Log Field | Raw Log Type | Log Service Type | Description |
app_id | Integer | long | Tencent Cloud account APPID |
client_ip | String | text | Client IP |
file_size | Integer | long | File size |
hit | String | text | Cache hit/miss. Both hits on CDN edge servers and parent nodes are marked as hit |
host | String | text | Domain name |
http_code | Integer | long | HTTP status code |
isp | String | text | ISP |
method | String | text | HTTP method |
param | String | text | Parameter carried in URL |
proto | String | text | HTTP protocol identifier |
prov | String | text | ISP province |
referer | String | text | Referer information, i.e., HTTP source address |
request_range | String | text | Range parameter, i.e., request range |
request_time | Integer | long | Response time (in milliseconds), which refers to the time it takes for a node to return all packets to the client after receiving a request. |
request_port | String | long | A port connecting the client and CDN nodes. This field will be displayed as - if the port does not exist. |
rsp_size | Integer | long | Number of returned bytes |
time | Integer | long | Request timestamp in UNIX format (in seconds) |
ua | String | text | User-Agent information |
url | String | text | Request path |
uuid | String | text | Unique request ID |
version | Integer | long | CDN real-time log version |
* | select avg(request_time) as l, approx_percentile(request_time, 0.5) as p50, approx_percentile(request_time, 0.9) as p90, time_series(__TIMESTAMP__, '5m', '%Y-%m-%d %H:%i:%s', '0') as time group by time order by time desc limit 1440
* | select approx_percentile(request_time, 0.99) as p99
* | select * from (select * from (select * from (select date_trunc('minute', __TIMESTAMP__) as time,count(*) as errct where http_code>=400 group by time order by time desc limit 2)) order by time desc limit 1)
* | select * from (select * from (select * from (select date_trunc('minute', __TIMESTAMP__) as time,count(*) as errct where http_code>=400 group by time order by time desc limit 2)) order by time asc limit 1)
$2.errct-$1.errct >100
http_code
is less than 500 of all requests.* | select round(sum(case when http_code<500 then 1.00 else 0.00 end) / cast(count(*) as double) * 100,1) as "Health"
return_code
is less than 400 of requests whose value of hit
is hit
.http_code<400 | select round(sum(case when hit='hit' then 1.00 else 0.00 end) / cast(count(*) as double) * 100,1) as "Cache hit rate"
* | select sum(rsp_size/1024.0) / sum(request_time/1000.0) as "Average download speed (KB/s)"
ip_to_provider
function to convert client_ip
to the corresponding ISP.* | select ip_to_provider(client_ip) as isp , sum(rsp_size)* 1.0 /(sum(request_time)+1) as "Download speed (KB/s)" , sum(rsp_size/1024.0/1024.0) as "Total download amount (MB)", count(*) as c group by isp order by c desc limit 10
* | select case when request_time < 5000 then '~5s' when request_time < 6000 then '5s~6s' when request_time < 7000 then '6s~7s' when request_time < 8000 then '7~8s' when request_time < 10000 then '8~10s' when request_time < 15000 then '10~15s' else '15s~' end as latency , count(*) as count group by latency
* | select http_code , count(*) as c where http_code >= 400 group by http_code order by c desc
http_code
is greater than 400, we conduct multidimensional analysis, for example, sorting requests by domain name and URL separately in descending order, checking error counts by province and ISP, and checking client distribution.
Sort requests by domain name* | select host , count(*) as count where http_code > 400 group by host order by count desc limit 10
* | select url , count(*) as count where http_code > 400 group by url order by count desc limit 10
* | select client_ip, ip_to_province(client_ip) as "province", ip_to_provider(client_ip) as "ISP" , count(*) as "Error count" where http_code >= 400 group by client_ip order by "Error count" DESC limit 100
* | select ua as "Client version", count(*) as "Error count" where http_code > 400 group by ua order by "Error count" desc limit 10
* | select ip_to_province(client_ip) as province , count(*) as c group by province order by c desc limit 50
http_code < 400 | select url ,count(*) as "Access count", round(sum(rsp_size)/1024.0/1024.0/1024.0, 2) as "Total download amount (GB)" group by url order by "Access count" desc limit 100
* | select host, sum(rsp_size/1024) as "Total Downloads" group by host order by "Total Downloads" desc limit 100
* | SELECT CASE WHEN ip_to_country(client_ip)='Hong Kong' THEN concat(client_ip, ' ( Hong Kong )') WHEN ip_to_province(client_ip)='' THEN concat(client_ip, ' ( Unknown IP )') WHEN ip_to_provider(client_ip)='Intranet IP' THEN concat(client_ip, ' (Private IP )') ELSE concat(client_ip, ' ( ', ip_to_country(client_ip), '/', ip_to_province(client_ip), '/', if(ip_to_city(client_ip)='-1', 'Unknown city', ip_to_city(client_ip)), ' ',ip_to_provider(client_ip), ' )') END AS client, pv as "Total Visits", error_count as "Erroneous Access Count" , throughput as "Total Downloads(GB)" from (select client_ip , count(*) as pv, round(sum(rsp_size)/1024.0/1024/1024.0, 1) AS throughput , sum(if(http_code > 400, 1, 0)) AS error_count from log group by client_ip order by throughput desc limit 100)
* | SELECT CASE WHEN ip_to_country(client_ip)='Hong Kong' THEN concat(client_ip, ' ( Hong Kong )') WHEN ip_to_province(client_ip)='' THEN concat(client_ip, ' ( Unknown IP )') WHEN ip_to_provider(client_ip)='Intranet IP' THEN concat(client_ip, ' (Private IP )') ELSE concat(client_ip, ' ( ', ip_to_country(client_ip), '/', ip_to_province(client_ip), '/', if(ip_to_city(client_ip)='-1', 'Unknown city', ip_to_city(client_ip)), ' ',ip_to_provider(client_ip), ' )') END AS client, pv as "Total Visits", (pv - success_count) as "Erroneous Access Count" , throughput as "Total Downloads(GB)" from (select client_ip , count(*) as pv, round(sum(rsp_size)/1024.0/1024/1024.0, 1) AS throughput , sum(if(http_code < 400, 1, 0)) AS success_count from log group by client_ip order by success_count desc limit 100)
* | select time_series(__TIMESTAMP__, '1m', '%Y-%m-%dT%H:%i:%s+08:00', '0') as time, count(*) as pv,approx_distinct(client_ip) as uv group by time order by time limit 1000
문제 해결에 도움이 되었나요?