Log Service allows you to search for 1 billion to hundreds of billions of rows of log data within seconds.

Syntax

Each query statement consists of a search statement and an analytic statement. The search statement and analytic statement are separated by a vertical bar (|). For more information about the query statement, see Search syntax.
Notice
  • A search statement can be executed alone. However, an analytic statement must be executed together with a search statement. The log analysis feature is used to analyze search results or all data in the Logstore.
  • If you need to search for tens of billions of rows of data, you can repeatedly execute a search statement up to 10 times to obtain the complete result.
  • Syntax
    Search statement|Analytic statement
    Statement Description
    Search statement A search statement specifies one or more search conditions and returns the log entries that meet the specified conditions.

    A condition can be a keyword, a value, a value range, a space character, or an asterisk (*). If you leave the search statement unspecified or specify an asterisk (*) as the search statement, no condition is specified and all log data is returned. For more information, see Search syntax.

    Analytic statement An analytic statement is used to aggregate or analyze a search result. For more information, see Log analysis.
  • Example
    * | SELECT status, count(*) AS PV GROUP BY status

Limits

  • Each project supports a maximum of 100 concurrent search statements at a time.

    For example, 100 users can search for data in all Logstores of a project at the same time.

  • You can specify a maximum of 30 keywords for each search statement.
  • The maximum size of a field value is 10 KB. If the size of a field value exceeds 10 KB, the excess content is not queried.
  • The returned log entries are displayed on multiple pages. Each page displays a maximum of 100 search results.
  • Log Service performs the DOM operation only on the first 10,000 characters of a single log entry.
  • If you perform a fuzzy search, Log Service searches log entries based on 100 words that meet the specified conditions. Log entries that contain one or more of the 100 words and meet the search conditions are returned. For more information, see Fuzzy search.

Search methods

Notice Before you search for logs, make sure that you have collected logs and configured the indexes for the fields. Indexes are used in a storage structure to sort one or more columns of log data. For more information, see Configure indexes.
  • Use the Log Service console

    Log on to the Log Service console. On the Search & Analysis page of a Logstore, specify a time range and execute a search statement. For more information, see Query logs.

  • Call API operations

    Call the GetLogs or GetHistograms operation to search for log data.