Queries raw logs from a specified Logstore in a project. The response contains raw logs from a specified time range and is compressed for transmission.
Operation description
-
The Simple Log Service software development kit (SDK) is available only for Go, Java, and Python. However, all OpenAPI operations are supported.
-
You must specify a compression method when you call this operation. The available compression algorithms vary by programming language. For more information, see the Accept-Encoding request parameter.
-
For more information, see GetLogs.
Permissions
The following table describes the authorization for this API operation. To grant a RAM user or RAM role permission to call this operation, add the action to a Resource Access Management (RAM) policy statement.
| Action | Resource in an authorization policy |
log:GetLogStoreLogs | acs:log:{#regionId}:{#accountId}:project/{#ProjectName} |
Try it now
Test
RAM authorization
Request syntax
POST /logstores/{logstore}/logs HTTP/1.1Request parameters
|
Parameter |
Type |
Required |
Description |
Example |
| logstore |
string |
Yes |
The name of the Logstore. |
test-logstore |
| Accept-Encoding |
string |
Yes |
The compression method.
Valid values:
|
lz4 |
| body |
object |
No |
The request body. |
|
| from |
integer |
Yes |
The start of the time range to query. The value is the log time that was specified when the log was written. The time range is a left-closed, right-open interval. This means the range includes the start time but not the end time. If the `from` and `to` values are the same, the interval is invalid and an error is returned. The value is a UNIX timestamp that represents the number of seconds since 00:00:00 UTC on January 1, 1970. |
1627268185 |
| to |
integer |
Yes |
The end of the time range to query. The value is the log time that was specified when the log was written. The time range is a left-closed, right-open interval. This means the range includes the start time but not the end time. If the `from` and `to` values are the same, the interval is invalid and an error is returned. The value is a UNIX timestamp that represents the number of seconds since 00:00:00 UTC on January 1, 1970. |
1627268185 |
| line |
integer |
No |
The maximum number of logs to return. This parameter is valid only if the `query` parameter contains a search statement. The value must be between 0 and 100. The default value is 100. |
100 |
| offset |
integer |
No |
The line number from which to start the query. This parameter is valid only if the `query` parameter contains a search statement. The default value is 0. |
0 |
| reverse |
boolean |
No |
Specifies whether to return logs in descending order of their timestamps. The precision is at the minute level. true: Returns logs in descending order of their timestamps. false (default): Returns logs in ascending order of their timestamps. Note If the `query` parameter contains a search statement, this parameter is valid and specifies the sorting order. If the `query` parameter contains an analytic statement, this parameter is invalid. The sorting order is specified by the `ORDER BY` clause in the analytic statement. `ORDER BY asc` (default) sorts logs in ascending order. `ORDER BY desc` sorts logs in descending order. |
false |
| powerSql |
boolean |
No |
Specifies whether to enable enhanced SQL. The default value is false. |
false |
| session |
string |
No |
The query parameter. |
mode=scan |
| topic |
string |
No |
The log topic. The default value is double quotation marks (""). |
"" |
| query |
string |
No |
The search statement or analytic statement. For more information, see Query overview and Analysis Overview. To use the Exclusive SQL feature, add `set session parallel_sql=true;` to the analytic statement in the `query` parameter. For example: `* | set session parallel_sql=true; select count(*) as pv`. Note: If the `query` parameter contains an analytic statement (SQL statement), the `line` and `offset` parameters are invalid. Set them to 0. Use the `LIMIT` clause in the SQL statement for paging. For more information, see Paginate query and analysis results. |
status: 401 | SELECT remote_addr,COUNT(*) as pv GROUP by remote_addr ORDER by pv desc limit 5 |
| forward |
boolean |
No |
For a scan or phrase query, specifies whether to page forward or backward. |
false |
| highlight |
boolean |
No |
Specifies whether to highlight the results. |
false |
Response elements
|
Element |
Type |
Description |
Example |
| headers |
object |
||
| date |
string |
||
| server |
string |
||
| content-length |
string |
||
| x-log-requestid |
string |
||
| x-log-bodyrawsize |
string |
||
| connection |
string |
||
| content-type |
string |
||
| x-log-compresstype |
string |
||
|
object |
The returned data. |
||
| meta |
object |
The metadata of the returned data. |
|
| progress |
string |
Indicates the query progress.
|
Complete |
| aggQuery |
string |
The SQL part of the query statement that follows the vertical bar (|). |
select * |
| whereQuery |
string |
The part of the query statement that precedes the vertical bar (|). |
* |
| hasSQL |
boolean |
Indicates whether the query is an SQL query. |
false |
| processedRows |
integer |
The number of rows processed in the query. |
10000 |
| elapsedMillisecond |
integer |
The time consumed by the query, in milliseconds. |
5 |
| cpuSec |
number |
The core-hours for the Exclusive SQL. |
0.002 |
| cpuCores |
integer |
The number of CPU cores used. |
3 |
| keys |
array |
All keys in the query result. |
|
|
string |
The key. |
key |
|
| terms |
array<object> |
All terms in the query statement. |
|
|
object |
The term. |
{term=*, key=} |
|
| limited |
integer |
The number of entries returned. This parameter is returned if the SQL statement does not contain a `LIMIT` clause. |
100 |
| mode |
integer |
The query mode. `0`: Normal query, including SQL. `1`: Phrase query. `2`: SCAN. `3`: SCAN SQL. |
0 |
| phraseQueryInfo |
object |
The phrase query. |
|
| scanAll |
boolean |
Indicates whether all logs have been scanned. |
true |
| beginOffset |
integer |
The starting offset of the scan result after index filtering. |
0 |
| endOffset |
integer |
The ending offset of the scan result after index filtering. |
0 |
| endTime |
integer |
The end time of the scan result after index filtering. |
1 |
| scanBytes |
integer |
The amount of data scanned, in bytes. This parameter is returned for a scan operation. |
1024 |
| highlights |
array |
The highlighted content. |
|
|
array |
The highlighted content. |
||
| LogContent |
The highlighted log content. |
||
| count |
integer |
The number of log entries returned in the query. |
1 |
| processedBytes |
integer |
The volume of logs processed in the query. |
10000 |
| isAccurate |
boolean |
Indicates whether the query is accurate to the second. |
true |
| columnTypes |
array |
The column types. |
|
|
string |
The type. |
long |
|
| telementryType |
string |
The type of observable data. |
None |
| data |
array<object> |
The query results. |
|
|
object |
The returned data. |
||
|
string |
The returned data. |
{'remote_addr': '198.51.XXX.XXX', 'pv': '1', '__source__': '', '__time__': '1649902984'} |
Examples
Success response
JSON format
{
"meta": {
"progress": "Complete",
"aggQuery": "select *",
"whereQuery": "*",
"hasSQL": false,
"processedRows": 10000,
"elapsedMillisecond": 5,
"cpuSec": 0.002,
"cpuCores": 3,
"keys": [
"key"
],
"terms": [
{
"test": "test",
"test2": 1
}
],
"limited": 100,
"mode": 0,
"phraseQueryInfo": {
"scanAll": true,
"beginOffset": 0,
"endOffset": 0,
"endTime": 1
},
"scanBytes": 1024,
"highlights": [
[
{
"Key": "key-test",
"Value": "value-test"
}
]
],
"count": 1,
"processedBytes": 10000,
"isAccurate": true,
"columnTypes": [
"long"
],
"telementryType": "None"
},
"data": [
{
"key": "{'remote_addr': '198.51.XXX.XXX', 'pv': '1', '__source__': '', '__time__': '1649902984'}"
}
]
}Error codes
See Error Codes for a complete list.
Release notes
See Release Notes for a complete list.