Updated on 2023-06-02 GMT+08:00

Viewing Bucket Logs

AOM supports fine-grained log query. That is, you can view logs by bucket to obtain key service data and quickly locate problems.

Currently, in CN North-Beijing1, CN East-Shanghai2, and CN South-Guangzhou regions, you can query logs from multiple dimensions. You can query and analyze original logs, as well as structured logs based on SQL syntax.

Precautions

  • Before viewing bucket logs, ensure that you have created at least one log bucket. Otherwise, you cannot view bucket logs.
  • You can view bucket logs generated in the last seven days.

Viewing Bucket Logs

  1. Log in to the AOM console. In the navigation pane, choose Log > Log Buckets, and click the Bucket Log tab to view logs.
  2. Set filter criteria.

    • Select a log bucket: Select a target log bucket from the drop-down list in the upper left corner.
    • Set a time range: In the drop-down list in the upper right corner, select a time range, such as Last 30 minutes, Last 1 hour, or Last 6 hours. You can also select Custom time range to specify the start time and end time.
    • Enter a keyword: Click the text box. All statistical rules and keywords of the bucket are displayed under the text box. Select a keyword. It is automatically displayed in the text box. Alternatively, enter a keyword directly in the text box.

      For common and complex keywords, click and create statistical rules according to Creating Statistical Rules. In the subsequent query, you do not need to manually enter a keyword in the text box. Instead, you can directly click the text box and select a desired statistical rule and keyword. After a statistical rule is created, AOM counts the number of keywords and generates metrics accordingly. You can then monitor the metrics on the Metric Monitoring page.

  3. View the search result.

    • Viewing statistical data in a bar chart

      The bar chart shows the number of logs that met the filter criteria set in step 2 in different time periods. The horizontal axis represents the time and is divided into 30 rectangular blocks of the same size. The time duration indicated by each rectangle block is selected time range/30. For example, if the time range is 30 minutes, the time duration of each rectangle block is 1 minute. If the time range is set to 60 minutes, the time duration of each rectangle block is 2 minutes. The vertical axis represents the number of queried logs.

      Figure 1 Viewing statistical data in a bar chart

      When you hover over a rectangle block, the prompt displays the time range (start time and end time) and the number of logs that meet the filter criteria within the time range. When you click a rectangle block, the log list displays corresponding log details. To deselect the block, click .

    • Viewing log details in a log list

      The log list displays the details of the logs that meet the filter criteria set in step 2.

      Figure 2 Viewing log details in a log list
      Perform the following operations if needed:
      • Click to view details of a selected log, such as the host IP address and source.
      • Sort search results: Logs are sorted based on collection time in descending order by default. You can click in the Collection Time column to change the order. When you click the black triangle icon to sort logs by time in ascending order, the latest log is displayed at the end. When you click the black triangle icon to sort logs by time in descending order, the latest log is displayed at the top.
      • View the context of a specified log: AOM allows you to view the previous or next logs of a specified log by clicking View Context in the Operation column, facilitating fault locating. Therefore, you do not need to search for logs in raw files.
        Figure 3 Viewing the context of a specified log