Overview
Log search and analysis are indispensable to O&M. After configuring log ingestion, you can search and analyze the collected log data on LTS. Its efficient and professional log collection, search, and analysis help you monitor and manage your systems and applications.
Billing
Log search and analysis themselves do not incur any cost. However, since they rely on log reporting to LTS and indexing, charges will apply for log read/write and index traffic, as well as storage. For details, see Billing Items.
Constraints
For details about the constraints on log search and analysis, see Search and Analysis Constraints.
Log Structuring
Before searching and analyzing reported logs, you need to configure structuring and indexing for them. Structured data has a unified length and format, which can significantly improve search and analysis efficiency and accuracy.
Log data can be structured or unstructured.
- Structured data is organized using data models such as tables and relational databases. It has a strict length and format, facilitating storage and analysis.
- Unstructured data has no pre-defined data models and cannot be fit into two-dimensional tables of databases. It is difficult to analyze unstructured data.
Log structuring extracts logs with fixed formats or high similarity from log streams and filters out irrelevant logs. Structured logs can be easily queried and analyzed using SQL syntax.
Log structuring parsing converts unstructured or semi-structured log data into a structured format for better storage, query, and analysis, improving log data readability, searchability, and query efficiency.
LTS offers both ICAgent-based and cloud-based structuring parsing modes. However, a log stream can only use one parsing mode. For example, if you have configured ICAgent structuring parsing for a log stream and want to configure cloud structuring parsing for it, delete the existing ICAgent structuring parsing configuration first. For details, see Figure 1.
If you have configured ICAgent structuring parsing during log ingestion, you do not need to configure cloud structuring parsing.
- ICAgent structuring parsing is performed on the collection side and supports combined plug-ins for parsing. You can set multiple collection configurations with different structuring parsing rules for a single log stream. This parsing mode is recommended. For details, see Configuring ICAgent Structuring Parsing.
- Leveraging the computing power of LTS, cloud structuring parsing structures logs in log streams using various log extraction methods. In the future, it will incur log processing traffic fees based on the log volume.
Log Search
After structuring the logs, use LTS search syntax to set search criteria with higher efficiency. For details, see Searching for Logs.
Log Analysis
LTS uses SQL analysis syntax to analyze structured log fields and visualizes query and analysis results in charts. For details, see Analyzing Logs.
Feedback
Was this page helpful?
Provide feedbackThank you very much for your feedback. We will continue working to improve the documentation.See the reply and handling status in My Cloud VOC.
For any further questions, feel free to contact us through the chatbot.
Chatbot
