Back to Details

aliyun-sls-log-query

Compare original and translation side by side

🇺🇸

Original

English
🇨🇳

Translation

Chinese
Category: service
分类:服务

SLS Log Query and Troubleshooting

SLS 日志查询与故障排查

Use SLS query|analysis syntax and Python SDK for log search, filtering, and analytics.
使用SLS查询|分析语法和Python SDK进行日志搜索、过滤和分析。

Prerequisites

前置要求

  • Install SDK (virtual environment recommended to avoid PEP 668 restrictions):
bash
python3 -m venv .venv
. .venv/bin/activate
python -m pip install -U aliyun-log-python-sdk
  • Configure environment variables: 
    • ALIBABA_CLOUD_ACCESS_KEY_ID
    • ALIBABA_CLOUD_ACCESS_KEY_SECRET
    • SLS_ENDPOINT
      (e.g. 
      cn-hangzhou.log.aliyuncs.com
      )
    • SLS_PROJECT
    • SLS_LOGSTORE
      (supports a single value or comma-separated values)
  • 安装SDK(推荐使用虚拟环境以避免PEP 668限制):
bash
python3 -m venv .venv
. .venv/bin/activate
python -m pip install -U aliyun-log-python-sdk
  • 配置环境变量: 
    • ALIBABA_CLOUD_ACCESS_KEY_ID
    • ALIBABA_CLOUD_ACCESS_KEY_SECRET
    • SLS_ENDPOINT
      (例如 
      cn-hangzhou.log.aliyuncs.com
    • SLS_PROJECT
    • SLS_LOGSTORE
      (支持单个值或逗号分隔的多个值)

Query Composition

查询结构

  • Query clause: filters logs (e.g. 
    status:500
    ).
  • Analysis clause: statistical aggregation, format 
    query|analysis
    .
  • Example: 
    * | SELECT status, count(*) AS pv GROUP BY status
See 
references/query-syntax.md
for full syntax.
  • 查询子句:过滤日志(例如 
    status:500
    )。
  • 分析子句:统计聚合,格式为 
    query|analysis
  • 示例:
    * | SELECT status, count(*) AS pv GROUP BY status
完整语法请参考 
references/query-syntax.md

Quickstart (Python SDK)

快速入门(Python SDK)

python
import os
import time
from aliyun.log import LogClient, GetLogsRequest

client = LogClient(
    os.environ["SLS_ENDPOINT"],
    os.environ["ALIBABA_CLOUD_ACCESS_KEY_ID"],
    os.environ["ALIBABA_CLOUD_ACCESS_KEY_SECRET"],
)

project = os.environ["SLS_PROJECT"]
logstore = os.environ["SLS_LOGSTORE"]

query = "status:500"
start_time = int(time.time()) - 15 * 60
end_time = int(time.time())

request = GetLogsRequest(project, logstore, start_time, end_time, query=query)
response = client.get_logs(request)
for log in response.get_logs():
    print(log.contents)
python
import os
import time
from aliyun.log import LogClient, GetLogsRequest

client = LogClient(
    os.environ["SLS_ENDPOINT"],
    os.environ["ALIBABA_CLOUD_ACCESS_KEY_ID"],
    os.environ["ALIBABA_CLOUD_ACCESS_KEY_SECRET"],
)

project = os.environ["SLS_PROJECT"]
logstore = os.environ["SLS_LOGSTORE"]

query = "status:500"
start_time = int(time.time()) - 15 * 60
end_time = int(time.time())

request = GetLogsRequest(project, logstore, start_time, end_time, query=query)
response = client.get_logs(request)
for log in response.get_logs():
    print(log.contents)

Script quickstart

脚本快速入门

bash
python skills/observability/sls/aliyun-sls-log-query/scripts/query_logs.py \
  --query "status:500" \
  --last-minutes 15
Optional args: 
--project
, 
--logstore
(repeatable, or comma-separated values), 
--endpoint
, 
--start
, 
--end
, 
--last-minutes
, 
--limit
, 
--parallel
.
bash
python skills/observability/sls/aliyun-sls-log-query/scripts/query_logs.py \
  --query "status:500" \
  --last-minutes 15
可选参数:
--project
--logstore
(可重复指定,或使用逗号分隔的值)、
--endpoint
--start
--end
--last-minutes
--limit
--parallel

Troubleshooting script

故障排查脚本

bash
python skills/observability/sls/aliyun-sls-log-query/scripts/troubleshoot.py \
  --group-field status \
  --last-minutes 30 \
  --limit 20
Optional args: 
--error-query
, 
--group-field
, 
--limit
, 
--logstore
(repeatable, or comma-separated values), 
--parallel
, plus the time range args above.
bash
python skills/observability/sls/aliyun-sls-log-query/scripts/troubleshoot.py \
  --group-field status \
  --last-minutes 30 \
  --limit 20
可选参数:
--error-query
--group-field
--limit
--logstore
(可重复指定,或使用逗号分隔的值)、
--parallel
,以及上述的时间范围参数。

Workflow

工作流程

  1. Ensure Logstore indexing is enabled (queries/analysis fail without index).
  2. Write query clause and append analysis clause when needed.
  3. Execute with SDK/script and inspect results.
  4. Control returned rows with 
    limit
    ; narrow time range when needed.
  1. 确保已开启Logstore索引(未开启索引会导致查询/分析失败)。
  2. 编写查询子句,需要时追加分析子句。
  3. 使用SDK/脚本执行查询并检查结果。
  4. 使用
    limit
    控制返回行数;需要时缩小时间范围。

Validation

验证

bash
mkdir -p output/aliyun-sls-log-query
for f in skills/observability/sls/aliyun-sls-log-query/scripts/*.py; do
  python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/aliyun-sls-log-query/validate.txt
Pass criteria: command exits 0 and 
output/aliyun-sls-log-query/validate.txt
is generated.
bash
mkdir -p output/aliyun-sls-log-query
for f in skills/observability/sls/aliyun-sls-log-query/scripts/*.py; do
  python3 -m py_compile "$f"
done
echo "py_compile_ok" > output/aliyun-sls-log-query/validate.txt
通过标准:命令退出码为0且生成
output/aliyun-sls-log-query/validate.txt
文件。

Output And Evidence

输出与凭证

  • Save artifacts, command outputs, and API response summaries under 
    output/aliyun-sls-log-query/
    .
  • Include key parameters (region/resource id/time range) in evidence files for reproducibility.
  • 将产物、命令输出和API响应摘要保存在
    output/aliyun-sls-log-query/
    目录下。
  • 在凭证文件中包含关键参数(地域/资源ID/时间范围)以便复现。

References

参考资料

  • Syntax and examples:
    references/query-syntax.md
  • Python SDK initialization and queries:
    references/python-sdk.md
  • Troubleshooting templates:
    references/templates.md
  • Source list: 
    references/sources.md
  • 语法与示例:
    references/query-syntax.md
  • Python SDK初始化与查询:
    references/python-sdk.md
  • 故障排查模板:
    references/templates.md
  • 来源列表:
    references/sources.md