Searching for Logs

AOM enables you to quickly query logs, and locate faults based on log sources and contexts.

Log in to the AOM 2.0 console.
In the navigation pane, choose Log Analysis > Log Search.

In regions where new log analysis functions are supported, you can access the Log Search page through the entry described in Table 2.
On the Log Search page, click the Component, System, or Host tab and set filter criteria as prompted.
1. You can search for logs by component, system, or host.
  - For component logs, you can set filter criteria such as Cluster, Namespace, and Component. You can also click Advanced Search and set filter criteria such as Instance, Host, and File, and choose whether to enable Hide System Component.
  - For system logs, you can set filter criteria such as Cluster and Host.
  - For host logs, you can set filter criteria such as Cluster and Host.
2. Enter a keyword in the search box. Rules are as follows:
  - Enter keywords for exact search. A keyword is the word between two adjacent delimiters.
  - Use an asterisk (*) or question mark (?) for fuzzy search, for example, ER?OR, ROR*, or ER*R.
  - Enter a phrase for exact search. For example, enter Start to refresh or Start-to-refresh. Note that hyphens (-) are delimiters.
  - Enter a keyword containing AND (&&) or OR (||) for search. For example, enter query logs&&error* or query logs||error.
  - If no log is returned, narrow down the search range, or add an asterisk (*) to the end of a keyword for fuzzy match.
View the search result of logs.
The search results are sorted based on the log collection time, and keywords in them are highlighted. You can click in the Time column to switch the sorting order. indicates the default order. indicates the ascending order by time (the latest log is displayed at the bottom). indicates the descending order by time (the latest log is displayed at the top).
1. AOM allows you to view context. Click Context in the Operation column to view the previous or next logs of a log for fault locating.
  - In the Display Rows drop-down list, set the number of rows that display raw context data of the log.
    For example, select 200 from the Display Rows drop-down list.
    
    If there are 100 logs or more printed before a log and 99 or more logs printed following the log, the preceding 100 logs and following 99 logs are displayed as the context.
    
    If there are fewer than 100 logs (for example, 90) printed before a log and fewer than 99 logs (for example, 80) printed following the log, the preceding 90 logs and following 80 logs are displayed as the context.
  - Click Export Current Page to export displayed raw context data of the log to a local PC.
To ensure that tenant hosts and services run properly, some components (for example, kube-dns) provided by the system will run on the tenant hosts. The logs of these components are also queried during tenant log query.
1. Click View Details on the left of the log list to view details such as host IP address and source.
(Optional) Click on the right of the Log Search page, select an export format, and export the search result to a local PC.
Logs are sorted according to the order set in 4 and a maximum of 5000 logs can be exported. For example, when 6000 logs in the search result are sorted in descending order, only the first 5000 logs can be exported.

Logs can be exported in CSV or TXT format. You can select a format as required. If you select the CSV format, detailed information (such as the log content, host IP address, and source) can be exported, as shown in Figure 1. Only log content will be exported when you select the TXT format (as shown in Figure 2). Each line indicates a log.

Figure 1 Exporting logs in CSV format

Figure 2 Exporting logs in TXT format
(Optional) Click Configure Dumps to dump the searched logs to the same log file in the OBS bucket at a time. For details, see Adding One-Off Dumps.