Precautions

• Before viewing bucket logs, ensure that you have created at least one log bucket. Otherwise, you cannot view bucket logs.
• You can view bucket logs generated in the last seven days.

Viewing Original Logs

1. Log in to the AOM console. In the navigation pane, choose Log > Log Buckets, and click the Bucket Log tab to view logs.
2. Set filter criteria.
   • Select a log bucket: Select a target log bucket from the drop-down list in the upper left corner.
   • Set a time range: In the drop-down list in the upper right corner, select a time range, such as Last 30 minutes, Last 1 hour, or Last 6 hours. You can also select Custom time range to specify the start time and end time.
   • Enter a keyword: Click the text box. All statistical rules and keywords of the bucket are displayed under the text box. Select a keyword. It is automatically displayed in the text box. Alternatively, enter a keyword directly in the text box.
     

     For common and complex keywords, click and create statistical rules according to Creating Statistical Rules. In the subsequent query, you do not need to manually enter a keyword in the text box. Instead, you can directly click the text box and select a desired statistical rule and keyword. After a statistical rule is created, AOM counts the number of keywords and generates metrics accordingly. You can then monitor the metrics on the Metric Monitoring page.

3. View the search result.
   • Viewing statistical data in a bar chart

     The bar chart shows the number of logs that met the filter criteria set in step 2 in different time periods. The horizontal axis represents the time and is divided into 30 rectangular blocks of the same size. The time duration indicated by each rectangle block is selected time range/30. For example, if the time range is 30 minutes, the time duration of each rectangle block is 1 minute. If the time range is set to 60 minutes, the time duration of each rectangle block is 2 minutes. The vertical axis represents the number of queried logs.

     Figure 1 Viewing statistical data in a bar chart
     

     When you hover over a rectangle block, the prompt displays the time range (start time and end time) and the number of logs that meet the filter criteria within the time range. When you click a rectangle block, the log list displays corresponding log details. To deselect the block, click .

   • Viewing log details in a log list

     The log list displays the details of the logs that meet the filter criteria set in step 2.

     Figure 2 Viewing log details in a log list
     
     You can also perform the following operations:

     • Click to view details of a selected log, such as the host IP address and source.
     • Sort search results: Logs are sorted based on collection time in descending order by default. You can click in the Collection Time column to change the order. When you click the black triangle icon to sort logs by time in ascending order, the latest log is displayed at the end. When you click the black triangle icon to sort logs by time in descending order, the latest log is displayed at the top.
     • View the context of a specified log: AOM allows you to view the previous or next logs of a specified log by clicking View Context in the Operation column, facilitating fault locating. Therefore, you do not need to search for logs in raw files.
       Figure 3 Viewing the context of a specified log
       
     • Perform log structuring: Click Structure in the Operation column and use this log as an example log to structure all logs in the bucket. For details, see Structuring Original Logs.

Viewing Structured Logs

• This function only applies to CN North-Beijing1, CN East-Shanghai2, and CN South-Guangzhou regions.
• Before viewing structured logs, you need to structure original logs by adding extraction rules. Then you can query and analyze structured logs based on SQL syntax. For details, see Structuring Original Logs.
• After log structuring, wait about 1–2 minutes for SQL query and analysis.

The following shows how to locate faults in the Tomcat server through SQL query and analysis.

1. Log in to the AOM console. In the navigation pane, choose Log > Log Buckets.
2. Because SQL query is performed by log bucket, select a target log bucket on the Bucket Log tab page and click Structured logs.
   Figure 4 Structured logs
   

3. SQL query and analysis: Set a time range and filter criterion. Enter an SQL statement in the search box. For details about SQL statements supported by AOM, see SQL Query Syntax.

   For example, to query the number of requests whose HTTP return code is greater than or equal to 500 in the last six hours, perform the following operations:

   Select Last 6 hours from the drop-down list in the upper right corner and enter an SQL statement, such as select count(*) where code >= 500 in the search box, as shown in Figure 5.

   

   • For common and complex SQL statements, click to create statistical rules. For details, see Creating Statistical Rules. In the subsequent query, you do not need to manually enter a keyword in the text box. Instead, you can directly click the text box and select a desired statistical rule and SQL statement. After statistical rules are created, AOM collects statistics on values returned by SQL statements and generates metrics. You can view the data trend in a metric graph.
   • For the SQL statement which returns a single value, for example, select count(*) where code >= 500, statistical rules can be created. For the SQL statement which returns multiple values, for example, select count(*) group by ip, statistical rules cannot be created.
   Figure 5 Using SQL statements to query data