平安云|Ping An Cloud- Building Your Smart Future

Query Methods

Ping An Cloud Log Service supports following query methods: keyword-based query, phrase-based query, fuzzy query, key-value-based query, and query based on the multiple criteria. Keyword-Based Query This method queries logs by keyword or the combination of keywords in a query syntax. For example, to query the logs containing both keywords a and b, use a AND b. Phrase-based Query If a phrase contains spaces, use quotation marks ("") to enclose the phrase. For example, to query logs containing hello pingan cloud, use "hello pingan cloud". Fuzzy Query To perform fuzzy query, add the asterisk (*) or the question mark (?) to the middle or end of a keyword. Then, the system will search the first 10000 logs starting with the keyword. For example, to query the logs starting with the keyword hello, use hello*. Key-Value-Based Query Ping An Cloud supports the following methods of key-value-based log query: Method 1: Query logs by using the key-value pairs extracted by Log Service by default. <div class="note important note_important">Important: <ol class="ol" id="Search_Method__ol_grx_q5l_wnb"> <li class="li">Ping An Cloud Log Service extracts the following key-value pairs by default: appname, message, source, collector_node_id, file, and timestamp. For more information about these keys, see <a class="xref" href="/ssr/help/middleware/LogCloud/index.Concepts" target="_blank">Logs</a>.</li> <li class="li">If you specify only a keyword or a query syntax for query, the message key-value pair is used by default and the system searches the log messages for the matching data. </li> </ol> </div> Example 1: Use appname:UUID-nameto query logs with a specific project name. <div class="note note note_note">Note: To obtain UUID-name: <ol class="ol" id="Search_Method__ol_tfl_t5l_wnb"> <li class="li">In the left navigation pane of the Log Service console, click Project Management. </li> <li class="li">On the Project Management page, click the target project name. As shown in the figure below, the content in the red box of the URL is the project ID (UUID). </li> </ol> </div> <img class="image" id="Search_Method__image_kfb_mb1_xmb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20210106133703-14ac1bdc9cf5.png" width="830"> Example 2: Use source:UUID-source to query logs of the ECS with a specific host name. <div class="note note note_note">Note: To obtain UUID-source: <ol class="ol" id="Search_Method__ol_vg5_y5l_wnb"> <li class="li">In the left navigation page of the ECS console, click Instance. </li> <li class="li">On the Instance Management page, click the instance name. The hostname of the ECS instance is displayed on the Instance Information page.</li> </ol> </div> <img class="image" id="Search_Method__image_krt_pb1_xmb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20210106133703-1aedb4689be7.png" width="830"> Example 3: Use collector_node_id:IP-address to query the logs of the ECS with a specific IP address. <div class="note note note_note">Note: To obtain IP-address: <ol class="ol" id="Search_Method__ol_fd3_cvl_wnb"> <li class="li">In the left navigation page of the ECS console, click Instance.</li> <li class="li">On the Instance Management page, click the instance name. The IP address of the ECS instance is displayed in the Intranet IP field on the Instance Information page.</li> </ol> </div> <img class="image" id="Search_Method__image_igl_sb1_xmb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20210106133703-12b77f1d9579.png" width="830"> Example 4: Use file:file-nameto query logs under a specific collection path. <div class="note note note_note">Note: To obtain file-name: <ol class="ol" id="Search_Method__ol_gyt_fvl_wnb"> <li class="li">In the left navigation pane of the Log Service console, click Project Management. </li> <li class="li">On the Project Management page, click the target project name. </li> <li class="li">Click the AGENT CONFIG tab to view the target path.</li> </ol> </div> <img class="image" id="Search_Method__image_el4_xb1_xmb" src="https://obs-cn-shanghai.yun.pingan.com/pcp-portal/20210106133703-126af4249eb2.png" width="830"> Method 2: For Nginx logs, if the content to be queried is of the double or long type, you can specify a value range. For example, to query logs for HTTP requests whose request time (request processing time) is more than 300 milliseconds and return status is not 200, use request_time> 300 AND NOT status: 200. Query by Combination of Criteria This method queries logs by using the combination of keywords and query operators, such as AND, OR, and parentheses (( )). <ul class="ul" id="Search_Method__ul_xmv_kvl_wnb"> <li class="li">Example 1: Use appname:Project1_UUID AND (collector_node_id:10.0.0.2 OR collector_node_id:10.0.0.3) AND "hello world" to query logs that meet the following requirements:<ul class="ul" id="Search_Method__ul_ymv_kvl_wnb"> <li class="li">Belonging to Project1.</li> <li class="li">Collected from ECS 10.0.0.2 or 10.0.0.</li> <li class="li">Containing the keyword hello world.</li> </ul></li> <li class="li">Example 2: Use ((source: HOST1 OR source: HOST2) AND (file: /var/log/*.log)) AND "hello world" to query logs that meet the following requirements:<ul class="ul" id="Search_Method__ul_zmv_kvl_wnb"> <li class="li">Containing "hello world" </li> <li class="li">Collected from /var/log/*.log on HOST1 or HOST2.</li> </ul></li> </ul>

Did the above content solve your problem? Yes No