Help Center> Log Tank Service> User Guide> Log Visualization> Visualization
Updated on 2024-05-27 GMT+08:00
View PDF

Visualization

After you structure logs, wait 1 to 2 minutes and then you can query and analyze the structured logs using SQL statements and visualize the query results.

Currently, this function is available to all users in regions CN South-Guangzhou, CN North-Beijing4, CN East-Shanghai1, CN-Hong Kong, CN Southwest-Guiyang1, AP-Singapore, and CN South-Shenzhen. It is also available to whitelisted users in regions AP-Bangkok, CN North-Beijing1, AP-Jakarta, and CN East-Shanghai2. It is not available in other regions.

Prerequisites

  • Logs have been collected.
  • Logs have been structured. For details, see Cloud Structuring Parsing.

    If a structured field shares a name with one of the reserved fields for SQL such as time, select, and where, or its name contains hyphens (-), underscores (_), and periods (.), you need to double-quote the field during SQL query.

Procedure

  1. Log in to the LTS console. In the navigation pane on the left, choose Log Management.
  2. Select the target log group and log stream. The log stream details page is displayed.
  3. Click the Visualization tab.
  4. This tab page provides interactive analysis. You can use simple analysis statements to query visualized data and configure visualized charts. You can also set filters, add metrics and groups, and enable sorting to analyze data.

  5. Select a time range, enter a SQL statement, and click to format the SQL statement. Click Search. For details about the SQL statements supported by LTS, see SQL Syntax.

    There are three types of time range: relative time from now, relative time from last, and specified time. Select a time range as required.
    • From now: queries log data generated in a time range that ends with the current time, such as the previous 1, 5, or 15 minutes. For example, if the current time is 19:20:31 and 1 hour is selected as the relative time from now, the charts on the dashboard display the log data that is generated from 18:20:31 to 19:20:31.
    • From last: queries log data generated in a time range that ends with the current time, such as the previous 1 or 15 minutes. For example, if the current time is 19:20:31 and 1 hour is selected as the relative time from last, the charts on the dashboard display the log data that is generated from 18:00:00 to 19:00:00.
    • Specified: queries log data that is generated in a specified time range.
    Figure 1 Visualized query
    • SQL query constraints are as follows:
      1. A maximum of 100,000 records can be returned for each query.
      2. When the number of aggregation results exceeds 100,000, the aggregation results may be inaccurate.
    • There are some restrictions when you use a string in a WHERE clause.
      1. The value should be enclosed by single quotation marks (') for exact match, and by single or double quotation marks (") for fuzzy search. If the key shares a name with one of the SQL reserved fields, enclose the key with double quotation marks (").
      2. Recommended formats: WHERE "Key"= 'Value' and WHERE "Key" like ' %Value%'
    • There are no restrictions on float and long types in WHERE clauses. However, you are still advised to use the formats described above to avoid query exceptions caused by keyword conflicts.
    • You can drag the log search box to adjust its height.
    • After entering the search syntax, you can click to set the formatting SQL statement and reverse formatting SQL statement to optimize the search statement and improve the search efficiency.

  6. If the number of logs generated within the specified time range exceeds 1 billion, iterative query is triggered so you can view all logs in multiple queries. The message Query status: Results are accurate is displayed.

  7. Select a chart to present the query result. For details, see Statistical Charts.
  8. You can perform the following operations on the query result:

    • Click Create. In the displayed Create Chart dialog box, set Chart Name and configure Add to Dashboard based on service requirements, and click OK to save the visual chart.
    • Click Save. In the displayed Save Chart dialog box, set Chart Name and configure Add to Dashboard based on service requirements, and click OK to save the visual chart. Select a chart and click Save, to modify the chart.
    • Click Save As. In the displayed dialog box, set Chart Name and Add to Dashboard based on service requirements, and click OK to copy the existing visual chart.

      You must save a chart before saving it as a visual chart.

    • Click Download to download the visual data of the current SQL query result. The file is in .csv format.
    • Click . In the displayed Create Alarm Rule dialog box, configure SQL alarms for the selected visual chart.

      You can create an alarm rule only after saving the chart.

    • Click Show Chart to expand the visual charts of the current log stream. Click Show Chart again to collapse the visual charts of the current log stream.

Parent topic: Log Visualization