On the page that appears, scroll up and down to view the context of the log.

      • To scroll up, click Old.

      • To scroll down, click New.

      • To display or stop displaying a field, click All Fields and then select or clear the check box of the field name. By default, the system displays all fields.

      • To filter logs by string, enter strings in the Filter field. Then, the system displays only the logs that contain the specified strings.

      • To highlight strings, enter the strings in the Highlight field. Then, the system highlights the strings in yellow.

      image