GetLogs - - Alibaba Cloud Documentation Center

Queries the logs of a Logstore in a project.

Operation description

Usage notes

Note Simple Log Service allows you to create a Scheduled SQL job. For more information, see Create a Scheduled SQL job.

Host consists of a project name and a Simple Log Service endpoint. You must specify a project in Host.
If the number of logs in a Logstore significantly changes, Simple Log Service cannot forecast the number of times that you must call this operation to obtain the complete result. In this case, you must check the value of the x-log-progress parameter in the response of each request and determine whether to call this operation one more time to obtain the complete result. Each time you call this operation, the same number of charge units (CUs) are consumed.
After a log is written to a Logstore, you can call the GetHistograms or GetLogs operation to query the log after a short latency. The latency of a query varies based on the type of the log. Simple Log Service classifies logs into the following types based on the log time:
```
Real-time data: The difference between the time record in a log and the current time on Simple Log Service is within the interval (-180 seconds,900 seconds]. For example, if a log was generated at 12:03:00, September 25, 2014 (UTC) and Simple Log Service received the log at 12:05:00, September 25, 2014 (UTC), Simple Log Service processes the log as real-time data. This type of log is usually generated in common scenarios. 
```
- Historical data: The difference between the time record in a log and the current time on Simple Log Service is within the interval [-604,800 seconds,-180 seconds). For example, if a log was generated at 12:00:00, September 25, 2014 (UTC) and Simple Log Service received the log at 12:05:00, September 25, 2014 (UTC), Simple Log Service processes the log as historical data. This type of log is usually generated in data backfill scenarios.
After real-time data is written to a Logstore, the data can be queried with a maximum latency of 3 seconds. For 99.9% of queries, the latency is no more than 1 second.

Note Simple Log Service calculates the difference between the log time that is specified by the __time__ field and the receiving time that is specified by the __tag__:receive_time field for each log. The receiving time indicates the time at which Simple Log Service receives the log. If the difference is within the interval (-180 seconds,900 seconds], Simple Log Service processes the log as real-time data. If the difference is within the interval [-604,800 seconds,-180 seconds), Simple Log Service processes the log as historical data.

Simple Log Service provides examples on how to call the GetLogs operation by using Simple Log Service SDK for Java and Simple Log Service SDK for Python. For more information, see Examples of calling the GetLogs operation by using Simple Log Service SDK for Java and Examples of calling the GetLogs operation by using Simple Log Service SDK for Python.

Debugging

OpenAPI Explorer automatically calculates the signature value. For your convenience, we recommend that you call this operation in OpenAPI Explorer.

Debug

Authorization information

The following table shows the authorization information corresponding to the API. The authorization information can be used in the Action policy element to grant a RAM user or RAM role the permissions to call this API operation. Description:

Operation: the value that you can use in the Action element to specify the operation on a resource.
Access level: the access level of each operation. The levels are read, write, and list.
Resource type: the type of the resource on which you can authorize the RAM user or the RAM role to perform the operation. Take note of the following items:
- The required resource types are displayed in bold characters.
- If the permissions cannot be granted at the resource level, All Resources is used in the Resource type column of the operation.
Condition Key: the condition key that is defined by the cloud service.
Associated operation: other operations that the RAM user or the RAM role must have permissions to perform to complete the operation. To complete the operation, the RAM user or the RAM role must have the permissions to perform the associated operations.

Operation	Access level	Resource type	Condition key	Associated operation
log:GetLogStoreLogs	Read	LogStore acs:log:{#regionId}:{#accountId}:project/{#ProjectName}/logstore/{#LogstoreName}	log:TLSVersion	none

Request syntax

GET /logstores/{logstore}?type=log

Request parameters

Parameter	Type	Required	Description	Example
project	string	Yes	The name of the project.	ali-test-project
logstore	string	Yes	The Logstore whose logs you want to query.	example-logstore
from	integer	Yes	The beginning of the time range to query. The value is the log time that is specified when log data is written. The time range that is specified in this operation is a left-closed, right-open interval. The interval includes the start time specified by the from parameter, but does not include the end time specified by the to parameter. If you specify the same value for the from and to parameters, the interval is invalid, and an error message is returned. The value is a UNIX timestamp representing the number of seconds that have elapsed since January 1, 1970, 00:00:00 UTC. Note To ensure that full data can be queried, specify a query time range that is accurate to the minute. If you also specify a time range in an analytic statement, Simple Log Service uses the time range specified in the analytic statement for query and analysis. If you want to specify a time range that is accurate to the second in your analytic statement, you must use the from_unixtime or to_unixtime function to convert the time format. For more information about the functions, see from_unixtime function and to_unixtime function. Examples: `* \| SELECT * FROM log WHERE from_unixtime(__time__) > from_unixtime(1664186624) AND from_unixtime(__time__) < now()` `* \| SELECT * FROM log WHERE __time__ > to_unixtime(date_parse('2022-10-19 15:46:05', '%Y-%m-%d %H:%i:%s')) AND __time__ < to_unixtime(now())`	1627268185
to	integer	Yes	The end of the time range to query. The value is the log time that is specified when log data is written. The time range that is specified in this operation is a left-closed, right-open interval. The interval includes the start time specified by the from parameter, but does not include the end time specified by the to parameter. If you specify the same value for the from and to parameters, the interval is invalid, and an error message is returned. The value is a UNIX timestamp representing the number of seconds that have elapsed since January 1, 1970, 00:00:00 UTC. Note To ensure that full data can be queried, specify a query time range that is accurate to the minute. If you also specify a time range in an analytic statement, Simple Log Service uses the time range specified in the analytic statement for query and analysis. If you want to specify a time range that is accurate to the second in your analytic statement, you must use the from_unixtime or to_unixtime function to convert the time format. For more information about the functions, see from_unixtime function and to_unixtime function. Examples: `* \| SELECT * FROM log WHERE from_unixtime(__time__) > from_unixtime(1664186624) AND from_unixtime(__time__) < now()` `* \| SELECT * FROM log WHERE __time__ > to_unixtime(date_parse('2022-10-19 15:46:05', '%Y-%m-%d %H:%i:%s')) AND __time__ < to_unixtime(now())`	1627269085
query	string	No	The search statement or the query statement. For more information, see Log search overview and Log analysis overview. If you add `set session parallel_sql=true;` to the analytic statement in the query parameter, Dedicated SQL is used. For example, you can set the query parameter to `* \| set session parallel_sql=true; select count() as pv`. For more information about common errors that may occur during log query and analysis, see How do I resolve common errors that occur when I query and analyze logs? Note* If you specify an analytic statement in the value of the query parameter, the line and offset parameters do not take effect. In this case, we recommend that you set the line and offset parameters to 0 and use the LIMIT clause to limit the number of logs to return on each page. For more information, see Paged query.	status: 401 \| SELECT remote_addr,COUNT(*) as pv GROUP by remote_addr ORDER by pv desc limit 5
topic	string	No	The topic of the logs. The default value is double quotation marks (""). For more information, see Topic .	topic
line	long	No	The maximum number of logs to return for the request. This parameter takes effect only when the query parameter is set to a search statement. Minimum value: 0. Maximum value: 100. Default value: 100.	100
offset	long	No	The line from which the query starts. This parameter takes effect only when the query parameter is set to a search statement. Default value: 0.	0
reverse	boolean	No	Specifies whether to return logs in reverse chronological order of log timestamps. The log timestamps are accurate to the minute. Valid values: true: returns logs in reverse chronological order of log timestamps. false (default): returns logs in chronological order of log timestamps. Note The reverse parameter takes effect only when the query parameter is set to a search statement. The reverse parameter specifies the method used to sort returned logs. If the query parameter is set to a query statement, the reverse parameter does not take effect. The method used to sort returned logs is specified by the ORDER BY clause in the analytic statement. If you use the keyword asc in the ORDER BY clause, the logs are sorted in chronological order. If you use the keyword desc in the ORDER BY clause, the logs are sorted in reverse chronological order. By default, asc is used in the ORDER BY clause.	false
powerSql	boolean	No	Specifies whether to enable the Dedicated SQL feature. For more information, see Enable Dedicated SQL. Valid values: true: enables the Dedicated SQL feature. false (default): enables the Standard SQL feature. You can use the powerSql or query parameter to configure Dedicated SQL.	false

Response parameters

Parameter	Type	Description	Example
headers	object
x-log-progress	string	The status of the query and analysis results. Valid values: Complete: The query is successful, and the complete query and analysis results are returned. Incomplete: The query is successful, but the query and analysis results are incomplete. To obtain the complete results, you must repeat the request. Note You can use the `\|select count() as count` statement to obtain the total number of logs. You can also call the GetHistogram operation to obtain the number of logs that are generated within each subinterval of a time range and add the numbers to obtain the total number of logs. If you do not need to obtain the total number of logs, you can modify the offset parameter in the request and repeat the request multiple times. If the value of the x-log-progress parameter is Complete and the number of returned rows is less than the number of requested rows, all logs are read.	Complete
x-log-count	long	The number of rows that are returned. Note The total number of logs that meet the specified conditions is not returned. To query the total number of logs that meet the specified conditions, you must specify a query statement. For example, the query statement `request_method:GET\|select count(*) as count` can be used to query the total number of logs whose request_method is GET. For more information, see Best practices for query and analysis and Examples for querying and analyzing logs by using SDK for Java.	100
x-log-processed-rows	long	The number of rows that are processed in the query.	10000
x-log-elapsed-millisecond	long	The time that is consumed by the query. Unit: milliseconds.	5
Server	string	The name of the server.	nginx
Content-Type	string	The content type of the response body.	application/json
Content-Length	string	The content length of the response body.	0
Connection	string	Indicates whether the connection is persistent. Valid values: close: The connection is non-persistent. A new TCP connection is established for each HTTP request. keep-alive: The connection is persistent. After a TCP connection is established, the connection remains open, and no more time or bandwidth is consumed to establish new connections.	close
Date	string	The time when the response was returned.	Sun, 27 May 2018 08:25:04 GMT
x-log-requestid	string	The request ID.	5B0A6B60BB6EE39764D458B5
	object []	An array of logs. Each element in the array indicates a log.
	object		[{'remote_addr': '198.51.XXX.XXX', 'pv': '1', '__source__': '', '__time__': '1649902984'}, {'remote_addr': '198.51.XXX.XXX', 'pv': '1', '__source__': '', '__time__': '1649902984'}, {'remote_addr': '198.51.XXX.XXX', 'pv': '1', '__source__': '', '__time__': '1649902984'}, {'remote_addr': '198.51.XXX.XXX', 'pv': '1', '__source__': '', '__time__': '1649902984'}, {'remote_addr': '198.51.100.XXX', 'pv': '1', '__source__': '', '__time__': '1649902984'}]

Examples

Sample success responses

JSONformat

[
  {
    "test": "test",
    "test2": 1
  }
]

Error codes

For a list of error codes, visit the Service error codes.