All Products
Search

This Product

    Simple Log Service:FAQ about log query

    Document Center

    Simple Log Service:FAQ about log query

    Last Updated:Jun 14, 2024

    This topic provides answers to some frequently asked questions about log query.

    How do I identify the source machine from which logs are collected when I query logs?

    • If you use Logtail to collect logs and your Logtail configuration is applied to an IP address-based machine group, machines in the machine group are distinguished by the IP addresses of the machines. When you query logs, you can use the obtained hostname and IP address to identify the source machine from which the logs are collected.

    • For example, you can use the following statement to query the number of times that different hostnames appear in logs. Before you execute the statement, you must create an index for the __tag__:__hostname__ field and turn on Enable Analytics for the field. For more information about how to create indexes, see Create indexes. For more information about __tag__ fields, see Reserved fields. 

      * | select "__tag__:__hostname__" , count(1) as count group by "__tag__:__hostname__"

    How do I query logs by using an IP address?

    • Query logs by using an IP address. 

      __tag__:__client_ip__:192.0.2.1

    • Query logs whose IP addresses start with 192.0.2. 

      __source__:192.0.2.*

    • Query logs whose IP addresses match 192.168.XX.XX. You can also use a regular expression to perform fuzzy match. For more information, see How do I query logs by using fuzzy match? 

      * | select * from log where key like '192.168.%.%'

    How do I use two conditions to query logs?

    If you want to use two conditions to query logs, specify two statements at a time.

    For example, if you want to query logs whose status field is neither OK nor Unknown in a Logstore, you can use not OK not Unknown to obtain the logs that meet the conditions.

    How do I query logs in Simple Log Service?

    You can use one of the following methods to query logs in Simple Log Service:

    • Use the Simple Log Service console to query logs. For more information about how to query and analyze logs in the Simple Log Service console, see Query and analyze logs.

    • Use Simple Log Service SDK to query logs. For more information, see Overview of Simple Log Service SDK.

    • Use RESTful API operations to query logs. For more information, see GetLogs.

    I can use Simple Log Service SDK to query logs, but a timeout or network error occurs when I use the SDK to perform SQL analysis. What do I do?

    A possible reason is that the network firewall of your client intercepts the requests that contain a keyword used in SQL analysis.

    We recommend that you change the Simple Log Service endpoint that is used to an endpoint that starts with HTTPS to check whether the error is caused by the network firewall of your client.