Searching for Logs

AOM enables you to quickly query logs, and locate faults based on log sources and contexts.

In the navigation pane, choose Log > Log Search.
On the Log Search page, click the Component, System, or Host tab and set filter criteria as prompted.
1. You can search for logs by component, system, or host.
  - For component logs, you can set filter criteria such as Cluster, Namespace, and Component. You can also click Advanced Search and set filter criteria such as Instance, Host, and File Name, and choose whether to enable Hide System Component.
  - For system logs, you can set filter criteria such as Cluster and Host.
  - For host logs, you can set filter criteria such as Cluster and Host.
2. Enter a keyword in the search box. Rules are as follows:
  - Enter a keyword between two adjacent delimiters for exact search. By configuring delimiters, you can divide the log content into multiple words and then enter these words to search for logs. If you are not sure whether there are adjacent delimiters, enter a keyword for fuzzy search.
  - Enter a keyword with a question mark (?) or an asterisk (*) for fuzzy match. Do not start a keyword with a question mark or an asterisk. For example, you can enter ER?OR or ER*R.
  - Enter search criteria containing search operator AND (&&) or OR (||). For example, enter query logs&&erro* or query logs||error.
  - For details about search rules, see Search Syntax and Examples.
View the search result of logs.
The search results are sorted based on the log collection time, and keywords in them are highlighted. You can click in the Time column to switch the sorting order.

indicates the default order. indicates the ascending order by time (that is, the latest log is displayed at the end). indicates the descending order by time (that is, the latest log is displayed at the top).
1. Click on the left of the log list to view details.
2. AOM allows you to view the previous or next logs of a specified log by clicking View Context in the Operation column, facilitating fault locating. Therefore, you do not need to search for logs in raw files.
  - In the Display Rows drop-down list, set the number of rows that display raw context data of the log.
    For example, select 200 from the Display Rows drop-down list.
    
    If there are 100 logs or more printed prior to a log and 99 or more logs printed following the log, the preceding 100 logs and following 99 logs are displayed as the context.
    
    If there are fewer than 100 logs (for example, 90) printed prior to a log and fewer than 99 logs (for example, 80) printed following the log, the preceding 90 logs and following 80 logs are displayed as the context.
  - Click Export Current Page to export displayed raw context data of the log to a local PC.
To ensure that tenant hosts and services run properly, some components (for example, kube-dns) provided by the system will run on the tenant hosts. The logs of these components are also queried during tenant log query.
(Optional) Click in the upper right corner on the Log Search page, select the file format, and export the search result to the local PC.
Logs are sorted according to the order set in 3 and a maximum of 5000 logs can be exported. For example, when 6000 logs in the search result are sorted in descending order, only the first 5000 logs can be exported.

Logs can be exported in CSV or TXT format. You can select a format as required. If you select the CSV format, detailed information (such as log content, host IP address, and source) can be exported, as shown in Figure 1. If you select the TXT format, only log content can be exported, as shown in Figure 2. Each row represents a log. If a log contains a large amount of content, you are advised to view the log using a text editor.

Figure 1 Exporting logs in CSV format

Figure 2 Exporting logs in TXT format