tencent cloud

Feedback

SearchLog

Last updated: 2024-04-15 19:58:32

    1. API Description

    Domain name for API request: cls.tencentcloudapi.com.

    This API is used to search and analyze logs. When using this API, please note the following:1. Besides being subject to the default API request frequency limit by this API, for a single log topic, the concurrency number cannot exceed 15. 2. For search syntax, it's recommended to use the CQL syntax rule. Please use the SyntaxRule parameter and set its value to 1.
    3. The maximum value of API's response data packet is 49MB. It is recommended to enable gzip compression (HTTP Request Header Accept-Encoding: gzip).

    A maximum of 10000 requests can be initiated per second for this API.

    This action accepts http content encodings: gzip

    We recommend you to use API Explorer
    Try it
    API Explorer provides a range of capabilities, including online call, signature authentication, SDK code generation, and API quick search. It enables you to view the request, response, and auto-generated examples.

    2. Input Parameters

    The following request parameter list only provides API request parameters and some common parameters. For the complete common parameter list, see Common Request Parameters.

    Parameter Name Required Type Description
    Action Yes String Common Params. The value used for this API: SearchLog.
    Version Yes String Common Params. The value used for this API: 2020-10-16.
    Region No String Common Params. This parameter is not required for this API.
    From Yes Integer Start time of the log to be searched, which is a Unix timestamp in milliseconds
    To Yes Integer End time of the log to be searched, which is a Unix timestamp in milliseconds
    Query Yes String Search and analysis statement. Maximum length: 12 KB
    A statement is in the format of [search criteria] | [SQL statement]. You can omit the pipe symbol | and SQL statement when log analysis is not required.
    Queries all logs using * or an empty string
    SyntaxRule No Integer Retrieval syntax rule, default is 0, recommended to use 1 (CQL syntax).0: Lucene syntax, 1: CQL syntax.
    For detailed explanation, refer to Retrieve Syntax Rules
    TopicId No String - The ID of the log topic to be searched for. Only one log topic can be specified.
    - To search for multiple log topics at a time, use the Topics parameter.
    Topics.N No Array of MultiTopicSearchInformation - The IDs of the log topics (up to 20) to be searched for.
    - To search for a single log topic, use the TopicId parameter.
    - You cannot use both TopicId and Topics.
    Limit No Integer Specifies the number of raw logs returned in a single query, default is 100, maximum is 1000. To obtain subsequent logs, use the Context parameter.Note:* This is only valid when the search and analysis statement (Query) does not contain SQL* Method for specifying SQL result count refers to SQL LIMIT Syntax
    Sort No String Time order of the logs returned. Valid values: asc (ascending); desc: (descending). Default value: desc
    Notes:
    * This parameter is valid only when the query statement (Query) does not contain an SQL statement.
    * To sort the analysis results, see SQL ORDER BY Syntax.
    Context No String Pass the Context value returned by the last API call to retrieve more subsequent logs. A total of up to 10,000 raw logs can be obtained, with an expiration time of 1 hour.Note:* When passing this parameter, do not modify any other parameters except for this one* Only applicable for single log topic retrieval. When retrieving multiple log topics, use the Context in Topics.* This is only valid when the retrieval analysis statement (Query) does not contain SQL. For obtaining subsequent SQL results, refer to SQL LIMIT Syntax
    SamplingRate No Float Indicates whether to sample raw logs before statistical analysis (Query includes SQL statements).
    0: Auto-sample.
    0-1: Sample by the specified sample rate, such as 0.02.
    1: Precise analysis without sampling.
    Default value: 1
    UseNewAnalysis No Boolean If the value is true, the new response method will be used, and the output parameters AnalysisRecords and Columns will be valid.
    If the value is false, the old response method will be used, and the output parameters AnalysisResults and ColNames will be valid.
    The two response methods differ slightly in terms of encoding format. You are advised to use the new method (true).

    3. Output Parameters

    Parameter Name Type Description
    Context String Pass through the Context value returned by this API, which can access more logs later, with an expiration time of 1 hour.Note:* Applicable only for single log topic searches. When searching multiple log topics, please use the Context in Topics.
    ListOver Boolean Whether to return all raw log query results. If not, you can use Context to continue to get logs.
    Note: This parameter is valid only when the query statement (Query) does not contain an SQL statement.
    Analysis Boolean Whether the returned data is the analysis (SQL) result
    Results Array of LogInfo Raw logs that meet the search conditions
    Note: This field may return null, indicating that no valid value was found.
    ColNames Array of String Column names of log analysis
    This parameter is valid only when UseNewAnalysis is false.
    Note: This field may return null, indicating that no valid value was found.
    AnalysisResults Array of LogItems Log analysis result
    This parameter is valid only when UseNewAnalysis is false.
    Note: This field may return null, indicating that no valid value was found.
    AnalysisRecords Array of String Log analysis result
    This parameter is valid only when UseNewAnalysis is true.
    Note: This field may return null, indicating that no valid value was found.
    Columns Array of Column Column attributes of log analysis
    This parameter is valid only when UseNewAnalysis is true.
    Note: This field may return null, indicating that no valid value was found.
    SamplingRate Float Sample rate used in this statistical analysis
    Note: This field may return null, indicating that no valid values can be obtained.
    Topics SearchLogTopics Refers to the basic information of each log topic when multiple log topics are used for search, such as error messages.Note: This field may return null, indicating that no valid values can be obtained.
    RequestId String The unique request ID, generated by the server, will be returned for every request (if the request fails to reach the server for other reasons, the request will not obtain a RequestId). RequestId is required for locating a problem.

    4. Example

    Example1 Querying Logs

    This example shows you how to query the logs with HTTP response status code (http_code) of 200.

    Input Example

    POST / HTTP/1.1
    Host: cls.tencentcloudapi.com
    Content-Type: application/json
    X-TC-Action: SearchLog
    <Common request parameters>
    
    {
        "TopicId": "601c2a87-ca8e-49c9-xxxx-27286a970db5",
        "From": 1679901909686,
        "To": 1679902809686,
        "Query": "http_code:\"200\"",
        "Limit": 1,
        "Sort": "desc",
        "UseNewAnalysis": true,
        "SyntaxRule": 1
    }
    

    Output Example

    {
        "Response": {
            "Context": "Y29udGV4dC0zZDVmZGI2NC1jNDZkLTQ2NzktYWM2OC1jYzg2NjUxYmVlMWExNjc5OTAyODEwNDM0",
            "ListOver": false,
            "Analysis": false,
            "ColNames": [],
            "Columns": null,
            "Results": [
                {
                    "Time": 1679902806070,
                    "TopicId": "601c2a87-ca8e-49c9-xxxx-27286a970db5",
                    "TopicName": "CDN Demo access log log Topic _10000100xxxx",
                    "Source": "",
                    "FileName": "",
                    "HostName": "",
                    "PkgId": "",
                    "PkgLogId": "",
                    "LogJson": "{\"referer\":\"http://qwunsag.2022.qq.com/prizes? activity_code=AVGCHaQFX02Eb\",\"method\":\"GET\",\"isp\":\"China Unicom\",\"remote_port\":\"45088\",\"ua\":\"Mozilla/5.0 (Linux; Android 9; INE-AL00 Build/HUAWEIINE-AL00; wv) AppleWebKit/537.36 (KHTML, like Gecko) Version/4.0 Chrome/86.0.4240.99 XWEB/3211 MMWEBSDK/20210601 Mobile Safari/537.36 MMWEBID/6389 MicroMessenger/8.0.11.1980(0x28000B5B) Process/toolsmp WeChat/arm64 Weixin NetType/WIFI Language/zh_CN ABI/arm64\",\"uuid\":\"acf1010c853f4a24bb3e92cc34e283e2\",\"version\":\"1\",\"file_size\":\"186358\",\"url\":\"/loxtxt/979884858.png\",\"request_range\":\"-\",\"rsp_size\":\"186830\",\"hit\":\"hit\",\"request_time\":\"2808\",\"http_code\":\"200\",\"param\":\"-\",\"sys_address\":\"9.130.154.208\",\"proto\":\"HTTPS\",\"host\":\"test.2022.cls.cn\",\"sys_datasource\":\"cq.3.4.v1.2.17\",\"client_ip\":\"116.116.247.167\",\"time\":\"1679902806070\",\"app_id\":\"1302700768\",\"prov\":\"Inner Mongolia Autonomous Region\",\"timestamp\":\"2023-03-27T15:40:06+08:00\"}",
                    "RawLog": "",
                    "IndexStatus": ""
                }
            ],
            "AnalysisResults": [],
            "AnalysisRecords": null,
            "RequestId": "79f593e5-1374-4463-xxxx-c49d0b3c5290",
            "SamplingRate": 0,
            "Topics": null
        }
    }
    

    5. Developer Resources

    SDK

    TencentCloud API 3.0 integrates SDKs that support various programming languages to make it easier for you to call APIs.

    Command Line Interface

    6. Error Code

    The following only lists the error codes related to the API business logic. For other error codes, see Common Error Codes.

    Error Code Description
    FailedOperation Operation failed.
    FailedOperation.InvalidContext The search cursor is invalid or does not exist.
    FailedOperation.QueryError The query statement failed to run.
    FailedOperation.SearchTimeout The query timed out.
    FailedOperation.SyntaxError An error occurred while parsing the query statement.
    FailedOperation.Timeout Operation timed out
    FailedOperation.TopicIsolated The log topic has been isolated.
    InternalError Internal error.
    InternalError.SearchError Retrieval error
    InternalError.SearchFailed Retrieval failed
    InvalidParameter Incorrect parameter.
    LimitExceeded.LogSearch The number of concurrent queries exceeds the limit, which is 15 per topic.
    LimitExceeded.SearchResources Out of search memory.
    LimitExceeded.SearchResultTooLarge The number of logs returned by the search API exceeds the upper limit (20 MB).
    MissingParameter Missing parameter.
    OperationDenied Operation denied.
    OperationDenied.AccountDestroy The account has been terminated.
    OperationDenied.AccountIsolate The account has overdue payments.
    OperationDenied.AccountNotExists The account does not exist.
    OperationDenied.NewSyntaxNotSupported New syntax is not supported.
    OperationDenied.OperationNotSupportInSearchLow The operation is not supported in IA storage.
    ResourceNotFound.TopicNotExist The log topic does not exist.